Feature changed by: David Rankin (drankinatty) Feature #314850, revision 9 Title: Ability to create encrypted partitions without using LVM openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: macias - (truemacias) Partner organization: openSUSE.org Description: With no LVM OS installer is too strict when it comes to choose what partitions can be encrypted. From technical POV only /boot partition really has to be left not encrypted but for the rest -- as root, /var, /usr it can be done. So please provide this option in installer. Current lack of support is strange and limits power of the Linux capabilities. Discussion: #1: Jan Engelhardt (jengelh) (2013-02-27 16:28:41) I have to concur. There is nothing that would prohibit root encryption; that is, if you create the crypto volume "behind yast's back", using, for example, the shell that is on tty2, it all works out. It is a bit of manual labor doing cryptsetup, mkfs, and filling in /mnt/etc/cryptotab, but it does work such that, once the machine boots the installed system for the first time, it works from the get-go. #2: Björn Voigt (bjoernv) (2013-09-11 22:11:42) Supporting full encrypted systems (encrypted root partition) without LVM should not be so hard, because it is already possible to transform unencrypted openSUSE setups to setups with encrypted root, swap etc. manually with a rescue system. Currently the main problem is, that the YaST installer refuses to create "/", "/var" and "/usr" partitions with encryption, but without LVM. After manual transformation to a full encrypted setup the system works nearly perfectly: - mkinitrd works - system boots (tested with Grub2) - passphrase input works - existing systems can be updated or re-installed with YaST (not fully tested) A small problem exists: - during boot the passphrases are asked twice, once for "/" and once for "swap", also if both passphrases are the same - the reason is probably that filesystems are handled by one script (with passphrase caching) and swap partitions are handled by another script in "initrd" #3: Neil Rickert (nrickert) (2013-09-16 02:02:24) I agree that this ought to work, and most of the support is there. Some installer changes are needed. I am currently satisfied with encrypted LVM, but I would also test this setup if made available (milestone and beta testing). #4: Florian Koch (fl0) (2014-08-28 18:22:58) any news here? it would be nice if the usage of an encrypted btrfs without lvm was possible. + #5: David Rankin (drankinatty) (2015-04-02 05:54:55) + Encryption without LVM would provide much needed flexibility. It would + be worked with the associated installer inprovements: + https://features.opensuse.org/310279 -- openSUSE Feature: https://features.opensuse.org/314850