-1

I have a kickstart file for CentOS 7 Minimal. I would like to add encryption only to my /boot partition. but when I added the following line in the kickstart file, the complete installation fails. The kickstart encrypt line is 

part /boot --encrypted --passphrase=pass1 --fstype="ext4" --size=500

without the --encrypted --passphrase=pass1 option, kickstart run the installation properly.

when I tried installing graphically, I saw the following message when I choose encrypt option for boot partition,

enter image description here

Please suggest, how can I add encryption only for my boot partition.

Vishnu
  • 711
  • 2
  • 8
  • 15

1 Answers1

1

You don't encrypt the /boot partition. This partition is what boots and decrypts the rest of the system.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • Thank you for your quick reply. As you said, I should not encrypt the boot partition, now I understand that,but could I ask you that is it possible to do? – Vishnu Apr 25 '16 at 06:43
  • No, it is not possible. Some part must perform the decryption of the system so that you can start it, and that is located in `/boot`. – Michael Hampton Apr 25 '16 at 06:57
  • He didn't say you shouldn't. He said you **can't**. GRUB doesn't speak encryption, so it has to have a plaintext file system on which to find the initial RAM image, to load into memory and continue booting. This image is a compressed linux kernel, so it *does* speak encryption, and thus it can ask for passphrases and decrypt other file systems before further continuing with boot. If you still have problems, please consider opening a new question telling us **what you're trying to achieve** rather than **how** you're trying to achieve it. – MadHatter Apr 25 '16 at 06:57