/boot and encrypted partitions?

Fri Jul 31 21:00:01 UTC 2015

On Fri, Jul 31, 2015 at 3:37 PM, Gordon Messmer
<gordon.messmer at gmail.com> wrote:
> On 07/31/2015 12:02 PM, inode0 wrote:
>>
>> /boot can be on an encrypted partition. I've been looking at this
>> lately and decided to try to do it after seeing this thread today.
>> Anaconda won't help you do it though, so you need to install initially
>> with it unencrypted but you can encrypt it post-install. Now I have an
>> F22 box with a single disk with all partitions encrypted.
>
>
> Uh... have you rebooted yet?  What does "lsblk" output?

A skeptic!

[root at localhost ~]# lsblk
NAME                                        MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sda                                           8:0    0   16G  0 disk
├─sda1                                        8:1    0  500M  0 part
│ └─fedora-boot                             253:3    0  498M  0 crypt /boot
└─sda2                                        8:2    0 15.5G  0 part
  └─luks-e7300273-cada-4e28-9829-7302ec188c29
                                            253:0    0 15.5G  0 crypt
    ├─fedora-swap                           253:1    0  1.6G  0 lvm   [SWAP]
    └─fedora-root                           253:2    0 13.9G  0 lvm   /
sr0                                          11:0    1  876M  0 rom

grub2 supports LUKS. You'll need to add GRUB_ENABLE_CRYPTODISK=y to
/etc/sysconfig/grub, run grub2-mkconfig and grub2-install, and make
any changes you desire to fstab and crypttab after encrypting /boot.

John