Bug 1397053

Summary: RFE: Make /boot able to reside on encrypted LVM volumes
Product: [Fedora] Fedora Reporter: Tim Landscheidt <tim>
Component: anacondaAssignee: Anaconda Maintenance Team <anaconda-maint-list>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: agk, anaconda-maint-list, dominik, dustymabe, g.kaviyarasu, jonathan, mkolman, nekohayo, redhat-bugzilla, vanmeeuwen+fedora, vponcova, vwcjtblat
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Tim Landscheidt 2016-11-21 13:58:07 UTC 
At least with Fedora 23, /boot must be (on) an unencrypted partition.  For systems where all other filesystems sit on top of an encrypted LVM, this means resizing, etc. /boot is a major operation.

Apparently newer versions of grub allow to boot from encrypted LVM volumes.  http://dustymabe.com/2015/07/06/encrypting-more-boot-joins-the-party/ contains a description of how to move /boot to the root LVM volume on a Fedora 22 system after installation.

It would be nice if the Fedora installer allowed this to work out of the box, i. e. set up a system where /boot is (part of) an encrypted LVM volume.