|Summary:||RELNOTES - Encrypted swap and non-root filesystem support|
|Product:||[Fedora] Fedora Documentation||Reporter:||Miloslav Trmač <mitr>|
|Component:||release-notes||Assignee:||Release Notes Tracker <relnotes>|
|Status:||CLOSED RAWHIDE||QA Contact:||Karsten Wade <kwade>|
|Version:||devel||CC:||ddomingo, kwade, mhideo, pcfe, rmonk|
|Fixed In Version:||5.92||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2006-09-23 18:46:26 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:|
Description Miloslav Trmač 2006-07-04 01:02:41 UTC
FC6 provides basic support for encrypted swap partitions and non-root filesystems. To use it, add entries to /etc/crypttab and reference the created devices in /etc/fstab. An example /etc/crypttab entry for a swap partition: my_swap /dev/hdb1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256 This creates an encrypted block device /dev/mapper/my_swap, which can be referenced in /etc/fstab. For a filesystem volume: my_volume /dev/hda5 /etc/volume_key cipher=aes-cbc-essiv:sha256 The /etc/volume_key file contains a plaintext encryption key. You can also specify "none" as the key file name, and the system will ask for the encryption key during boot. It is recommended to use LUKS for filesystem volumes: - Create the encrypted volume using (cryptsetup luksFormat) - Add the necessary entry to /etc/crypttab - Set up the volume manually using (cryptsetup luksOpen) or reboot - Create a filesystem on the encrypted volume - Set up an /etc/fstab entry
Comment 1 Karsten Wade 2006-07-17 22:54:21 UTC
Pasted nearly verbatim on: http://fedoraproject.org/wiki/Docs/Beats/FileSystems This content is going to be included in the Web-only snapshot of the Wiki done for test 2 at: http://fedora.redhat.com/docs/release-notes/ These are prominently linked from the top of the in-ISO release notes. Content here should appear in FC6 test3 ISO. Please make any further change to this content directly on the Wiki. For questions about editing and access: http://fedoraproject.org/wiki/WikiEditing Thanks for your contribution.
Comment 2 Paul W. Frields 2006-09-10 22:14:14 UTC
In there as of fedora-release-notes-5.92-2, closing.
Comment 3 Patrick C. F. Ernzer 2006-09-11 10:20:53 UTC
looks good. The obvious question I see coming up is "How does the user tie this in with the installer". Can we have a note on that (I guess we're still at "not quote there yet", or do we plan to have anaconda able to do encrypted non-root FS in FC6?
Comment 4 Miloslav Trmač 2006-09-13 21:04:44 UTC
AFAIK anaconda doesn't support creating encrypted block devices and I'm not aware of any plans for FC6.
Comment 5 Patrick C. F. Ernzer 2006-09-14 08:18:02 UTC
Ah OK, so then the release notes should say that clearly.
Comment 6 Karsten Wade 2006-09-14 13:07:17 UTC
Could one of you with knowledge on this subject please update the (community maintained) release notes? http://fedoraproject.org/wiki/Docs/Beats/FileSystems Is that the right place? You can also add a not to Docs/Beats/Installer if we need to answer an expectation of usage by Anaconda.
Comment 7 Patrick C. F. Ernzer 2006-09-18 10:41:25 UTC
docs people, see BZ entries 124789 and 127378, this should give you some help on writing the docs (and an assigned devel to prod with questions when you're lost ;-)
Comment 12 Karsten Wade 2006-09-20 01:17:05 UTC
Reopening bug, as it was originally and still is a blocker for FC6 release notes; the content has not been confirmed to be in the draft (http://fedoraproject.org/wiki/Docs/Drafts/FileSystems). Also, when closing a bug that actually _was_ a bug, NOTABUG is not appropriate. NOTABUG means "this was not a bug, it was something else", rather than meaning "no longer a bug". The proper closure is CURRENTRELEASE with the version. Unfortunately, now that this bug is both blocking RHEL 5 relnotes and FC6 relnotes, I'm not sure which version to close it to.
Comment 13 Don Domingo 2006-09-20 03:14:36 UTC
*** Bug 207233 has been marked as a duplicate of this bug. ***
Comment 16 Karsten Wade 2006-09-23 18:46:26 UTC
Fixed in the Wiki, the admonition that Anaconda does not support block devices will be in the section on file systems that was proposed originally in this bug report.