Bugzilla – Bug 415479
Support installation with encrypted root file system
Last modified: 2009-05-15 01:40:05 UTC
One thing openSUSE is really missing, compared with other popular distributions, is the ability to install into an encrypted root file system so _everything_ is encrypted. While the manual installation / setup like described at http://en.opensuse.org/Encrypted_Root_File_System_with_SUSE_HOWTO works, it is still cumbersome and error-prone to setup - especially on systems with small hard disks like e.g. laptops. IMHO this subject gets more and more important not only for laptops but also for normal workstations with respect to the global decline of privacy protection. Since all the necessary software is in place and Yast already has the option (including the GUI) to encrypt /home this shouldn't be that hard to do and would be a great feature for 11.1 (especially if you keep in mind that this will be the base for the next SLE version and corporations love security functionality provided out of the box as an option). Important points are: 1. it should work with LVMs as well 2. it should be possible to automatically generate a key on startup to encrypt the swap partition (given, this would disable suspend) 3. one should be able to use the same password for several partitions so one has to enter it just one time instead of once for every partition. Related reports: * Bug #397411 - Hibernation won't work with encrypted swap * Bug #399298 - encrypt swap partions by default on every boot using a random key * Bug #166067 - sysinfo:/ does not list encrypted /home partition
Full disk encryption is already under discussion in fate #304470. Sorry, but it's not public.
Reopened because the whole installer was rewritten but still no one cared to add this. I'm sorry, but this feature request is about adding root file system encryption to openSUSE. When, or if at all, you add it to SLE, I couldn't care less about it, but I surely don't want to wait till SLE 12 ;) Also I understand that you don't want to track and update 2 different locations but, since that feature is asked for quite often, IMHO there should be a location for openSUSE users to express their need (as in vote) for it and to CC themself to get notified on updates / when it finally is implemented. Making the fate entry public at https://features.opensuse.org/ would be nice to have as well (since it isn't actual rocket science and suse is one of the last distributions to add this feature there shouldn't be a reason to track this behind closed doors) but I can happily live without it as long as you leave this request open so people can vote for it & cc themself. Thanks a lot.
Added as feature #305633 - will be available via features.opensuse.org.
Heh, I agree (sorry for repeating): Just my vote - the entire encryption should be supported at installation time. At least I've installed on pc designated to collocation current debian w/ entire encription and /boot on removable (usb flash) w/o seriouse problems (short description in Russian here: http://grey-olli.livejournal.com/320477.html) via installation interface - no terminal hand made commands intervention required. I see 3 variants: encrypted devices as physical volumes for LVM volume groups. encryption of LVM logical volumes just encrypted devices w/o LVM At least 1st one is easy w/ Debian install now. Hope next SuSE will 've this easy too, better if all 3 variants. :) PS: will note this on features.opensuse.org too. %)