Exactly how does kickstart encrypt a partition?

Question

Let's say for example I have this line in the pre section of my kickstart file:

part / --asprimary --fstype="ext4" --size=10000 --encrypted --passphrase=pass1

Great, but, how does that work? Exactly how does "--encrypted" encrypt the partition? Does it use: cryptsetup luksFormat ...?

A quick google search can tell me how to use cryptsetup, but a quick google search does not tell me exactly what the "--encryption" flag does. I need to reproduce what it does on a non-encrypted partition in the same exact fashion.

...... so I can assume that all the options for `cryptsetup luksFormat` are whatever I want them to be....... — Everlight, Oct 05 '16 at 21:07
Hmm. The [installer source code](https://github.com/rhinstaller/anaconda) is available. It may make interesting reading. — Michael Hampton, Oct 05 '16 at 23:01
OOOOOooo that is the start of what I was looking for. Now time to digest. — Everlight, Oct 06 '16 at 12:57

user9517 · Answer 1 · 2016-10-11T09:10:33.687

1

It uses LUKS, the options you can supply are documented, EL6 and 7 are the same

--cipher=
--passphrase=
--escrowcert=URL_of_X.509_certificate
--escrowcert=URL_of_X.509_certificate

It doesn't appear that you can supply arbitrary cryptsetup luksFormat ... options.

edited Oct 11 '16 at 09:10

answered Oct 06 '16 at 04:22

user9517

114,104
20
206
289

I think you misunderstood me. The documentation says that the cipher is defaulted to, `aes-xts-plain64`, which is great, but what other options do I need to provide to the `cryptsetup luksFormat` command to get the same encryption? So, `cryptsetup --cipher aes-xts-plain64 luksFormat /dev/sda5` will set the right cipher, but what about all the other available for luksFormat shown in the man page of cryptsetup? Does anaconda utilize those? Basically, how do I recreate the same encryption that "--encrypted" provides? – Everlight Sep 06 '18 at 15:02

Exactly how does kickstart encrypt a partition?

1 Answers1