Anaconda/Features/Encrypted Boot IPA key Management

From FedoraProject

< Anaconda | Features
Revision as of 06:58, 4 June 2009 by Liam (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Anaconda Encrypted Boot IPA key Management


Provide enterprise-class key management support for encrypted devices


  • Name: [Dave Lehman] / [Miloslav Trmac]

Current status

  • Completed in F11: 50% - cryptsetup-luks changes appear to be in
  • remaining work for this feature will land by F12 beta (~2009-07-28)

Detailed Description

Unclear how we're handling this; need input from security side. I believe initial plan is to expand cryptsetup-luks for admin key, then possibly add LVM changes to move encryption there.

Target Audience

Enterprise customers want a means by which they can guarantee access to the data on encrypted block devices in employees' systems. This way they still have a way in if the user changes the device's keys/passphrases.

Product Variants / High Level Use Cases

Relevant to desktops/laptops particularly, but depending upon implementation may be interesting for other products as well e.g. to support encrypted databases, medical records protection.

Hardware Architectures


Third-Party Dependencies


Bugzilla Numbers

   * See Bug 458392 - [RFE] luks: add support for admin keyslot for the prereq from an anaconda POV
   * Bug 488718 - (encrypted_LVM) Support for encrypted LVs in LVM2 & key management (tracker) for a description of work in progress