I'm considering writing a hint.

maxwell_ at fastmail.fm maxwell_ at fastmail.fm
Tue Jan 11 08:06:52 PST 2011


Hello fellow LFS users.

Fist off, I am new to these lists, but I made my first LFS system
several years ago.  I have no idea which version it was.  I didn't go
very far beyond LFS at that time, and ended up going back to using
Windows (god forbid) because it just worked out of the box (barely)
without really having to mess with it too much.  I then moved on to
using Ubuntu for security reasons, having a huge lack of trust for
Microsoft and really anybody in this post 9/11 era.  I now assume that
all Windows operating systems are just a huge government backdoor.  So I
tried my hardest to install a minimal Ubuntu system, but of course
inevitably, you get all kinds of packages installed that you don't need.

So these past few months I've migrated back to LFS and BLFS, and I'm
here to stay.  I love how I can compile every package myself with
verified sources.  I love how I have control over every last package
that is installed on my system.  And I also love how much I've learned
over these last few months, having built about five LFS systems, 6.6,
6.7rc1, and now 6.7.

As you may have guessed by now, I am big on keeping my information
private.  I do not like how computers open up new doors for governments
to spy on their citizens.  Therefore, I try to keep my data as private
as possible.  That is what my possible hint would be about, and I'm
writing this to find out if there are others who might be interested in
my hint.  I don't want to go to the trouble of writing it if nobody is
going to use it.  I'm also wondering about the health of the LFS
community, seeing that the LiveCd project isn't happening anymore, and
HLFS seems to be slowed to a crawl, and the new BLFS book has been
delayed.  Is this due to a lack of interest, a lack of help, or
something else that I'm missing?  I do hope this project continues into
the indefinite future, because I don't want to use anything else for an
operating system, and I lack the knowledge to build my own system
without the precise, well-written instructions of the wonderful books on
the LFS site... so a huge thank you goes out from me to Gerard and
everyone who has contributed to this most worthwhile project.

Okay, back to my hint...

Here's what it is:

I have installed an BLFS system, with all of the programs I want,
tailored just the way I like it.  But rather than keeping this system on
a hard disk, which someone could examine and potentially steal my data,
or learn about me and my habits... by looking at my browser cache, or
forensically examining the drive for documents I've written, I use a 4GB
USB thumb drive with a 128MB boot partition, and the rest of the drive
(3.8GB+) is a Truecrypt-encrypted partition.  My BLFS system is squashed
using Squashfs and is copied to the encrypted partition.

Here's how my boot process works:

I plug my thumb drive into my machine and turn it on.  I press F12 or
whatever to boot off of the thumb drive.  I have an initrd.gz in my boot
directory with Truecrypt in /bin.  The linuxrc calls Truecrypt to mount
/dev/sdb2 (the encrypted partition).  It prompts me for the password.  I
enter the password.  The partition is mounted read-only.  The linuxrc
creates a 1GB+ ramdisk and then copies the entire operating system (the
squashfs filestyem) from the encrypted partition to the ramdisk.  Next,
it dismounts the Truecrypt volume, so I can remove the USB thumb drive
if I want to.  Then it mounts the squashfs filesytem using AUFS, and
then pivot-roots to that system.  From there, the OS boots as usual.  If
you don't use AUFS to mount it, then the OS won't be writable, as
Squashfs is a read-only filesystem, and it won't work.

So what have I done?  My entire OS exists in RAM.  Once the machine is
powered off, it's like a LiveCD in that everything is gone... not a
trace of anything I've done is left.  But rather than it being some
LiveCd of some random Linux distro-of-the-day, it is my own, custom BLFS
system.

Once it is booted, I can mount my hard drive on my machine that is fully
encrypted with Truecrypt.  On this drive, I can have my Firefox browsing
cache, or anything else.  As a matter of fact, I can mount it as my home
directory, so at least these things that I want to be persistent will
remain persistent.

In the end, if someone stole my machine, the only data they would get
from me is what's in my /boot partition.

Let me know if anyone has any questions or interest in my step-by-step
process that I might write as an LFS hint.

Thanks for reading,
Maxwell


-- 
  
  maxwell_ at fastmail.fm

-- 
http://www.fastmail.fm - Faster than the air-speed velocity of an
                          unladen european swallow




More information about the lfs-chat mailing list