[dm-crypt] LiveUSB encrypted.

Arno Wagner arno at wagner.name
Wed Nov 9 21:34:45 CET 2011

You don't. What you do instead is use an encrypted 
data partition, which may be supported by some
Ubuntu tool.

The problem is that the kernel and an initrd have to
reside outside of the encrypted space. There is no 
way around that. As a consequence, an attacker can
already modify those two and get complete control.

If you are worried about this, use some form of
physical protection. Weak protection comes from using
write-once media like a CD-R. Stronger comes from
using an encrypted memory-stick with keypad. (Beware,
there are secure and insecure ones on the market.)
You can also ware the stick around your neck.


On Wed, Nov 09, 2011 at 04:41:44PM -0200, Marcos Barbosa wrote:
> How i create a Ubuntu liveUSB inside a USB stick?
> The trick: The casper files is inside a encrypted partition with LUKS.
> any ideas?
> -- 
> Marcos Barbosa <marcosestevesbarbosa at gmail.com>

> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

More information about the dm-crypt mailing list