This is a very interesting idea, but care should be applied when combined with cloud (disk) images. In particular, I worry that if an encrypted disk image is distributed that the well-known passphrase could be used to get the master key from any pristine copy of the disk image. In effect, the master key becomes an open secret. Thus, any instance derived from this disk image would be fairly easy to read regardless of knowledge of the wrapping key.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1857398 Title: ubiquity should support encryption by default with zfsroot, with users able to opt in to running change-key after install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1857398/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs