FC6 provides basic support for encrypted swap partitions and non-root filesystems. To use it, add entries to /etc/crypttab and reference the created devices in /etc/fstab. An example /etc/crypttab entry for a swap partition: my_swap /dev/hdb1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256 This creates an encrypted block device /dev/mapper/my_swap, which can be referenced in /etc/fstab. For a filesystem volume: my_volume /dev/hda5 /etc/volume_key cipher=aes-cbc-essiv:sha256 The /etc/volume_key file contains a plaintext encryption key. You can also specify "none" as the key file name, and the system will ask for the encryption key during boot. It is recommended to use LUKS for filesystem volumes: - Create the encrypted volume using (cryptsetup luksFormat) - Add the necessary entry to /etc/crypttab - Set up the volume manually using (cryptsetup luksOpen) or reboot - Create a filesystem on the encrypted volume - Set up an /etc/fstab entry
Pasted nearly verbatim on: http://fedoraproject.org/wiki/Docs/Beats/FileSystems This content is going to be included in the Web-only snapshot of the Wiki done for test 2 at: http://fedora.redhat.com/docs/release-notes/ These are prominently linked from the top of the in-ISO release notes. Content here should appear in FC6 test3 ISO. Please make any further change to this content directly on the Wiki. For questions about editing and access: http://fedoraproject.org/wiki/WikiEditing Thanks for your contribution.
In there as of fedora-release-notes-5.92-2, closing.
looks good. The obvious question I see coming up is "How does the user tie this in with the installer". Can we have a note on that (I guess we're still at "not quote there yet", or do we plan to have anaconda able to do encrypted non-root FS in FC6?
AFAIK anaconda doesn't support creating encrypted block devices and I'm not aware of any plans for FC6.
Ah OK, so then the release notes should say that clearly.
Could one of you with knowledge on this subject please update the (community maintained) release notes? http://fedoraproject.org/wiki/Docs/Beats/FileSystems Is that the right place? You can also add a not to Docs/Beats/Installer if we need to answer an expectation of usage by Anaconda.
docs people, see BZ entries 124789 and 127378, this should give you some help on writing the docs (and an assigned devel to prod with questions when you're lost ;-)
Reopening bug, as it was originally and still is a blocker for FC6 release notes; the content has not been confirmed to be in the draft (http://fedoraproject.org/wiki/Docs/Drafts/FileSystems). Also, when closing a bug that actually _was_ a bug, NOTABUG is not appropriate. NOTABUG means "this was not a bug, it was something else", rather than meaning "no longer a bug". The proper closure is CURRENTRELEASE with the version. Unfortunately, now that this bug is both blocking RHEL 5 relnotes and FC6 relnotes, I'm not sure which version to close it to.
*** Bug 207233 has been marked as a duplicate of this bug. ***
Fixed in the Wiki, the admonition that Anaconda does not support block devices will be in the section on file systems that was proposed originally in this bug report.