I would like to see support for installing onto an encrypted root
partition (using cryptsetup/dm-crypt). I am currently working on a
patch for Red Hat's mkinitrd that will add support for creating the
necessary initrd. The changes to anaconda should be pretty simple,
but supporting sophisticated authentication techniques (physical
tokens, etc.) may get a little tricky.
There was some discussion about this on IRC earlier today I guess.
My current opinion is that I'm sort of waiting to see how the
userspace setup side pans out before committing to doing anything
with this. If the userspace setup is simple enough that it's not
going to change and it doesn't make the UI horrendously bad, I'm
definitely not against adding it.
For what its worth, I just checked a patch into Red Hat's Bugzilla that
adds encrypted root filesystem support to mkinitrd:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124789
This is one half (the easier half for me to hack) of adding encrypted
root filesystem support to Fedora. The other half is anaconda.
--
Mike
