How can I create an encrypted, bootable thumbdrive containing Linux?

4

I want to have a bootable flash drive that's fully encrypted. I have not tested, but seem to like, TrueCrypt, which provides a fully encrypted system and has lots of other features I like (for instance, hidden volumes). Unfortunately, it seems, system encryption is only supported for Windows, although I'm not sure why.

The crux here, I guess, is that you need a boot loader that is capable of asking for your password and decrypt the disk, at least the part that contains kernel and initrd.

An alternative might be to have an unencrypted boot partition containing a more powerful system which will decrypt and mount the main partition. However, this brings up the question of whether you're introducing data leaks. Depending on the specific scenario, I may lack the experience to assess if this is a problem. So I'd strongly prefer a fully encrypted disk or a similarly straightforward alternative.

Hanno Fietz

Posted 2009-12-26T22:48:33.470

Reputation: 1 045

Answers

2

Another option: use

  • a (non-bootable) encrypted thumbdrive
  • a read-only boot drive (non-encrypted)

The read-only boot drive can be a "LiveCD" CDROM (not a CDRW), a thumb drive with the switch in the "read-only" position, a SD card with the switch in the "read-only" position, etc.

Because the boot drive is read-only, you can be sure that no sensitive data is accidentally leaked onto a non-encrypted partition.

David Cary

Posted 2009-12-26T22:48:33.470

Reputation: 773

2

If I'd have to give you an answer right now without googling for this issue, then my solution would be: put any Linux distribution with vmware on the drive, within that distribution keep your other Linux hard drive encrypted and just decrypt that on boot and start it using vmware.

A few issues this might bring. The flash disk might be too slow to run a virtual machine on, or you might have insufficient space. I think this should run on a normal external hard drive though. But I guess this is rather far fetched

What are you really trying to reach though? If you're just trying to keep some files safe, a few simple chmods might solve the problem? (I assume it's pretty safe). Hope I can help you further.

Jeffrey Vandenborne

Posted 2009-12-26T22:48:33.470

Reputation: 438

usb 3.0 flash drives, courtesy of supertalent in this case (http://www.supertalent.com/products/stt_usb.php) are slowly becomind accesible.

– Rook – 2010-09-05T01:31:02.760

1

Fedora can do an encrypted install, and if you pass expert to the installer then it will let you install onto removable media. The only caveat is that /boot will need to be unencrypted so that the computer can read it for booting.

Ignacio Vazquez-Abrams

Posted 2009-12-26T22:48:33.470

Reputation: 100 516

1

Check out Privatix. It's a Debian-based distro, actually just a tweaked version of the Debian LiveCD. It should give you some ideas. There's not a lot of documentation available on it, but it's simple enough to install and poke around a bit.

anon

Posted 2009-12-26T22:48:33.470

Reputation: 11

Asked: 2009-12-26T22:48:33.470

Viewed: 8 941 times

Active: 2010-09-05T00:36:21.470