From 8d93c3403105158df59749c25d701d9f921b4448 Mon Sep 17 00:00:00 2001 From: Teo Mrnjavac Date: Thu, 17 Nov 2016 18:15:14 +0100 Subject: [PATCH] Warn user about encrypted root with unencrypted /boot. --- .../partition/gui/PartitionViewStep.cpp | 29 ++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/src/modules/partition/gui/PartitionViewStep.cpp b/src/modules/partition/gui/PartitionViewStep.cpp index c711ed676..09562dbb9 100644 --- a/src/modules/partition/gui/PartitionViewStep.cpp +++ b/src/modules/partition/gui/PartitionViewStep.cpp @@ -437,9 +437,36 @@ PartitionViewStep::onLeave() QMessageBox::warning( m_manualPartitionPage, message, description ); - return; } } + + Partition* root_p = m_core->findPartitionByMountPoint( "/" ); + Partition* boot_p = m_core->findPartitionByMountPoint( "/boot" ); + + if ( root_p and boot_p ) + { + QString message; + QString description; + + // If the root partition is encrypted, and there's a separate boot + // partition which is not encrypted + if ( root_p->fileSystem().type() == FileSystem::Luks && + boot_p->fileSystem().type() != FileSystem::Luks ) + { + message = tr( "Boot partition not encrypted" ); + description = tr( "A separate boot partition was set up together with " + "an encrypted root partition, but the boot partition " + "is not encrypted." + "

" + "There are security concerns with this kind of " + "setup, because important system files are kept " + "on an unencrypted partition.
" + "You may continue if you wish, but filesystem " + "unlocking will happen later during system startup." + "
To encrypt the boot partition, go back and " + "recreate it, selecting Encrypt " + "in the partition creation window." ); + } } }