[Discuss] Full disk encryption

[me at mattgillen.net (Matthew Gillen)]

On 01/03/2012 08:50 AM, Daniel Feenberg wrote:
> The built-in Fedora encryption is no trouble to establish (just check
> the box during installation) and maintain and on a multi-core desktop
> does not affect performance. An update from Fedora 13 to 16 did damage
> the boot record and make the disk unreadable, so I wouldn't try doing an
> update again. For a non-networked machine there isn't much need for
> updates, anyway.

FWIW, I've upgraded multiple Fedora boxes where everything but the /boot 
partition was encrypted several times.  I never had any issues.

There are two potential problems I can think of that you might have 
tripped over.  First, you skipped too many releases; they generally only 
support skipping 1 release on upgrades I think (so 14->16 is ok, but 
13->16 is not tested at all).

The other issue that I ran into on an F16 upgrade recently was 
completely unrelated to encryption (ie this box did not use encrypted 
anything).  Grub2 refused to install, giving a message:
> /sbin/grub2-setup: warn: Your embedding area is unusually small.  core.img won't fit in it..
> /sbin/grub2-setup: warn: Embedding is not possible.  GRUB can only be installed in this setup by using blocklists.  However, blocklists are UNRELIABLE and their use is discouraged..
> /sbin/grub2-setup: error: will not proceed with blocklists.

Turns out (luckily) this error didn't corrupt anything, and in fact left 
the old grub1 install in-tact in the MBR.  So i just had to copy the 
kernel boot lines to the old grub.conf and I was good to go.

Matt