On Tue, 11 Jan 2011 08:06:52 -0800 [email protected] wrote: > Hello fellow LFS users. > > Fist off, I am new to these lists, but I made my first LFS system > several years ago. I have no idea which version it was. I didn't go > very far beyond LFS at that time, and ended up going back to using > Windows (god forbid) because it just worked out of the box (barely) > without really having to mess with it too much. I then moved on to > using Ubuntu for security reasons, having a huge lack of trust for > Microsoft and really anybody in this post 9/11 era. I now assume that > all Windows operating systems are just a huge government backdoor. > > As you may have guessed by now, I am big on keeping my information > private. I do not like how computers open up new doors for governments > to spy on their citizens.
Don't put away you tin-foil hat just yet, I gather that the NSA submit code to the linux kernel... > I have installed an BLFS system, with all of the programs I want, > tailored just the way I like it. But rather than keeping this system on > a hard disk, which someone could examine and potentially steal my data, > or learn about me and my habits... by looking at my browser cache, or > forensically examining the drive for documents I've written, I use a 4GB > USB thumb drive with a 128MB boot partition, and the rest of the drive > (3.8GB+) is a Truecrypt-encrypted partition. My BLFS system is squashed > using Squashfs and is copied to the encrypted partition. > > Here's how my boot process works: > > I plug my thumb drive into my machine and turn it on. I press F12 or > whatever to boot off of the thumb drive. I have an initrd.gz in my boot > directory with Truecrypt in /bin. The linuxrc calls Truecrypt to mount > /dev/sdb2 (the encrypted partition). It prompts me for the password. I > enter the password. The partition is mounted read-only. The linuxrc > creates a 1GB+ ramdisk and then copies the entire operating system (the > squashfs filestyem) from the encrypted partition to the ramdisk. Next, > it dismounts the Truecrypt volume, so I can remove the USB thumb drive > if I want to. Then it mounts the squashfs filesytem using AUFS, and > then pivot-roots to that system. From there, the OS boots as usual. If > you don't use AUFS to mount it, then the OS won't be writable, as > Squashfs is a read-only filesystem, and it won't work. > > So what have I done? My entire OS exists in RAM. Once the machine is > powered off, it's like a LiveCD in that everything is gone... not a > trace of anything I've done is left. But rather than it being some > LiveCd of some random Linux distro-of-the-day, it is my own, custom BLFS > system. I've not tried encrypting a root partition (I think setting up an initrd looks hard...) so I don't know the ins and outs of it all, how is this different from Lars Bamberger's hint? http://www.linuxfromscratch.org/hints/downloads/files/crypt-rootfs.txt Andy -- http://linuxfromscratch.org/mailman/listinfo/lfs-chat FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
