Root filesystem encryption update

Karsten Hopp karsten at redhat.com
Mon Jun 18 13:09:48 UTC 2007


Thomas Swan schrieb:
> Here's another go.  
> 
> This patch applies to the current mkinitrd SRPM set (except the 
> mkinitrd.spec file) and the patched mkinitrd package is available via 
> yum at < http://www.cygnetech.com/linux/repos/>
> 
> I incorporated the feedback I have received and have changed the patches 
> to use options stored in /etc/sysconfig/mkinitrd.
> 
> I have one option in development that will let you boot and reference 
> the root filesystem by UUID, but it's not finished yet.  The current 
> developmental UUID hack relies on bash and find included in the initrd 
> image, but I want a static binary or cryptsetup patch.
> 
> I'm also exploring creating some screens for anaconda, but that's a 
> steep learning curve.
> 
> Should encryption be an option on the disk partition option or an option 
> to pick the type of installation right after the greeting?
> 


UUID support needs a patch in e2fsprogs which I've submitted upstream for
review some time ago. This makes bash hacks obsolete. My system is running
with UUIDs only in fstab and crypttab, there are no hardcoded device names
required anymore.
Please note that I've achieved this with the mkinitrd patch available in
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124789 , but I'll take
a look at your patch as well.
There's also a wiki page about encryption at
http://fedoraproject.org/wiki/Releases/FeatureEncryptedFilesystems

  Regards

     Karsten


--
  Karsten Hopp        | Mail: karsten at redhat.de
  Red Hat Deutschland | Tel: +49-711-96437-0
  Hauptstaetterstr.58 | Fax: +49-711-613590
  D-70178 Stuttgart   | http://www.redhat.de




More information about the fedora-devel-list mailing list