Feature changed by: Björn Voigt (bjoernv) Feature #314850, revision 5 Title: Ability to create encrypted partitions without using LVM openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Maciej Pilichowski (truemacias) Partner organization: openSUSE.org Description: With no LVM OS installer is too strict when it comes to choose what partitions can be encrypted. From technical POV only /boot partition really has to be left not encrypted but for the rest -- as root, /var, /usr it can be done. So please provide this option in installer. Current lack of support is strange and limits power of the Linux capabilities. Discussion: #1: Jan Engelhardt (jengelh) (2013-02-27 16:28:41) I have to concur. There is nothing that would prohibit root encryption; that is, if you create the crypto volume "behind yast's back", using, for example, the shell that is on tty2, it all works out. It is a bit of manual labor doing cryptsetup, mkfs, and filling in /mnt/etc/cryptotab, but it does work such that, once the machine boots the installed system for the first time, it works from the get-go. + #2: Björn Voigt (bjoernv) (2013-09-11 22:11:42) + Supporting full encrypted systems (encrypted root partition) without + LVM should not be so hard, because it is already possible to transform + unencrypted openSUSE setups to setups with encrypted root, swap etc. + manually with a rescue system. Currently the main problem is, that the + YaST installer refuses to create "/", "/var" and "/usr" partitions with + encryption, but without LVM. After manual transformation to a full + encrypted setup the system works nearly perfectly: - mkinitrd works - + system boots (tested with Grub2) - passphrase input works - existing + systems can be updated or re-installed with YaST (not fully tested) + A small problem exists: - during boot the passphrases are asked twice, + once for "/" and once for "swap", also if both passphrases are the same + - the reason is probably that filesystems are handled by one script + (with passphrase caching) and swap partitions are handled by another + script in "initrd" -- openSUSE Feature: https://features.opensuse.org/314850