<?
include("site.inc");
$template = new Page;
$template->initCommon();
$template->displayHeader();
?>
<div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">11. File Systems</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sn-Desktop.php">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="sn-MailServers.php">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both" id="sn-FileSystems">11. File Systems</h2></div></div></div><div class="tip" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Tip: Latest Release Notes on the Web"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Tip]" src="./stylesheet-images/tip.png"></td><th align="left">Latest Release Notes on the Web</th></tr><tr><td align="left" valign="top"><p>
These release notes may be updated. Visit <a class="ulink" href="http://docs.fedoraproject.org/release-notes/" target="_top">http://docs.fedoraproject.org/release-notes/</a>
to view the latest release notes for Fedora.</p></td></tr></table></div><p>
Fedora 8 provides basic support for encrypted swap partitions and
non-root file systems. To use it, add entries to
<code class="filename">/etc/crypttab</code> and reference the created devices in
<code class="filename">/etc/fstab</code>.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note: Encrypted FS Support Unavailable During
Install"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="./stylesheet-images/note.png"></td><th align="left">Encrypted FS Support Unavailable During
Install</th></tr><tr><td align="left" valign="top"><p>
Enable file system encryption after installation.
<span class="application"><strong>Anaconda</strong></span> does not have support for creating encrypted block
devices.
</p></td></tr></table></div><p>
The following example shows an <code class="filename">/etc/crypttab</code> entry for
a swap partition:
</p><pre class="screen">my_swap /dev/sdb1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
</pre><p>
This command creates an encrypted block device
<code class="filename">/dev/mapper/my_swap</code>, which can be referenced in
<code class="filename">/etc/fstab</code>. The next example shows an entry for a
filesystem volume:
</p><pre class="screen">my_volume /dev/sda5 /etc/volume_key cipher=aes-cbc-essiv:sha256
</pre><p>
The <code class="filename">/etc/volume_key</code> file contains a plaintext
encryption key. You can also specify <code class="filename">none</code> as the key
file name, and the system instead asks for the encryption key during
boot.
</p><p>
The recommended method is to use <em class="firstterm">LUKS</em> for file system
volumes. If you are using LUKS you can drop the
<code class="computeroutput">cipher=</code> declaration in
<code class="filename">/etc/crypttab</code>).
</p><div class="procedure"><ol type="1"><li><p>
Create the encrypted volume using <code class="command">cryptsetup
luksFormat</code>.
</p></li><li><p>
Add the necessary entry to <code class="filename">/etc/crypttab</code>.
</p></li><li><p>
Set up the volume manually using <code class="command">cryptsetup
luksOpen</code> or reboot.
</p></li><li><p>Create a filesystem on the encrypted volume.</p></li><li><p>
Set up an entry in <code class="filename">/etc/fstab</code>.
</p></li></ol></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sn-Desktop.php">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="sn-MailServers.php">Next</a></td></tr><tr><td width="40%" align="left" valign="top">10. Fedora Desktop </td><td width="20%" align="center"><a accesskey="h" href="index.php">Home</a></td><td width="40%" align="right" valign="top"> 12. Mail Servers</td></tr></table></div>
<?
$template->displayFooter('$Date: 2007/11/08 03:45:40 $');
?>