Created attachment 349973 [details] Add --escrowcert and --backuppassphrase This patch adds key escrow directives to pykickstart, used to store the encryption keys (and optionally create backup passphrases) of encrypted volumes. The options apply to the "autopart" and "part" commands: * --escrowcert=URL_for_X509_certificate If the volume is encrypted, store the encryption key used for the volume in /root/$label-$uuid-escrow of the installed system, encrypting it for the specified certificate. * --backuppassphrase If --escrowcert is specified, and the volume format supports it (LUKS does), add an additional, randomly generated, passphrase to the volume, and store it in /root/$label-$uuid-escrow-backup-passphrase .
Thanks for the patch. I'll examine it later. This will of course also require an anaconda patch to do the hard work.
Created attachment 351082 [details] Add --escrowcert and --backuppassphrase Updated patch, adding the same options to the "raid" and "logvol" commands.
Thanks for the patch. I've added this to the git repo and pushed.