ZoL supports native encryption since version 0.8.0

I'm sure it's coming from Ubuntu in a future release, but I wanted to encrypt /home now with Focal Fossa 20.04. There is the option to install on a full ZFS root, but it does not give the option to use encryption (yet).

I was able to create a new zfs volume for /home with encryption. The passphrase is from a prompt during boot of the system.

$ sudo passwd root

Log out and in on console as root.

# zfs create -o encryption=aes-256-gcm -o keyformat=passphrase -o mountpoint=/mnt rpool/home

# rsync -avPSH /home/ /mnt/

# zfs destroy rpool/USERDATA/ian_pxg1jp -r

# zfs umount rpool/home

# zfs inherit mountpoint rpool/home

# zfs mount -l rpool/home

Now that you have an encrypted ZFS volume mounted on /home, create and enable a systemd service file to prompt for the password at boot (only for Ubuntu 19.10, later releases have a built-in generator method)

# editor /etc/systemd/system/[email protected]

[Unit]
Description=Load %I encryption keys
Before=systemd-user-sessions.service
After=zfs-import.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/bash -c 'until (systemd-ask-password "Encrypted ZFS password for %I: " --no-tty | zfs mount -l rpool/%I); do echo "Try again!"; done'

[Install]
WantedBy=zfs-mount.service

# systemctl enable zfskey-rpool@home