I'm considering writing a hint.
b3nton at gmail.com
Tue Jan 11 08:37:33 PST 2011
On Tue, 11 Jan 2011 08:06:52 -0800
maxwell_ at fastmail.fm wrote:
> Hello fellow LFS users.
> Fist off, I am new to these lists, but I made my first LFS system
> several years ago. I have no idea which version it was. I didn't go
> very far beyond LFS at that time, and ended up going back to using
> Windows (god forbid) because it just worked out of the box (barely)
> without really having to mess with it too much. I then moved on to
> using Ubuntu for security reasons, having a huge lack of trust for
> Microsoft and really anybody in this post 9/11 era. I now assume that
> all Windows operating systems are just a huge government backdoor.
> As you may have guessed by now, I am big on keeping my information
> private. I do not like how computers open up new doors for governments
> to spy on their citizens.
Don't put away you tin-foil hat just yet, I gather that the NSA submit
code to the linux kernel...
> I have installed an BLFS system, with all of the programs I want,
> tailored just the way I like it. But rather than keeping this system on
> a hard disk, which someone could examine and potentially steal my data,
> or learn about me and my habits... by looking at my browser cache, or
> forensically examining the drive for documents I've written, I use a 4GB
> USB thumb drive with a 128MB boot partition, and the rest of the drive
> (3.8GB+) is a Truecrypt-encrypted partition. My BLFS system is squashed
> using Squashfs and is copied to the encrypted partition.
> Here's how my boot process works:
> I plug my thumb drive into my machine and turn it on. I press F12 or
> whatever to boot off of the thumb drive. I have an initrd.gz in my boot
> directory with Truecrypt in /bin. The linuxrc calls Truecrypt to mount
> /dev/sdb2 (the encrypted partition). It prompts me for the password. I
> enter the password. The partition is mounted read-only. The linuxrc
> creates a 1GB+ ramdisk and then copies the entire operating system (the
> squashfs filestyem) from the encrypted partition to the ramdisk. Next,
> it dismounts the Truecrypt volume, so I can remove the USB thumb drive
> if I want to. Then it mounts the squashfs filesytem using AUFS, and
> then pivot-roots to that system. From there, the OS boots as usual. If
> you don't use AUFS to mount it, then the OS won't be writable, as
> Squashfs is a read-only filesystem, and it won't work.
> So what have I done? My entire OS exists in RAM. Once the machine is
> powered off, it's like a LiveCD in that everything is gone... not a
> trace of anything I've done is left. But rather than it being some
> LiveCd of some random Linux distro-of-the-day, it is my own, custom BLFS
I've not tried encrypting a root partition (I think setting up an
initrd looks hard...) so I don't know the ins and outs of it all,
how is this different from Lars Bamberger's hint?
More information about the lfs-chat