I am experimenting with having my project team switch from using Tails to Parrot OS for an upcoming project
I installed Parrot from the live usb onto another usb with an encrypted LUKS partition. This installation was then customized and the resulting usb was then cloned 10x for distribution to my team.
I need everybody to be able to change their LUKS partition password. Is there an easy way to boot without mounting the LUKS partition so that the password can be changed?
Any suggestions would be greatly appreciated!
ParrotOS iso in use:
Application used for flashing the iso:
Logs/Terminal output(use pastebin or similar services):
You could of course change the LUKS password of each drive by using a running system with Gnome Disks or via the command line (see link below). But perhaps someone else here knows a trick to do it without mounting the encrypted drive.
It seemed to me that when I boot up a USB with LUKS encryption with Parrot (but not Kali) that GRUB isn’t loaded until after the password is entered. Maybe there is a way to drop into GRUB and get to the command prompt (with root password) to issue the cryptsetup commands needed, but I think the passwd and cryptsetup files are in the encrypted “root” partition.
The gnome-disks solution works well, I’ve used that in the past with Tails OS: just boot into live mode, change the password in gnome-disks and reboot into persistent mode.
My solution for this situation now to keep things as simple for me and the rest of the team with this Parrot OS experiment:
Instead of creating a real “install” from the parrot live usb to another usb for my “master” was to just customize the live usb for encrypted persistence. This retains the “live” boot menu where it’s possible to just boot the live os, install gnome_disks, change the password and reboot into encrypted persistance mode.
This is an ok workaround for my use case right now because the least tech savvy of my team will still be able to do this following instructions.
Basically they will be doing a similar procedure that most of them have already done before with Tails. The only difference is that there is the extra step of having to install gnome-disks in the amnesic live version before being able to change the luks password. Would be cool if gnome-disks was already included in the live iso.
It sounds like you wish each USB to remain “Live OS”.
I myself create fully encrypted, fully persistent, USB thumb drives that can be updated and allow installation of new packages:
I use the Parrot ISO to boot into VirtualBox (does not work on VMware) and then install Parrot onto a USB thumb drive. It allows me to encrypt the entire drive and make it bootable (make sure to choose the USB drive for Grub).
Then I can boot off the thumb drive, enter the LUKS password, boot into Parrot, then run parrot-upgrade and install whatever additional programs I want. As time goes on, I can continue to update packages and install\uninstall packages after booting up the fully encrypted, persistent thumb drive.