Hak5 1406 – Setting up a secure, portable Linux installation and installing Ubuntu Touch

Our thoughts on Ubuntu Touch and setting up the ultimate fast, secure, portable and persistent Linux installation. All that and more this time on Hak5!

Download HD | Download MP4

Setting up the ultimate fast, portable, persistent and secure Linux installation.

Background: Hack Across Europe was spawned by the fact that I was asked to attend the ITUs Worldwide Telecommunication Policy Forum in Geneva. The United Nations is making a play for Internet governance and after the shit show that was the WICT in Dubai last December they’ve started embracing the “multistakeholder model” – which means in layman’s terms they let the hacker in. Anyway, this prompted a new laptop since both boxes have significant issues. Namely one runs Windows, the other runs an unencrypted Linux distro (Ubuntu 12.10 which I’m totally over) and they’re both rocking the obligatory hacker stickers which stick out like a sore thumb at border crossings.

So I’m about to combine three elements for the perfect fast, portable and secure Linux install.

Firstly I want it portable, so I’ll be installing to a USB drive. Not booting from a Live USB, rather *installing* to the USB drive as if it were a regular hard drive. This means I’ll be able to treat the installation just like any other, no need for special partitions or workarounds to have a persistent live distro. Now why USB? Well, sadly my machine of choice has a horrid software raid that makes dual booting a pain the the ass and as much as I hate to admit it I need Windows for editing and photoshop and SimCity. I suspect with a fast and roomy USB drive I can get away with a persistent portable install on a USB 3.0 drive.

Second, as I said, I’ll be using a USB 3.0 drive. I’ll first do some benchmarking and from there we should get an idea of the performance increase. My last install like this was using a SanDisk Cruzer Fit 32 GB, which while tiny — it sort of just disappeared while plugged into my machine — it was slow as all get out. So this drive has been replaced with a 64 GB Kingston HyperX drive.

Third what I really want is a Ubuntu based install (because I love apt) that doesn’t get in the way too much *cough* Unity *cough* and sports full disk encryption. We are talking border crossings here and the hell if I want the man poking through my machine. What’s the worst that can happen, they deny you access to their country?

So let’s see the difference in speed. Using HD Speed, a nice little 90K portable app, let’s benchmark ’em both.

Sandisk Cruzer Fit = 3.6 Mbps
Kingston HyperX = 60 Mbps

I think this new drive will be sufficient so let’s get to installing. First you’ll need a *live* version of the distro you want to install, in this case Mint 14, already on USB – so for this I’ll use the slow USB 2.0 drive.

Now in order to make it a secure install we’ll want to enable LUKS full disk encryption. LUKS stands for Linux Unified Key Setup and is a platform independent disk crypto specification.
Unfortunately while LUKS is natively offered in the latest Ubuntu installers it is not in Mint 14. This is easy enough to fix simply by upgrading the installer before you start the installation.
*Boot your system using the Linux Mint 14 live CD or USB stick
*Open a terminal and enter the following commands:

$ sudo apt-get remove ubiquity
$ sudo apt-get update
$ sudo apt-get install ubiquity
$ sudo ubiquity

In order to install Mint 14, or Ubuntu, onto a USB drive you simply boot from a Live USB or CD with the drive you want to install to inserted – in this case my Kingston. During the installer we’ll choose “Something else” rather than the default “alongside Windows or replace windows.”

On the partition menu choose the partition for our drive. In my case it is sdd1 but we can verify using Disk Utility. Select sdd1 and click change. Now select “use this partition as EXT4 file system” and check Format (at least in Mint we have to format). For the mount point we’ll want to use ‘/’. Click OK. If Mint complains that we haven’t created a swap partition we can ignore it – assuming our machine has enough RAM. Mine has 8 gigs so I’m feeling comfortable here. We can always change it later with gparted but that’s outside the scope of this segment.

Now on the partition menu select sdd as our install location and ensure that the bootloader is set to be installed on sdd as well.

Hit install, sit back, have a cocktail and play progress bar roulette….or something. Reboot choosing the new USB drive and we’re in Linux. A secure, persistent and portable Linux install ready when we need it.

What do you think? Would this solution work for you? Do you have another method that might be better? Let us know!

NEW Ubuntu Touch on the Nexus 7

In Hak5 1220 we learned how to run Ubuntu 12.10 on the Nexus 7 (now 13.04). Today, we’re checking out Ubuntu’s Touch version for the Nexus brand.

First, download the Ubuntu Touch installer repositories: (works on Galaxy Nexus, and Nexus 4, 7, and 10)

sudo add-apt-repository ppa:phablet-team/tools
sudo apt-get update
sudo apt-get install phablet-tools android-tools-adb android-tools-fastboot

Unlock your Nexus 7

Locked bootloader can be unlocked by rebooting the Nexus 7 (hold down power button, select power off and wait). Once off, hold volume down button and press power button. Continue holding til bootloader UI comes up. Plug into laptop.
Run this command to verify fastboot lists device:

* $ sudo fastboot devices1234567891234567 fastboot.

Run this command to start unlocking: sudo fastboot oem unlock.

Follow directions on screen and Nexus 7 to finish unlocking.

Reboot with: sudo fastboot reboot-bootloader

Leave it in fastboot mode (LOCK STATE _ UNLOCKED) and

Follow these initial steps on your device:

Boot into Android and enable USB debugging via settings. Plug into computer.

-Ice Cream Sandwich (version 4.0) go to Settings and turn on USB Debugging (Settings > System > Developer options > USB debugging).

-Jelly Bean (versions 4.1 and 4.2) you need to enter Settings, About [Phone|Tablet] and tap the Build number 7 times to see the Developer Options, activate USB Debugging via Settings > Developer options > USB debugging.

-4.2.2 you will need to accept a host key on the device, if you already had adb installed, do the following

-On the workstation-> adb kill-server; adb start-server

-Plug the device into the computer via the USB cable.Depending on the installed Android version, a popup will show up on the device with the host key that needs to be accepted for the device to communicate with the workstation.

Deploy Ubuntu Touch!

Run this command:

phablet-flash -b

The -b performs a full bootstrap on the device. If the device is already unlocked it will carry on. If you have already bootstrapped once and want to install a daily just do:
phablet-flash -l

This will deploy the latest build onto your device. Your device should reboot into the Ubuntu Unity shell. This can take up to 10-15 mins.

Returning to Android:

Download the stock Nexus 7 image from:


Uncompress is with this command: tar zxvf nakasi-jdq39-factory-c317339e.tgz

Place Nexus 7 in fastboot mode and run this command: cd nakasi-jdq39/sudo then run


Ignore any warnings such as:

archive does not contain ‘boot.sig’ or archive does not contain ‘recovery.sig’ or archive does not contain ‘system.sig’.

Then you can lock it back into OEM locked mode:

sudo fastboot oem lock”


  • Czencored

    Excellent direction for serious laptop travelers.

    It would be of great benefit to include exactly how to migrate an existing install on a laptop, to the usb drive, and how to drastically reduce swap writes since you didn’t make a swap partition.

    Thanks for the tutorial.

  • kinito

    Great show (as always!)

    A tip to install the OS faster on a USB drive (or SD card): start the live CD/DVD image in a VM to avoid restarting and burning a CD (or preparing a live USB if you don’t have an other one).
    To check the installation went well I use the Plop bootmanager (any other should do) to start the OS in the VM! (2 physical OS started on the same machine are better than 1 :P).

    To make it more ubiquitous (to run on any pc + intel macs! – ’cause macs deserve freedom to 😉 ) create an HFS logical partition (I do it at the end of the drive to keep the ext4 partition with the installation as the primary one) and install rEFIt on it! (copying a few files and executing 1 shell script).
    However I don’t know how well this is compatible with encryption. The HFS partition should remain unencrypted 🙁 I’ve never achieved full disk encryption keeping the drive bootable on a mac. Any thoughts on that?

    I’d love to dual boot ubuntu touch & CM 10.1 on my Gnexus, I’ll let you know if I find a way.

    pd:I’ll post a link to my blog when the mac compatible persistent usb tutorial will be finished

  • Pingback: kw602 : Life on a Stick. ?| Knightwise.com

  • Jens


    I am looking for a good and light/portable Laptop/Ultrabook for a good secure/encrypted Linux machine.
    I am looking for a machine for programming/mail/browsing/playing around.
    Wat recent machine would you advice in a price range up to 1000 dollar.

    Kind Regards,


  • Brian

    Paul, this tutorial was one of the best I’ve seen for flash drive sec. Please if you guys could, make a tutorial just like this one but for multi boot on the USB Flash drive using luks and grub. (ie a flash drive using fde luks with windows 10, mint 17, Kali, and osx. Bootable with grub) I can sponsor this if funds are needed or support of any kind. Please email back and let me know if you can do this. Also any OS’S of your choosing as long as it’s 3 or more in the tutorial would be awesome.

  • Free Games For Android Tablet

    I love your blog.. very nice colors & theme. Did you create this website yourself
    or did you hire someone to do it for you? Plz answer back as I’m looking to
    create my own blog and would like to find out where u got this from.

  • ClarisaMBoissy

    An impressive share! I have just forwarded this onto a colleague
    who has been conducting a little research
    on this. And he actually bought me breakfast simply
    because I found it for him… lol. So allow me to reword this….
    Thank YOU for the meal!! But yeah, thanx for spending time to talk about this issue here on your web site.

  • CarmaMTrentinella

    Hi! This post could not be written any better!

    Reading this post reminds me of my good old room mate! He always kept talking about this.
    I will forward this page to him. Fairly certain he
    will have a good read. Thanks for sharing!

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>