FWIW: Running Ubiquity 20.04 with a modified "zsys-setup" configuration file that manually incorporates a password and encryption pool properties works great.
This works especially well now that the "plymouth ask-for-password" is working.
Though a known password file would allow an autounlock mechanism until the change-key is done, I believe it would be rather trivial to have Ubiquity collect a password from the user, use "-O keylocation=prompt" and to expect the user to provide the password every reboot.
The performance penalty and the potential for a misguided perception of security from encrypting everything yet "leaving the key in the handle until you rekey" seems to be a much.
FWIW: Running Ubiquity 20.04 with a modified "zsys-setup" configuration file that manually incorporates a password and encryption pool properties works great.
echo <password> | zpool create -f \aes-256-gcm \passphrase \
-O encryption=
-O keylocation=prompt \
-O keyformat=
......
-O mountpoint=/ -R "${target}" rpool "${partrpool}"
This works especially well now that the "plymouth ask-for-password" is working.
Though a known password file would allow an autounlock mechanism until the change-key is done, I believe it would be rather trivial to have Ubiquity collect a password from the user, use "-O keylocation=prompt" and to expect the user to provide the password every reboot.
The performance penalty and the potential for a misguided perception of security from encrypting everything yet "leaving the key in the handle until you rekey" seems to be a much.