<? include("site.inc"); $template = new Page; $template->initCommon(); $template->displayHeader(); ?> <div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">11. File Systems</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sn-Desktop.php">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="sn-MailServers.php">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both" id="sn-FileSystems">11. File Systems</h2></div></div></div><div class="tip" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Tip: Latest Release Notes on the Web"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Tip]" src="./stylesheet-images/tip.png"></td><th align="left">Latest Release Notes on the Web</th></tr><tr><td align="left" valign="top"><p> These release notes may be updated. Visit <a class="ulink" href="http://docs.fedoraproject.org/release-notes/" target="_top">http://docs.fedoraproject.org/release-notes/</a> to view the latest release notes for Fedora.</p></td></tr></table></div><p> Fedora 8 provides basic support for encrypted swap partitions and non-root file systems. To use it, add entries to <code class="filename">/etc/crypttab</code> and reference the created devices in <code class="filename">/etc/fstab</code>. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note: Encrypted FS Support Unavailable During Install"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="./stylesheet-images/note.png"></td><th align="left">Encrypted FS Support Unavailable During Install</th></tr><tr><td align="left" valign="top"><p> Enable file system encryption after installation. <span class="application"><strong>Anaconda</strong></span> does not have support for creating encrypted block devices. </p></td></tr></table></div><p> The following example shows an <code class="filename">/etc/crypttab</code> entry for a swap partition: </p><pre class="screen">my_swap /dev/sdb1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256 </pre><p> This command creates an encrypted block device <code class="filename">/dev/mapper/my_swap</code>, which can be referenced in <code class="filename">/etc/fstab</code>. The next example shows an entry for a filesystem volume: </p><pre class="screen">my_volume /dev/sda5 /etc/volume_key cipher=aes-cbc-essiv:sha256 </pre><p> The <code class="filename">/etc/volume_key</code> file contains a plaintext encryption key. You can also specify <code class="filename">none</code> as the key file name, and the system instead asks for the encryption key during boot. </p><p> The recommended method is to use <em class="firstterm">LUKS</em> for file system volumes. If you are using LUKS you can drop the <code class="computeroutput">cipher=</code> declaration in <code class="filename">/etc/crypttab</code>). </p><div class="procedure"><ol type="1"><li><p> Create the encrypted volume using <code class="command">cryptsetup luksFormat</code>. </p></li><li><p> Add the necessary entry to <code class="filename">/etc/crypttab</code>. </p></li><li><p> Set up the volume manually using <code class="command">cryptsetup luksOpen</code> or reboot. </p></li><li><p>Create a filesystem on the encrypted volume.</p></li><li><p> Set up an entry in <code class="filename">/etc/fstab</code>. </p></li></ol></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sn-Desktop.php">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="sn-MailServers.php">Next</a></td></tr><tr><td width="40%" align="left" valign="top">10. Fedora Desktop </td><td width="20%" align="center"><a accesskey="h" href="index.php">Home</a></td><td width="40%" align="right" valign="top"> 12. Mail Servers</td></tr></table></div> <? $template->displayFooter('$Date: 2007/11/08 03:45:40 $'); ?>