Dev1 Galaxy Forum / Nonpersistent and encrypted image

Re: Nonpersistent and encrypted image

dummy@example.com (HevyDevy) — Sat, 13 Jun 2020 17:17:00 +0000

Ive always been meaning to play around with veracrypt volumes as mentioned in below info, i wonder if one could create a method to have squashfs could utilize veracrypt in some way?

https://www.veracrypt.fr/en/VeraCrypt%2 … ystem.html

Re: Nonpersistent and encrypted image

dummy@example.com (fsmithred) — Sat, 13 Jun 2020 16:53:32 +0000

Haven't done it, but I have some thoughts. I normally do an encrypted persistent volume for live-usb systems. The squashfs is not encrypted, but it is read-only, so it's pretty safe.

It might be possible to encrypt the partition that holds the squashfs and use grub as the bootloader. You'd have to edit the grub.cfg to add the same stuff that gets added when you do full-disk encryption. Set the usb up like a multi-boot live usb, except make the first partition a luks-encrypted volume with ext4 filesystem.

Nonpersistent and encrypted image

dummy@example.com (siva) — Sat, 13 Jun 2020 15:33:46 +0000

I'm wondering if the Linux desktop can be set up to mimick platforms like Android, in terms of their security model (and not their spyware).

Tools like dd can already "flash" a live image to a drive, like sda. This allows one to use a nonpersistent environment, which has its own cases and uses.

My thought was, if the squashfs could be encrypted, and isolinux could decrypt it at boot, then one could have a secure nonpersistent environment. There's a rather old ubuntu article about this, but the script is pretty convoluted, and it uses grub as opposed to isolinux. (https://askubuntu.com/questions/1041916 … om-live-cd)

So, I wanted to know if anyone has accomplished this kind of thing, and if so, how?