Beta 42

Research and Development

Menu

Install Ubuntu with ZFS and Native Encryption

The Z File System (ZFS) is a file system with volume management capabilities, commonly used for managing multiple disks of data and rivals some of the greatest RAID setups.

The installation of Ubuntu 21.04 on ZFS will create two pools - bpool and rpool.

Pool bpool contains the boot partition and rpool all the other mountpoints in several datasets.

The default partitioning during the install creates four partitions and two ZFS pools, using all the storage in the installation disk:

   Partition           Size            Description                     
   --------------------------------------------------------------------
   /boot/efi          512MiB           EFI System Partition (vfat)     
   SWAP                2GiB            Linux Swap Partition (swap)     
   bpool               2GiB            ZFS/Solaris boot partition (zfs)
   rpool       (all remaining space)   ZFS/Solaris root partition (zfs)

To encrypt the rpool edit the installation script as described below.

Boot with the Ubuntu 21.04 Desktop ISO. Click the Try Ubuntu button. Open a terminal window.

If vim is your prefered editor, first install it:

sudo apt install -y vim

Edit /usr/share/ubiquity/zsys-setup:

sudo vim /usr/share/ubiquity/zsys-setup

The script is responsible for setting up ZFS. Modify the default options for rpool.

Edit the rpool section from this:

# Pools
        # rpool
        zpool create -f \
                -o ashift=12 \
                -O compression=lz4 \
                -O acltype=posixacl \
                -O xattr=sa \
                -O relatime=on \
                -O normalization=formD \
                -O mountpoint=/ \
                -O canmount=off \
                -O dnodesize=auto \
                -O sync=disabled \
                -O mountpoint=/ -R "${target}" rpool "${partrpool}"

to this:

# Pools
        # rpool
        echo PASSWORD | zpool create -f \
                -o ashift=12 \
                -O compression=lz4 \
                -O acltype=posixacl \
                -O xattr=sa \
                -O relatime=on \
                -O normalization=formD \
                -O mountpoint=/ \
                -O canmount=off \
                -O dnodesize=auto \
                -O sync=disabled \
                -O recordsize=1M \
                -O encryption=aes-256-gcm \
                -O keylocation=prompt \
                -O keyformat=passphrase \
                -O mountpoint=/ -R "${target}" rpool "${partrpool}"

Replace PASSWORD with the desired encryption password to use at boot time. Save the changes to the file and exit.

Launch the installer:

sudo ubiquity

Install Ubuntu as usual. In the Installation type section select Erase disk and install Ubuntu. Select Erase disk and use ZFS (do not check Encrypt the new Ubuntu installation for security, as the native encryption has already been configured above).

The system will be installed with the encryption options set on the script and on boot it will prompt for the password used during the setup.