Disk Encryption in Fedora 16

No distribution’s installer makes setting up disk encryption as easy as Anaconda, the Fedora system installer. And that has not changed in Fedora 16, the latest stable release. On previous versions of Fedora, those released before Fedora 16, the only automated disk partitioning option was one based on LVM, the Linux Logical Volume Manager. That made it easy to install Fedora on encrypted LVM partitions.

But it also meant that if you wanted to install Fedora on encrypted, non-LVM partitions, Anaconda offered no automated option. That is no longer the case in Fedora 16.

As shown in the disk partitioning methods step in this image, there is now a “Use LVM” option, and it is the default, so that if you wanted to install Fedora 16 on encrypted, non-LVM partitions, and you wanted the installer to create the partitions automatically, all you need to do is disable that option, and the installer takes care of the rest.
Fedora 16 Partition Methods

This image shows the partitions created using the default scheme, with encryption enabled. In this case, only one partition, the Physical Volume, is encrypted. The logical volumes under the encrypted Physical Volume come under the umbrella of its encryption scheme. The logical volumes can still be encrypted separately, but that is not really necessary.
Fedora 16 Encrypted LVM

And this image shows the partitions created if “Use LVM” is unchecked (on the partition methods step), and encryption is enabled. The installer will create the non-LVM partitions shown in the image below. Aside from the boot and “BIOS Boot” partitions, the others are encrypted separately.
Encrypted GPT Partitions

Whether LVM is used or not, and whether one partition or multiple partitions are encrypted or not, you will be required to specify one global passphrase that will be used to encrypt them. And the encryption passphrase must be no less than eight characters long.
Minimum Password Length

At boot time, the passphrase specified during installation is required to decrypt the partition(s) for booting to complete successfully. This is the best physical security feature you can enable for your Fedora-powered computer.
Specify Encryption Passphrase

The best aspect of disk encryption in Fedora is that the encrypted disk cannot be overwritten without it being decrypted first. What that translates into is that if the disk is moved to another computer, for example, nothing can be done to it unless it is first decrypted. You cannot even install over the existing copy of Fedora 16. And that is the way it should be.
Decrypt Encrypted Partition

Related Posts

Can your computer run Ubuntu Core? Ubuntu Core beta, a version of Ubuntu for Cloud deployment that comes with snappy a system and application management utility with support for transac...
Going Paranoid on Fedora 13 A Paranoid, or 5-star, security rating is the highest physical security rating that you can achieve on your computer. It entails enabling a set of OS-...
Dual-boot Ubuntu 14.04 & Windows 7 on a PC with 2 HDDs and UEFI firmware This post shows how to dual-boot Ubuntu 14.04 and Windows 7 on a computer with two hard disk drives (HDD) and UEFI firmware. The test computer used fo...
LVM Configuration in Ubuntu 8.10 There are two desktop editions of Ubuntu, the popular Linux distribution. The one most people are used to is the Live CD version, the edition that all...
GRUB-Install errors while attempting to dual-boot Windows 10 and Linux distributions Since Windows 10 was released, I've made several attempts to set up dual-boot systems between it and a few Linux distributions (Fedora 22, Ubuntu 15.0...
Android on a Stick, or how to install Android-x86 on a USB stick The Android-x86 project provides ISO installation images of Android that can be installed on personal computers, which is cool, because that makes it ...

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at ContainerizeThis.com

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


  1. Pingback: Fedora 16 | kenfallon.com

  2. Pingback: Links 14/11/2011: Mint Previews, ACTA Secrecy | Techrights

  3. Love the site!
    Small correction though:

    You can reinstall over top of the encrypted drive easily as hitting the cancel button. I have done this before (When I didn’t feel like typing in my long password). Also any disk wiping tool can wipe it including dd. The installer is just trying to be helpful by recognizing you may want to install to the already partitioned drive instead of reformatting it.

Leave a Comment

Your email address will not be published. Required fields are marked *