Install and Run Debian Linux from an Encrypted USB Drive

Another interesting article with security in mind. From the article:

You’re probably familiar with the live CD concept — a fully functional operating system on a CD that can be run on any computer that boots from its optical drive, without affecting the one(s) already installed. In a similar vein, you can set up Linux to run from a USB hard drive drive on any computer that can boot from USB. The live system offers automatic detection and configuration of the display adapter and screen, storage devices, and other peripherals. A bootable USB drive can run a mainstream Linux distribution such as Debian GNU/Linux, and can be secured, personalised, upgraded, and otherwise modified to suit your needs.

=> Running Debian GNU/Linux from an encrypted USB drive

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 2 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
2 comments… add one
  • paul Mar 24, 2008 @ 7:00

    i wouldnt like to recommend this method to all linux users. reasons:
    #1. disk cache space is less i run it on 2 GiB usb drives, so upgrade process is a pain.
    #2. if you ran in trouble while doing a nifty scan? 😉 (you know what i mean, teh sneakernet chaps) and someone pops by and you pull the stick and act innocent and then push it back? it may sometime show fsck consistency error.
    #3. there are a few ways with which you can remap the /home/[1..8] directory with different aes encryption and if you forget any of the eight partition’s password? “uh-uh Troubleeeeeeeeee.”
    #4. you need to make sure you do run a firmware upgrade on it. you know? 😉
    #5. you need to make sure you run many more encryption methods on saving your those scanned logs, so others dont sniff it. so? encryption within encryption within encryption? hehe, you need a fast host CPU horsepower PC to do these major decryption work speed up.
    #6. you will not want a swap on this drive, i dont want a swap it eats up space, and if you ram is low? start praying else get the swapd or other swap random creation scripts. you may never know when you ran into trouble because of stupid low RAM. damn ram.
    #7. when booting of an encrypted usb in BIOS set the BIOS to UHCI mode and also enable other modes like high speed mode, i dont have nor came across USB3 devices so pardon me.
    #8. last but not the least. “NEVER NEVER NEVER”, run startx in a usb stick chip, and even if you do? dont run any CPU/RAM intensive work like decryption and other mammoth works. you know the little mouse and big mouse thing right.

    why i selected the minus points than plus points? people tend to follow the dumb rules of the thumb and screw up. so? remember to use common sense than rules.
    home PC’s (this one) core 2 duo 2.8 gigs, 1 gig ram, and asus mobo. so i guess i can run graphics and cpu/ram intensive operation with 2-3 sec jet lag. but when i am using a cafe/friends awsome slow pc? i preffer to switch to CLI.
    afterall, this is encrypted usb stick isnt it? you can carry the pen testing straight off USB which inturn is encrypted. you know how to use what as you are you and i am not you.
    destructive criticism is invited, it helped/helps me reach what i missed/miss then/now. my 2 pennies.

  • gabrix Apr 22, 2008 @ 19:05

    Well i must agree , i tried to install debian on a 4GB usb encrypted stick , i don’t go into details now , but it was a pain , anyway it must be possible . I will give it a go once again , and i will post a detailed report whatever fail or success !

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum