Bug 417271 – RHEL 5.2 Full Disk Encryption Tracker

Bug 417271 - (RHEL5.1-DiskEnc) RHEL 5.2 Full Disk Encryption Tracker

Summary:	RHEL 5.2 Full Disk Encryption Tracker

Status:	CLOSED CURRENTRELEASE

Aliases:	RHEL5.1-DiskEnc

Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	distribution (Show other bugs)
Sub Component:
Version:	5.2
Hardware:	All Linux

Priority	high Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Daniel Riek
QA Contact:	Daniel Riek
Docs Contact:

URL:
Whiteboard:
Keywords:	FutureFeature, Tracking

Depends On:	211247 229865 326611 360071 360621
Blocks:	459600
	Show dependency tree / graph

Reported:	2007-12-09 10:36 EST by Daniel Riek
Modified:	2012-04-02 12:05 EDT (History)
CC List:	17 users (show)

See Also:
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2012-04-02 12:05:53 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Daniel Riek 2007-12-09 10:36:47 EST

Full Disk Encryption is a government requirement for 5.2. This bug tracks the
changes required,

Comment 1 Daniel Riek 2007-12-09 11:41:28 EST

[:Usecase:]

There are two main use-cases we are adressing for 5.2:

* Corporate Laptop
   1. User loses laptop with confidential corporate information.
   2. Data is protected from unauthorized access.
         1. Note: Also the swap space is protected 
   3. User receives new laptop and needs to access backup.
   4. User leaves company and critical corporate information is 
      accessed by the corporate IT department. 

* High Security Laptop
   1. The user is authenticated using a smartcard
   2. The attacker is not able to access the system disks
   3. The swap space is protected 

The Corporate Laptop use case is considered mandatory, the
smartcard-authentication is high priority but not a blocker.

The use cases basically translates to full-disk encryption support. So the
requirements are:
* dm-crypt encryption support in the initrd / boot process (mandatory).
** i18n support is desirable but not required for RHEL5 minor releases.
* hibernate / suspend support for encrypted swap space (mandatory).
* setup at least post-install (anaconda support is considered too intrusive)
(mandatory).
* smartcard authentication support in initrd

One option for the installation would be support in livecd-creator.

Comment 2 Sam Folk-Williams 2008-03-04 16:54:46 EST

Can you confirm if kickstart support is a requirement? We'd like to see that in
5.3. So far F9 seems to be doing what we want with this exception (option only
exists in GUI)

Comment 3 Tony Fu 2008-10-05 21:46:27 EDT

User krafthef@redhat.com's account has been closed

Comment 4 Taunus 2009-03-05 07:53:00 EST

Of course it should be possible to set encryption on in kickstart.

What is the current status?

Comment 5 Chris Shoemaker 2009-05-22 22:43:49 EDT

AFAICT, it's not yet possible to set encryption in kickstart/livecd-creator.

Comment 6 Taunus 2010-05-14 06:49:45 EDT

There is kickstart encryption in rhel 6 beta and it seems to be working.

Comment 7 Taunus 2010-12-08 02:10:47 EST

I would close this one since el6 has this feature.

Note You need to log in before you can comment on or make changes to this bug.