On Fri, Jul 31, 2015 at 3:37 PM, Gordon Messmer gordon.messmer@gmail.com wrote:
On 07/31/2015 12:02 PM, inode0 wrote:
/boot can be on an encrypted partition. I've been looking at this lately and decided to try to do it after seeing this thread today. Anaconda won't help you do it though, so you need to install initially with it unencrypted but you can encrypt it post-install. Now I have an F22 box with a single disk with all partitions encrypted.
Uh... have you rebooted yet? What does "lsblk" output?
A skeptic!
[root@localhost ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 16G 0 disk ├─sda1 8:1 0 500M 0 part │ └─fedora-boot 253:3 0 498M 0 crypt /boot └─sda2 8:2 0 15.5G 0 part └─luks-e7300273-cada-4e28-9829-7302ec188c29 253:0 0 15.5G 0 crypt ├─fedora-swap 253:1 0 1.6G 0 lvm [SWAP] └─fedora-root 253:2 0 13.9G 0 lvm / sr0 11:0 1 876M 0 rom
grub2 supports LUKS. You'll need to add GRUB_ENABLE_CRYPTODISK=y to /etc/sysconfig/grub, run grub2-mkconfig and grub2-install, and make any changes you desire to fstab and crypttab after encrypting /boot.
John