I currently try to achieve full disk encryption using dm-crypt in plain mode without LUKS header with separate /boot on USB stick. Main goal of it is to achieve plausible deniability on Debian Linux distro. For now, I've managed to encrypt partitions using cryptsetup and install /boot partition to separate USB key. It all goes as it should and because header for encryption is not stored in LUKS I need to manually enter it at initramfs screen, but at this step i simply get error that indicates there's no cryptsetup in initramfs (/bin/sh: cryptsetup: not found) while trying to parse the header. In conclusion:
dev/sda encrypted using dm-crypt (/root and /home volumes) with
cryptsetup --hash=sha512 --cipher=twofish-xts-plain64 create crypt /dev/sdadev/sdb boot stick with grub
I successfully boot from bootstick, I see Ubuntu splash screen for about 20 seconds which is what I wanted to achieve for plausible deniability and then id drops to initramfs complaining about not being able to find /dev/mapper/root which is also something I wanted to achieve. Problem is that when I want to parse the cryptsetup line which would allow me to enter a password and continue with boot then initramfs complains abotu cryptsetup: not found
I guess this complains is true. My question is how to install cryptsetup into initramfs co it would allow further booting for password prompt. Also, I know that I'm omitting something with adding appropriate entries in /etc/fstab, /etc/crypttab and devices are not found during start up.
I'm very sorry for anything that is not clear here. I'm only average Unix user with some basic knowledge of system but any help will be much appreciated.
This are the guides I've found and used to set up all current config, maybe this will clear things I did not cover in post.
First one is a little outdated and second one is right only for Arch Linux but I've used two of them with newest lubuntu installation with little tweaking.
No comments:
Post a Comment