The ultimate Archlinux encryption USB dongiled setup.
Project description
donglify
The majority of Linux systems have a sever security threat. These installs are
susceptable to data theft if the install disk is stolen. ArchLinux offers LUKS
as an encryption method to protect the root & data partitions. Even then, the
majority of these installs omit the encryption of the /boot or /efi
partitions. This script helps automate the configuration of encrypted /boot.
And provides a solution in replacement of the /efi partition, which usually
can not be encrypted, by having it be present on a USB DONGLE.
Installation
pipx install donglify
Usage
To use donglify, you will need to install the initial configurations onto a USB, which can be done as follows:
donglify init /dev/sd[a,b,c]
This command creates the following partitions on your USB.
/efi, 512 MB, holds the EFI stub which the BIOS of a system to boot the USB./boot, 2GB, holds the kernels of the donglified systems, AND thedongle.iniconfiguration file.dongleisos, size is set by the user, used to hold the ISOs which are available in the GRUB menu on USB boot, currently onlyloopback.cfgISOs can be used.donglepersist, size is set by the user, an encrypted LUKS partition that can be used by the user to store personal data.
In order to enter the interactive donglify prompt:
donglify /dev/sd[a,b,c][2]
The argument should be the donglified USB /boot partition.
Interactive Commands
donglify uses an interactive CLI interface to conduct its business. This is currently the only support, future support for automated installs could be added.
cmd: add
Adds host system configuration to the donglified USB. This configuration is automatically to the host system installed once established.
donglify> add
You will be prompted for configuration options.
You will need to add unlock root LUKS entry in /etc/crypttab.initramfs, otherwise the initial ramdisk won't ask to unlock your root partition on your added system. There you can also tell it about your keyfile location if you choose to do so.
[~] $ sudo cat /etc/crypttab.initramfs
cryptssd UUID=<your UUID here> /boot/crypto_keyfile.bin
crypthdd UUID=<your UUID here> /boot/crypto_keyfile.bin
cmd: mount
donglify> mount
Mounts all donglified USB except for donglepersist.
cmd: unmount
donglify> unmount
Unmounts all partitions that mount mounted.
cmd: list
donglify> list
Lists all installed systems on the USB.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file donglify-20240929.tar.gz.
File metadata
- Download URL: donglify-20240929.tar.gz
- Upload date:
- Size: 1.1 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.9.20
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4f2346d36701236222cbe873163402b7772921986ceea133c65e4689f5df3ebc |
|
| MD5 | c265c1a261b508c333df03c3ed671372 |
|
| BLAKE2b-256 | 3309c0ab3ee5383b862ce37a3d2e5ff55fc182cf8b6a65b4d8299aab3887d081 |
File details
Details for the file donglify-20240929-py3-none-any.whl.
File metadata
- Download URL: donglify-20240929-py3-none-any.whl
- Upload date:
- Size: 1.1 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.9.20
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8d91d3fe5c82237654be819037f47bb6df95f51720b2d68f36f88ecc4c698f04 |
|
| MD5 | e15c19f690bbf31c549607fd28255114 |
|
| BLAKE2b-256 | 78cc77a816531c1ae54094f5f13ab5bbc2f0d0acb033faab93afff6e0c0441da |
