Root filesystem encryption update

[Karsten Hopp]

Peter Jones schrieb:
> Thomas Swan wrote:
> 
>> I think we might be putting the cart before the horse.
> 
> I'm *sure* we're putting the cart before the horse -- that's what Jeremy 
> and I have been getting at.  It's possible to solve these problems, but 
> there are other things that need to be done before we'll have a good 
> solution.  More on that below.
> 
>> A user would be thawing from hibernation on a machine with an
>> *existing* installation. Therefore language, and keymaps would have
>> been chosen (during installation) prior to the hibernate operation.
> 
> Yeah, we can definitely store something that's right /some/ of the time. 
> Just be aware that there are lots of corner cases.  As an example, I 
> often suspend my laptop before driving to work in the morning.  When it 
> resumes, it's in a docking station and there's a different keyboard, 
> with a somewhat different key map.
> 
> It's not that getting a password from the user on resume is an 
> intractable problem, but that there are steps to be taken before we can 
> solve it in a way that maintains the level of quality and support 
> expected of Fedora.  We've got (some of) the filesystem technology to do 
> this, and that's one piece.  Another piece is getting video mode setting 
> into the kernel so we can display the graphics required for non-European 
> languages early on in a cleaner way than e.g. svgalib, without having to 
> pull in all of X.  There's work going forward on this.
> 
> Point being, it's a complex feature, and a lot of the traffic on the 
> list seems to ignore many aspects of why.
> 


I agree that getting encryption support into the initrd is just one of many pieces,
but it is a first step that can be done now without having to wait for the kernel side even
if it means that some users can't use root FS encryption in their native language at the moment.
But it gives us some time to find bugs and fix them before we put all the pieces together.

   Karsten