A Linux machine has a partition with sensitive data. The goal is to prevent one from booting up from a live usb and mounting the machine's hard drive and copying the data.
The partition is encrypted with cryptsetup.
But it has to get decrypted on boot. So a key file is created to hold the password. The key is added to LUKS:
sudo cryptsetup luksAddKey <encrypted_device> <path_to_key>
For the system to find it on boot, the key file is linked in the /etc/crypttab:
$ sudo nano /etc/crypttab
# Content of the crypttab file
cryptpart UUID=<partition_uuid> <path_to_key> luks
Question
Using a live USB, one can read the /etc/crypttab and find the path of the key file and break the lock.
What is the solution?
/etc
from live media - I'm involved with QA & know current installs don't allow for this, as it's part of the Quality Assurance for encrypted installations (ie. I boot live media & try and read data off the install!). I don't see anything currently on-topic here? Why are you here? Refer https://askubuntu.com/help/on-topic as Linux is covered in SE Unix & Linux – guiverc Jun 23 '22 at 13:05OS is Xubuntu 22.04. Before posting the question, I used the live usb of the same os and could see the /etc – afar Jun 23 '22 at 15:35