2014-03-03 15:12 GMT+01:00 Stephen Gallagher sgallagh@redhat.com:
A magical solution that I could see would be for us to be able to retrieve the key from a network location (such as the FreeIPA Domain Controller?) during system start. We'd have to have network access prior to mounting disks, of course.
In fact such a thing has been designed (but AFAIK not implemented) for FreeIPA a few years ago, broadly along the lines of your description.
If we could implement all of that, I'd be in favor of making encryption (and this escrow) the default.
It would be kind of ugly that installing a domain-joined server results in an encrypted system and installing a stand-alone server presumably doesn't. Or would we recommend encrypting even the non-domain-joined server? In a homogenous Fedora deployment, the only such server should be FreeIPA (with all the critical Kerberos data), so offering to encrypt it by default would probably be justifiable.
In any case, if we support encryption in the installer GUI, the user needs to make a choice; not necessarily in the partitioning dialog where it is offered currently. Mirek