1
I encrypted a flash drive in Linux using Lux and found that it could be reformatted in Windows even though it is not a recognized file type. I want to make the flash drive only accessible on a Linux machine with a secondary option of keeping it encrypted. I would prefer not to use third-party encryption software. Is it possible to make a USB flash drive only mountable depending on the OS and if so, how?
Austin C.
Posted 2019-10-24T17:26:09.783
Reputation: 27
1
You can't do anything to a standard USB storage device that will prevent an OS (of any type) from doing what it wants to it.
Windows doesn't handle multiple partitions on USB devices well and you can leverage it's behavior, though. But you can't prevent someone from formatting it.
The best you can do is a "guard" partition. Do this:
Put the drive in Linux and use cfdisk to create a partition at the beginning of the drive that's 256MB (or even smaller), and a partition for the remainder of the drive.
Take the drive to a Windows system and format the 256MB partition as NTFS.
Take the drive back to your Linux system and encrypt/do whatever to the second partition. Leave the first NTFS partition in place.
Now, if someone puts it in a Windows system, they won't get a prompt for formatting, but simply see a blank small volume. You can put decoy files there or any other files. They won't know there is a second partition unless they go to diskmgmt.msc.
LawrenceC
Posted 2019-10-24T17:26:09.783
Reputation: 63 487
Not a bad idea, but with limitations: The size of the NTFS partition will be much smaller than that shown on the drive, indicating something hidden, and, as you state, it can be reformatted. This is one of the limitations of USB protocols (another is that a USB device can identify itself as anything, even a keyboard, allowing it to install malware). – DrMoishe Pippik – 2019-10-24T18:17:24.583
I have just completed doing the latter, and Windows still sees the second (encrypted) partition on the flash drive and asks to reformat it (not good). – Austin C. – 2019-10-24T18:22:02.280
Windows 10 does finally handle multiple partitions on USB devices. – user1686 – 2019-10-26T13:09:07.677
That would require to install a different software onto the controller chip inside the USB stick. As those chips are usually not open usable and documented I would say this is technically possible but requires skills and knowledge most people don't have. (and of course on Linux side some additional driver/program would be needed to re-enable the usb stick). – Robert – 2019-10-24T17:51:36.363