Feature request for setup-disk to provide option for disk encryption
It would be awesome if the setup-disk script provided the option for
disk encryption when using the ‘sys’ installation type.
There would presumably have to be some discussion over exactly how this
is done and what encryption method to use etc, and I would advise of
course overwriting the disk with random data before this is done; since
this is done at install and presumably on a new server, there is the
possibility of low system entropy at this time, so it may also be a good
idea to have the system attempt to generate at least some further
entropy through disk churn and perhaps use of the haveged package, since
poor entropy at this stage would defeat the purpose of disk encryption.
As usual, please let me know if you need anything further from me.
(from redmine: issue id 3440, created on 2014-10-16)