From Fedora Project Wiki
Description
Support the use of encrypted filesystems for anything other than /boot using cryptsetup and LUKS. This includes install time creation/configuration, as well as integrated support in mkinitrd and initscripts (others?). Currently we are only pursuing support for encrypted devices using cryptsetup/LUKS.
When using encrypted file systems/block devices, the rescue mode functionality should continue to work as expected, and not create situations where the encryption leads to undesired errors; in particular, a user should be able to successfully enter rescue mode for a system that has its root fs on an encrypted block device.
References:
Steps To Reproduce
Set up the system that rescue mode will access:
- Boot anaconda
- Proceed to the partitioning dialog
- partition the system in such a manner that at least one non-rootfs is encrypted (filesystem encryption, not block device encryption)
- continue with installation
- after installation, restart the installer and select rescue mode
- in rescue mode, verify the ability to successfully mount examine and change the contents of the non-root fs on the encrypted filesystem
Expected Results
- Confirmed "Encrypt system" item is checked
- Verify installation completes successfully
- Upon restarting the installer in rescue mode, the user is asked for the LUKS passphrase
- Confirm that rescue mode successfully mounted the non-root fs and that the user in rescue mode can make changes to the filesystem
- Verify rescue mode session completes successfully