In this post I suggest a way to have an encrypted Linux installation on a USB key, which to me is useful when I travel and I want to securely access the functionality that desktop Linux offers. I want to have no fear that what I take with me will be stolen, even if what I take with me is a full Linux OS, together with my data and maybe some online passwords saved in the browser.
The usage scenario is having a PC/laptop available, inserting my USB key, turn on the PC booting from USB, insert password and access my Linux OS. The PC can be my own laptop, or even a PC that I don’t own, provided that it can boot from USB.
From a security point of view it is possible that if I insert my USB key in a PC that I don’t trust, it can do a tamper/keylog/dump attack. However, unless I am carrying military-grade secrets (and I’m not), it is unreasonable to be afraid that someone tampered the BIOS/hardware of any computer available in my travels.
I also wanted to give my USB key the traditional functionality of working as a drive in Windows. There are a couple of things to consider:
- Windows can read FAT and NTFS partitions.
- Windows can read only the first partition of an USB flash drive (quite the WTF here).
It is possible that when you insert the USB key in a running Windows environment a malicious software can dump an image of the flash drive encrypted data, tamper the bootloader and insert a keylogger that sends your password to the same entity that can access the dumped image. Again, I don’t think this specific attack is realistic when you are just carrying your personal data around.
While the Windows partition is unencrypted, some portable software can be used to save encrypted data, for example FreeOTFE, TrueCrypt or even 7zip.
With this in mind, my solution is to use an unencrypted bootloader+kernel and a LUKS-encrypted filesystem (containing Debian testing) on an USB key that is at least 8GiB. The “stack” of the partitioning and file system is shown below.
The green part of the partitioning are the “secure” filesystems, where you need a password to decrypt it. The red parts are unencrypted zones where I should not put sensitive data (without some precautions). The swap region must be kept in the encrypted side of the partitioning, because you can’t know what is saved inside; even passwords can remain written unencrypted after shutdown. Since the LUKS volume must contain two partitions, LVM must be used to create them.
To create my USB key I have some options, for example:
- using debootstrap or using Debian CD installer
- using the USB key itself during installation or using an image file that I can copy to USB flash once it’s ready
- using QEMU or using a real PC
For simplicity, and taking into account the tools that I’m familiar with, my choice is to use QEMU to install Debian from a CD image into a raw hard disk image file which I then can copy (with dd) on the USB key.
To create a raw hard disk image I must know the exact size of data that can be put inside the USB key, and create a file with the same size (or less). For this step, I use “blockdev” to get the size, and use dd to create a sparse file with the desired size.
As root, knowing that “sdc” is the block device corresponding to the USB key:
# blockdev --getsize64 /dev/sdc 8027897856
As normal user, I run dd using the found value minus one.
$ dd if=/dev/zero of=usbkey.img bs=1 count=1 seek=8027897855
I then get the latest Debian testing ISO CD image, and run QEMU to install Linux on the raw hard disk image that I just created:
$ wget http://cdimage.debian.org/cdimage/daily-builds/daily/arch-latest/i386/iso-cd/debian-testing-i386-netinst.iso $ qemu -m 512 -enable-kvm -hda usbkey.img -cdrom debian-testing-i386-netinst.iso
I start the installation of LXDE desktop environment, because it’s lightweight enough for many PCs and it doesn’t seem to write much on the hard drive, and then get to the manual partitioning, which is the “hard” part of the installation. First, I create the physical partitioning with the “windows” partition, the boot partition and the crypto partition as shown in the screenshot (all are primary partitions).
The “boot” partition has the boot flag enabled, and I set the ext2 filesystem to be mounted with noatime to reduce the number of writes. You can also enable the “mount as read-only” setting, but then it becomes difficult to upgrade the Linux kernel, the bootloader and the RAM disk.
Then I create the LUKS encrypted volume on the “crypto” partition, by providing a password to unlock it.
Then I setup LVM on top of it, with space for swap and root partitions.
Then I assign the swap and root, setting ext2(noatime) as the filesystem for the root partition. The final result is shown in the following screenshot.
Note that I used ext2 because writing to flash is very time consuming, and journaling file systems such as ext3 and ext4 do a lot of writing on the disk, impacting performance and life of the USB key.
The installation goes on, installing a full Debian OS. At one point, it asks what kernel I want to install, and I choose the “486” version over the “686-pae” version, because it is more likely to be compatible with a generic PC.
When the installation is complete, I shut down the virtual PC and close QEMU. Then I can copy the content of the raw image to the USB key, by running as root:
# dd if=usbkey.img of=/dev/sdc
At the end of the process (it took my PC an hour to copy it), I have a working USB key that contains an encrypted Debian OS that I can use almost everywhere. I tested it on some PCs, an HP laptop, an IBM Thinkpad, and it worked the same on all of them. Some considerations:
- add a line with “
vm.swappiness=10
” in file “/etc/sysctl.conf
” to avoid using the slow swap partition. - the execution is pretty fast because Linux does a lot of disk caching.
- sometimes on single-core PCs the CPU crunches at 100% and you can’t do anything, probably because it’s writing back the encrypted data on flash.
- on shutdown, Linux must write all the pending changes to flash, thus shutdown is not immediate.
- I must be very careful not to remove the USB key while it’s working. It can result in a corrupted filesystem or corrupted LUKS volume. The fact that ext2 is a non-journaling filesystem makes it worse.
- this solution is in some ways better than having an encrypted laptop with you:
it’s resilient toit protects against some “evil maid” attacks, an USB key is easier to take with you, and a laptop is “juicier” to steal.
Nate
2012/01/04
Are the daily builds unstable? I am get stuck in qemu with the installer repeating:
“(process:number) INFO: kbd-mode: setting console mode to Unicode (UTF-8)”
Balau
2012/01/04
Yes, actually they are unstable, but I didn’t think they were so unstable as to fail installation. Try the stable one, it should contain all the needed functionality.
oyabunbaba
2012/01/07
Wow, nice long article, hope more ppl will use Linux, coz IMHO it’s easier to use than Windows, eg. in 95% no need to install drivers, all programs in Software Center,no need to search exe’s all over internet, and thats why no viruses 😉
Nate
2012/01/08
This is a great post! Thank you. I now have a Debian build on a 16GB USB stick and a Mint version which took some round-a-bout way to get working. I had some issues with the Debian daily builds but the next day they were fixed.
I have some technical contracts and a student where I work that aren’t allowed to use Linux by our IT x-( But they still need Linux for a number of reasons from time to time so this is the perfect solution.
I love that it is portable and secure so I don’t have to worry the work they do getting stolen.
(Posted from my Mint USB stick)
GIGI LEUNG
2012/02/17
A great ideal I ever know. The speed of USB stick is slow that slower the execute speed ?
GIGI LEUNG
2012/02/17
I think the performance is a problem.
Balau
2012/02/17
It’s not the execution itself but the disk access that is slow. Most programs don’t access the disk that much while executing, and when they do, Linux caches the disk access very much to speed up write/read cycles. I noticed that it impacts the start of the applications somehow, and shutdown time, but in my experience it’s still faster than a live distribution booting and running from CD.
Joe P
2012/03/28
It might be worthwhile to use ext4 and turn journaling off. It should still be faster than ext2 on USB. Also, set /tmp, /var/tmp, /var/lock and /var/spool to be in RAM by editing fstab to reduce writes.
I installed Debian directly but I like your way of using QEMU much better. Good article.
John
2012/08/21
curiously I can boot to recovery in qemu but any attempt to run off a stick meets with failure to even find the bootloader. 😦
Balau
2012/08/21
I don’t know, maybe the PC does not support USB flash stick boot but only boot from external hard disk connected to USB.
You could try the same stick on a different PC.
The Dude
2012/11/10
Is there a way to make the encryption deniable ?
Balau
2012/11/10
I don’t know much about creating plausibly deniable data.
As it is now it’s absolutely clear that there’s an encrypted volume on the USB flash: Linux points to it and LUKS has a readable header.
I would say one way could be to partition only 90% of the drive in the way that I described, and in the remaining 10% you create a hidden volume somehow (I don’t know how, maybe Truecrypt is able to do it?), and then once Linux boots completely you mount it. But I suppose it can’t be deniable if in the history of command lines/log messages the “mount” procedure can be found…
Sam
2012/11/26
Balau, a security point. I hope we can take it constructively.
This set-up is in no way “resilient to ‘evil maid’ attacks.”
The original attack:
1. Modifying your boot sector. (mechanism)
2. Keylogging your passphrase on boot-up. (purpose)
In this case, everything is even easier!
1. Windows malware does this for you, when you plug your stick in with Windows on.
2. …and for any machine that has a hardware keylogger already (or a decent security camera pointed in your direction), (1) is even redundant.
Plugging into unknown machines is always a hazard, and doing so with Windows on, moreso. Conventional evil maid requires personal attention; in this case, all that is required is public malware — hence, the “military-grade secrets” objection is weakened. One could use a separate stick for windows. Even then…
Balau
2012/11/27
Hi Sam,
I agree that I did not use a rigorous wording for that consideration. “Resilient” means a very specific thing that is different from what I wanted to say. I believe a correct wording should be “it protects against some evil-maid attacks”. I’m gonna correct it.
The attack in Schneier’s post doesn’t work with my setup because the BIOS does not execute the hard disk bootloader, but directly the one on the USB key that I have on my persona.
But I agree with you that it surely does not protect against hardware keyloggers, so the “some” word is necessary in my post. I might also imagine attacks targeting the BIOS…
That said, with just a hardware keylogger or a security camera they can steal my passphrase, but in order to steal my data they also need the USB key or a dump of it.
You are also right that by inserting the key in a Windows computer there is the risk of having it compromised. But you are still the one that chooses the computer.
It’s like a little girl lost in the park, and a stranger approaches her saying “come with me and I’ll take you to your parents”: high risk scenario.
But if the little girl approaches a stranger herself, asking “can you take me to my parents?” the risk is very low because there’s a very small percentage of predators in the general population.
The percentage of compromised Windows PCs is not small, so the similitude is not completely fair, but still the concept stands.
The Windows partition is totally optional in my setup, it’s a compromise towards usability and if you don’t add it then it’s a step towards security. I agree that it is safer to never insert your dongle into an host that has high risk of being infected. Pun intended.
I proposed a method that, like many security systems, has its benefits and its flaws; thanks for pointing out some of them: it helps to make a conscious choice.
zongo saiba
2014/03/28
can you clarify; how do you mount this key on random windows machine ?
Balau
2014/03/28
If you partition an USB key in the way that I’ve shown, and insert the key in a running Windows machine, that machine will recognize it as a USB drive and it will mount the 1GiB partition automatically as any other USB key. The other partitions (boot and linux) won’t be considered.
iGNEOS
2014/05/09
ive tried your method completely already using debian (stable) and did all the steps you said, problem i was having was it was way to slow, and lacked a few small things. I am about to try this setup again but this time using YLMF 4.0 (english version) its very fast and looks more like a windows pc, also its detached from the constant updates going on in the linux world, so i dont have to worry to much about faulty and malicious packages. One other thing. I have tried countless linux distros, one thing i always noticed is if i fully updated it using something like synaptic, it would kill my installation. Lost plenty of data that way, but when using ylmf i can fully update with no problems, and have crashed an install of ylmf before but did it by adding way to many of the wrong kind of repositories (my fault) . I’ll most likely update later, but for those interested im hoping to get a secure/fast/ease of use/ minimal risk full linux install to usb and debian is great and all, nice to get back to basics, but ylmf may suite some users better