Feature changed by: Olli Artemjev (grey_olli)
Feature #305633, revision 26
Title: Support installation with encrypted root file system
Requested by: Stephan Kleine (bitshuffler)
One thing openSUSE is really missing, compared with other popular
distributions, is the ability to install into an encrypted root file
system so _everything_ is encrypted.
While the manual installation / setup like described at
it is still cumbersome and error-prone to setup - especially on systems
with small hard disks like e.g. laptops.
IMHO this subject gets more and more important not only for laptops but
also for normal workstations with respect to the global decline of
Since all the necessary software is in place and Yast already has the
option (including the GUI) to encrypt /home this shouldn't be that hard
to do and would be a great feature for 11.1 (especially if you keep in
mind that this will be the base for the next SLE version and
corporations love security functionality provided out of the box as an
Important points are:
1. it should work with LVMs as well 2. it should be possible to
automatically generate a key on startup to encrypt the swap partition
(given, this would disable suspend) 3. one should be able to use the
same password for several partitions so one has to enter it just one
time instead of once for every partition.
* Bug #397411 - Hibernation won't work with encrypted swap
* Bug #399298 - encrypt swap partions by default on every boot using a
* Bug #166067 - sysinfo:/ does not list encrypted /home partition
* Bug #467349 - Partitioner does not allow to configure LVM2 on top of
- Easy to use Full Disk Encryption (feature/id: 304470)
- Support installation with encrypted root file system
- Partitioner does not allow to configure LVM2 on top of DM-Crypt
#1: Arvin Schnell (aschnell) (2008-08-08 11:39:11)
Full disk encryption is already under discussion in fate #304470.
Sorry, but it's not public.
#2: Stephan Kleine (bitshuffler) (2008-12-17 09:49:10)
Reopened because the whole installer was rewritten but still no one
cared to add this.
I'm sorry, but this feature request is about adding root file system
encryption to openSUSE. When, or if at all, you add it to SLE, I
couldn't care less about it, but I surely don't want to wait till SLE
Also I understand that you don't want to track and update 2 different
locations but, since that feature is asked for quite often, IMHO there
should be a location for openSUSE users to express their need (as in
vote) for it and to CC themself to get notified on updates / when it
finally is implemented.
Making the fate entry public at https://features.opensuse.org/
nice to have as well (since it isn't actual rocket science and suse is
one of the last distributions to add this feature there shouldn't be a
reason to track this behind closed doors) but I can happily live
without it as long as you leave this request open so people can vote
for it & cc themself.
Thanks a lot.
#5: Andreas Jaeger (a_jaeger) (2009-01-21 15:13:20)
Bug #467349 says: With the current partitioner in the openSuSE 11.1
Installer it is not possible to configure a partition for encryption
using dm-crypt and then using the resulting device for LVM2. This
missing feature hurts a lot because it requires the user who wants to
encrypt the whole disk including swap to enter multiple passwords at
boot. Swap encryption with a user defined password is very useful for
encrypted suspend/resume on notebooks.
#6: Andreas Jaeger (a_jaeger) (2009-01-21 15:14:14) (reply to #5)
If we do this feature, we should check whether we do #5 as well - and
then might need to do an extra feature for it.
#7: Duncan Mac-Vicar (dmacvicar) (2009-01-30 14:45:44)
Duplicate of #304470 ?
+ #8: Olli Artemjev (grey_olli) (2009-05-15 03:42:44)
+ Just my vote - the entire encryption should be supported at
+ installation time.At least I've installed on pc designated to
+ collocation current debian w/entire encription and /boot on removable
+ (usb flash) w/o seriouse problems(short description in Russian here:
) via installation
+ interface - noterminal hand made commands intervention required.I see 3
+ variants: encrypted devices as physical volumes for LVM volume groups.
+ encryption of LVM logical volumesjust encrypted devices w/o LVMAt least
+ 1st one is easy w/ Debian install now. Hope next SuSE will 've thiseasy
+ too, better if all 3 variants. :)
+ #9: Olli Artemjev (grey_olli) (2009-05-15 03:48:12)
+ generally I guess there're a lot (or some?) of people who're lasy
+ enough to move to anover distribution if it supports secure offline
+ data from the box . At least I've installed Debian due to lacking of
+ entire encryption in SuSE when I had such a must have option. =)