[Bug 1857398] Re: ubiquity should support encryption by default with zfsroot, with users able to opt in to running change-key after install

fields_g 1857398 at bugs.launchpad.net
Wed Jan 8 20:41:54 UTC 2020 

FWIW:  Running Ubiquity 20.04 with a modified "zsys-setup" configuration
file that manually incorporates a password and encryption pool
properties works great.

echo <password> | zpool create -f \
		-O encryption=aes-256-gcm \
		-O keylocation=prompt \
		-O keyformat=passphrase \
		......
		-O mountpoint=/ -R "${target}" rpool "${partrpool}"

This works especially well now that the "plymouth ask-for-password" is
working.

Though a known password file would allow an autounlock mechanism until
the change-key is done, I believe it would be rather trivial to have
Ubiquity collect a password from the user, use "-O keylocation=prompt"
and to expect the user to provide the password every reboot.

The performance penalty and the potential for a misguided perception of
security from encrypting everything yet "leaving the key in the handle
until you rekey" seems to be a much.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1857398

Title:
  ubiquity should support encryption by default with zfsroot, with users
  able to opt in to running change-key after install

Status in ubiquity package in Ubuntu:
  New
Status in zfs-linux package in Ubuntu:
  New

Bug description:
  zfs supports built-in encryption support, but the decision of whether
  a pool is encrypted or not must be made at pool creation time; it is
  possible to add encrypted datasets on top of an unencrypted pool but
  it is not possible to do an online change of a dataset (or a whole
  pool) to toggle encryption.

  We should therefore always install with encryption enabled on zfs
  systems, with a non-secret key by default, and allow the user to use
  'zfs change-key -o keylocation=prompt' after install to take ownership
  of the encryption and upgrade the security.

  This is also the simplest way to allow users to avoid having to choose
  between the security of full-disk encryption, and the advanced
  filesystem features of zfs since it requires no additional UX work in
  ubiquity.

  We should make sure that
  https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1857040 is fixed
  first in the kernel so that enabling zfs encryption does not impose an
  unreasonable performance penalty.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1857398/+subscriptions

More information about the foundations-bugs mailing list