3

I made an encrypted USB install of Ubuntu on a 32GB USB pendrive using LUKS encryption on the swap and actual install. How do I make it so no hard drives are mounted at boot or even probed for that matter. On the offchance the system running the USB key has linux on it, it would mount an unencrypted Swap partition and I don't want this to happen. Any ideas?

EDIT: This is the dmesg output when I boot with the appropriate kernel parameters:

http://pastebin.com/VHwaF5Sh

EDIT2:

I finally got the USB all setup by doing the following.

  1. Created the LUKS volumes in terminal, away from ubiquity

  2. Disabled swap in the HDD in ubiquity

  3. Installed the system.

Now I have everything on my USB except grub is now giving me grief. I mount everything, I do and update-grub, then install grub to the USB with no errors. However, when I reboot into grub on the USB, the only boot entries there are my Hard drive installs, the system on my usb wont even show up on the grub menu. If i can just get it to show up, then I will be able to boot into my system and be at peace. How am I able to add a custom grub entry that supports booting from an encrypted volume? I have two requirements for an answer:

  1. Explain how to move initrd and vmlinuz into a boot partition if I have to. (right now they are in the encrypted root partiton. I already have a boot partition thats about 300MB that I can move the files into. Refer to this: https://imagebin.ca/v/392Qqva76TZy )

  2. Explain how to make a custom grub entry that supports booting from an encrypted partition and how to refer to it in the entry using a UUID (for multiple computer stability in OS booting)

Sorry for the trouble and thanks again!

ryan77627
  • 81
  • 5
  • Maybe disable swap on the pendrive? – wjandrea Jan 14 '17 at 00:31
  • What I need is for ubiquity to not probe the HDD's, only the pendrive because first of all the unencrypted swap conflicting with creation of encrypted swap, it's a big hassle as seen in this bug report :https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1205397 Also for some other reason I choose all the installation files to go to the pen drive, and select my bootloader to go to the pendrive, but ubiquity still messes with my HDD's MBR and points it to the USB drive and other weird stuff. I need at the least for ubiquity not to mess with my drive UNDER ANY CIRCUMSTANCES. – ryan77627 Jan 14 '17 at 05:18
  • The best way I found so far was to use libata.force=1.00:disable and that again for the second drive under the kernel boot options on my installation media. This approach works on my laptop but not my desktop. On my desktop, the HDD's still show up and check my newest post, I'm going to include the dmesg output. – ryan77627 Jan 14 '17 at 05:19
  • Maybe check out the instructions here, see if they offer any insights: How do I install Ubuntu to a USB key? (without using Startup Disk Creator) – wjandrea Jan 14 '17 at 16:35

2 Answers2

0

I made an installed system for USB, that is available as a compressed image file via torrent. It is built from Ubuntu Server amd64 16.04 LTS, and it can be booted in UEFI and BIOS mode. I am running it right now to check how it works in a computer with a swap partition in the internal drive: It uses its own swap partition (according to the 'swap line' in /etc/fstab, but it does not touch the swap partition in the internal drive. This can be seen via the command line

sudo lsblk -f

where the 'own' swap partition is 'mounted' as [SWAP], but the internal swap partition has no such 'mount' evidence, or seen with

swapon -s

I have noticed that cryptswap (associated with encrypted home) in a USB pendrive may grab and convert swap in internal drives, which is very bad. My test drive is not encrypted, but with disk encryption (and no extra swap encryption) there should be no mechanism for grabbing a swap partition in the internal drive. It should be satisfied with the swap partition that is specified in /etc/fstab.

I have not tested exactly your configuration, so my answer is partly guessing. We can look deeper into the problem, if you give us more details about your system. For example, try installing Lubuntu into a USB pendrive according to the following link,

Lubuntu testcase for encrypted disk (but unencrypted home)

And let us know if it behaves like it should.

sudodus
  • 46,324
  • 5
  • 88
  • 152
  • I'll try it out! If it works, can you please explain how you created the image? I would like to know so I get some of the experience and learn the process! Thanks again! – ryan77627 Jan 14 '17 at 18:28
  • See these links, https://help.ubuntu.com/community/Installation/UEFI-and-BIOS/stable-alternative and https://ubuntuforums.org/showthread.php?t=2213631&page=4&p=13468260#post13468260 . - I cleaned the the installed system from unnecessary files, and wrote zeros to the unused space in the partitions, and created the compressed image with dd|xz (piped the output of dd via xz). – sudodus Jan 14 '17 at 19:36
0

Here is the answer that I found to work and not mount anything on the HDD

I finally got the USB all setup by doing the following.

1 Created the LUKS volumes in terminal, away from ubiquity

2 Disabled swap in the HDD in ubiquity

3 Installed the system.

Now I have everything on my USB except grub is now giving me grief. I mount everything, I do and update-grub, then install grub to the USB with no errors. However, when I reboot into grub on the USB, the only boot entries there are my Hard drive installs, the system on my usb wont even show up on the grub menu. If i can just get it to show up, then I will be able to boot into my system and be at peace. If I find how to fix grub, I will post here. The main thing is just making a custom grub entry using UUID. Good luck to everyone who tries this!

ryan77627
  • 81
  • 5