Ubuntu: How to stop USB full ubuntu install from probing hard disks?



Question:

I made an encrypted USB install of Ubuntu on a 32GB USB pendrive using LUKS encryption on the swap and actual install. How do I make it so no hard drives are mounted at boot or even probed for that matter. On the offchance the system running the USB key has linux on it, it would mount an unencrypted Swap partition and I don't want this to happen. Any ideas?

EDIT: This is the dmesg output when I boot with the appropriate kernel parameters:

http://pastebin.com/VHwaF5Sh

EDIT2:

I finally got the USB all setup by doing the following.

  1. Created the LUKS volumes in terminal, away from ubiquity

  2. Disabled swap in the HDD in ubiquity

  3. Installed the system.

Now I have everything on my USB except grub is now giving me grief. I mount everything, I do and update-grub, then install grub to the USB with no errors. However, when I reboot into grub on the USB, the only boot entries there are my Hard drive installs, the system on my usb wont even show up on the grub menu. If i can just get it to show up, then I will be able to boot into my system and be at peace. How am I able to add a custom grub entry that supports booting from an encrypted volume? I have two requirements for an answer:

  1. Explain how to move initrd and vmlinuz into a boot partition if I have to. (right now they are in the encrypted root partiton. I already have a boot partition thats about 300MB that I can move the files into. Refer to this: https://imagebin.ca/v/392Qqva76TZy )

  2. Explain how to make a custom grub entry that supports booting from an encrypted partition and how to refer to it in the entry using a UUID (for multiple computer stability in OS booting)

Sorry for the trouble and thanks again!


Solution:1

I made an installed system for USB, that is available as a compressed image file via torrent. It is built from Ubuntu Server amd64 16.04 LTS, and it can be booted in UEFI and BIOS mode. I am running it right now to check how it works in a computer with a swap partition in the internal drive: It uses its own swap partition (according to the 'swap line' in /etc/fstab, but it does not touch the swap partition in the internal drive. This can be seen via the command line

sudo lsblk -f  

where the 'own' swap partition is 'mounted' as [SWAP], but the internal swap partition has no such 'mount' evidence, or seen with

swapon -s  

I have noticed that cryptswap (associated with encrypted home) in a USB pendrive may grab and convert swap in internal drives, which is very bad. My test drive is not encrypted, but with disk encryption (and no extra swap encryption) there should be no mechanism for grabbing a swap partition in the internal drive. It should be satisfied with the swap partition that is specified in /etc/fstab.

I have not tested exactly your configuration, so my answer is partly guessing. We can look deeper into the problem, if you give us more details about your system. For example, try installing Lubuntu into a USB pendrive according to the following link,

Lubuntu testcase for encrypted disk (but unencrypted home)

And let us know if it behaves like it should.


Solution:2

Here is the answer that I found to work and not mount anything on the HDD

I finally got the USB all setup by doing the following.

1 Created the LUKS volumes in terminal, away from ubiquity

2 Disabled swap in the HDD in ubiquity

3 Installed the system.

Now I have everything on my USB except grub is now giving me grief. I mount everything, I do and update-grub, then install grub to the USB with no errors. However, when I reboot into grub on the USB, the only boot entries there are my Hard drive installs, the system on my usb wont even show up on the grub menu. If i can just get it to show up, then I will be able to boot into my system and be at peace. If I find how to fix grub, I will post here. The main thing is just making a custom grub entry using UUID. Good luck to everyone who tries this!


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »