FWIW: Running Ubiquity 20.04 with a modified "zsys-setup" configuration
file that manually incorporates a password and encryption pool
properties works great.
echo <password> | zpool create -f \
-O encryption=aes-256-gcm \
-O keylocation=prompt \
-O keyformat=passphrase \
......
-O mountpoint=/ -R "${target}" rpool "${partrpool}"
This works especially well now that the "plymouth ask-for-password" is
working.
Though a known password file would allow an autounlock mechanism until
the change-key is done, I believe it would be rather trivial to have
Ubiquity collect a password from the user, use "-O keylocation=prompt"
and to expect the user to provide the password every reboot.
The performance penalty and the potential for a misguided perception of
security from encrypting everything yet "leaving the key in the handle
until you rekey" seems to be a much.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1857398
Title:
ubiquity should support encryption by default with zfsroot, with users
able to opt in to running change-key after install
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1857398/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
