Bug 438955

Summary: Installer doesn't encrypt partitions
Product: [Fedora] Fedora Reporter: Stefan Becker <chemobejk>
Component: anacondaAssignee: David Lehman <dlehman>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: anaconda-11.4.0.59-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-28 16:10:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stefan Becker 2008-03-26 06:38:37 UTC 
The Fedora 9 Beta installer offers an "enrypt" option for partitions:

 - It "forgets" if you select this option, i.e. when you edit the partition
again the setting is lost

 - If you have selected it and proceed with the installation it doesn't ask for
passwords nor encrypt the partitions
Comment 1 David Lehman 2008-03-27 17:46:35 UTC 
I was unable to replicate the behavior you described. Can you please provide a
detailed description of the process so I might make another attempt?
Comment 2 Stefan Becker 2008-03-28 05:54:47 UTC 
I downloaded the Fedora 9 Beta DVD .iso, mounted & exported that on my HTTP
server, copied the PXE boot images onto my existing /boot partition and rebooted
to that kernel via GRUB, I chose "custom partition layout" in the installer so
that I could reuse the existing Fedora 8 harddisk setup:

Paritions on sda:
   sda1   ext3, /boot
   sda2   LVM VG 0

LVM VG 0:
   VolGroup00-LogVol00    LUKS encrypted, ext3, /root
   VolGroup00-LogVol01    LUKS encrypted, swap
   VolGroup00-LogVol02    LUKS encrypted, ext3, /home
   VolGroup00-LogVol03    free

As the installer didn't recognize the existing LUKS encrypted partitions (see
also bug #438954), I decided to only reuse some partitions and selected the
following options:

   sda1                  ext3, do not format, /boot
   VolGroup00-LogVol03   ext3, format, encrypt, /root
   VolGroup00-LogVol01   swap, format, encrypt

Every time I went back into the edit dialog for LV1 or LV3 the encrypt option
was deselected. When I went ahead to continue the installation the partitions
were only formatted but not encrypted.

I can't loose the current Fedora 8 setup so I can't do a fresh install.
Comment 3 David Lehman 2008-03-28 16:10:50 UTC 
Sorry for the confusion. The checkbutton in the dialog to edit the LV is
non-functional. F9-Beta does not support encrypting logical volumes. It does,
however, support encrypting PVs, partitions, and RAID devices (not RAID members,
though). Support for encrypted LVs is now in rawhide, so it will likely be in F9.
Comment 4 Stefan Becker 2008-03-29 12:36:32 UTC 
Confirmed. With todays rawhide I was able to select encryption for the root and
swap LVM partitions and was asked for the password. The installer then encrypted
and formatted them correctly.

Unfortunately the install later aborted due to a package missing error so I was
unable to really test the encryption support in Fedora 9 after all :-(