1
Upgrading F11 to F15 I've decided to encrypt the disk. Anaconda appears to have limited support for custom disk partitions (mine is dual boot). The result of my second install attempt was a PV boot and LVM VG with home, root, and swap. The problem is these LVs each have their own encryption! The Fedora documentation only gives instructions for encrypting during Anaconda install process and after a system is installed.
From research and discussions I uncovered an alternative where the the VG is only encrypted "bit" of the partitioned drive. Then I can install Fedora using a spin disk or the 4G iso with Anaconda. This would make an encrypted Fedora system with a single unencrypt passphrase. What I am not clear on is the step to create the LVs.
Reading cryptsetup docs and the above examples I conclude LuksOpen and LuksClose commands "bookend" the LVM linux commands pvcreate, vgcreate, and lvcreate. Then I won't need to use gparted the graphical disk partitioning tool, yes?
Since I will be deleting my system, I need do all of this from a liveCD like gparted, or a Fedora spin liveCD. And this disk needs to have the LVM commands pvcreate, vgcreate, lvcreate, and cryptsetup-luks, and dm-crypt packages?
Once the VG is encrypted and the LVs are added then I can launch the Fedora spin CDROM or Anaconda DVD to complete the install?
Does this sound correct? Am I missing anything? Is there an easier way to do this? (^_^)
I take it by the silence all are awed by my complete and all encompassing summary of this simple--though impossible with Anaconda--procedure. (^_^) – xtian – 2011-07-20T20:55:05.287
Is this a job for a kickstart? "Furthermore, advanced options such as LVM, encrypted filesystems, and resizable filesystems are available only in graphical mode and kickstart." – xtian – 2011-07-21T21:34:37.577
Seems like a lot of trouble for a system you'll be deleting. I would skip the LVM encryption entirely and just use luks. It can be used to encrypt an LV just like any other block device, either during graphical setup or after, using cryptsetup. – Peet Corelli – 2012-05-12T21:14:13.750