Feature request for setup-disk to provide option for disk encryption
It would be awesome if the setup-disk script provided the option for
disk encryption when using the ‘sys’ installation type.
There would presumably have to be some discussion over exactly how this is done and what encryption method to use etc, and I would advise of course overwriting the disk with random data before this is done; since this is done at install and presumably on a new server, there is the possibility of low system entropy at this time, so it may also be a good idea to have the system attempt to generate at least some further entropy through disk churn and perhaps use of the haveged package, since poor entropy at this stage would defeat the purpose of disk encryption.
As usual, please let me know if you need anything further from me.
(from redmine: issue id 3440, created on 2014-10-16)