From Fedora Project Wiki

< QA‎ | TestCases
Revision as of 22:08, 17 September 2016 by Jibecfed (talk | contribs) (internal link cleaning)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Description

Support the use of encrypted filesystems for anything other than /boot using cryptsetup and LUKS. This includes install time creation/configuration, as well as integrated support in mkinitrd and initscripts (others?). Currently we are only pursuing support for encrypted devices using cryptsetup/LUKS.

When using encrypted file systems/block devices, the rescue mode functionality should continue to work as expected, and not create situations where the encryption leads to undesired errors; in particular, a user should be able to successfully enter rescue mode for a system that has its root fs on an encrypted block device.

References:

  1. Anaconda/Features/EncryptedBlockDevices
  2. Releases/FeatureEncryptedFilesystems

Steps To Reproduce

Set up the system that rescue mode will access:

  • Boot anaconda
  • Proceed to the partitioning dialog
  • partition the system in such a manner that at least one non-rootfs is encrypted (filesystem encryption, not block device encryption)
  • continue with installation
  • after installation, restart the installer and select rescue mode
  • in rescue mode, verify the ability to successfully mount examine and change the contents of the non-root fs on the encrypted filesystem

Expected Results

  • Confirmed "Encrypt system" item is checked
  • Verify installation completes successfully
  • Upon restarting the installer in rescue mode, the user is asked for the LUKS passphrase
  • Confirm that rescue mode successfully mounted the non-root fs and that the user in rescue mode can make changes to the filesystem
  • Verify rescue mode session completes successfully