In a previous post, I described how I created an encrypted USB as a mechanism to pass information to my sons should anything happen to myself or my wife during our vacation last year.
Well we are about to go on another long trip, and I decided to streamline the process with Ventoy.
Instead of creating a custom Live image whenever a new Ubuntu distribution is released, I have decided to use Ventoy to separate the Linux distribution away from the encrypted data.
Even though Ventoy supports persistence live distributions, I stayed away from them because I want to be able to replace the current distributions on the USB with new distributions with the least amount of work.
Below are the instructions that I used to create this Ventoy USB in an Ubuntu desktop environment.
Download Ventoy from https://github.com/ventoy/Ventoy/releases. Since we are on an Ubuntu operating system, so we want to download the tar.gz
file. Once the tar.gz
file is downloaded, extract the file and you should have a ventoy-X.Y.Z
subdirectory with X.Y.Z
being the version number of Ventoy.
Identify the target USB key device using the lsblk
command (e.g. /dev/sdb
) and goto the ventoy-X.Y.Z
subdirectory and execute a command like the following:
sudo ./Ventoy2Disk.sh -I -r 10000 /dev/sdb
The above command will reserve 10000 MB as a tail end partition which we can use for a LUKS (encrypted) partition. We can create this LUKS partition called Succession by using the GNOME Disks app. We use a key that is at least 24 characters in length. It can be longer if you like but it becomes quite cumbersome to type.
Mount the LUKS partition, and then copy the the private data to the LUKS partition which was previously named Succession. My private data resides on the bigbird
host.
scp -r bigbird:/Volumes/Personal\\ Information /media/kang/Succession
After the copying is completed, ensure that the “Personal Information” directory has the proper permission set (e.g. chmod 777 "Personal Information"
).
Assuming that all the ISO images are in the ISO directory, copy all the ISO images by executing the following command:
tar cf - ISO | (cd /media/kang/Ventoy; tar xvf - )
I included the following ISO images:
- clonezilla-live-3.1.0-22-amd64.iso
- kali-linux-2023.3-live-amd64.iso
- kali-linux-2023.3-live-arm64.iso
- ubuntu-22.04.3-desktop-amd64.iso
- ventoy-1.0.96-livecd.iso
- Win10_22H2_English_x64v1.iso
Note that not all the above ISO images are required, but the live Linux distrbituions are convenient in case you want to access the emergency information in the Succession LUKS partition in a hurry. The other ISO’s are just handy to have.
NOTE: When booting into a linux kernel with a PC with a discrete GPU that may not be compatible with a Live Distribution, you may need to use the nomodeset
boot option.
Below is a YouTube video I made that shows how to gain access to the private encrypted data on the USB.