RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1784360 - Graphical installation doesn't permit to choose which LUKS version will be used
Summary: Graphical installation doesn't permit to choose which LUKS version will be used
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: anaconda
Version: 8.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: 8.0
Assignee: Vendula Poncova
QA Contact: Release Test Team
Alexandra Nikandrova
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-12-17 10:17 UTC by Renaud Métrich
Modified: 2023-03-24 16:29 UTC (History)
7 users (show)

Fixed In Version: anaconda-33.16.3.1-2
Doc Type: Bug Fix
Doc Text:
.The changing of the LUKS version of the container is now available in the `Manual Partitioning` screen Previously, there was no UI element for changing the LUKS version of a container in the `Manual Partitioning` screen. As a result, the container was always encrypted using the default LUKS version. With this update, there is a new `LUKS version` combo box, which allows to change the LUKS version in the `Configure Volume Group` dialog if the container is encrypted, and it is possible now to create an encrypted container with a non-default LUKS version in the `Manual Partitioning` screen.
Clone Of:
Environment:
Last Closed: 2020-11-04 03:22:54 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Anaconda main panel (71.35 KB, image/png)
2019-12-17 10:18 UTC, Renaud Métrich 		no flags Details
Anaconda summary not showing LUKS version (91.96 KB, image/png)
2019-12-17 10:19 UTC, Renaud Métrich 		no flags Details
Generated kickstart showing LUKSv1 (1.79 KB, text/plain)
2019-12-17 10:19 UTC, Renaud Métrich 		no flags Details
Resulting layout (LUKSv1) (1.75 KB, text/plain)
2019-12-17 10:20 UTC, Renaud Métrich 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:4729 0 None None None 2020-11-04 03:23:13 UTC

Description Renaud Métrich 2019-12-17 10:17:29 UTC 
Description of problem:

When installing a system (KVM) using the GUI, the following scenario leads to having LUKS1 devices hosting the LVM VG:

1. No click on "Encrypt my data" in INSTALLATION DESTINATION
2. Clicked on "Click here to create them automatically"
3. Clicked on "Encrypt" in CONFIGURE VOLUME GROUP

This results in:
- LUKS Version was grayed out
- Encrypt checkbox near Device Type was grayed out

After installation, the system ended up having LUKS1 (I intentionally created 2 VGs, one for "root" and one for "home"):
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
[root@vm-luks8 ~]# lsblk
NAME                                          MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sr0                                            11:0    1 1024M  0 rom   
vda                                           252:0    0   20G  0 disk  
├─vda1                                        252:1    0    1G  0 part  /boot
├─vda2                                        252:2    0   12G  0 part  
│ └─luks-1e14fa74-2849-48eb-b1df-8a315fea2ffb 253:0    0   12G  0 crypt 
│   ├─systemvg-root                           253:1    0   10G  0 lvm   /
│   └─systemvg-swap                           253:2    0    2G  0 lvm   [SWAP]
└─vda3                                        252:3    0    2G  0 part  
  └─luks-c3cc7e53-261b-4025-90d0-02ea62f2832a 253:3    0    2G  0 crypt 
    └─datavg-home                             253:4    0    2G  0 lvm   /home

[root@vm-luks8 ~]# cryptsetup luksDump /dev/vda2
LUKS header information for /dev/vda2

Version:       	1
...
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------


I wasn't able to perform a similar setup with LUKS2 instead. The only way to do that was to reinstall using a kickstart.

Additionally, installing a beaker system (dell-per740-04.khw2.lab.eng.bos.redhat.com) similarly, I ended up having 2 LUKS2 devices, but the kickstart showed 1 LUKS1 device and 1 LUKS2 device:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
# Disk partitioning information
part pv.1641 --fstype="lvmpv" --ondisk=sdb --size=2054 --encrypted --luks-version=luks1
part /boot --fstype="xfs" --size=1024
part pv.442 --fstype="lvmpv" --ondisk=sda --size=104454 --encrypted --luks-version=luks2
part /boot/efi --fstype="efi" --size=600 --fsoptions="umask=0077,shortname=winnt"
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------


Version-Release number of selected component (if applicable):

anaconda-29.19.1.13-1.el8

How reproducible:

Always, see description

Additional info:

This is somehow related to BZ 1759972. Please consider both simultaneously if possible.
At least, while in the GUI, the summary (see attached pictures) should state the LUKS version that will be used.
Comment 1 Renaud Métrich 2019-12-17 10:18:50 UTC 
Created attachment 1645836 [details]
Anaconda main panel
Comment 2 Renaud Métrich 2019-12-17 10:19:24 UTC 
Created attachment 1645837 [details]
Anaconda summary not showing LUKS version
Comment 3 Renaud Métrich 2019-12-17 10:19:57 UTC 
Created attachment 1645838 [details]
Generated kickstart showing LUKSv1
Comment 4 Renaud Métrich 2019-12-17 10:20:27 UTC 
Created attachment 1645839 [details]
Resulting layout (LUKSv1)
Comment 5 Jan Stodola 2020-01-17 14:17:19 UTC 
This looks like a duplicate of bug 1755996.
Comment 6 Chris Williams 2020-02-12 20:59:00 UTC 

*** This bug has been marked as a duplicate of bug 1755996 ***
Comment 7 Vendula Poncova 2020-04-15 13:21:54 UTC 
This bug is about a missing UI element in the container dialog, the other one is about a default LUKS version for encrypted containers. We would like to track these two issues separately, so I am reopening this bug.
Comment 14 Marek Havrila 2020-07-27 21:45:20 UTC 
Verified on RHEL-8.3.0-20200701.2 and anaconda-33.16.3.10-1.el8.x86_64
Comment 17 errata-xmlrpc 2020-11-04 03:22:54 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (anaconda bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4729
Note You need to log in before you can comment on or make changes to this bug.