I would like to install Ubuntu 22.04 on a PC with an NVMe solid-state drive for the OS and a traditional hard drive for /home, using full disk encryption.
Before I buy the hardware, I have been trying to experiment with installing Ubuntu 22.04 on a virtual machine with two SATA drives to emulate this setup. As the machine will be used as a desktop, I have been using the desktop installer.
If I choose full disk encryption during installation, the installer seems to want to install everything to a single drive and I don't get any control over partitioning.
If I choose the advanced option, I get some manual partitioning options but it's not obvious to me how things should be set up for encryption. The closest I got to a working configuration was something like:
| Drive | Partition | Description |
|---|---|---|
| /dev/sda (SSD) | /dev/sda1 | lvm partition for encryption, filling the whole drive |
| /dev/mapper/sda1_crypt | ext4 partition mounted at /, filling the whole partition | |
| /dev/sdb (HDD) | /dev/sdb1 | 1MB biosgrub partition |
| /dev/sdb2 | 1GB EFI partition | |
| /dev/sdb3 | 1GB ext4 /boot partition | |
| /dev/sdb4 | lvm partition for encryption, taking up the rest of the space on the drive | |
| /dev/mapper/sdb4_crypt | ext4 partition for /home taking up the whole of the encrypted partition |
I couldn't figure out how to add any swap, which I would want to be encrypted as well. I wasn't actually able to proceed with the install in this case as the "Install Now" button was greyed out.
I have put the biosgrub, EFI and /boot partitions on the hard drive because the BIOS on the fairly old system I'd be using almost certainly won't be able to boot from the NVMe SSD. This is obviously not an issue with the virtual machine I'm testing with.
Is this configuration possible or am I asking too much? It's actually worse than this, as I would really like to use bcache as well and have part of the SSD set aside to cache the /home partition, but I haven't put that in the title of the question as I thought it might be more helpful to ask about this without adding bcache into the mix.
Would it be better to use the server installer? Would it be simplest to let the desktop installer put everything on a single drive then try to fix things up afterwards?
Looking at existing questions:
- I found How to install Ubuntu with LVM & LUKS on a SSD and use an LUKS encrypted HDD for data on a Dell Inspiron 7580 but this seems to relate to Ubuntu 19.04 and it's not clear to me that the advice is still applicable.
- How to install Ubuntu with both disk encryption AND SSD caching looks like it's exactly what I want, but it's from 2015 so I'm not sure it's still applicable.
Any advice would be greatly appreciated, even if it's just "don't do that!". :-)