Bug 438955 - Installer doesn't encrypt partitions
Installer doesn't encrypt partitions
Product: Fedora
Classification: Fedora
Component: anaconda (Show other bugs)
i386 Linux
low Severity medium
: ---
: ---
Assigned To: David Lehman
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-03-26 02:38 EDT by Stefan Becker
Modified: 2008-03-29 08:36 EDT (History)
0 users

See Also:
Fixed In Version: anaconda-
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-03-28 12:10:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Stefan Becker 2008-03-26 02:38:37 EDT
The Fedora 9 Beta installer offers an "enrypt" option for partitions:

 - It "forgets" if you select this option, i.e. when you edit the partition
again the setting is lost

 - If you have selected it and proceed with the installation it doesn't ask for
passwords nor encrypt the partitions
Comment 1 David Lehman 2008-03-27 13:46:35 EDT
I was unable to replicate the behavior you described. Can you please provide a
detailed description of the process so I might make another attempt?
Comment 2 Stefan Becker 2008-03-28 01:54:47 EDT
I downloaded the Fedora 9 Beta DVD .iso, mounted & exported that on my HTTP
server, copied the PXE boot images onto my existing /boot partition and rebooted
to that kernel via GRUB, I chose "custom partition layout" in the installer so
that I could reuse the existing Fedora 8 harddisk setup:

Paritions on sda:
   sda1   ext3, /boot
   sda2   LVM VG 0

   VolGroup00-LogVol00    LUKS encrypted, ext3, /root
   VolGroup00-LogVol01    LUKS encrypted, swap
   VolGroup00-LogVol02    LUKS encrypted, ext3, /home
   VolGroup00-LogVol03    free

As the installer didn't recognize the existing LUKS encrypted partitions (see
also bug #438954), I decided to only reuse some partitions and selected the
following options:

   sda1                  ext3, do not format, /boot
   VolGroup00-LogVol03   ext3, format, encrypt, /root
   VolGroup00-LogVol01   swap, format, encrypt

Every time I went back into the edit dialog for LV1 or LV3 the encrypt option
was deselected. When I went ahead to continue the installation the partitions
were only formatted but not encrypted.

I can't loose the current Fedora 8 setup so I can't do a fresh install.
Comment 3 David Lehman 2008-03-28 12:10:50 EDT
Sorry for the confusion. The checkbutton in the dialog to edit the LV is
non-functional. F9-Beta does not support encrypting logical volumes. It does,
however, support encrypting PVs, partitions, and RAID devices (not RAID members,
though). Support for encrypted LVs is now in rawhide, so it will likely be in F9.
Comment 4 Stefan Becker 2008-03-29 08:36:32 EDT
Confirmed. With todays rawhide I was able to select encryption for the root and
swap LVM partitions and was asked for the password. The installer then encrypted
and formatted them correctly.

Unfortunately the install later aborted due to a package missing error so I was
unable to really test the encryption support in Fedora 9 after all :-(

Note You need to log in before you can comment on or make changes to this bug.