Bug 455063 - Add support for XTS (and possibly other algorithms) encryption
Summary: Add support for XTS (and possibly other algorithms) encryption
Alias: None
Product: Fedora
Classification: Fedora
Component: anaconda
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: David Lehman
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: 461697
TreeView+ depends on / blocked
Reported: 2008-07-11 19:05 UTC by Piotr Krawiec
Modified: 2008-09-09 23:05 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-08-26 22:25:41 UTC
Type: ---

Attachments (Terms of Use)

Description Piotr Krawiec 2008-07-11 19:05:44 UTC
Fedora 9 introduced ability to encrypt partitions in installer - AFAIR it's
lrw-benbi encryption. It also asks for password if currently encrypted partition
is detected, as to continue installation with it available. 

Now, I have an LVM setup with my PV encrypted using xts-benbi. Partition gets
detected, I'm asked for my passphrase and then an error occurs. I guess that
installer environment simply lacks needed module(s).

Support for algorithms other than lrw-benbi should be added, then users could
install Fedora on their already-set partitions.

I have no idea if initramfs supports anything other than lrw-benbi, but it
should also be found out and (if there's no support) resolved.

Comment 1 David Lehman 2008-08-26 17:53:40 UTC
We should probably handle preexisting devices with these other ciphers, and I think the mkinitrd support should not be a problem, but for device creation we will, for the time being, keep it simple and stick with aes-cbc-essiv:sha256.

Comment 2 Piotr Krawiec 2008-08-26 18:44:56 UTC
I've successfully deployed Fedora 9 on mentioned LVM-PV-xts-benbi partition setup using Fedora 9 Live CD, so it seems Anaconda and mkinitrd already support custom schemes. That make me pretty sure it's only about including various crypt modules in standard installer environment.

Comment 3 David Lehman 2008-08-26 18:52:35 UTC
That's right -- the cipher mode is stored in the LUKS header, so cryptsetup can determine it without any trouble. All we need to do is include the modules in the installer's runtime environment and make sure they get loaded.

Comment 4 David Lehman 2008-08-26 22:25:41 UTC
The lrw and xts modules should be in trees composed with anaconda- and later.

Please reopen if this is not resolved in the aforementioned tree.

Note You need to log in before you can comment on or make changes to this bug.