LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   move grub to usb + mount encrypted devices from usb question (http://www.linuxquestions.org/questions/linux-security-4/move-grub-to-usb-mount-encrypted-devices-from-usb-question-707433/)

Lancelot1 02-25-2009 08:45 AM

move grub to usb + mount encrypted devices from usb question
 
Hi there,

I was looking into some stuff for securing my computer access. Now I would like to do 2 non-related/related things:

1. I would like to move my grub boot loader to a usb stick to boot from that and only that.

2. I would like to use a loopback disk image on my usb stick (different partition) to grant access and mount my encrypted devices.

http://commons.oreilly.com/wiki/inde...tect_Your_Data

Now I'm following the steps from the site above and I have a few questions.

Whats the easy way to move my grub to my usb device and make it bootable (I have a bios option to boot from there)?

Can I make the loopback device on the 2nd partiton of the usb stick i.e. no virtual loopback disk but a real one?

How do I make sure the partions mount in the right order so that when I do boot with the usb I get access to my encrypted devices?

any help would be great

thanks

Lancelot1 02-26-2009 09:51 AM

ok i figured out issue 2 with using Truecrypt but have been looking into the boot thing. It seems there are 2 old solutions I have found on the web.

The One-phase boot and the Two-phase (initrd) boot version.

Now the direct or one-phase boot version isn't an option as in the future I will be updating the kernel and stuff and this will be made more difficult by patching the kernel.
The Two-phase (initrd) boot version contains a mini root on the boot device (ie. the usb) which will be used to load the real root....

Now my question is has anybody got some script that works with newer distro's Because the solution I found where all from a rather old IBM solution regarding booting your GRUB from USB I would like to see some less restrictive solutions.

http://www.ibm.com/developerworks/li...lnxw09FireBoot


All times are GMT -5. The time now is 01:53 AM.