Some tips for boosting the security of my laptop a little bit (TRIM, LUKS, LVM, TRESOR, evil maid, cold boot, dead man switch)

I currently have most of my rootfs unencrypted, with /home encrypted with ecryptfs. However, after Christmas, my laptop will no longer be a shared system, so I can go full disk. I am upgrading my laptop to an SSD on christmas, and I want to take the OS reinstall I'll be forced to do as an opportunity to set it up more securely. I have a few questions about the process. If anything is OS specific, I'm on Manjaro right now, and I intend to switch to Arch.

1. Should I enable TRIM? My laptop's motherboard only supports SATA 2. Will not having TRIM bring the speed below that level? I read that TRIM makes it very obvious which blocks are free and which are not. What can an attacker do with that information?

2. I intend to set up my laptop with my entire SSD as my root filesystem, and an external flash drive as both /boot (to protect against evil maid attacks) and a dead man switch. Does LUKS require LVM? If not, should I use LVM anyways? And how does this stuff work together? Does the filesystem go on top of LVM, which goes on top of LUKS, which goes directly on the drive?

3. My CPU does not support AES-NI. How much of a performance penalty is there to using TRESOR?

4. Is there a way to encrypt everything in RAM without a complicated setup and severe performance penalty?

5. Are there any pre-made programs that allow me to make my flash drive into a dead man switch, or will I be writing one myself?