Bug 1784360 - Graphical installation doesn't permit to choose which LUKS version will be used
Summary: Graphical installation doesn't permit to choose which LUKS version will be used
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: anaconda
Version: 8.1
Hardware: All
OS: Linux
Target Milestone: rc
: 8.0
Assignee: Vendula Poncova
QA Contact: Release Test Team
Alexandra Nikandrova
Depends On:
TreeView+ depends on / blocked
Reported: 2019-12-17 10:17 UTC by Renaud Métrich
Modified: 2020-11-04 03:23 UTC (History)
7 users (show)

Fixed In Version: anaconda-
Doc Type: Bug Fix
Doc Text:
.The changing of the LUKS version of the container is now available in the `Manual Partitioning` screen Previously, there was no UI element for changing the LUKS version of a container in the `Manual Partitioning` screen. As a result, the container was always encrypted using the default LUKS version. With this update, there is a new `LUKS version` combo box, which allows to change the LUKS version in the `Configure Volume Group` dialog if the container is encrypted, and it is possible now to create an encrypted container with a non-default LUKS version in the `Manual Partitioning` screen.
Clone Of:
Last Closed: 2020-11-04 03:22:54 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)
Anaconda main panel (71.35 KB, image/png)
2019-12-17 10:18 UTC, Renaud Métrich
no flags Details
Anaconda summary not showing LUKS version (91.96 KB, image/png)
2019-12-17 10:19 UTC, Renaud Métrich
no flags Details
Generated kickstart showing LUKSv1 (1.79 KB, text/plain)
2019-12-17 10:19 UTC, Renaud Métrich
no flags Details
Resulting layout (LUKSv1) (1.75 KB, text/plain)
2019-12-17 10:20 UTC, Renaud Métrich
no flags Details

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:4729 0 None None None 2020-11-04 03:23:13 UTC

Description Renaud Métrich 2019-12-17 10:17:29 UTC
Description of problem:

When installing a system (KVM) using the GUI, the following scenario leads to having LUKS1 devices hosting the LVM VG:

1. No click on "Encrypt my data" in INSTALLATION DESTINATION
2. Clicked on "Click here to create them automatically"
3. Clicked on "Encrypt" in CONFIGURE VOLUME GROUP

This results in:
- LUKS Version was grayed out
- Encrypt checkbox near Device Type was grayed out

After installation, the system ended up having LUKS1 (I intentionally created 2 VGs, one for "root" and one for "home"):
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
[root@vm-luks8 ~]# lsblk
NAME                                          MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sr0                                            11:0    1 1024M  0 rom   
vda                                           252:0    0   20G  0 disk  
├─vda1                                        252:1    0    1G  0 part  /boot
├─vda2                                        252:2    0   12G  0 part  
│ └─luks-1e14fa74-2849-48eb-b1df-8a315fea2ffb 253:0    0   12G  0 crypt 
│   ├─systemvg-root                           253:1    0   10G  0 lvm   /
│   └─systemvg-swap                           253:2    0    2G  0 lvm   [SWAP]
└─vda3                                        252:3    0    2G  0 part  
  └─luks-c3cc7e53-261b-4025-90d0-02ea62f2832a 253:3    0    2G  0 crypt 
    └─datavg-home                             253:4    0    2G  0 lvm   /home

[root@vm-luks8 ~]# cryptsetup luksDump /dev/vda2
LUKS header information for /dev/vda2

Version:       	1
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

I wasn't able to perform a similar setup with LUKS2 instead. The only way to do that was to reinstall using a kickstart.

Additionally, installing a beaker system (dell-per740-04.khw2.lab.eng.bos.redhat.com) similarly, I ended up having 2 LUKS2 devices, but the kickstart showed 1 LUKS1 device and 1 LUKS2 device:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
# Disk partitioning information
part pv.1641 --fstype="lvmpv" --ondisk=sdb --size=2054 --encrypted --luks-version=luks1
part /boot --fstype="xfs" --size=1024
part pv.442 --fstype="lvmpv" --ondisk=sda --size=104454 --encrypted --luks-version=luks2
part /boot/efi --fstype="efi" --size=600 --fsoptions="umask=0077,shortname=winnt"
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

Version-Release number of selected component (if applicable):


How reproducible:

Always, see description

Additional info:

This is somehow related to BZ 1759972. Please consider both simultaneously if possible.
At least, while in the GUI, the summary (see attached pictures) should state the LUKS version that will be used.

Comment 1 Renaud Métrich 2019-12-17 10:18:50 UTC
Created attachment 1645836 [details]
Anaconda main panel

Comment 2 Renaud Métrich 2019-12-17 10:19:24 UTC
Created attachment 1645837 [details]
Anaconda summary not showing LUKS version

Comment 3 Renaud Métrich 2019-12-17 10:19:57 UTC
Created attachment 1645838 [details]
Generated kickstart showing LUKSv1

Comment 4 Renaud Métrich 2019-12-17 10:20:27 UTC
Created attachment 1645839 [details]
Resulting layout (LUKSv1)

Comment 5 Jan Stodola 2020-01-17 14:17:19 UTC
This looks like a duplicate of bug 1755996.

Comment 6 Chris Williams 2020-02-12 20:59:00 UTC

*** This bug has been marked as a duplicate of bug 1755996 ***

Comment 7 Vendula Poncova 2020-04-15 13:21:54 UTC
This bug is about a missing UI element in the container dialog, the other one is about a default LUKS version for encrypted containers. We would like to track these two issues separately, so I am reopening this bug.

Comment 14 Marek Havrila 2020-07-27 21:45:20 UTC
Verified on RHEL-8.3.0-20200701.2 and anaconda-

Comment 17 errata-xmlrpc 2020-11-04 03:22:54 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (anaconda bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.