Fair enough! 
I was just happy to get it working! Just making the point that itās possible. Personally I boot from an SSD, but /home is on a much larger HDD
I canāt really comment on much from the rest of your post, but if this limitation refers to the lack of support for LUKS2 in GRUB then you might like to know that the LUKS2 support was merged back in January 2020 so this might not be a limitation anymore.
The current situation with full disk encryption with Ubuntu is not optimal because itās hard to automate.
I am looking forward the day when I can download an Ubuntu cloudimage and after ācloud-initā has done itās magic, the disk is encrypted. Ubuntu MAAS also needs to have an easy way to get encrypted installation.
This probably means cloud-init will encrypt the disk (~2 GB) with a default key and then resizing the encrypted disk.
Next step is to handle the encrypted key. Maybe put it in TPM when available. Maybe the user can configure a password in cloud-init config. In my case I just want the final SSH access and Ansible will take over configuring the server as I want it.
Ubuntu installation should be secure by default. Android has had encryption by default for years with a read only system partition. Ubuntu also needs this kind of security.
LVM? I do not have an opinion here as long as I can automate the encryption. 
Thumpās up if you share my opinion and please comment.
Thanks for the info!
Not to be nitpicky butā¦
I should point out this isnāt encryption moreso āread onlyā system partitions. Which any average user would have if we went the Debian way of different root and user passwords without sudo.
Read only system partition isnāt encryption - and thatās part of the misconception there. Also not every system has a TPM available for it to use.
With my Server Team hat on, and my VMware admin hat on, and my Linux Sysadmin hat on I give you this answer:
Desktops, yes. Servers, no. The only reason I hestitate here with Servers is because LVM is very useful (with or without encryption) when you have servers that need expansion over time (a-la VMs) where due to data requirements you need the expansion.
I would consider leaving Servers alone because LVM has an advantage for Servers in terms of resizing; I donāt think itās as important on Desktops compared to servers.
1 Like
Will disk clone like DD still work?
Another problem with using LVM by default on desktops is that users have issues mounting the hard drives from their old computers, because the default volume group created by the installer has the same name on all the machines.
1 Like
This is something Iāve faced before and honestly the primary reason Iām pleased to hear about the plan for this change. Itās not massively difficult to work around, but itās definitely an annoyance, and something I think twice about when I recommend encryption to newer users.
One argument for the change is that it would be easier to do basic partition management after the install, after months of years, the partition sizes could need changes
Iām thinking about resizing graphically with Gparted. Thus I would like to avoid encrypted installs to have an LVM layer.
This is especially important at install parties because most of my colleagues arenāt experienced enough to resize an LVM setup with the command line. And even for me, itās more time consuming and error prone. Like forgeting to tell LVM to resize the partition in the logicial volume an thus eating itās data.
I think this would be a good feature, often I donāt really need LVM and it makes things more complicated.
Will this change also affect Kubuntu? Asking because I noticed the installer is different. For example encryption in manual partitioning mode doesnāt work at all in Kubuntu, while it works in Ubuntu.
Seems to me the Qt installer doesnāt get much attention anymore, so if not even bugs are fixed, I wounder if new features like this will come over.
1 Like
Could you please allow to customize disk partitioning during installation with disk encryption. I know that itās possible to do manually via LVM, but itās not for beginners and Ubuntu is used to be the first step into Linux.
Iām mainly interested in:
- resizing partitions
- allow\disallow swap due to SSD usage
- make full encryption the default option.
Also I think it will be good practice to make an information page, saying how important it is to encrypt the disk and why everyone should consider that option.
Regards
1 Like
I agree that getting things done simple is the right thing to do, but to my knowledge LVM is quite popular on enterprise server systems. Optimizing for the desktop may have a side-effect on help server systems. Having a separate setup for desktop vs server seems to me like bringing additional complexity for admins managing multiple diverse systems.
Kubuntu uses Qt frontend with its own sets of features. Not everything implemented by ubiquity core is usable via Qt frontend. And also there are some KDE specific features only accessible via the Qt frontend. Features developed in ubiquity sometimes require Kubuntu developers to enable in the Qt frontend.
At the moment there is no automatic lvm-less-fde in ubiquity core, nor any frontends.
I think the only need for LVM is to resize existing partitions and/or create or delete them without having to reformat the LUKS container and create everything from scratch and re-install the system.