0

Part 1

I've created a live ISO image of my system using 'live build' tool on a Debian system. For automated installation i've used a preseeding file.

To protect my senstive data I'm using LUKS encryption to encrypt the squashfs file of the ISO and the process is as follow -

Extract the IOS image.

Create a LUKS encrypted container.

Put the unencrypted filesystem.squashfs file into the container.

Rename the container to filesystem.squashfs.

Recreate the ISO image.

I've tried this method but was unsuccessful. During the installation the system shows an error 'could not find filesystem.squashfs'

After some googling I found that the boot process should be - ...the encrypted filesystem.squashfs is mounted in the memory then it will asks for a password which will decrypt the encrypted filesystem.squashfs and then rest of the boot process resumes normally.

The problem is that I don't know how I can make the encrypted squashfs mount in the memory during the installation process.

I've found this link https://askubuntu.com/questions/1041916/booting-encrypted-squashfs-from-live-cd which performs similar functionality on an Ubuntu system. In ubuntu, the 'casper' tool is used for creating live cd which creates 'script' files in initrd of the ISO. In the above link we can see that a file named 'casper-helper' is edited to tell the system to mount the encrypted squashfs during the boot process. But I couldn't find its alternative on the debian system. Any help is welcome.

Part 2

Is it possible to attain automatic decryption as I want fully automated installation I don't want it to ask for the password. Somehow if I can save a keyfile in the ISO which will decrypt it automatically during installation. If yes then please help

Improve this question
6
  • 1
    If you want to portable encrypted system, please consider an installed system with a LUKS encrypted LVM volume. This can be done via the standard installer of several Linux systems, for example Ubuntu. I am not sure about Debian, but I think it is available there too. Otherwise you can create it yourself. I think it is easier with an installed system than with a live system. Commented Dec 7, 2021 at 14:24
  • Why do you want automatic decryption? If I understand correctly, that would defeat the purpose of the encryption. Commented Dec 7, 2021 at 14:27
  • Actually my only concern is to protect the filesystem.squashfs present in the ISO. Let's say if I distribute this ISO, I don't want someone to be able to view the contents of squashfs as it contains sensitive data. The installed device will itself be secure enough so I don't need encrypted partitions there. Commented Dec 8, 2021 at 5:44
  • I'm trying to use the automatic decryption part so I don't have to share the password as I mentioned once the system is installed all data on it will be completely secure. The objective here is to protect the squashfs on the ISO only. Commented Dec 8, 2021 at 5:48
  • Mayb there is some step, that I do not understand, that makes it safe, even with automatic decryption. Anyway, see the answer by F. Hauri at this link. Scroll down to 'Debian live with encrypted persistence'. Good luck :-) Commented Dec 8, 2021 at 7:17

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.