<em><a href="Non-Sumou.html">Other Ubuntu tips</a></em></p>

From many sources on the web, I've compiled a guide, fully tested by me, that enables you to install <a href="Ubuntu">http://ubuntu.com/</a> to a USB flashdisk with the full root being encrypted and thus indecipherable by a third party.</p>

I was able to install Ubuntu 7.10 Gutsy Gibbon this way. With Hardy Heron, there are issues which don't allow for a flawless off-the-bat installation.

<ul> <li>Download and burn the Ubuntu 7.10 Alternate install CD</li> <li>Boot off of the CD</li> <li>When the welcome screen pops up, hit ESC. You'll be informed that you're leaving the graphic install regime and you will be brought to a boot: prompt</li> <li>Enter expert and hit enter</li> <li>This will start the text-based installer, which allows you to perform a fully encrypted install</li> <li>In the first step select Language and Keyboard, the keyboard selection is important as the keyboard layout you select will be hardcoded into the initrd.img file generated later. Thus if you select a Dvorak keyboard here, the system will then later when you run it off of the USB stick boot straight with the Dvorak keyboard loaded - necessary to enter the password properly</li> <li>Then follow the installation steps up to the Disk Partitioner step</li> <li>Here select manual mode</li> <li>In the manual mode I created the following partitions: I have a 16GB USB stick, thus made the 1st partition a 4.8 GB FAT32, this allows Windows computers to see this partition when the stick is entered. If you need to get some data from someone they can just copy it on the stick, you'll be later able to get it from this first partition, when booting off of the system.</li> <li>The second partition is a 100MB ext2, mounted as boot, mounted with noatime flag</li> <li>Create a third partition for the rest of the space of the USB stick, designate it as Physical volume for encryption, confirm the default choices there</li> <li>Then go to Setup disks for encryption at the top of the menu</li> <li>Setup your encryption passphrase, make it very long, so that it's very strong, 30+ characters are good</li> <li>When this is done, you'll see one more partition on the ecrypted volume in the partitioner</li> <li>Select it and create an ext2 system on it, mounted as / and mounted with noatime flag</li> <li>That's it, go forth</li> <li>The system will warn you that you didn't designate swap and ask you to go back. Don't do this, don't create swap, as that would kill the USB stick, and don't go back.</li> <li>Then follow the installation steps up to when it asks you which kernel you want to install</li> <li>**THIS IS VERY IMPORTANT:** Before you hit enter and select which kernel you want to install you must do the following:</li> <li>Switch to virtual console number 2 by pressing Alt+F2</li> <li>Hit enter to activate the console</li> <li>cd /target/etc/initramfs-tools/hooks</li> <li>cp /target/usr/share/initramfs-tools/hooks/cryptroot .</li> <li>cd ../scripts/local-top</li> <li>cp /target/usr/share/initramfs-tools/scripts/local-top/cryptroot .</li> <li>nano cryptroot</li> <li>Find the line reading modprobe -q dm_crypt</li> <li>After it insert the following three lines echo &quot;Sleeping for 20 seconds to allow USB detection.&quot;<br /> sleep 20<br /> echo &quot;Awake, mounting encrypted partition.&quot;<br /></li> <li>This is necessary so that the kernel detects the USB before it attempts to open the crypted volume, otherwise the system will hang on boot. 20 seconds should be enough, I tried 15, but on some systems the detection happens at after 14 seconds dangerously close to the limit, so 20 is safer.</li> <li>Switch back to console 1 by pressing Alt+F1 and select the kernel you want to install.</li> <li>Carry out the regular installation steps up to where it asks if it should install GRUB to the master boot record of the 1st hard disk</li> <li>Select no to not install it there, it'll ask you where you want to install it</li> <li>Assuming your USB stick is /dev/sda write /dev/sda there</li> <li>Switch to the 2nd virtual console again</li> <li>cd /target/boot/grub/</li> <li>nano menu.lst</li> <li>Change the three lines reading<br /> root (hd1,1)<br /> to<br /> root (hd0,1)<br /></li> <li>and delete the splash at the end of the line after the first root... line</li> <li>Now you can boot your USB stick and Ubuntu will start</li> </ul> <!— Page published by Emacs Muse ends here —> </div> <i>To send me feedback about this page, use the below email.</i><br /> <b>&copy; sumoudou.org 2010</b><br /> <img style="border:0" alt="sumoudou.org" src="email.gif" width="129" height="10" /><br /> <a href="http://www.gnu.org/" style="text-decoration: none;"><img style="border:0" alt="GNU" src="powered-by-gnu.png" />]] <a href="http://www.gnu.org/software/emacs/emacs.html" style="text-decoration: none;"><img style="border:0" alt="GNU Emacs" src="made-with-emacs.png" />]] <a href="http://hcoop.net/" style="text-decoration: none;"><img style="border:0" alt="HCoop" src="hcoop-proud-member.png" />]] <a href="http://hcoop.net/" style="text-decoration: none;"><img style="border:0" alt="HCoop" src="hosted-by-hcoop.png" />]] <a href="http://mwolson.org/projects/EmacsMuse.html" style="text-decoration: none;"><img style="border:0" alt="Emacs Muse" src="made-with-muse.png" />]] <a href="http://mwolson.org/projects/EmacsMuse.html" style="text-decoration: none;"><img style="border:0" alt="Emacs Muse" src="powered-by-muse.png" />]] <br /> <a href="http://www.fsf.org/resources/formats/playogg" style="text-decoration: none;"><img style="border:0" alt="Ogg" src="play-ogg.png" />]] <a href="http://www.catb.org/hacker-emblem/" style="text-decoration: none;"><img style="border:0" alt="Glider" src="glider.png" />]] <a href="http://ubuntu.com/" style="text-decoration: none;"><img style="border:0" alt="Ubuntu" src="ubuntu.png" />]] <a href="http://validator.w3.org/check?uri=referer" style="text-decoration: none;"><img style="border:0" alt="Valid XHTML 1.0 Strict!" src="valid-xhtml10-blue.png" />]] <a href="http://jigsaw.w3.org/css-validator/check/referer" style="text-decoration: none;"><img style="border:0" alt="Valid CSS!" src="valid-css-blue.png" />]] <br />Last updated November 8, 2009 </div> <br />. </body> </html>

.