From Fedora Project Wiki

< QA‎ | TestCases

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Description

Support the use of encrypted filesystems for anything other than /boot using cryptsetup and LUKS. This includes install time creation/configuration, as well as integrated support in mkinitrd and initscripts (others?). Currently we are only pursuing support for encrypted devices using cryptsetup/LUKS.

When using encrypted file systems/block devices, the functionality should continue to work as expected, and not create situations where the encryption leads to undesired errors.

References:

  1. Anaconda/Features/EncryptedBlockDevices
  2. Releases/FeatureEncryptedFilesystems

Steps To Reproduce

  • start the installer
  • enter the disk druid paritioning screen
  • Create a new LV filesystem (such as device /dev/LogVol00) on a new or existing LVM PV group
  • select the "encrypt" checkbox for the partition using the new device
  • enter a passphrase for the partition
  • create one or more encrypted filesystems using the LV filesystem
  • select the "encrypt" checkbox for each filesystem that resides on the LV filesystem
  • create one or more non-encrypted filesystems using the LV filesystem
  • continue the installation

Expected Results

in post-install system, verify:

  • a passphrase for the LV LV device is required to access it
  • an entry for the filesystem using the LVM LV device exists in /etc/crypttab
  • a passphrase for the each of the encrypted filesystems using the LVG is required to access it
  • an entry for the block devices and filesystems using the LVM LV devices exist in /etc/crypttab