Bug 417271 (RHEL5.1-DiskEnc) - RHEL 5.2 Full Disk Encryption Tracker
Summary: RHEL 5.2 Full Disk Encryption Tracker
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: RHEL5.1-DiskEnc
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: distribution
Version: 5.2
Hardware: All
OS: Linux
high
high
Target Milestone: ---
: ---
Assignee: Daniel Riek
QA Contact: Daniel Riek
URL:
Whiteboard:
Depends On: 211247 229865 326611 360071 360621
Blocks: 459600
TreeView+ depends on / blocked
 
Reported: 2007-12-09 15:36 UTC by Daniel Riek
Modified: 2012-04-02 16:05 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-04-02 16:05:53 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Daniel Riek 2007-12-09 15:36:47 UTC
Full Disk Encryption is a government requirement for 5.2. This bug tracks the
changes required,

Comment 1 Daniel Riek 2007-12-09 16:41:28 UTC
[:Usecase:]

There are two main use-cases we are adressing for 5.2:

* Corporate Laptop
   1. User loses laptop with confidential corporate information.
   2. Data is protected from unauthorized access.
         1. Note: Also the swap space is protected 
   3. User receives new laptop and needs to access backup.
   4. User leaves company and critical corporate information is 
      accessed by the corporate IT department. 

* High Security Laptop
   1. The user is authenticated using a smartcard
   2. The attacker is not able to access the system disks
   3. The swap space is protected 

The Corporate Laptop use case is considered mandatory, the
smartcard-authentication is high priority but not a blocker.

The use cases basically translates to full-disk encryption support. So the
requirements are:
* dm-crypt encryption support in the initrd / boot process (mandatory).
** i18n support is desirable but not required for RHEL5 minor releases.
* hibernate / suspend support for encrypted swap space (mandatory).
* setup at least post-install (anaconda support is considered too intrusive)
(mandatory).
* smartcard authentication support in initrd

One option for the installation would be support in livecd-creator.


Comment 2 Sam Knuth 2008-03-04 21:54:46 UTC
Can you confirm if kickstart support is a requirement? We'd like to see that in
5.3. So far F9 seems to be doing what we want with this exception (option only
exists in GUI)

Comment 3 Tony Fu 2008-10-06 01:46:27 UTC
User krafthef's account has been closed

Comment 4 Taunus 2009-03-05 12:53:00 UTC
Of course it should be possible to set encryption on in kickstart.

What is the current status?

Comment 5 Chris Shoemaker 2009-05-23 02:43:49 UTC
AFAICT, it's not yet possible to set encryption in kickstart/livecd-creator.

Comment 6 Taunus 2010-05-14 10:49:45 UTC
There is kickstart encryption in rhel 6 beta and it seems to be working.

Comment 7 Taunus 2010-12-08 07:10:47 UTC
I would close this one since el6 has this feature.


Note You need to log in before you can comment on or make changes to this bug.