[Bug 1857398] Re: ubiquity should support encryption by default with zfsroot, with users able to opt in to running change-key after install
Matthew Ahrens
1857398 at bugs.launchpad.net
Fri Jan 10 22:29:14 UTC 2020
I agree with what Richard said above in comment #14, especially:
> The installer should prompt (with a checkbox) for whether the user
wants encryption. It should default to off. If the user selects the
checkbox, prompt them for a passphrase. Setup encryption using that
passphrase.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1857398
Title:
ubiquity should support encryption by default with zfsroot, with users
able to opt in to running change-key after install
Status in ubiquity package in Ubuntu:
New
Status in zfs-linux package in Ubuntu:
New
Bug description:
zfs supports built-in encryption support, but the decision of whether
a pool is encrypted or not must be made at pool creation time; it is
possible to add encrypted datasets on top of an unencrypted pool but
it is not possible to do an online change of a dataset (or a whole
pool) to toggle encryption.
We should therefore always install with encryption enabled on zfs
systems, with a non-secret key by default, and allow the user to use
'zfs change-key -o keylocation=prompt' after install to take ownership
of the encryption and upgrade the security.
This is also the simplest way to allow users to avoid having to choose
between the security of full-disk encryption, and the advanced
filesystem features of zfs since it requires no additional UX work in
ubiquity.
We should make sure that
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1857040 is fixed
first in the kernel so that enabling zfs encryption does not impose an
unreasonable performance penalty.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1857398/+subscriptions
More information about the foundations-bugs
mailing list