In standard UC20 FDE feature (UC20 full-disk-encryption hook interface), key/passphrase creation for disk encryption managed by Core snapd. For our custom requirement, We would like to use our own passphrase for partition (Eg: SD card) encryption and planning to use custom snap for this purpose.
We are evaluating custom snap with ubuntu-data (/writable) partition. As system-data partition is mandatory during UC20 boot, we are not able to avoid “writable” partition from mount. If writable partition is mounted, apparmor denies the unmount and not finding suitable interface to allow unmount.
Is it ok to use custom snap with dm-crypt for ubuntu-data partition? or any alternate approach can be followed to meet the requirement?