On Wed, 2011-02-16 at 18:55 -0600, dabicho wrote: > Hello. > I am having troubles understanding how encrypted partitions are > supposed to work and how to get my dessired effect ON Fedora 14 > > I am writing a kickstart por an automated installation. > I wrote the following for the partitions: > > > part / --encrypted --passphrase=pass1 --size=10000 > part /boot --size=200 > part /var/lib/pgsql --encrypted --passphrase=pass2 --grow --size=1 > part /var --encrypted --passphrase=pass3 --size=10000 > part /tmp --encrypted --passphrase=pass4 --size=3000 > part swap --encrypted --recommended > > I thought that uppon boot I would be asked for each passphrase in > turn, however I am asked only for one passphrase, without any > indication as to whichone, and that being the passphrase for the first > partition defined ( / ), and that would enable mounting of all the > partitions. > > What am I missing here? It seems like you're not missing anything. Each of the partitions should use the passphrase you have specified for that partition. File a bug at bugzilla.redhat.com against Fedora 14 if this isn't working correctly. Be sure to include a description like the one above as well as your kickstart file when you enter the bug report. > What should I do if I needed the system to ask for each passphrase in > turn? or at a later time (database partition)? This is the intended/expected behavior. > > Also, I have seen no options to speciphy a cipher or other encryption > parameters anywhere. This is not supported by anaconda/kickstart. To get a cipher other than the default (aes-xts-plain64 with a 512-byte key) you will have to set up the encrypted devices yourself. > Is it posible to prepare encrypted partitions on the %pre script? Of course. Once you have created your devices using parted, pvcreate, lvcreate, and/or mdadm you can encrypt them using cryptsetup. In F14 you must make sure to deactivate/close all of your newly created devices before exiting from the %pre script. > > Thank you. > any pointer is appreciated. http://docs.fedoraproject.org/en-US/Fedora/14/html/Installation_Guide/apcs02.html This is Appendix C from the Fedora 14 Installation Guide, entitled "Disk Encryption". There are several pages that explain concepts, best-practices, and actual example commands for setting up encrypted block devices. David -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
