[CAL-256] Implement LUKS+dm-crypt support for partitioning and mounting Created: 30/Jul/15 Updated: 25/Aug/15 Status: Project: Component/s: Affects Version/s: Fix Version/s: Open Calamares Partitioning, User interface 1.1.3 Type: Reporter: Resolution: Labels: Task Teo Mrnjavac Unresolved None Issue Links: Duplicate is duplicated by CAL-260 Full disk encryption, Keyfiles, and o... Relates relates to CAL-254 Segfault at scanDevice() in partitioner Epic Link: 1.2 Priority: Assignee: Votes: Major Teo Mrnjavac 0 Partitioning with KPMcore Description In Calamares 1.1-stable LUKS is disabled. No reasonable way to enable and make work because of the decrypt dialog. It doesn't crash as of . In KPMcore the decrypt dialog is yanked out. Check what else was broken during the KPM/KPMcore split, implement LUKS mounting and partitioning. Comments Comment by Teo Mrnjavac [ 24/Aug/15 ] Ryan Owens: When LUKS/dm-crypt capabilities are added to Calamares will a user be able to encrypt every partition including /boot and swap? I hope so. Are there any plans for including Keyfiles for unlocking encrypted partitions? Closed Closed You mean keyfile management through LUKS? I figure that most users simply want to add a passphrase. If you know what a keyfile is you're probably able to use cryptsetup directly. Will crypttab files be supported? Yes, I think crypttab is quite necessary for booting a system with LUKS volumes, isn't it? Could this functionality be provided by branding modules? I've designed branding to be quite orthogonal to partitioning operations so I'm gonna go with no. But if you can elaborate on the functionality you expect there might be other ways to provide it. Comment by Ryan Owens [ 25/Aug/15 ] I mention the keyfile because of full system encryption. If you encrypt the /boot as well as root then you have to enter the password for each partition. But if you unlock the root partition with a keyfile then you only have to enter the password for /boot. If you don't setup the crypttab with a keyfile in this setup the system will never ask for the root partition password. https://wiki.archlinux.org/index.php/Dmcrypt/Encrypting_an_entire_system#Configuring_fstab_and_crypttab_2 I was wondering if default partition layouts can be set by the distribution branding. For example if I want the default partition scheme to be lvm for my distribution but another distribution wants it to be standard partitioning it may be useful for distribution branding to set a default scheme. Comment by Teo Mrnjavac [ 25/Aug/15 ] I see. Right now I'm working on making LUKS work at all in KPMcore, but I'll certainly keep in mind your use case. It might be a good idea to offer unlocking at boot with keyfile at least in automatic partitioning. I was wondering if default partition layouts can be set by the distribution branding. For example if I want the default partition scheme to be lvm for my distribution but another distribution wants it to be standard partitioning it may be useful for distribution branding to set a default scheme. Ok, now I understand. This is not a branding configuration item, in fact a Calamares branding component is only designed to provide strings, graphics and such kinds of customization. What you're asking for is achievable with a configuration option in the partitioning module's config file. The issue is moot since we don't support LVM at this point, but we can think of other partitioning layout control options. Generated at Tue Feb 09 14:23:05 UTC 2016 using JIRA 7.0.0#70107sha1:6cd5e8da0433ba37cd68ac1f1a6078fc22964e15.