I would like to install Ubuntu on a two-disk RAID 1 with dm-integrity and LUKS2-encryption.
Unfortunately, neither Ubiquiti, nor the textmode-installer offer such a solution.
However, this seems simple enough to execute: Formatting both drives with “physical partitions for encryption” in
gparted and then calling
cryptsetup luksFormat --type luks2 --integrity sha256 <device> for either drive as a basis to create the RAID device, LVM and filesystem on top of in the manual installer.
Is there anything that needs to be considered with this approach? Does Ubuntu demand certain LUKS-parameters or is something particularly advisable to use for this purpose?
Do the devices need to be “opened” in any particular way before launching the installer and/or do they have to be added manually to a file to be decrypted at boot? Is the
--integrity function used automatically?
Is this even the best approach or is there another way to accomplish this? (Excluding the usage of Btrfs/ZFS filesystems)
And, a related side-question, would the Btrfs-filesystem be of any additional value regarding data integrity in this scenario, rather than Ext4, even though its RAID-functions are not used?