Encrypting ZFS on Ubuntu 20.04

Installing Ubuntu 20.04 with ZFS Native Encryption Enabled

Ubuntu 20.04 includes the ability to install with ZFS for the root and boot partitions. However, it does not include an option for encrypting the root volume. Fortunately, it is easy to enable it.

Overview

The installer does not include password support for ZFS, but the installed system does have everything necessary to prompt for and handle the root volume being encrypted. This uses ZFS Native Encryption.

Steps

  • Boot the Ubuntu 20.04 Desktop installer/live CD.
  • Click the “Try Ubuntu” button.
  • Open a terminal and edit “/usr/share/ubiquity/zsys-setup”:
    • Search for “zpool create”, and make sure you have found the create command that has “rpool” on the last line.
    • Before the “zpool create” insert: echo MYPASSWORD |
    • Before the last line of the command insert these lines:
    -O recordsize=1M \
    -O encryption=aes-256-gcm \
    -O keylocation=prompt \
    -O keyformat=passphrase \
  • Run ubiquity to start the installer and install as normal, selecting “Use entire disk” and the option to use ZFS.

Acknowledgements

This is based on “a gist by Garrett Fields for 19.10”