Red Hat Bugzilla – Bug 197554
RELNOTES - Encrypted swap and non-root filesystem support
Last modified: 2007-04-18 13:45:29 EDT
FC6 provides basic support for encrypted swap partitions and non-root
filesystems. To use it, add entries to /etc/crypttab and reference the
created devices in /etc/fstab.
An example /etc/crypttab entry for a swap partition:
my_swap /dev/hdb1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
This creates an encrypted block device /dev/mapper/my_swap, which can be
referenced in /etc/fstab.
For a filesystem volume:
my_volume /dev/hda5 /etc/volume_key cipher=aes-cbc-essiv:sha256
The /etc/volume_key file contains a plaintext encryption key. You can
also specify "none" as the key file name, and the system will ask for
the encryption key during boot.
It is recommended to use LUKS for filesystem volumes:
- Create the encrypted volume using (cryptsetup luksFormat)
- Add the necessary entry to /etc/crypttab
- Set up the volume manually using (cryptsetup luksOpen) or reboot
- Create a filesystem on the encrypted volume
- Set up an /etc/fstab entry
Pasted nearly verbatim on:
This content is going to be included in the Web-only snapshot of the Wiki done
for test 2 at:
These are prominently linked from the top of the in-ISO release notes. Content
here should appear in FC6 test3 ISO.
Please make any further change to this content directly on the Wiki. For
questions about editing and access:
Thanks for your contribution.
In there as of fedora-release-notes-5.92-2, closing.
The obvious question I see coming up is "How does the user tie this in with the
Can we have a note on that (I guess we're still at "not quote there yet", or do
we plan to have anaconda able to do encrypted non-root FS in FC6?
AFAIK anaconda doesn't support creating encrypted block devices and I'm not
aware of any plans for FC6.
Ah OK, so then the release notes should say that clearly.
Could one of you with knowledge on this subject please update the (community
maintained) release notes?
Is that the right place? You can also add a not to Docs/Beats/Installer if we
need to answer an expectation of usage by Anaconda.
see BZ entries 124789 and 127378, this should give you some help on writing the
docs (and an assigned devel to prod with questions when you're lost ;-)
Reopening bug, as it was originally and still is a blocker for FC6 release
notes; the content has not been confirmed to be in the draft
Also, when closing a bug that actually _was_ a bug, NOTABUG is not appropriate.
NOTABUG means "this was not a bug, it was something else", rather than meaning
"no longer a bug".
The proper closure is CURRENTRELEASE with the version. Unfortunately, now that
this bug is both blocking RHEL 5 relnotes and FC6 relnotes, I'm not sure which
version to close it to.
*** Bug 207233 has been marked as a duplicate of this bug. ***
Fixed in the Wiki, the admonition that Anaconda does not support block devices
will be in the section on file systems that was proposed originally in this bug