[liberationtech] Linux distribution on encrypted USB?

Wed Sep 11 12:20:30 PDT 2013

On 11.09.2013 19:03, The Doctor wrote:
> On 09/11/2013 02:33 AM, Moon Jones wrote:
>> Yes, Tails seems to be the solution here as well. It has a very
>> elegant way of handling this with its encrypted storage. But, in
>> this case, it's rather limited upgrade-wise.
>
> In what sense?

Tails is wonderfuly maid for its purpose. On the outside all drives look 
the same. Same space for the distribution and upgrades and the rest is 
one large encrypted space. So the packs added are put inside the 
encrypted drive. I'd say the libs and executables are fine out in clear, 
but the configs should be on the encrypted drive. Along with something 
like tripwire data, or at least some fingerprints and a file list to 
confirm the libs haven't turn against you overnight.

> At least insofar as being able to access the encrypted storage
> partition of a USB install of TAILS is concerned, so long as you don't
> repartition the device it should just work.  I've tested this a few
> times (upgrading a USB key from TAILS v0.19 to TAILS v0.20) and the
> data's been accessible every time.

Yes. I did the same upgrade and it worked in an instant. I was so happy 
everything was ok. If I recall well, only three upgrades can be done, 
than I'll have to migrate the data by hand. Anyway, going from 0.19 to 
0.20 cured some unexplained hangups that persist in Debian 7.0 and 7.0.1.

Only that on an older than Tails 0.17 I fired up Synaptic and did some 
«cleanup», removing everything I did not want. Than I put some software 
I needed. And in the end I have broken the whole distro. I did nothing 
exotic. I have not add foreign repositories. And it did not work. So I'm 
trying to avoid customising Tails for every day use.

> Were you referring to something else (namely, potentially needing to
> repartition the device if the distro grows too large to be accomodated
> by previous installs)?

I was thinking for my everyday system portable from one computer to 
another without touching the installed hard drive. The config is 
different. And I'm afraid to break stuff.