Based on https://help.ubuntu.com/community/Full_Disk_Encryption_Howto_2019
- Boot into your .iso - choose 'Try'
- Clone repository
- Adjust variables in ubuntu-common.sh
- ./pre-install-partition.sh && ./pre-install.sh
- The pre-install.sh script will keep waiting for the install target to appear
- Start Installation as usual
- Choose Manual partitioning
- /dev/mapper/LUKS_BOOT --> ext4, MountPoint /boot
- /dev/mapper/ubuntu--vg-root --> w/e you like, MountPoint /
- /dev/mapper/ubuntu--vg-swap_1 --> swap area
- As soon as /target appears the previous script will exit normally
- You will end up with an encrypted LUKS1 /boot
- Encrypted LUKS2 / and swap-space
- An empty partition to be used for ZFS
- Choose Manual partitioning
- After install select 'Continue Testing'
- ./post-install.sh
- This sets up your LUKS installation so you only have to enter your password once
by generating a random keyfile saved in
/etc/luks/boot_os.keyfileand adding to the LVM LUKS partition
- This sets up your LUKS installation so you only have to enter your password once
by generating a random keyfile saved in
- Reboot
- change to a console and login as user
a) enable root account by setting a password
sudo passwdb) logout, login as root - Clone repository again
- Adjust variable for $DEV in ubuntu-common.sh
- Execute ./first-boot.sh
- Log back in as user
- Your /home is now on a ZFS dataset
- Tested on Ubuntu 20.10 and Kubuntu 20.10
- Hibernate works just fine (technically, it does for me)
- You might have to re-enable hibernation in KDE/GNOME as Ubuntu disables it globally