Bug 1000031

Summary: can't set encryption for btrfs partitions
Product: [Fedora] Fedora Reporter: Karel Volný <kvolny>
Component: anacondaAssignee: Brian Lane <bcl>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: anaconda-maint-list, andreasfleig, dshea, fedora, g.kaviyarasu, jonathan, jwakely, mkolman, sbueno, vanmeeuwen+fedora
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: anaconda-22.2-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-07 23:40:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Karel Volný 2013-08-22 14:12:54 UTC 
Description of problem:
Trying to install F19, I've found I can't enable encryption on BTRFS volumes.

Version-Release number of selected component (if applicable):
19.30.13-1

How reproducible:
always

Steps to Reproduce:
1. during installation, go to installation target
2. choose your free drive
3. click Hotovo (finish?)
4. choose to show the layout
5. choose btrfs schema
6. check to encrypt
7. continue
8. enter your passphrase
9. click for automatic layout
10. examine the results

Actual results:
there's swap which has the encrypt box checked

/boot doesn't have the encryption set, but that it is okay

/ and /home do not have the encryption set and the checkbox is grayed out and connot be checked manually

Expected results:
/ and /home do have encryption enabled, the box is not grayed out


Additional info:
I think that in fact, the user should not be able to set the encryption for boot, as it stores initrd which provides features to decrypt, so you couldn't decrypt /boot without having /boot unencrypted, right?
Comment 1 Jonathan Wakely 2014-06-24 19:14:08 UTC 
I was just confused by this too, but realised that if you click on the "Modify" button next to the btrfs volume name (which defaults to "fedora") then you see that the volume is actually encrypted. It just doesn't appear to be when looking at each mount point.

I think it would be less confusing if the greyed out "Encrypt" checkbox on the main screen matched the state of the volume's Encrypt checkbox, so although you would still need to use the "modify volume" dialog to change whether it would be encrypted or not, the result would be visible on the main screen instead of misleadingly appearing to be unencrypted
Comment 2 Jonathan Wakely 2014-06-24 19:15:07 UTC 
P.S. I was trying with rawhide, so maybe it's been fixed since F19, but I still think my suggestion would improve the UI
Comment 3 Christian Stadelmann 2014-09-29 19:34:01 UTC 
I was trying this with F21 Alpha. Creating a encrypted btrfs partition fails with the default ("fedora") volume. Choosing "encrypt" from btrfs volume options does not work, this is always gone when applied.

As a workaround I deleted the default btrfs volume by creating a new one with encryption and all non-boot partitions in it.
Comment 4 Andreas Fleig 2014-10-01 10:09:11 UTC 
(In reply to Christian Stadelmann from comment #3)
> I was trying this with F21 Alpha. Creating a encrypted btrfs partition fails
> with the default ("fedora") volume. Choosing "encrypt" from btrfs volume
> options does not work, this is always gone when applied.
> 
> As a workaround I deleted the default btrfs volume by creating a new one
> with encryption and all non-boot partitions in it.

This particular problem is a bug in blivet: bug 1148373