On Fri, Jul 31, 2015 at 11:18 AM, Gordon Messmer <gordon.messmer@xxxxxxxxx> wrote: > On 07/31/2015 08:28 AM, Dave Johansen wrote: >> >> I was luck enough to be bitten by this issue ( >> https://bugzilla.redhat.com/show_bug.cgi?id=1212907 ) when attempting to do >> a clean install of F22. > > > That bug looks like it's triggered only when the LVs are encrypted, which is > non-standard and not at all optimal. The default and optimal configuration > is to encrypt the disk partition, and to use that LUKS container as a PV. > >> I copied all of my data off and then tried manually setting things up as >> separate partitions (instead of in an LVM) but it kept telling me that /boot >> couldn't be on a LUKS partition. > > > That's correct, it cannot. UEFI and BIOS both need an un-encrypted /boot to > read the kernel and initrd. If those are in an encrypted container, the > boot loader is incapable of reading the kernel and initrd into memory. /boot can be on an encrypted partition. I've been looking at this lately and decided to try to do it after seeing this thread today. Anaconda won't help you do it though, so you need to install initially with it unencrypted but you can encrypt it post-install. Now I have an F22 box with a single disk with all partitions encrypted. Fedora seems perfectly happy with this. I still have a concern that there might be a case where an update needs to mount or remount /boot and won't be able to, but one could store the password for /boot in a file and point crypttab to it I believe to overcome that if it is necessary. John -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
