Bug 417271 - (RHEL5.1-DiskEnc) RHEL 5.2 Full Disk Encryption Tracker
RHEL 5.2 Full Disk Encryption Tracker
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: distribution (Show other bugs)
All Linux
high Severity high
: ---
: ---
Assigned To: Daniel Riek
Daniel Riek
: FutureFeature, Tracking
Depends On: 211247 229865 326611 360071 360621
Blocks: 459600
  Show dependency treegraph
Reported: 2007-12-09 10:36 EST by Daniel Riek
Modified: 2012-04-02 12:05 EDT (History)
17 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-04-02 12:05:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Daniel Riek 2007-12-09 10:36:47 EST
Full Disk Encryption is a government requirement for 5.2. This bug tracks the
changes required,
Comment 1 Daniel Riek 2007-12-09 11:41:28 EST

There are two main use-cases we are adressing for 5.2:

* Corporate Laptop
   1. User loses laptop with confidential corporate information.
   2. Data is protected from unauthorized access.
         1. Note: Also the swap space is protected 
   3. User receives new laptop and needs to access backup.
   4. User leaves company and critical corporate information is 
      accessed by the corporate IT department. 

* High Security Laptop
   1. The user is authenticated using a smartcard
   2. The attacker is not able to access the system disks
   3. The swap space is protected 

The Corporate Laptop use case is considered mandatory, the
smartcard-authentication is high priority but not a blocker.

The use cases basically translates to full-disk encryption support. So the
requirements are:
* dm-crypt encryption support in the initrd / boot process (mandatory).
** i18n support is desirable but not required for RHEL5 minor releases.
* hibernate / suspend support for encrypted swap space (mandatory).
* setup at least post-install (anaconda support is considered too intrusive)
* smartcard authentication support in initrd

One option for the installation would be support in livecd-creator.
Comment 2 Sam Folk-Williams 2008-03-04 16:54:46 EST
Can you confirm if kickstart support is a requirement? We'd like to see that in
5.3. So far F9 seems to be doing what we want with this exception (option only
exists in GUI)
Comment 3 Tony Fu 2008-10-05 21:46:27 EDT
User krafthef@redhat.com's account has been closed
Comment 4 Taunus 2009-03-05 07:53:00 EST
Of course it should be possible to set encryption on in kickstart.

What is the current status?
Comment 5 Chris Shoemaker 2009-05-22 22:43:49 EDT
AFAICT, it's not yet possible to set encryption in kickstart/livecd-creator.
Comment 6 Taunus 2010-05-14 06:49:45 EDT
There is kickstart encryption in rhel 6 beta and it seems to be working.
Comment 7 Taunus 2010-12-08 02:10:47 EST
I would close this one since el6 has this feature.

Note You need to log in before you can comment on or make changes to this bug.