Linux on "lockable" USB flash?

Discussion in 'all things UNIX' started by Palancar, Nov 18, 2013.

Thread Status:
Not open for further replies.
  1. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I wasn't exactly certain how to word the thread title. I am just starting to investigate the possibility of using a USB for a backup OS under the following configuration:

    1. USB bootable flash Linux OS - Ramdisk (Easy to do).

    2. Place the Linux OS on a USB with a PHYSICAL SWITCH to toggle between Read only & Read/Write? This would mean relying on an actual hardware switch and not a software configuration. I have several flash drives with the hardware switch already.

    Why? I would like to be able to update debian, add software as desired, etc.... However I would like to flip the USB to read only for internet use (controlled updating excluded). Using this method I could keep a CLEAN flash and still have ease of use for running debian updates. Any software downloads/additions I could grab from my bare metal machines and then simply copy them over and install offline.

    There would be NO trail of internet use except for the benign debian updates, etc...

    Do any of you guys have any links or suggestions for how you would recommend going about this? I have a strong need for keeping a Linux Ramdisk around where there is NO trace of any use that happens once the machine is halted and the flash is removed. This is slightly different than classic persistence and certainly different that classic static (no changes ever).
     
    Last edited: Nov 18, 2013
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I am pretty sure you more experienced users realized I was going to fail at this basic approach.

    FYI -- I setup a basic linux flash with persistance and it runs great. Added FF and a few other toys! When I close off writes by throwing the physical switch on the flash it won't work at all. I halted the OS before throwing the switch of course.

    Flash works fine without persistance but I need to add some stuff to enjoy the experience. I'll figure something out and its fun playing with this even when I fail. LOL!!
     
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    I normally use a Live USB flash drive which is not lockable physically, however, when I boot to it daily, it never fails to be mounted Read Only! Even though that is not the physically equivalent of locking your USB - it clearly is the logical equivalent.

    The mount command yields for the Live USB flash drive:
    /dev/sdf on /cdrom type iso9660 (ro,noatime)

    As root, if I simply try to issue a touch command in the /cdrom directory it yields:
    root@ubuntu:/cdrom# touch byte
    touch: cannot touch `byte': Read-only file system

    So, is your physical switched USB flash drive really that all necessaryo_O

    -- Tom
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  5. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I have been working on this. I already have a few USB's with a hardware switch, and it seems logical that the switch cannot be "coded" around. I have been playing with persistance and the switch set to READ ONLY at the same time. So far the results are mixed. My thinking was to open the switch for a few software updates and then remount linux with the switch closed (in essence to keep the flash clean of internet tracks). Not too happy with it at this point.

    For everyday; I think I would rather keep a small encrypted bare metal system and then just do sector imaging restores to keep things clean as needed.

    I will use the non-persistant (physically locked down) flash for when I am at someone else's house and want to go online. I never trust being on someone else's stuff so even with this flash I won't log into my bank or personal email in that situation. I would use it for general surfing around and I also don't want to "mark" someone else's drive with my tracks. Now that is anal! LOL!!
     
    Last edited: Nov 22, 2013
  6. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    406
    That other thread contains some dubious advice (and more than a few spurious apostrophes)

    In both puppy linux and in live antiX linux (setup for 'semi-automatic' savefile updates):
    ability to update the persistence savefile is available, on-demand, during each boot session ~~ is available, but doesn't need to be written/updated each session. So, during an at-risk session... if your pendrive is physically toggled read-only and no other (HDD) writable drives are connected, the integrity of your system is "equally bulletproof" as having booted from a liveCD.
     
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    Flipping the physical switch and not mounting as read only is not a smart thing. The system will assume it can write, but if it can't, then there might be problems. Mounting root as read only is enough.
    Mrk
     
  8. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594

    I figured that out quite quickly and hosed my USB persistant system a few times. I really enjoy stretching and learning. I am fairly new but I read and try things with no fear of failure. I would rather try and fail than not stretch and just play it safe and "normal". LOL!!
     
  9. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    406
    Consider:

    d0od grabs a packaged-for-your-convinience malicious .deb from a ppa, from github, from softpedia
    and installs via gdebi using root permissions

    softpedia, virustotal, clamav... none will question the presence of the scripted
    mount -o remount,rw
    command within one of the packaged files, nor the delivery of the payload (file changes written to the pendrive)

    Hmm... maybe a system employing a "casper" persistence mechanism presumes/requires continual writeability?

    In an antix live session, booted from USB pendrive, the fs is (extracted from squashfs and) mounted ro.
    Until/unless you perform on-demand writing to the persistence savefile, changes are stored to RAM (unionfs aufs) -- the system doesn't attempt to write to the media.
    Release the hardware write lockout switch immediately prior to writing your savefile and restore the lock immediately afterward.

    Inquire at the puppy or antix forums -- the on-demand persistence doesn't (shouldn't) demand interim writeability of the boot partition.
    In fact, with a 'toram' boot param, you should be able unmount and physically remove the pendrive... later replugging it only if you decide to update the persistence file.

    In the meantime, for reference, check out the bottom post in this linked discussion:
    http://www.linuxforums.org/forum/in...ot-install-any-linux-dist-my-motherboard.html
    (puppy... antix... toram... can remove after boot)
     
  10. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    406
    Palancar, here's another suitable distro. This one is a Ubuntu derivative.

     
  11. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594

    Thanks, I may give this a look.
     
Loading...
Thread Status:
Not open for further replies.