Hi there. This is my first topic here. Please put it somewhere else if I put it in the wrong place
Anyway, I’m selling some laptops with Ubuntu MATE 16.10 installed and as such I’m using the OEM install mode.
I got a request from one of my potential customers, a novice Linux user that is security aware, to have full disk encryption on by default. As he, and potential other people, are novice users I could help guide them in reinstalling Ubuntu MATE, but I’d prefer to streamline the process.
Sadly, as far as I’m aware, enabling full disk encryption isn’t easily possible after install, never mind disabling (if so desired). The ideal solution here would be something like macOS does with their FileVault, which can be enabled or disabled at will from the System Preferences. After reboot, the disk start encoding your volume in the background.
But, wishlists aside, what would otherwise be a great option is an extension of the current OEM setup, where you can enable it after initial setup and after reboot the new owner will be asked to setup a new user account etc.
So, would it be possible to enable the “prepare for end user” option and after reboot, the end user will enter the OEM disk encryption password (something simple, like 123456) and be forced to immediately choose a new password before the rest of the OS starts?