Bug 1000031 - can't set encryption for btrfs partitions
Summary: can't set encryption for btrfs partitions
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: anaconda
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Brian Lane
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-08-22 14:12 UTC by Karel Volný
Modified: 2014-10-07 23:40 UTC (History)
10 users (show)

Fixed In Version: anaconda-22.2-1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-10-07 23:40:14 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Karel Volný 2013-08-22 14:12:54 UTC 
Description of problem:
Trying to install F19, I've found I can't enable encryption on BTRFS volumes.

Version-Release number of selected component (if applicable):
19.30.13-1

How reproducible:
always

Steps to Reproduce:
1. during installation, go to installation target
2. choose your free drive
3. click Hotovo (finish?)
4. choose to show the layout
5. choose btrfs schema
6. check to encrypt
7. continue
8. enter your passphrase
9. click for automatic layout
10. examine the results

Actual results:
there's swap which has the encrypt box checked

/boot doesn't have the encryption set, but that it is okay

/ and /home do not have the encryption set and the checkbox is grayed out and connot be checked manually

Expected results:
/ and /home do have encryption enabled, the box is not grayed out


Additional info:
I think that in fact, the user should not be able to set the encryption for boot, as it stores initrd which provides features to decrypt, so you couldn't decrypt /boot without having /boot unencrypted, right?
Comment 1 Jonathan Wakely 2014-06-24 19:14:08 UTC 
I was just confused by this too, but realised that if you click on the "Modify" button next to the btrfs volume name (which defaults to "fedora") then you see that the volume is actually encrypted. It just doesn't appear to be when looking at each mount point.

I think it would be less confusing if the greyed out "Encrypt" checkbox on the main screen matched the state of the volume's Encrypt checkbox, so although you would still need to use the "modify volume" dialog to change whether it would be encrypted or not, the result would be visible on the main screen instead of misleadingly appearing to be unencrypted
Comment 2 Jonathan Wakely 2014-06-24 19:15:07 UTC 
P.S. I was trying with rawhide, so maybe it's been fixed since F19, but I still think my suggestion would improve the UI
Comment 3 Christian Stadelmann 2014-09-29 19:34:01 UTC 
I was trying this with F21 Alpha. Creating a encrypted btrfs partition fails with the default ("fedora") volume. Choosing "encrypt" from btrfs volume options does not work, this is always gone when applied.

As a workaround I deleted the default btrfs volume by creating a new one with encryption and all non-boot partitions in it.
Comment 4 Andreas Fleig 2014-10-01 10:09:11 UTC 
(In reply to Christian Stadelmann from comment #3)
> I was trying this with F21 Alpha. Creating a encrypted btrfs partition fails
> with the default ("fedora") volume. Choosing "encrypt" from btrfs volume
> options does not work, this is always gone when applied.
> 
> As a workaround I deleted the default btrfs volume by creating a new one
> with encryption and all non-boot partitions in it.

This particular problem is a bug in blivet: bug 1148373
Note You need to log in before you can comment on or make changes to this bug.