I'm using Ubuntu in a corporate environment, and our security policy states that we have to use full disk encryption.
I've also got a laptop with a 32GB mSATA SSD and 750GB of spinning rust. My current installation uses bcache to leverage this, installed using this procedure. This provides a very welcome performance boost without me having to worry about filling up the SSD.
This will be a bountied question. The bounty will be awarded for :
- A clear, reliable method of performing a fresh install of Ubuntu
- Any release is acceptable but 15.04 (Vivid) will be fine
- The entire filesystem will be encrypted
- The preference here is to use the relevant checkbox in the default Ubiquity installer program (dm-crypt encryption)
- The filesystem will be cached on an SSD
- For preference, the kernel dm-cache / lvmcache method see here for method to do this with Debian Jessie
- The cache must also be secured (ie encrypted)
- There must be a clear explanation as to why the cache is also encrypted
Have already tried the method for Debian Jessie above, but it refuses to boot for me. Have not so far tried the method described in the comments here.
The posted solutions will be tested on a VirtualBox VM with two blank virtual disks and a release copy of 15.04 desktop (amd64 release). Bounty goes to the first solution that I adopt to reinstall my actual hardware.
Please write your solution as if it were going into the community wiki.
I've awarded the bounty – I think there is still potential for a "LUKS-on-LVM" solution that combines the ease of the approved answer in only having one password, with only using device-mapper components.