I was happy to see FDE support with TPM2 in Ubuntu 23.10 Desktop, but need the same for Ubuntu Server.
There doesn’t seem to be easily searchable description of how that works and how to replicate it manually. I’m fine installing default installation and then switching to FDE, just need to know how to do it in a way that is aligned with Ubuntu’s direction.
The goal is to have minimal ESP partition and encrypted BTRFS root partition with everything else. No SWAP, no separate
I tried to install Ubuntu Desktop 23.10.1 (and updated installer to the latest in the process), but installation failed in KVM on Ubuntu 22.04 Desktop (used libvirt), so I don’t know how to look into what it does at least after the fact.
systemd-cryptenroll should make things fairly straightforward, but there doesn’t seem to be guides using it for Ubuntu will full encryption and unified kernel image to get rid of