1

Running Ubuntu from a portable medium (USB stick), I want to also be able to use the HDD of a computer, e.g. for swap and to temporarily save data.

However, I want not to touch the HDD in a not reversible way, so I can't repartition it nor do I want to directly mount any of the file systems to dump my data file by file without encryption or guarantee that it will safely be deleted afterwards.

What I imagined is to mount an existing partition from my portable system just to create one large file containing a virtual disk image. That way I can use the free space but without being in danger of accidentally changing anything. The virtual disk should be encrypted and contain a swap and ext4 data partition. It has to be persistent between reboots until I manually delete it though.

After I'm done with that computer and having saved everything of importance from the virtual data partition to a persistent location, I want to safely disable swap, unmount the data partition and safely delete (shred) the whole virtual disk image. So in the end, the used HDD does not look modified, except for that one big file being created and deleted, but not giving out any information due to encryption and shredding.

Is the procedure I have in mind possible or will there be problems? Can you please give me advice how to create such a disk image and use it from my portable system etc.?

Byte Commander
  • 107,489

1 Answers1

2

IMHO you should fully follow this guide and keep your swap file and data safely on your USB SLC disk.

However, if you insist on putting the swap on the HDD, the only things you have to do differently is:

  1. Create a swap file on the HDD:

    sudo fallocate --length XY /media/szSomewhere/file.swap
sudo chmod a+rw /media/szSomewhere/file.swap

    where X is the number you want and Y the unit (k, m, g, t, p, e. See man fallocate for more info) and /media/szSomewhere is the location where you want the file to be on the system you're booting from.

  2. Format the file to create a swapping device: 

    sudo mkswap /media/szSomewhere/file.swap

  3. Add the swap to the running system: 

    sudo swapon /media/szSomewhere/file.swap

The additional swap is now available and can be seen by cat /proc/meminfo. Obviously, You'll have to do this on every computer you use, so make this into a script.

To have encrypted file storage on the HDD:

  1. Install the encrypted file system:

    sudo apt-get install sudo apt-get install encfs

  2. Setup an encrypted directory:

    encfs /media/szSomewhere/.encrypted /media/szSomewhere/UnEncrypted

    and start using the unencrypted directory like any other. In order to encrypt the /media/szSomewhere/UnEncrypted directory simply type:

    fusermount -u /media/szSomewhere/UnEncrypted

As long as the directory is unmounted all the information in /media/szSomewhere/UnEncrypted will seem to have disappeared but is actually stored in /media/szSomewhere/.encrypted. The only way to gain access to this information again is by unlocking it by typing the same command as in step 2...

Community
  • 1
Fabby
  • 34,259
  • And how does Ubuntu know where on the disk to put that swap file in your example? Besides, I would also like an encrypted data partition as virtual disk... You did not say anything about that. – Byte Commander Aug 17 '15 at 13:58
  • @ByteCommander. I think this is all you needed? – Fabby Aug 17 '15 at 17:07
  • Okay, but you're creating files and directories inside /media/szSomewhere/. I guess this is the mountpoint of the real HDD partition I want to use? And can I be sure that the disk does not get touched accidentally? Is there anything I can do to additionally protect the existing data? (Therefore I wanted a virtual disk image I can mount, so that I don't have to operate inside the real mount point at all) – Byte Commander Aug 18 '15 at 09:25