On Wed, Jan 28, 2015 at 04:53:01PM -0800, jim karlock wrote: > Is there some way to completely hide one instance of Ubuntu from the > other for security: I want one for secure banking and the other for > general use. A superficial test shows that the general use instance > can see the file structure of the entire drive, but cannot get into > the other's files without the password. I feel more secure if it were > not visible (except as a boot choice at boot time.)
The Zotac has a sufficiency of USB3 ports. You can get a 16GB USB3 flash drive for around $25, and install a bootable copy of Ubuntu on that USB3 drive for your secure instance. Air gap security. USB flash drives are not big, but they have plenty of room for a minimal distro and a browser. I would do it this way: 0) Set the Zotac BIOS boot priority order so "USB HDD" comes first. 1) Put the Ubuntu install "dvd" iso on a cheaper USB2 flash drive, use that for installation or reinstallation. Since the Zotac needs an external drive of some sort for install, a flash drive is much quicker and more robust, and a suitable 4GB USB3 flash drive can be found for perhaps $8 on sale at a big box store. You will need this for backup. 2) Buy TWO 16GB USB3 flash drives. One will be your working drive, and the other will be your backup drive. 3) Use the install flash drive to build Ubuntu on the first 16GB flash drive, and tweak until you like it. If you are paranoid, you can temporarily remove the hard drive from the Zotac when you do this, with finger screws it only takes a minute. 4) Booted from the Ubuntu USB3 secure drive (set the boot order in the BIOS), back it up to the other USB3 drive, inserted after boot. In single user mode, you can use: dd if=/dev/(secure-USB3drive-name) of=/dev/(backup-USB3drive-name) To make a copy. 4a) This is a bit tricky - it is easy to get the USB3 drives mixed up. Be sure to boot with only one drive, and it will probably boot as /dev/sda , the unmounted hard drive as /dev/sdb, and the other flash drive as /dev/sdc (WAG). 5) When you want to use the secure drive, shut down the normal distro and hard disk, then start up with the USB3 secure drive inserted. DO NOT LEAVE THE USB3 FLASH DRIVE INSERTED when the Zotac boots from the hard drive. ---- All that said, your biggest security hole is that the BIOS on the Zotac may be compromised, or the USB drive might be. The frightening security hole is that none of us knows what Intel designed into their processor. Keith -- Keith Lofstrom [email protected] _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
