Using fedora 18 beta, I try to partition the disk manually. I want to have an ext3 /boot, and an lvm vg (since this is a test installation, it's build upon only one pv), inside which there must be two lv: /, ext4, and /home, luks + ext4.
Steps to Reproduce:
1.I create a /boot partition label
2.I create a / partition, ext4, lvm, not encrypted
3.I then create a /home partition, ext4, lvm, encrypted
Anaconda automatically creates one luks volume and a pv inside it, encrypting the whole logical volume "fedora", including the / filesystem
--- Physical volume ---
PV Name /dev/mapper/luks-[...]
VG Name fedora
PV Size 7.50 GiB
--- Logical Volume ---
LV Path /dev/fedora/home
--- Logical Volume ---
LV Path /dev/fedora/root
I should obtain an ext3 filesystem mounted under /boot, an unencrypted pv, a logical volume for / and another one for a luks partition containing an ext4 filesystem for /home. I choose not to encrypt / because it doesn't contain much sensible data for me (I could be vulnerable to an evil maid attack anyway); encryption causes a noticeable overhead on slow machines and higher power consumption on laptop computers
Did you click the encryption checkbox on the initial storage screen, or did you click it for each filesystem individually? Or both?
I selected it only for the /home filesystem. I didn't select "Encrypt my data. I'll set a passhprase later" on the initial storage screen, and I choose "I don't need help; let me customize disk patitioning"
Created attachment 653591 [details]
Created attachment 653592 [details]
Created attachment 653593 [details]
For the time being this is your only option unless you want to use kickstart to get exactly what you describe. I plan to add some UI control to enable encrypting either logical volumes or the entire volume group, but there are higher priorities at the moment.
I understand that you have other priorities and I don't really need a similar setup now, but I think there shouldn't be another option in the UI: There's already one, and it is the "encrypt" checkbox. Anaconda should determine automatically what to do. It should encrypt the physical volume(s) if all the "mountpoints" in the volume group are to be encrypted, and encrypt individual filesystems in the vg if not all the "mountpoints" are selected to be encrypted. It doesn't make sense otherwise to leave the user free to choose which mountpoints need to be encrypted, IMHO
I have run into this problem as well.
Being able to pick and choose which logical volume you want to encrypt has worked in the previous installations of Fedora/anaconda.
Having a user encrypting their home partition/lv is a fairly normal thing (according to me). Expecting a normal user to be able to setup a luks partition in a kickstart for what they want is entirely another. I'm fine doing a kickstart, but this seems like a big step backwards.
*** Bug 909228 has been marked as a duplicate of this bug. ***
This is definitely present since 19.22. Please test it out (Fedora 19 Beta includes the code) and file new bugs if you find problems. Thanks! I did a quick test of encrypting /home but not / , both as LVs within the same VG, and it looks to have worked OK.