The officially official Devuan Forum!

You are not logged in.

#1 2020-06-13 15:33:46

siva
Member
Registered: 2018-01-25
Posts: 232  
Website

Nonpersistent and encrypted image

I'm wondering if the Linux desktop can be set up to mimick platforms like Android, in terms of their security model (and not their spyware).

Tools like dd can already "flash" a live image to a drive, like sda. This allows one to use a nonpersistent environment, which has its own cases and uses.

My thought was, if the squashfs could be encrypted, and isolinux could decrypt it at boot, then one could have a secure nonpersistent environment. There's a rather old ubuntu article about this, but the script is pretty convoluted, and it uses grub as opposed to isolinux. (https://askubuntu.com/questions/1041916 … om-live-cd)

So, I wanted to know if anyone has accomplished this kind of thing, and if so, how?


the thomos project
thomos support thread
cynwulf wrote: "You should get some more sleep and spend less time on forums."

Offline

#2 2020-06-13 16:53:32

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,619  

Re: Nonpersistent and encrypted image

Haven't done it, but I have some thoughts. I normally do an encrypted persistent volume for live-usb systems. The squashfs is not encrypted, but it is read-only, so it's pretty safe.

It might be possible to encrypt the partition that holds the squashfs and use grub as the bootloader. You'd have to edit the grub.cfg to add the same stuff that gets added when you do full-disk encryption. Set the usb up like a multi-boot live usb, except make the first partition a luks-encrypted volume with ext4 filesystem.

Offline

#3 2020-06-13 17:17:00

HevyDevy
Member
Registered: 2019-09-06
Posts: 358  

Re: Nonpersistent and encrypted image

Ive always been meaning to play around with veracrypt volumes as mentioned in below info, i wonder if one could create a method to have squashfs could utilize veracrypt in some way?

https://www.veracrypt.fr/en/VeraCrypt%2 … ystem.html

Offline

Board footer