Desktop installer is outdated

[Dimitri John Ledkov]

On Sun, 3 May 2020 at 07:34, Haug Bürger <habu at posteo.de> wrote:
>
> Hi,
>
> I just tested the latest 20.04 release in the hope that the installer
> improved. It did not improve. The desktop installer really needs work.
>
> It prefers plain text vs encryption which is not appropriate these days
> and makes Ubuntu insecure. You have to choose extra options to get an
> encrypted setup. If yo do so, it is not possible to create a setup which
> uses multiple disks.

Which layout do you expect to be done, when trying to do both
encryption and multiple disks?

Today, we create luks and create LVM inside that. If you want, you can
add luks on additional drives, and add them as PVs to your LVM as
well. So it is possible to do this as a post-install task. I'm not
sure how to design, or explain what happens when you do that. As one
will be promoted to unlock each encrypted drive separately.

> A different issue is the plain text /boot partition required. This is
> also insecure and unnecessary. This partition reserves fixed space for
> the Kernels, causing issues if to small or wasting space if to big. The
> installer allows it to be any size and doesn't propose a size. Since
> GRUB can boot LUKS devices this is unnecessary.

Unfortunately this is not true. We default to the stronger LUKS2 which
the current grub shipped in 20.04 has no support to unlock. grub only
can unlock the significantly less secure LUKS1 which we no longer
recommend for people to use.

Instead of relying on encryption, we instead use modern firmware
features of ensuring Secureboot & Measured Boot & Lockdown. The only
bootloaders and kernels you  can boot, are those that are chained to
Canonical Master CA UEFI offline certificate, and by default only
signed kernel modules can be loaded. Thus although /boot is not
encrypted, it is impossible to boot untrusted artefacts off it. If one
has TPM one can take further attestation measures to prevent kernel
cmdline being modified too. In the context of enforced secureboot &
enforcing signed kernel modules, what security issues do you see with
unencrypted /boot ?

> The third major issue the missing support for file systems supporting
> snapshots.
>

Desktop installer offers LVM & ZFS installation options, with
snapshots integration in apt and backup software out of the box. Are
snapshots as provided by zfs or lvm not sufficient for you?

> Linux itself supports all of the mentioned short comings. It is possible
> to create encrypted multi disk setups. It is also possible to boot
> directly from the encrypted partition. It is possible to use for example
> BTRFS as root file system, gaining compression and snapshots. It is
> possible to have a swap file on a BTRFS partition. Everything is
> available and the installer should be able to glue it together.
>
> With ZFS on the doorstep it is time to renovate the installer to support
> the new features of modern file systems and bring security i to up to date.
>

Instead we integrated ZFS into our desktop installer, which does
support encryption, and is superior to btrfs in our opinion. Why use
btrfs, when zfs is offered out of the box?

> My question is. Who is in charge for the installer?
>

Ubuntu 20.04 LTS Desktop installer offers the features you deem
essential, is something was not clear in the UI for you to discover
them?

-- 
Regards,

Dimitri.