I feel compelled to mention one other thing... Often, LVM encryption is *not* an option for servers where unattended booting is absolutely required, as LVM encryption requires a passphrase on startup.
With an encrypted ~/Private, no passphrase is required on boot, but rather it's mounted/unmounted on login/logout. ---- That said, let me throw out another perhaps more controversial option... What if we didn't ask, and we just provided ~/Private encrypted by default? If unspecified, the mount passphrase is randomly generated from 128 bits of /dev/urandom. We can do that completely entirely and reliably without adding a screen to the installer, and provide the system administrator user a secure, encrypted location to drop critical data by default on any Ubuntu Server. The one challenge, however, is that we'd need to communicate to the user their randomly generated passphrase, which they would need if they needed to take extreme measures at some point to recover their data. :-Dustin -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
