[Discuss] Full disk encryption
Matthew Gillen
me at mattgillen.net
Wed Jan 4 13:37:51 EST 2012
On 01/03/2012 08:50 AM, Daniel Feenberg wrote:
> The built-in Fedora encryption is no trouble to establish (just check
> the box during installation) and maintain and on a multi-core desktop
> does not affect performance. An update from Fedora 13 to 16 did damage
> the boot record and make the disk unreadable, so I wouldn't try doing an
> update again. For a non-networked machine there isn't much need for
> updates, anyway.
FWIW, I've upgraded multiple Fedora boxes where everything but the /boot
partition was encrypted several times. I never had any issues.
There are two potential problems I can think of that you might have
tripped over. First, you skipped too many releases; they generally only
support skipping 1 release on upgrades I think (so 14->16 is ok, but
13->16 is not tested at all).
The other issue that I ran into on an F16 upgrade recently was
completely unrelated to encryption (ie this box did not use encrypted
anything). Grub2 refused to install, giving a message:
> /sbin/grub2-setup: warn: Your embedding area is unusually small. core.img won't fit in it..
> /sbin/grub2-setup: warn: Embedding is not possible. GRUB can only be installed in this setup by using blocklists. However, blocklists are UNRELIABLE and their use is discouraged..
> /sbin/grub2-setup: error: will not proceed with blocklists.
Turns out (luckily) this error didn't corrupt anything, and in fact left
the old grub1 install in-tact in the MBR. So i just had to copy the
kernel boot lines to the old grub.conf and I was good to go.
Matt
More information about the Discuss
mailing list