Hak5 1406 – Setting up a secure, portable Linux installation and installing Ubuntu Touch
Our thoughts on Ubuntu Touch and setting up the ultimate fast, secure, portable and persistent Linux installation. All that and more this time on Hak5!
Setting up the ultimate fast, portable, persistent and secure Linux installation.
Background: Hack Across Europe was spawned by the fact that I was asked to attend the ITUs Worldwide Telecommunication Policy Forum in Geneva. The United Nations is making a play for Internet governance and after the shit show that was the WICT in Dubai last December they’ve started embracing the “multistakeholder model” – which means in layman’s terms they let the hacker in. Anyway, this prompted a new laptop since both boxes have significant issues. Namely one runs Windows, the other runs an unencrypted Linux distro (Ubuntu 12.10 which I’m totally over) and they’re both rocking the obligatory hacker stickers which stick out like a sore thumb at border crossings.
So I’m about to combine three elements for the perfect fast, portable and secure Linux install.
Firstly I want it portable, so I’ll be installing to a USB drive. Not booting from a Live USB, rather *installing* to the USB drive as if it were a regular hard drive. This means I’ll be able to treat the installation just like any other, no need for special partitions or workarounds to have a persistent live distro. Now why USB? Well, sadly my machine of choice has a horrid software raid that makes dual booting a pain the the ass and as much as I hate to admit it I need Windows for editing and photoshop and SimCity. I suspect with a fast and roomy USB drive I can get away with a persistent portable install on a USB 3.0 drive.
Second, as I said, I’ll be using a USB 3.0 drive. I’ll first do some benchmarking and from there we should get an idea of the performance increase. My last install like this was using a SanDisk Cruzer Fit 32 GB, which while tiny — it sort of just disappeared while plugged into my machine — it was slow as all get out. So this drive has been replaced with a 64 GB Kingston HyperX drive.
Third what I really want is a Ubuntu based install (because I love apt) that doesn’t get in the way too much *cough* Unity *cough* and sports full disk encryption. We are talking border crossings here and the hell if I want the man poking through my machine. What’s the worst that can happen, they deny you access to their country?
So let’s see the difference in speed. Using HD Speed, a nice little 90K portable app, let’s benchmark ’em both.
Sandisk Cruzer Fit = 3.6 Mbps
Kingston HyperX = 60 Mbps
I think this new drive will be sufficient so let’s get to installing. First you’ll need a *live* version of the distro you want to install, in this case Mint 14, already on USB – so for this I’ll use the slow USB 2.0 drive.
Now in order to make it a secure install we’ll want to enable LUKS full disk encryption. LUKS stands for Linux Unified Key Setup and is a platform independent disk crypto specification.
Unfortunately while LUKS is natively offered in the latest Ubuntu installers it is not in Mint 14. This is easy enough to fix simply by upgrading the installer before you start the installation.
*Boot your system using the Linux Mint 14 live CD or USB stick
*Open a terminal and enter the following commands:
$ sudo apt-get remove ubiquity
$ sudo apt-get update
$ sudo apt-get install ubiquity
$ sudo ubiquity
In order to install Mint 14, or Ubuntu, onto a USB drive you simply boot from a Live USB or CD with the drive you want to install to inserted – in this case my Kingston. During the installer we’ll choose “Something else” rather than the default “alongside Windows or replace windows.”
On the partition menu choose the partition for our drive. In my case it is sdd1 but we can verify using Disk Utility. Select sdd1 and click change. Now select “use this partition as EXT4 file system” and check Format (at least in Mint we have to format). For the mount point we’ll want to use ‘/’. Click OK. If Mint complains that we haven’t created a swap partition we can ignore it – assuming our machine has enough RAM. Mine has 8 gigs so I’m feeling comfortable here. We can always change it later with gparted but that’s outside the scope of this segment.
Now on the partition menu select sdd as our install location and ensure that the bootloader is set to be installed on sdd as well.
Hit install, sit back, have a cocktail and play progress bar roulette….or something. Reboot choosing the new USB drive and we’re in Linux. A secure, persistent and portable Linux install ready when we need it.
What do you think? Would this solution work for you? Do you have another method that might be better? Let us know!
NEW Ubuntu Touch on the Nexus 7
In Hak5 1220 we learned how to run Ubuntu 12.10 on the Nexus 7 (now 13.04). Today, we’re checking out Ubuntu’s Touch version for the Nexus brand.
First, download the Ubuntu Touch installer repositories: (works on Galaxy Nexus, and Nexus 4, 7, and 10)
sudo add-apt-repository ppa:phablet-team/tools
sudo apt-get update
sudo apt-get install phablet-tools android-tools-adb android-tools-fastboot
Unlock your Nexus 7
Locked bootloader can be unlocked by rebooting the Nexus 7 (hold down power button, select power off and wait). Once off, hold volume down button and press power button. Continue holding til bootloader UI comes up. Plug into laptop.
Run this command to verify fastboot lists device:
* $ sudo fastboot devices1234567891234567 fastboot.
Run this command to start unlocking: sudo fastboot oem unlock.
Follow directions on screen and Nexus 7 to finish unlocking.
Reboot with: sudo fastboot reboot-bootloader
Leave it in fastboot mode (LOCK STATE _ UNLOCKED) and
Follow these initial steps on your device:
Boot into Android and enable USB debugging via settings. Plug into computer.
-Ice Cream Sandwich (version 4.0) go to Settings and turn on USB Debugging (Settings > System > Developer options > USB debugging).
-Jelly Bean (versions 4.1 and 4.2) you need to enter Settings, About [Phone|Tablet] and tap the Build number 7 times to see the Developer Options, activate USB Debugging via Settings > Developer options > USB debugging.
-4.2.2 you will need to accept a host key on the device, if you already had adb installed, do the following
-On the workstation-> adb kill-server; adb start-server
-Plug the device into the computer via the USB cable.Depending on the installed Android version, a popup will show up on the device with the host key that needs to be accepted for the device to communicate with the workstation.
Deploy Ubuntu Touch!
Run this command:
The -b performs a full bootstrap on the device. If the device is already unlocked it will carry on. If you have already bootstrapped once and want to install a daily just do:
This will deploy the latest build onto your device. Your device should reboot into the Ubuntu Unity shell. This can take up to 10-15 mins.
Returning to Android:
Download the stock Nexus 7 image from:
Uncompress is with this command: tar zxvf nakasi-jdq39-factory-c317339e.tgz
Place Nexus 7 in fastboot mode and run this command: cd nakasi-jdq39/sudo then run
Ignore any warnings such as:
archive does not contain ‘boot.sig’ or archive does not contain ‘recovery.sig’ or archive does not contain ‘system.sig’.
Then you can lock it back into OEM locked mode:
sudo fastboot oem lock”