http://bugzilla.suse.com/show_bug.cgi?id=1137056 http://bugzilla.suse.com/show_bug.cgi?id=1137056#c7 Jiri Srain <jsrain@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(jsrain@suse.com) | --- Comment #7 from Jiri Srain <jsrain@suse.com> --- There is another option: Have /boot outside the encrypted volume as a separate partition. Then you need to enter the password only once. However, if you want to use snapper, then you kernel/initrd cannot be snapshotted. What I wanted to point out: It is not possible to put the key there unconditionally even if we accept the risk. In any case: The installer should not implement this request before it gets blessing from the security team. If the design is evaluated as not bringing any additional not acceptable risk, then IMO any approach that improves the usability will be welcome (by myself too). Security team is in NEEDINFO, let them evaluate this idea. -- You are receiving this mail because: You are on the CC list for the bug.