I want a portable version of Ubuntu that I can easily carry in my pocket. Problem is that I need it to be encrypted or it's useless. Every set of USB stick instructions I've seen so far does not account for the ease with which one might loose a USB stick. This seems like a major issue to me. How do we claim that Ubuntu is secure, if it isn't? The average person can't even keep track of their laptops and notebooks. How are they going to keep track of a USB stick?? ...and then having lost it, instantly have a major security breach?
Asked
Active
Viewed 123 times
3 Answers
0
Where can I find instructions for a portable USB Stick version of Ubuntu that is encrypted?
You can use the same instructions for any encrypted partition for Ubuntu if you want to encrypt using tools available for Linux/Ubuntu. All you need to take care of is to point to the correct device that needs encrypting. And you can do that with the "disks" option from dash.
If you want instructions based on images the ubuntuhandbook has a guide.
The command line method is shorter:
cryptsetup -v --verify-passphrase luksFormat /dev/{device}
cryptsetup luksOpen /dev/{device} backup
mkfs.ext4 /dev/mapper/backup
cryptsetup luksClose /dev/mapper/backup
where {device} is the device you want encrypted.
Mind though that encryption is not really security; it is security by obscurity. It stops some users from accessing the data but there are ways to retrieve the passphrase (a sharp knife for instance).
Rinzwind
- 309,379
0
If you accept, that every encrypted system can be cracked, you can create an installed system in a USB drive (a fast USB 3 pendrive or USB SSD).
It is easy to install (like installed into an internal drive, but into a USB drive),
if you unplug the internal drive
when booted from a normal live Ubuntu system in another USB drive
run Ubuntu's standard installer (
ubiquity)at the partitioning page, select LVM with encryption (which is LUKS encryption)
continue like it were a normal installation.
This link may help: How do I install Ubuntu to a USB key? (without using Startup Disk Creator)
sudodus
- 47,684
0
BIOS/UEFI Flash Drive with Full Disk Encryption
I have been playing with Paddy Landau's Manual Full System Encryption: https://ubuntuforums.org/showthread.php?t=2399092
Out of the box the script works UEFI only.
With a mkusb base, almost anything BIOS/UEFI is possible.
Start with a default mkusb Live install to flash drive (4GB or larger).
Next create a mkusb Persistent install to flash drive using defaults (16GB or larger).
As soon as mkusb finishes with the persistent install, open gparted and delete sdx4 and sdx5.
Refer to https://help.ubuntu.com/community/ManualFullSystemEncryption.
Follow Item 6.4-Detailed process: https://help.ubuntu.com/community/ManualFullSystemEncryption/DetailedProcess.
Complete Item 4.2.1 Creating new partitions sdx4-system, sdx5-swap* and sdx6-data*.
Boot the Live USB in UEFI mode.
Complete Item 4.2.2-Prepare for the Installer, and start the installer.
Run the installer per item 4.2.3-Install Ubuntu.
At this point the flash drive will be UEFI only.
- Now mount the ESP boot partition and copy ESP/EFI/ubuntu/grub.cfg and overwrite ESP/boot/grub/grub.cfg.
Your Bootable flash drive will now have encrypted system, home and swap files and will boot either BIOS or UEFI.
Notes:
- *Separate home, swap and NTFS partitions are optional.
- Many people recommend against using swap with a bootable USB or SSD for fear of wear.
- The swap partition, if used, can be encrypted using ecryptfs-utils.
- The NTFS partition, if used, can be encrypted using VeraCrypt so that it can be used in both Linux and Windows.
- If there are problems reusing the installer drive on a second encrypted install, confirm /mnt/root/ has been deleted and that the correct UUID for sdx3 has been used in fstab.
- GParted on the encrypted drive may not work.
C.S.Cameron
- 20,530
- 12
- 78
- 125