Description
Support the use of encrypted filesystems for anything other than /boot using cryptsetup and LUKS. This includes install time creation/configuration, as well as integrated support in mkinitrd and initscripts (others?). Currently we are only pursuing support for encrypted devices using cryptsetup/LUKS.
When using encrypted file systems/block devices, the rescue mode functionality should continue to work as expected, and not create situations where the encryption leads to undesired errors; in particular, a user should be able to successfully enter rescue mode for a system that has its root fs on an encrypted block device.
References:
Steps To Reproduce
Set up the system that rescue mode will access:
- Boot anaconda
- Proceed to the partitioning dialog
- Select the checkbox item "Encrypt system"
- Enter and confirm the passphrase in a pop up dialog for the encrypted filesystem
- choose default partitioning layout and continue to the disk druid partition screen
- continue with installation
- after installation, restart the installer and select rescue mode
- in rescue mode, verify the ability to successfully mount examine and change the contents of the root fs on the encrypted block device
"Remove linux partitions on selected drives and create default layout" should create a partitioning scheme where the root filesystem in on an encrypted block device.
Expected Results
- Confirmed "Encrypt system" item is checked
- Verify installation completes successfully
- Upon restarting the installer in rescue mode, the user is asked for the LUKS passphrase
- Confirm that rescue mode successfully mounted the root fs and that the user in rescue mode can make changes to the filesystem
- Verify rescue mode session completes successfully