My only concern here is that if zfs script is updated it will overwrite your changes. Ive used yubikey to unlock drives but this requires LUKS2 which AFAIK installers do not have yet. Also ive used systemd services to mount NFS shares with key to unlock my ZFS partitions. But this was for additional drives, don't know if its possible with boot drives.
Absolutely correct. If the zfs script is updated then these steps need to be done again. This video accompanies the steps on AskUbuntu here: askubuntu.com/questions/1414617/configure-ubuntu-22-04-zfs-for-automatic-luks-unlock-on-boot-via-usb-drive
Tried to do this using kubuntu, unfortunately because it doesn't use ZFS, there wasn't a file there to modify. Decided to install ubuntu first to set this up, then install the KDE Plasma DE. It appears to of worked at first but unfortunately it is incredibly buggy.
@@barezina It wasn't actually as buggy as I first thought, the buggy issues I had was actually KDE plasma's fault but I fixed it. Great video by the way. I'm surprised that the use of a USB key wasn't a default option to begin with. Because there are apparently services that exist (which uses an array of GPUs) to brute force LUKS passwords, I would have to write down the password anyway as it would be very long and impossible for a human to remember which would have the same "vulnerability" as carrying around a USB drive on you that unlocks your drive.
Amazing job
Ottima guida, grazie mille!
When you install Ubuntu with the "encrypted ZFS" option in the installer, it will use LUKS encryption and not the ZFS native encryption, right? 🤔
My only concern here is that if zfs script is updated it will overwrite your changes. Ive used yubikey to unlock drives but this requires LUKS2 which AFAIK installers do not have yet. Also ive used systemd services to mount NFS shares with key to unlock my ZFS partitions. But this was for additional drives, don't know if its possible with boot drives.
Absolutely correct. If the zfs script is updated then these steps need to be done again. This video accompanies the steps on AskUbuntu here: askubuntu.com/questions/1414617/configure-ubuntu-22-04-zfs-for-automatic-luks-unlock-on-boot-via-usb-drive
Tried to do this using kubuntu, unfortunately because it doesn't use ZFS, there wasn't a file there to modify. Decided to install ubuntu first to set this up, then install the KDE Plasma DE. It appears to of worked at first but unfortunately it is incredibly buggy.
Sorry buddy, unfortunately i've only done it with vanilla ubuntu using the exact steps shown in the video :(
@@barezina It wasn't actually as buggy as I first thought, the buggy issues I had was actually KDE plasma's fault but I fixed it. Great video by the way.
I'm surprised that the use of a USB key wasn't a default option to begin with. Because there are apparently services that exist (which uses an array of GPUs) to brute force LUKS passwords, I would have to write down the password anyway as it would be very long and impossible for a human to remember which would have the same "vulnerability" as carrying around a USB drive on you that unlocks your drive.