Description
Support the use of encrypted filesystems for anything other than /boot using cryptsetup and LUKS. This includes install time creation/configuration, as well as integrated support in mkinitrd and initscripts (others?). For additional details, consult the http://docs.fedoraproject.org/install-guide/f40/en-US/html/Disk_Encryption_Guide.html.
When using encrypted file systems/block devices, the functionality should continue to work as expected, and not create situations where the encryption leads to undesired errors.
References:
How to test
- Boot the installer using any available means (boot.iso, CD, DVD, Live image or PXE)
- At the first disk partitioning screen, select Use entire drive, Encrypt System, and Review and modify partitioning layout. Proceed to the next screen by selecting Next
- Ensure that each LVM logical volume is configured for encryption. You may need to edit the physical volume properties and select Encrypt
- Ensure that each LVM physical volume is configured for encryption. You may need to edit the physical volume properties and select Encrypt
- Proceed to the next step by clicking Next
- When prompted, enter a passphrase twice
- Complete the installation as desired
Expected Results
- The system should install successfully
- A lock icon appears next to all disk partitions configured for encryption
- The system should prompt for your passphrase only once during boot
- The system unlocks the encrypted partition(s) and boots successfully
- an entry for each encrypted disk partition exists in /etc/crypttab