My team is looking to possibly transition to Snappy Core. We particularly like the ability of kernel rollbacks, which is why we would prefer it over an Ubuntu install with snapd. However, it is important to us (and our clients) that our application snap, along with its configuration and any data it generates, are encrypted on the device.
Our preference would be full disk encryption (we have a TPM2.0 on our device), but would also accept having our snap and its data be stored and executed from an encrypted partition.
Is there any solution (commercial or otherwise) to this problem?
Thanks!