Have any interest in creating a LUKS encrypted, persistent OS that fits in your pocket? Then this post is for you.This tutorial will take you through installing a LUKS encrypted instance of Mint 16 on a USB drive.

Edit: be sure and check out vwhite's post on integrating LUKS NUKE into this kind of setup: http://www.itninja.com/blog/view/more-bootable-encrypted-usb-or-microsd-linux-distro-s-now-with-a-nuke-option

What you will need:

  • Latest Mint ISO
  • A USB drive to make a live mode Mint boot disk, or a CD to burn the Mint ISO
  • A USB 3.0 USB drive to make into the encrypted Mint partition

First, you need to get a USB drive that will run a lightweight operating system while remaining responsive for a realistic user experience. I am using the SanDisk Extreme USB 3.0 and have found the responsiveness to be quite good. Using HD_Speed I got a solid average read/write speed of 50 MB per second. I tried cheaper USB 3.0 drives but couldn't break 7 MB per second, which is really slow for hosting an OS and the performance was only slightly bearable.

Once you have a swift USB drive to host the Mint partition, you will want to grab the latest version of the Mint ISO: http://www.linuxmint.com/download.php. I went with 64-bit Cinnamon but the other choices are fine if you are particular. Once downloaded, either burn the ISO to a CD or download LiLi and create a bootable Mint Live USB. If not running Windows, you can find other methods for applying the ISO to a USB here: http://www.computersnyou.com/2803/2013/12/create-bootable-live-usb-linux-mint-16-petra-windows-linux-mac/

 


Linux Live (LiLi) USB Creator is a great open source program to create Linux USBs from within Windows.

Now boot a system to the Mint live USB. It's time to enable LUKS in Ubiquity, the Mint installer:

  1. Open Terminal and run
    sudo apt-get remove ubiquity
  2. Next run
    sudo apt-get update
  3. Finally, run
    sudo apt-get install ubiquity

Now it's time to plug in your USB 3.0 drive and install Mint to the drive with LUKS enabled:

  1. Plug in the USB drive and open Disks (Menu > Disks) to see where Mint has mounted the drive. Click on the thumb drive that you just plugged in (it should be listed under the Devices list in the Disk GUI). The drive details will be displayed on the right. Under the name of the drive you can find the mount point. For example, this 8 GB thumb drive is mounted at /dev/sdb:
  2. Now back in Terminal, start the Mint installer by running
    sudo ubiquity 
  3. Click through the installer until you get to Disk Setup. Here is where you want to choose "Guided - use entire disk and set up encrypted LVM". Define a password for the encrypted volume (you will need to enter this password any time you boot from the Mint USB). Make sure to select the volume mount point that you noted earlier in Disks, or you could end up wiping your local HDD instead of the USB.
  4. Click Install Now and set up the timezone, keyboard layout, and user info. Some people like to click the option to automatically login suppressing the user login prompt since a password must be entered to even get to the login prompt, but it is completely up to you.
  5. The installation will start. After it completes, you can reboot to the new USB instance of Mint and you should get a password prompt. Enter the password you configured for the encrypted volume and Mint will boot.

You now have a fully persistent and encrypted Mint OS running from a USB stick!