Installation guide
Important — Global Passphrases Not Supported
Devices encrypted with LUKS can share a global passphrase. When a system contains more
than two encrypted block devices, an aco n da offers you the option to set a global passphrase
for them. However, although an aco n d a can set this passphrase correctly, the use of global
passphrases is not supported by the init scripts in Red Hat Enterprise Linux 5.
Therefore, even if you set a global passphrase during installation, you must still supply
individual passphrases for each encrypted block device every time that the system boots.
Tip
Checking the "Encrypt System" checkbox on the "Automatic Partitioning" screen and then
choosing " Create custom layout" does not cause any block devices to be encrypted
automatically.
Tip
You can use kickstart to set a separate passphrase for each new encrypted block device.
29.3.1. What Kinds of Block Devices Can Be Encrypt ed?
Most types of block devices can be encrypted using LUKS. From anaconda you can encrypt
partitions, LVM physical volumes, LVM logical volumes, and software RAID arrays.
29.4. Creat ing Encrypt ed Block Devices on t he Inst alled Syst em Aft er
Inst allat ion
Encrypted block devices can be created and configured after installation.
29.4 .1. Creat e t he block devices
Create the block devices you want to encrypt by using parted, pvcreate, lvcreate and mdadm.
29.4 .2. Opt ional: Fill t he device wit h random dat a
Filling <device> (eg: /dev/sda3) with random data before encrypting it greatly increases the
strength of the encryption. The downside is that it can take a very long time.
Warning
The commands below will destroy any existing data on the device.
Chapt er 2 9 . Disk Encrypt ion G uide
275