Kubuntu 20.04 and encrypted ZFS
One of the things I would like to see done better in Kubuntu is ZFS, preferably with encryption. The current easiest workaround involves installing Ubuntu and then removing that desktop and installing the Kubuntu desktop. And if you want encryption then you have to edit a file on the live CD before installing.
But if you do want to end up with Kubuntu with ZFS and encryption then this is the way you go about it. This is based on Linsomniacs post from 2004, "Encrypting ZFS on Ubuntu 20.04" and an Ask Ubuntu question,"How to remove GNOME Shell from Ubuntu 20.04 LTS".
Table of Contents
Before installation
- Before installation you boot the Ubuntu 20.04 live CD and choose "Try Ubuntu".
- Open a terminal and type,
sudo nano /usr/share/ubiquity/zsys-setup - In the opened document search for “zpool create” by using Ctrl + w, typing the search term and then choosing enter. Make sure the block that appears has rpool on the last line. Like this,
zpool create -f \ -o ashift=12 \ -o autotrim=on \ -O compression=lz4 \ -O acltype=posixacl \ -O xattr=sa \ -O relatime=on \ -O normalization=formD \ -O mountpoint=/ \ -O canmount=off \ -O dnodesize=auto \ -O sync=disabled \ -O mountpoint=/ -R "${target}" rpool "${partrpool}" - In frount of the "zpool create" part you need to add echo with your password and then a pipe like,
echo MYPASSWORD |
So it looks like this (with your own password),
The DRDDRDDRDRD is the password you are going to use when booting the encrypted disk.echo DRDDRDDRDRD | zpool create -f \ -o ashift=12 \ -o autotrim=on \ -O compression=lz4 \ -O acltype=posixacl \ -O xattr=sa \ -O relatime=on \ -O normalization=formD \ -O mountpoint=/ \ -O canmount=off \ -O dnodesize=auto \ -O sync=disabled \ -O mountpoint=/ -R "${target}" rpool "${partrpool}" - Then you need to add a couple of lines,
to the end of the same block before the last line. So the example would look like this,-O encryption=aes-256-gcm \ -O keylocation=prompt \ -O keyformat=passphrase \echo DRDDRDDRDRD | zpool create -f \ -o ashift=12 \ -o autotrim=on \ -O compression=lz4 \ -O acltype=posixacl \ -O xattr=sa \ -O relatime=on \ -O normalization=formD \ -O mountpoint=/ \ -O canmount=off \ -O dnodesize=auto \ -O sync=disabled \ -O encryption=aes-256-gcm \ -O keylocation=prompt \ -O keyformat=passphrase -O mountpoint=/ -R "${target}" rpool "${partrpool}" - You can now save the file (Ctrl + X) and then start the Ubuntu installer. Just remember to choose ZFS at the prompt.
Removing the Ubuntu Desktop
So, by this point you should have rebooted into an encrypted install of Ubuntu 20.04. The first thing to do is to install the Kubuntu desktop before removing the Ubuntu one. Basically you install KDE, reboot into it and then remove Gnome.
So, to start.
- Open a terminal and install KDE with,
sudo apt install kubuntu-desktop - Near the end of the installation there will be a warning about the Encfs implementation. Read it and select enter.
- After that you will have to choose between the GDM and SDDM display managers. Use the arrow key to choose SDDM and then the tab key to OK.
- Reboot in Kubuntu.
- This is unfortunately where it gets a bit messy. I haven't yet found a clean way to remove the Ubuntu Desktop but the best method I have founds so far is.
Isn't that just a wall of text. Also, you should read through it before just copying and pasting it. If only for security reasons.sudo apt purge adwaita-icon-theme gedit-common gir1.2-gdm-1.0 \ gir1.2-gnomebluetooth-1.0 gir1.2-gnomedesktop-3.0 gir1.2-goa-1.0 \ gnome-accessibility-themes gnome-bluetooth gnome-calculator gnome-calendar \ gnome-characters gnome-control-center gnome-control-center-data \ gnome-control-center-faces gnome-desktop3-data \ gnome-font-viewer \ gnome-initial-setup gnome-keyring gnome-keyring-pkcs11 gnome-logs \ gnome-mahjongg gnome-menus gnome-mines gnome-online-accounts \ gnome-power-manager gnome-screenshot gnome-session-bin gnome-session-canberra \ gnome-session-common gnome-settings-daemon gnome-settings-daemon-common \ gnome-shell gnome-shell-common gnome-shell-extension-appindicator \ gnome-shell-extension-desktop-icons gnome-shell-extension-ubuntu-dock \ gnome-startup-applications gnome-sudoku gnome-system-monitor gnome-terminal \ gnome-terminal-data gnome-themes-extra gnome-themes-extra-data gnome-todo \ gnome-todo-common gnome-user-docs gnome-user-docs-ru gnome-video-effects \ language-pack-gnome-en language-pack-gnome-en-base language-pack-gnome-ru \ language-pack-gnome-ru-base language-selector-gnome libgail18 libgail18 \ libgail-common libgail-common libgnome-autoar-0-0 libgnome-bluetooth13 \ libgnome-desktop-3-19 libgnome-games-support-1-3 libgnome-games-support-common \ libgnomekbd8 libgnomekbd-common libgnome-menu-3-0 libgnome-todo libgoa-1.0-0b \ libgoa-1.0-common libpam-gnome-keyring libsoup-gnome2.4-1 libsoup-gnome2.4-1 \ nautilus-extension-gnome-terminal pinentry-gnome3 yaru-theme-gnome-shell
In conclusion
So that is about it. It isn't perfect, it is a little bit inelegant at the end but it does work and it gives you a working desktop. I should know, I am using it. If anyone knows a better solution for the final step of removing the desktop I would like to see it. I tried a couple in VM's but nothing seemed to work as well as "the list".
Happy Kubuntu encrypted ZFS!
