.Anaconda now uses LUKS2 version as the default for an encrypted container
Previously, anaconda did not use LUKS2 version by default to create an encrypted container on the `Manual Partitioning` screen. As a result, the container encryption had LUKS1 version. With this update, anaconda uses LUKS2 version as the default to create an encrypted container on the `Manual Partitioning` screen and now the container has encryption with LUKS2 version.
Description of problem:
When PVs are manually checked to be encrypted during custom partitioning in GUI, anaconda creates LUKS v1 format on the PVs. There is also no choice to select LUKS v1/v2 as for other device types (raw partitions or encrypded LVs)
Version-Release number of selected component (if applicable):
RHEL-8.0 GA
anaconda-29.19.0.40-1.el8
How reproducible:
always
Steps to Reproduce:
1. start graphical installation
2. proceed to custom partitioning
3. remove existing partitions
4. let anaconda create the partitions (LVM layout)
5. modify the volume group with rootfs and swap (and home)
6. check "Encrypt" in the VG configuration dialog
7. continue with the installation
8. reboot to installed system
9. check the LUKS version:
# cryptsetup luksDump /dev/vda2 | grep -i version
Actual results:
LUKS v1 is used:
[root@localhost ~]# cryptsetup luksDump /dev/vda2 | grep -i version
Version: 1
[root@localhost ~]#
Expected results:
LUKS v2 is used by default:
[root@localhost ~]# cryptsetup luksDump /dev/vdb1 | grep -i version
Version: 2
[root@localhost ~]#
Since it's possible to select LUKSv1/v2 for other types of devices, it should be possible to select the version for PVs as well.
Additional info:
When using encrypted autopartitioning, PVs are formatted with LUKS v2 as expected.
@Alexandra Nikandrova, I have updated the yaml file to include the BZ. You can skip the yaml file updates, and only work on the doc text.
Thanks
Shweta
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (anaconda bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2020:4729