[New: openFATE 314850] Ability to create encrypted partitions without using LVM
Feature added by: Maciej Pilichowski (truemacias) Feature #314850, revision 1 Title: Ability to create encrypted partitions without using LVM openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Maciej Pilichowski (truemacias) Partner organization: openSUSE.org Description: With no LVM OS installer is too strict when it comes to choose what partitions can be encrypted. From technical POV only /boot partition really has to be left not encrypted but for the rest -- as root, /var, /usr it can be done. So please provide this option in installer. Current lack of support is strange and limits power of the Linux capabilities. -- openSUSE Feature: https://features.opensuse.org/314850
Feature changed by: Jan Engelhardt (jengelh) Feature #314850, revision 3 Title: Ability to create encrypted partitions without using LVM openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Maciej Pilichowski (truemacias) Partner organization: openSUSE.org Description: With no LVM OS installer is too strict when it comes to choose what partitions can be encrypted. From technical POV only /boot partition really has to be left not encrypted but for the rest -- as root, /var, /usr it can be done. So please provide this option in installer. Current lack of support is strange and limits power of the Linux capabilities. + Discussion: + #1: Jan Engelhardt (jengelh) (2013-02-27 16:28:41) + I have to concur. There is nothing that would prohibit root encryption; + that is, if you create the crypto volume "behind yast's back", using, + for example, the shell that is on tty2, it all works out. It is a bit + of manual labor doing cryptsetup, mkfs, and filling in + /mnt/etc/cryptotab, but it does work such that, once the machine boots + the installed system for the first time, it works from the get-go. -- openSUSE Feature: https://features.opensuse.org/314850
Feature changed by: Björn Voigt (bjoernv) Feature #314850, revision 5 Title: Ability to create encrypted partitions without using LVM openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Maciej Pilichowski (truemacias) Partner organization: openSUSE.org Description: With no LVM OS installer is too strict when it comes to choose what partitions can be encrypted. From technical POV only /boot partition really has to be left not encrypted but for the rest -- as root, /var, /usr it can be done. So please provide this option in installer. Current lack of support is strange and limits power of the Linux capabilities. Discussion: #1: Jan Engelhardt (jengelh) (2013-02-27 16:28:41) I have to concur. There is nothing that would prohibit root encryption; that is, if you create the crypto volume "behind yast's back", using, for example, the shell that is on tty2, it all works out. It is a bit of manual labor doing cryptsetup, mkfs, and filling in /mnt/etc/cryptotab, but it does work such that, once the machine boots the installed system for the first time, it works from the get-go. + #2: Björn Voigt (bjoernv) (2013-09-11 22:11:42) + Supporting full encrypted systems (encrypted root partition) without + LVM should not be so hard, because it is already possible to transform + unencrypted openSUSE setups to setups with encrypted root, swap etc. + manually with a rescue system. Currently the main problem is, that the + YaST installer refuses to create "/", "/var" and "/usr" partitions with + encryption, but without LVM. After manual transformation to a full + encrypted setup the system works nearly perfectly: - mkinitrd works - + system boots (tested with Grub2) - passphrase input works - existing + systems can be updated or re-installed with YaST (not fully tested) + A small problem exists: - during boot the passphrases are asked twice, + once for "/" and once for "swap", also if both passphrases are the same + - the reason is probably that filesystems are handled by one script + (with passphrase caching) and swap partitions are handled by another + script in "initrd" -- openSUSE Feature: https://features.opensuse.org/314850
Feature changed by: Neil Rickert (nrickert) Feature #314850, revision 6 Title: Ability to create encrypted partitions without using LVM openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Maciej Pilichowski (truemacias) Partner organization: openSUSE.org Description: With no LVM OS installer is too strict when it comes to choose what partitions can be encrypted. From technical POV only /boot partition really has to be left not encrypted but for the rest -- as root, /var, /usr it can be done. So please provide this option in installer. Current lack of support is strange and limits power of the Linux capabilities. Discussion: #1: Jan Engelhardt (jengelh) (2013-02-27 16:28:41) I have to concur. There is nothing that would prohibit root encryption; that is, if you create the crypto volume "behind yast's back", using, for example, the shell that is on tty2, it all works out. It is a bit of manual labor doing cryptsetup, mkfs, and filling in /mnt/etc/cryptotab, but it does work such that, once the machine boots the installed system for the first time, it works from the get-go. #2: Björn Voigt (bjoernv) (2013-09-11 22:11:42) Supporting full encrypted systems (encrypted root partition) without LVM should not be so hard, because it is already possible to transform unencrypted openSUSE setups to setups with encrypted root, swap etc. manually with a rescue system. Currently the main problem is, that the YaST installer refuses to create "/", "/var" and "/usr" partitions with encryption, but without LVM. After manual transformation to a full encrypted setup the system works nearly perfectly: - mkinitrd works - system boots (tested with Grub2) - passphrase input works - existing systems can be updated or re-installed with YaST (not fully tested) A small problem exists: - during boot the passphrases are asked twice, once for "/" and once for "swap", also if both passphrases are the same - the reason is probably that filesystems are handled by one script (with passphrase caching) and swap partitions are handled by another script in "initrd" + #3: Neil Rickert (nrickert) (2013-09-16 02:02:24) + I agree that this ought to work, and most of the support is there. Some + installer changes are needed. + I am currently satisfied with encrypted LVM, but I would also test this + setup if made available (milestone and beta testing). -- openSUSE Feature: https://features.opensuse.org/314850
Feature changed by: Florian Koch (fl0) Feature #314850, revision 7 Title: Ability to create encrypted partitions without using LVM openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Maciej Pilichowski (truemacias) Partner organization: openSUSE.org Description: With no LVM OS installer is too strict when it comes to choose what partitions can be encrypted. From technical POV only /boot partition really has to be left not encrypted but for the rest -- as root, /var, /usr it can be done. So please provide this option in installer. Current lack of support is strange and limits power of the Linux capabilities. Discussion: #1: Jan Engelhardt (jengelh) (2013-02-27 16:28:41) I have to concur. There is nothing that would prohibit root encryption; that is, if you create the crypto volume "behind yast's back", using, for example, the shell that is on tty2, it all works out. It is a bit of manual labor doing cryptsetup, mkfs, and filling in /mnt/etc/cryptotab, but it does work such that, once the machine boots the installed system for the first time, it works from the get-go. #2: Björn Voigt (bjoernv) (2013-09-11 22:11:42) Supporting full encrypted systems (encrypted root partition) without LVM should not be so hard, because it is already possible to transform unencrypted openSUSE setups to setups with encrypted root, swap etc. manually with a rescue system. Currently the main problem is, that the YaST installer refuses to create "/", "/var" and "/usr" partitions with encryption, but without LVM. After manual transformation to a full encrypted setup the system works nearly perfectly: - mkinitrd works - system boots (tested with Grub2) - passphrase input works - existing systems can be updated or re-installed with YaST (not fully tested) A small problem exists: - during boot the passphrases are asked twice, once for "/" and once for "swap", also if both passphrases are the same - the reason is probably that filesystems are handled by one script (with passphrase caching) and swap partitions are handled by another script in "initrd" #3: Neil Rickert (nrickert) (2013-09-16 02:02:24) I agree that this ought to work, and most of the support is there. Some installer changes are needed. I am currently satisfied with encrypted LVM, but I would also test this setup if made available (milestone and beta testing). + #4: Florian Koch (fl0) (2014-08-28 18:22:58) + any news here? it would be nice if the usage of an encrypted btrfs + without lvm was possible. -- openSUSE Feature: https://features.opensuse.org/314850
Feature changed by: David Rankin (drankinatty) Feature #314850, revision 9 Title: Ability to create encrypted partitions without using LVM openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: macias - (truemacias) Partner organization: openSUSE.org Description: With no LVM OS installer is too strict when it comes to choose what partitions can be encrypted. From technical POV only /boot partition really has to be left not encrypted but for the rest -- as root, /var, /usr it can be done. So please provide this option in installer. Current lack of support is strange and limits power of the Linux capabilities. Discussion: #1: Jan Engelhardt (jengelh) (2013-02-27 16:28:41) I have to concur. There is nothing that would prohibit root encryption; that is, if you create the crypto volume "behind yast's back", using, for example, the shell that is on tty2, it all works out. It is a bit of manual labor doing cryptsetup, mkfs, and filling in /mnt/etc/cryptotab, but it does work such that, once the machine boots the installed system for the first time, it works from the get-go. #2: Björn Voigt (bjoernv) (2013-09-11 22:11:42) Supporting full encrypted systems (encrypted root partition) without LVM should not be so hard, because it is already possible to transform unencrypted openSUSE setups to setups with encrypted root, swap etc. manually with a rescue system. Currently the main problem is, that the YaST installer refuses to create "/", "/var" and "/usr" partitions with encryption, but without LVM. After manual transformation to a full encrypted setup the system works nearly perfectly: - mkinitrd works - system boots (tested with Grub2) - passphrase input works - existing systems can be updated or re-installed with YaST (not fully tested) A small problem exists: - during boot the passphrases are asked twice, once for "/" and once for "swap", also if both passphrases are the same - the reason is probably that filesystems are handled by one script (with passphrase caching) and swap partitions are handled by another script in "initrd" #3: Neil Rickert (nrickert) (2013-09-16 02:02:24) I agree that this ought to work, and most of the support is there. Some installer changes are needed. I am currently satisfied with encrypted LVM, but I would also test this setup if made available (milestone and beta testing). #4: Florian Koch (fl0) (2014-08-28 18:22:58) any news here? it would be nice if the usage of an encrypted btrfs without lvm was possible. + #5: David Rankin (drankinatty) (2015-04-02 05:54:55) + Encryption without LVM would provide much needed flexibility. It would + be worked with the associated installer inprovements: + https://features.opensuse.org/310279 -- openSUSE Feature: https://features.opensuse.org/314850
Feature changed by: Jan Engelhardt (jengelh) Feature #314850, revision 3 Title: Ability to create encrypted partitions without using LVM openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Maciej Pilichowski (truemacias) Partner organization: openSUSE.org Description: With no LVM OS installer is too strict when it comes to choose what partitions can be encrypted. From technical POV only /boot partition really has to be left not encrypted but for the rest -- as root, /var, /usr it can be done. So please provide this option in installer. Current lack of support is strange and limits power of the Linux capabilities. + Discussion: + #1: Jan Engelhardt (jengelh) (2013-02-27 16:28:41) + I have to concur. There is nothing that would prohibit root encryption; + that is, if you create the crypto volume "behind yast's back", using, + for example, the shell that is on tty2, it all works out. It is a bit + of manual labor doing cryptsetup, mkfs, and filling in + /mnt/etc/cryptotab, but it does work such that, once the machine boots + the installed system for the first time, it works from the get-go. -- openSUSE Feature: https://features.opensuse.org/314850
Feature changed by: Björn Voigt (bjoernv) Feature #314850, revision 5 Title: Ability to create encrypted partitions without using LVM openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Maciej Pilichowski (truemacias) Partner organization: openSUSE.org Description: With no LVM OS installer is too strict when it comes to choose what partitions can be encrypted. From technical POV only /boot partition really has to be left not encrypted but for the rest -- as root, /var, /usr it can be done. So please provide this option in installer. Current lack of support is strange and limits power of the Linux capabilities. Discussion: #1: Jan Engelhardt (jengelh) (2013-02-27 16:28:41) I have to concur. There is nothing that would prohibit root encryption; that is, if you create the crypto volume "behind yast's back", using, for example, the shell that is on tty2, it all works out. It is a bit of manual labor doing cryptsetup, mkfs, and filling in /mnt/etc/cryptotab, but it does work such that, once the machine boots the installed system for the first time, it works from the get-go. + #2: Björn Voigt (bjoernv) (2013-09-11 22:11:42) + Supporting full encrypted systems (encrypted root partition) without + LVM should not be so hard, because it is already possible to transform + unencrypted openSUSE setups to setups with encrypted root, swap etc. + manually with a rescue system. Currently the main problem is, that the + YaST installer refuses to create "/", "/var" and "/usr" partitions with + encryption, but without LVM. After manual transformation to a full + encrypted setup the system works nearly perfectly: - mkinitrd works - + system boots (tested with Grub2) - passphrase input works - existing + systems can be updated or re-installed with YaST (not fully tested) + A small problem exists: - during boot the passphrases are asked twice, + once for "/" and once for "swap", also if both passphrases are the same + - the reason is probably that filesystems are handled by one script + (with passphrase caching) and swap partitions are handled by another + script in "initrd" -- openSUSE Feature: https://features.opensuse.org/314850
Feature changed by: Neil Rickert (nrickert) Feature #314850, revision 6 Title: Ability to create encrypted partitions without using LVM openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Maciej Pilichowski (truemacias) Partner organization: openSUSE.org Description: With no LVM OS installer is too strict when it comes to choose what partitions can be encrypted. From technical POV only /boot partition really has to be left not encrypted but for the rest -- as root, /var, /usr it can be done. So please provide this option in installer. Current lack of support is strange and limits power of the Linux capabilities. Discussion: #1: Jan Engelhardt (jengelh) (2013-02-27 16:28:41) I have to concur. There is nothing that would prohibit root encryption; that is, if you create the crypto volume "behind yast's back", using, for example, the shell that is on tty2, it all works out. It is a bit of manual labor doing cryptsetup, mkfs, and filling in /mnt/etc/cryptotab, but it does work such that, once the machine boots the installed system for the first time, it works from the get-go. #2: Björn Voigt (bjoernv) (2013-09-11 22:11:42) Supporting full encrypted systems (encrypted root partition) without LVM should not be so hard, because it is already possible to transform unencrypted openSUSE setups to setups with encrypted root, swap etc. manually with a rescue system. Currently the main problem is, that the YaST installer refuses to create "/", "/var" and "/usr" partitions with encryption, but without LVM. After manual transformation to a full encrypted setup the system works nearly perfectly: - mkinitrd works - system boots (tested with Grub2) - passphrase input works - existing systems can be updated or re-installed with YaST (not fully tested) A small problem exists: - during boot the passphrases are asked twice, once for "/" and once for "swap", also if both passphrases are the same - the reason is probably that filesystems are handled by one script (with passphrase caching) and swap partitions are handled by another script in "initrd" + #3: Neil Rickert (nrickert) (2013-09-16 02:02:24) + I agree that this ought to work, and most of the support is there. Some + installer changes are needed. + I am currently satisfied with encrypted LVM, but I would also test this + setup if made available (milestone and beta testing). -- openSUSE Feature: https://features.opensuse.org/314850
Feature changed by: Florian Koch (fl0) Feature #314850, revision 7 Title: Ability to create encrypted partitions without using LVM openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Maciej Pilichowski (truemacias) Partner organization: openSUSE.org Description: With no LVM OS installer is too strict when it comes to choose what partitions can be encrypted. From technical POV only /boot partition really has to be left not encrypted but for the rest -- as root, /var, /usr it can be done. So please provide this option in installer. Current lack of support is strange and limits power of the Linux capabilities. Discussion: #1: Jan Engelhardt (jengelh) (2013-02-27 16:28:41) I have to concur. There is nothing that would prohibit root encryption; that is, if you create the crypto volume "behind yast's back", using, for example, the shell that is on tty2, it all works out. It is a bit of manual labor doing cryptsetup, mkfs, and filling in /mnt/etc/cryptotab, but it does work such that, once the machine boots the installed system for the first time, it works from the get-go. #2: Björn Voigt (bjoernv) (2013-09-11 22:11:42) Supporting full encrypted systems (encrypted root partition) without LVM should not be so hard, because it is already possible to transform unencrypted openSUSE setups to setups with encrypted root, swap etc. manually with a rescue system. Currently the main problem is, that the YaST installer refuses to create "/", "/var" and "/usr" partitions with encryption, but without LVM. After manual transformation to a full encrypted setup the system works nearly perfectly: - mkinitrd works - system boots (tested with Grub2) - passphrase input works - existing systems can be updated or re-installed with YaST (not fully tested) A small problem exists: - during boot the passphrases are asked twice, once for "/" and once for "swap", also if both passphrases are the same - the reason is probably that filesystems are handled by one script (with passphrase caching) and swap partitions are handled by another script in "initrd" #3: Neil Rickert (nrickert) (2013-09-16 02:02:24) I agree that this ought to work, and most of the support is there. Some installer changes are needed. I am currently satisfied with encrypted LVM, but I would also test this setup if made available (milestone and beta testing). + #4: Florian Koch (fl0) (2014-08-28 18:22:58) + any news here? it would be nice if the usage of an encrypted btrfs + without lvm was possible. -- openSUSE Feature: https://features.opensuse.org/314850
Feature changed by: David Rankin (drankinatty) Feature #314850, revision 9 Title: Ability to create encrypted partitions without using LVM openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: macias - (truemacias) Partner organization: openSUSE.org Description: With no LVM OS installer is too strict when it comes to choose what partitions can be encrypted. From technical POV only /boot partition really has to be left not encrypted but for the rest -- as root, /var, /usr it can be done. So please provide this option in installer. Current lack of support is strange and limits power of the Linux capabilities. Discussion: #1: Jan Engelhardt (jengelh) (2013-02-27 16:28:41) I have to concur. There is nothing that would prohibit root encryption; that is, if you create the crypto volume "behind yast's back", using, for example, the shell that is on tty2, it all works out. It is a bit of manual labor doing cryptsetup, mkfs, and filling in /mnt/etc/cryptotab, but it does work such that, once the machine boots the installed system for the first time, it works from the get-go. #2: Björn Voigt (bjoernv) (2013-09-11 22:11:42) Supporting full encrypted systems (encrypted root partition) without LVM should not be so hard, because it is already possible to transform unencrypted openSUSE setups to setups with encrypted root, swap etc. manually with a rescue system. Currently the main problem is, that the YaST installer refuses to create "/", "/var" and "/usr" partitions with encryption, but without LVM. After manual transformation to a full encrypted setup the system works nearly perfectly: - mkinitrd works - system boots (tested with Grub2) - passphrase input works - existing systems can be updated or re-installed with YaST (not fully tested) A small problem exists: - during boot the passphrases are asked twice, once for "/" and once for "swap", also if both passphrases are the same - the reason is probably that filesystems are handled by one script (with passphrase caching) and swap partitions are handled by another script in "initrd" #3: Neil Rickert (nrickert) (2013-09-16 02:02:24) I agree that this ought to work, and most of the support is there. Some installer changes are needed. I am currently satisfied with encrypted LVM, but I would also test this setup if made available (milestone and beta testing). #4: Florian Koch (fl0) (2014-08-28 18:22:58) any news here? it would be nice if the usage of an encrypted btrfs without lvm was possible. + #5: David Rankin (drankinatty) (2015-04-02 05:54:55) + Encryption without LVM would provide much needed flexibility. It would + be worked with the associated installer inprovements: + https://features.opensuse.org/310279 -- openSUSE Feature: https://features.opensuse.org/314850
participants (1)
-
fate_noreply@suse.de