Full Disk Encryption is a government requirement for 5.2. This bug tracks the changes required,
[:Usecase:] There are two main use-cases we are adressing for 5.2: * Corporate Laptop 1. User loses laptop with confidential corporate information. 2. Data is protected from unauthorized access. 1. Note: Also the swap space is protected 3. User receives new laptop and needs to access backup. 4. User leaves company and critical corporate information is accessed by the corporate IT department. * High Security Laptop 1. The user is authenticated using a smartcard 2. The attacker is not able to access the system disks 3. The swap space is protected The Corporate Laptop use case is considered mandatory, the smartcard-authentication is high priority but not a blocker. The use cases basically translates to full-disk encryption support. So the requirements are: * dm-crypt encryption support in the initrd / boot process (mandatory). ** i18n support is desirable but not required for RHEL5 minor releases. * hibernate / suspend support for encrypted swap space (mandatory). * setup at least post-install (anaconda support is considered too intrusive) (mandatory). * smartcard authentication support in initrd One option for the installation would be support in livecd-creator.
Can you confirm if kickstart support is a requirement? We'd like to see that in 5.3. So far F9 seems to be doing what we want with this exception (option only exists in GUI)
User krafthef's account has been closed
Of course it should be possible to set encryption on in kickstart. What is the current status?
AFAICT, it's not yet possible to set encryption in kickstart/livecd-creator.
There is kickstart encryption in rhel 6 beta and it seems to be working.
I would close this one since el6 has this feature.