Full disk encryption and key-boot disk!

I just installed Parrot on my 64bit craptop but in a very special way. I prepped for this install by using shred to overwrite all the data on my internal HDD and my 64gb USB drive.

My installation has the boot partition on a USB drive and the fully encrypted root partition on my internal drive. I generated a luks keyfile which was then secured with a password using gpg. That keyfile resides on the USB drive and I simply unlock it when prompted at boot then decryption begins. I removed the passphrase I created during installation from the luks keyring so the protected keyfile is the only key to unlock the system. I set BIOS boot priority as USB first and unless my USB drive is plugged in the system will do nothing and forensically my drive appears to be nothing but random data. No evidence of a file system… plausable deniability. Now that’s security.

There is a guy on YouTube that goes through the process over five videos. The process originates from some Anonymous security document. Anyway, check it out if you’re interested:

2 Likes