Red Hat Bugzilla – Bug 417271
RHEL 5.2 Full Disk Encryption Tracker
Last modified: 2012-04-02 12:05:53 EDT
Full Disk Encryption is a government requirement for 5.2. This bug tracks the
There are two main use-cases we are adressing for 5.2:
* Corporate Laptop
1. User loses laptop with confidential corporate information.
2. Data is protected from unauthorized access.
1. Note: Also the swap space is protected
3. User receives new laptop and needs to access backup.
4. User leaves company and critical corporate information is
accessed by the corporate IT department.
* High Security Laptop
1. The user is authenticated using a smartcard
2. The attacker is not able to access the system disks
3. The swap space is protected
The Corporate Laptop use case is considered mandatory, the
smartcard-authentication is high priority but not a blocker.
The use cases basically translates to full-disk encryption support. So the
* dm-crypt encryption support in the initrd / boot process (mandatory).
** i18n support is desirable but not required for RHEL5 minor releases.
* hibernate / suspend support for encrypted swap space (mandatory).
* setup at least post-install (anaconda support is considered too intrusive)
* smartcard authentication support in initrd
One option for the installation would be support in livecd-creator.
Can you confirm if kickstart support is a requirement? We'd like to see that in
5.3. So far F9 seems to be doing what we want with this exception (option only
exists in GUI)
User email@example.com's account has been closed
Of course it should be possible to set encryption on in kickstart.
What is the current status?
AFAICT, it's not yet possible to set encryption in kickstart/livecd-creator.
There is kickstart encryption in rhel 6 beta and it seems to be working.
I would close this one since el6 has this feature.