> 2. Encrypted root filesystem.
> Red Hat Bug #182479 discusses adding support for an encrypted root
> filesystem to Fedora. The bug contains a patch for mkinird that
> facilitates this. Eventually it would be nice to see support in anaconda
> for this, but #182479 is the first step.
One thing you miss in the latest patch is support for an encrypted
root device on top of an LVM volume.
With your patch the code does the following starting at about line
if [ "$kernelmajor" == "2.4" ]; then
# kernel 2.4.x LVM stufff
elif [ -n "$root_enc" ]; then
# crypto-root stuff
# kernel 2.6.x LVM stuff
What you really want is to have the crypto root stuff occurring
the if statement in question. Also inside the "if [ -n "$root_enc"
]; then" block you want to have "if [ -z $root_lvm ]; then" around the
"mkdmnod" bit so that mkdmnod doesn't get called twice.
I'm sorry, but I don't have any experience with LVM volumes. What I
do know is that right now if root_enc=1 then root_lvm=1 but root_lvm=1
does NOT mean root_enc=1. The tests go like this (line 852):
if [ is LVM (actually is device mapper) ]; then
if [ is encrypted ]; then
So, how can I support both of these cases:
LVM volume, unencrypted
LVM volume encrypted
I need a way to test if a root filesystem is really an LVM volume and
not possibly just a DM/encrypted volume. In other words, how can I
ask "is this device mapper volume truly a LVM volume?" Root_enc and
root_lvm need to be decoupled.
Also in recent kernels the AES module is aes-i586 (maybe we should
alias in the module-init-tools config).
In my recent kernels, aes is not aes-i586 because my kernel is built
for PowerPC. So I imagine an alias from aes to aes-i586 would make
i586 more consistent with other architectures.