Red Hat Bugzilla – Bug 1000031
can't set encryption for btrfs partitions
Last modified: 2014-10-07 19:40:14 EDT
Description of problem:
Trying to install F19, I've found I can't enable encryption on BTRFS volumes.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. during installation, go to installation target
2. choose your free drive
3. click Hotovo (finish?)
4. choose to show the layout
5. choose btrfs schema
6. check to encrypt
8. enter your passphrase
9. click for automatic layout
10. examine the results
there's swap which has the encrypt box checked
/boot doesn't have the encryption set, but that it is okay
/ and /home do not have the encryption set and the checkbox is grayed out and connot be checked manually
/ and /home do have encryption enabled, the box is not grayed out
I think that in fact, the user should not be able to set the encryption for boot, as it stores initrd which provides features to decrypt, so you couldn't decrypt /boot without having /boot unencrypted, right?
I was just confused by this too, but realised that if you click on the "Modify" button next to the btrfs volume name (which defaults to "fedora") then you see that the volume is actually encrypted. It just doesn't appear to be when looking at each mount point.
I think it would be less confusing if the greyed out "Encrypt" checkbox on the main screen matched the state of the volume's Encrypt checkbox, so although you would still need to use the "modify volume" dialog to change whether it would be encrypted or not, the result would be visible on the main screen instead of misleadingly appearing to be unencrypted
P.S. I was trying with rawhide, so maybe it's been fixed since F19, but I still think my suggestion would improve the UI
I was trying this with F21 Alpha. Creating a encrypted btrfs partition fails with the default ("fedora") volume. Choosing "encrypt" from btrfs volume options does not work, this is always gone when applied.
As a workaround I deleted the default btrfs volume by creating a new one with encryption and all non-boot partitions in it.
(In reply to Christian Stadelmann from comment #3)
> I was trying this with F21 Alpha. Creating a encrypted btrfs partition fails
> with the default ("fedora") volume. Choosing "encrypt" from btrfs volume
> options does not work, this is always gone when applied.
> As a workaround I deleted the default btrfs volume by creating a new one
> with encryption and all non-boot partitions in it.
This particular problem is a bug in blivet: bug 1148373