Bug 197554 - RELNOTES - Encrypted swap and non-root filesystem support
RELNOTES - Encrypted swap and non-root filesystem support
Status: CLOSED RAWHIDE
Product: Fedora Documentation
Classification: Fedora
Component: release-notes (Show other bugs)
devel
All Linux
medium Severity medium
: ---
: ---
Assigned To: Release Notes Tracker
Karsten Wade
: Reopened
: 207233 (view as bug list)
Depends On:
Blocks: fc6-relnotes-traqr
  Show dependency treegraph
 
Reported: 2006-07-03 21:02 EDT by Miloslav Trmač
Modified: 2007-04-18 13:45 EDT (History)
5 users (show)

See Also:
Fixed In Version: 5.92
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-09-23 14:46:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Miloslav Trmač 2006-07-03 21:02:41 EDT
FC6 provides basic support for encrypted swap partitions and non-root
filesystems.  To use it, add entries to /etc/crypttab and reference the
created devices in /etc/fstab.

An example /etc/crypttab entry for a swap partition:
    my_swap /dev/hdb1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
This creates an encrypted block device /dev/mapper/my_swap, which can be
referenced in /etc/fstab.

For a filesystem volume:
    my_volume /dev/hda5 /etc/volume_key cipher=aes-cbc-essiv:sha256
The /etc/volume_key file contains a plaintext encryption key.  You can
also specify "none" as the key file name, and the system will ask for
the encryption key during boot.

It is recommended to use LUKS for filesystem volumes:
- Create the encrypted volume using (cryptsetup luksFormat)
- Add the necessary entry to /etc/crypttab
- Set up the volume manually using (cryptsetup luksOpen) or reboot
- Create a filesystem on the encrypted volume
- Set up an /etc/fstab entry
Comment 1 Karsten Wade 2006-07-17 18:54:21 EDT
Pasted nearly verbatim on:

http://fedoraproject.org/wiki/Docs/Beats/FileSystems

This content is going to be included in the Web-only snapshot of the Wiki done
for test 2 at:

http://fedora.redhat.com/docs/release-notes/

These are prominently linked from the top of the in-ISO release notes.  Content
here should appear in FC6 test3 ISO.

Please make any further change to this content directly on the Wiki.  For
questions about editing and access:

http://fedoraproject.org/wiki/WikiEditing

Thanks for your contribution.
Comment 2 Paul W. Frields 2006-09-10 18:14:14 EDT
In there as of fedora-release-notes-5.92-2, closing.
Comment 3 Patrick C. F. Ernzer 2006-09-11 06:20:53 EDT
looks good.
The obvious question I see coming up is "How does the user tie this in with the
installer".
Can we have a note on that (I guess we're still at "not quote there yet", or do
we plan to have anaconda able to do encrypted non-root FS in FC6?
Comment 4 Miloslav Trmač 2006-09-13 17:04:44 EDT
AFAIK anaconda doesn't support creating encrypted block devices and I'm not
aware of any plans for FC6.
Comment 5 Patrick C. F. Ernzer 2006-09-14 04:18:02 EDT
Ah OK, so then the release notes should say that clearly.
Comment 6 Karsten Wade 2006-09-14 09:07:17 EDT
Could one of you with knowledge on this subject please update the (community
maintained) release notes?

http://fedoraproject.org/wiki/Docs/Beats/FileSystems

Is that the right place?  You can also add a not to Docs/Beats/Installer if we
need to answer an expectation of usage by Anaconda.
Comment 7 Patrick C. F. Ernzer 2006-09-18 06:41:25 EDT
docs people,

see BZ entries 124789 and 127378, this should give you some help on writing the
docs (and an assigned devel to prod with questions when you're lost ;-)
Comment 12 Karsten Wade 2006-09-19 21:17:05 EDT
Reopening bug, as it was originally and still is a blocker for FC6 release
notes; the content has not been confirmed to be in the draft
(http://fedoraproject.org/wiki/Docs/Drafts/FileSystems).

Also, when closing a bug that actually _was_ a bug, NOTABUG is not appropriate.
 NOTABUG means "this was not a bug, it was something else", rather than meaning
"no longer a bug".

The proper closure is CURRENTRELEASE with the version.  Unfortunately, now that
this bug is both blocking RHEL 5 relnotes and FC6 relnotes, I'm not sure which
version to close it to.
Comment 13 Don Domingo 2006-09-19 23:14:36 EDT
*** Bug 207233 has been marked as a duplicate of this bug. ***
Comment 16 Karsten Wade 2006-09-23 14:46:26 EDT
Fixed in the Wiki, the admonition that Anaconda does not support block devices
will be in the section on file systems that was proposed originally in this bug
report.

Note You need to log in before you can comment on or make changes to this bug.