Skip to main content

The ultimate Archlinux encryption USB dongiled setup.

Project description

donglify

The majority of Linux systems have a severe security threat. These installs are susceptable to data theft if the install disk is stolen. ArchLinux offers LUKS as an encryption method to protect the root & data partitions. Even then, the majority of these installs omit the encryption of the /boot or /efi partitions. This script helps automate the configuration of encrypted /boot. And provides a solution in replacement of the /efi partition, which usually can not be encrypted, by having it be present on a USB DONGLE.

Installation

pipx install donglify

Usage

To use donglify, you will need to install the initial configurations onto a USB, which can be done as follows:

donglify init /dev/sd[a,b,c]

This command creates the following partitions on your USB.

  • /efi, 512 MB, holds the EFI stub which the BIOS of a system to boot the USB.
  • /boot, 2GB, holds the kernels of the donglified systems, AND the dongle.ini configuration file.
  • dongleisos, size is set by the user, used to hold the ISOs which are available in the GRUB menu on USB boot, currently only loopback.cfg ISOs can be used.
  • donglepersist, size is set by the user, an encrypted LUKS partition that can be used by the user to store personal data.

In order to enter the interactive donglify prompt:

donglify /dev/sd[a,b,c][2]

The argument should be the donglified USB /boot partition.

Interactive Commands

donglify uses an interactive CLI interface to conduct its business. This is currently the only support, future support for automated installs could be added.

cmd: add

Adds host system configuration to the donglified USB. This configuration is automatically generation to the host system installed once established.

donglify> add

You will be prompted for configuration options.

You will need to add unlock root LUKS entry in /etc/crypttab.initramfs, otherwise the initial ramdisk won't ask to unlock your root partition on your added system. There you can also tell it about your keyfile location if you choose to do so.

[~] $ sudo cat /etc/crypttab.initramfs 
cryptssd UUID=<your UUID here> /boot/crypto_keyfile.bin
crypthdd UUID=<your UUID here> /boot/crypto_keyfile.bin

cmd: mount

donglify> mount

Mounts all donglified USB except for donglepersist.

cmd: unmount

donglify> unmount

Unmounts all partitions that mount mounted.

cmd: list

donglify> list

Lists all installed systems on the USB.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

donglify-20241004.tar.gz (1.1 MB view details)

Uploaded Source

Built Distribution

donglify-20241004-py3-none-any.whl (1.1 MB view details)

Uploaded Python 3

File details

Details for the file donglify-20241004.tar.gz.

File metadata

  • Download URL: donglify-20241004.tar.gz
  • Upload date:
  • Size: 1.1 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.9.20

File hashes

Hashes for donglify-20241004.tar.gz
Algorithm Hash digest
SHA256 b7b05b0fa2ac8760c1f8f26aa5ecf358297c4c616298c9a4c5533d1c18cefef4
MD5 5d0987ed5f03d20ff4fb2c1455c769f6
BLAKE2b-256 c0c01ba6e56355857b148b7740b3bd47dee97389c5cada989513c7e5ac49f915

See more details on using hashes here.

File details

Details for the file donglify-20241004-py3-none-any.whl.

File metadata

  • Download URL: donglify-20241004-py3-none-any.whl
  • Upload date:
  • Size: 1.1 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.9.20

File hashes

Hashes for donglify-20241004-py3-none-any.whl
Algorithm Hash digest
SHA256 7694dac0950b4f38a9e502a67744c77f6bacbdf65e09c779c5bed0471ffb5fb1
MD5 aa1b2b927c6d030e2c610ef2230551a6
BLAKE2b-256 b9570f2e6047a10b585a9922c0be98eec0940554ee788293a03cb8d2f46433e8

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page