On Fri, Jul 31, 2015 at 3:37 PM, Gordon Messmer
<gordon.messmer(a)gmail.com> wrote:
On 07/31/2015 12:02 PM, inode0 wrote:
>
> /boot can be on an encrypted partition. I've been looking at this
> lately and decided to try to do it after seeing this thread today.
> Anaconda won't help you do it though, so you need to install initially
> with it unencrypted but you can encrypt it post-install. Now I have an
> F22 box with a single disk with all partitions encrypted.
Uh... have you rebooted yet? What does "lsblk" output?
A skeptic!
[root@localhost ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 16G 0 disk
├─sda1 8:1 0 500M 0 part
│ └─fedora-boot 253:3 0 498M 0 crypt /boot
└─sda2 8:2 0 15.5G 0 part
└─luks-e7300273-cada-4e28-9829-7302ec188c29
253:0 0 15.5G 0 crypt
├─fedora-swap 253:1 0 1.6G 0 lvm [SWAP]
└─fedora-root 253:2 0 13.9G 0 lvm /
sr0 11:0 1 876M 0 rom
grub2 supports LUKS. You'll need to add GRUB_ENABLE_CRYPTODISK=y to
/etc/sysconfig/grub, run grub2-mkconfig and grub2-install, and make
any changes you desire to fstab and crypttab after encrypting /boot.
John