ubiquity

Merge ~vorlon/ubiquity:lp.1857398 into ubiquity:master

  1. Git
  2. lp:~vorlon/ubiquity
  3. lp.1857398
  4. Merge into master
Proposed by Steve Langasek
Status: Rejected
Rejected by: Dimitri John Ledkov
Proposed branch: ~vorlon/ubiquity:lp.1857398
Merge into: ubiquity:master
Diff against target: 37 lines (+11/-0)
2 files modified
debian/changelog (+7/-0)
scripts/zsys-setup (+4/-0)
Reviewer Review Type Date Requested Status
Dimitri John Ledkov Disapprove
Didier Roche-Tolomelli (community) Needs Information
Review via email: mp+377100@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Stock passwords are banned in the State of California, thus we should use a unique passphrase generator. [1]

It should be stored on the boot-volume, and included in the initrd for automatic unlocking. Until user chooses a new one.

Does resetting the passphrase re-encrypt the volume with a new master key? If not, we should do that somehow.

[1] https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB327

Revision history for this message
Steve Langasek (vorlon) wrote :

> Stock passwords are banned in the State of California, thus we should use a
> unique passphrase generator. [1]

> [1] https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=2017
> 20180SB327

Reading the text of this law, this applies only to passwords set by the manufacturer of a network-connected device, used for accessing the device over the network. So this applies neither to Ubuntu as a product (because it's not a device), nor to disk encryption passwords as a feature (because the password does not grant remote access to the device).

> It should be stored on the boot-volume, and included in the initrd for
> automatic unlocking. Until user chooses a new one.

The downside of this approach is that it makes the user's data more fragile in the face of data loss (due to hardware failure or user action) that impacts the boot pool. Given that the user doesn't necessarily even know that their root pool *is* encrypted, this is a potential time bomb. I think the added resilience of a default well-known passphrase is important.

> Does resetting the passphrase re-encrypt the volume with a new master key? If
> not, we should do that somehow.

I don't know if it does or doesn't. I agree this is desirable. But that wouldn't be part of the ubiquity side of things.

Revision history for this message
Didier Roche-Tolomelli (didrocks) wrote :

I have only one comment based on Richard's feedback. The rest is on the bug itself.
I agree that generating and setting the fix passphrase on the bpool will be more fragile, especially as the implementation detail will be unknown to the user who might reformat only part of his disk.
Overall, looks good to me and good catch for future compatibility!

review: Needs Information
Revision history for this message
Steve Langasek (vorlon) :
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

I believe we now have alternative ways of setting up hybrid luks+zfs encryption to use native zfs encryption, yet also support LUKS keyslots.

review: Disapprove

Unmerged commits

d399d8e... by Steve Langasek

scripts/zsys-setup: encrypt by default since it's not possible to add encryption to a pool post-installation. LP: #1857398

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 9fdb914..6d9cdae 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+ubiquity (20.04.5) UNRELEASED; urgency=medium
7+
8+ * scripts/zsys-setup: encrypt by default since it's not possible to add
9+ encryption to a pool post-installation. LP: #1857398
10+
11+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 23 Dec 2019 17:37:00 -0600
12+
13 ubiquity (20.04.4) focal; urgency=medium
14
15 * When removing packages, also remove automatically installed packages that
16diff --git a/scripts/zsys-setup b/scripts/zsys-setup
17index fcd0a49..e4d17b9 100755
18--- a/scripts/zsys-setup
19+++ b/scripts/zsys-setup
20@@ -289,6 +289,7 @@ init_zfs() {
21
22 # Pools
23 # rpool
24+ echo -n ubuntuzfs > /run/zfs-root-default
25 zpool create -f \
26 -o ashift=12 \
27 -O compression=lz4 \
28@@ -300,6 +301,9 @@ init_zfs() {
29 -O canmount=off \
30 -O dnodesize=auto \
31 -O sync=disabled \
32+ -O encryption=on \
33+ -O keylocation=file:///run/zfs-root-default \
34+ -O keyformat=passphrase \
35 -O mountpoint=/ -R "${target}" rpool "${partrpool}"
36
37 # bpool

Subscribers

People subscribed via source and target branches