Parrot team hasn’t maintained the live USB persistence for a long time. I think it’s the right time to take care of it again. As @Parrot_Live_VM mentioned, there are issues when an user upgraded to a new version. So this topic is created to track the development progress and feedback.

Scope:

1. Create a fresh live persistence device.
2. Upgrade, usability, maintain, …
3. Update documentations

Out of scope:

1. Create a live boot to install for daily usage.
2. Applications failed to run (it’s likely an other problem belongs to the package itself).

Known issue:

• Upgrade system to 6.0 hanged because parrot-core overwrites configs. As I predicted, the problem would happen in the future. Solution is to patch the Debian installer.

Any bugs, news, updates about Live Persistence, please put it in here so our team can track, fix and give new solutions.

You seem serious about moving “Live,” USB persistence forward, so here’s my “good faith” deposit. I’ll catch up with you after Debian issues the DKMS-compatible kernel version.

Screenshot at 2023-12-10 13-20-40489×404 27.6 KB

Well it’s in our documentation. It means that’s our responsibility to make it work. Beside that, I found out live persistence is a flexible solution for some situations. So it’s better to keep the category moving forward.

Whether by Etcher-flashing, or by using the “dd” terminal command to flash Parrot-home-6.0_amd64.iso to a data-wiped USB thumb drive, GRUB was corrupted by cloning (whether via “dd” terminal command or by AOMEI) even a newly-constructed, blank, fully-tested,***** Luks-encrypted-persistence partition to this newly flashed drive. GRUB stated that the Encrypted Persistence partition was unconfigured. Also, it stated that the kernel had not been loaded. Ergo, GRUB would not boot, even in the Try/Install mode.

This has always worked in the past.

In fact, for years now, I’ve been able to clone a fully-upgraded encrypted persistence partition to a USB drive that’s been newly flashed with the latest updated .iso version of Parrot Home.

• You test the viability of the newly-constructed encrypted persistence partition by reinserting the thumb drive into the USB bay, and then clicking on the partition in caja, which then starts the authentication dialogue where you enter the encryption passphrase, which, if successful, allows the system to mount the partition, thus allowing access to its contents.

I didn’t have time to create and test persistence. I will try it this weekend (ofc if i could find some spare time)

No problemo, bro. I’m just happy to know this thread is still being watched. Incidentally, I also tried to make a persistent USB according to the official Parrot documentation at How to create persistent partition on USB | ParrotOS Documentation

MKUSB would not configure the usb-pack-efi package. I tried every combination of menu choices.

DON’T select the option to do apt-get full-upgrade. It tries to upgrade your host system, not the .iso system installed on the target USB drive.

Well I couldn’t find the spare time last weekend but I’m going to give it a try with this tutorial to see what happen. Small steps first
https://wiki.debian.org/DebianLive/LiveUsbPersistence

seems like that’s a big problem. I suppose the software has changed something since we published our docs.

This works: It’s a special fdisk command: Adding Encrypted Persistence to a Kali Linux Live USB Drive | Kali Linux Documentation

If you run into this error, simply unplug the USB stick and boot from it in another machine like it says. Then continue with the instructions to add encryption.

┌─[root@parrot]─[/home/user]
└──╼ #dd if=/home/user/Downloads/Parrot-home-6.0_amd64.iso of=/dev/sdc conv=fsync bs=4M
564+1 records in
564+1 records out
2368405504 bytes (2.4 GB, 2.2 GiB) copied, 80.0254 s, 29.6 MB/s
┌─[root@parrot]─[/home/user]
└──╼ #fdisk /dev/sdc <<< $(printf “n\np\n\n\n\nw”)

Welcome to fdisk (util-linux 2.36.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

The device contains ‘iso9660’ signature and it may remain on the device. It is recommended to wipe the device with wipefs(8) or fdisk --wipe, in order to avoid possible collisions.

Command (m for help): Partition type
p primary (2 primary, 0 extended, 2 free)
e extended (container for logical partitions)
Select (default p): Partition number (3,4, default 3): First sector (4625792-240254975, default 4626432): Last sector, +/-sectors or +/-size{K,M,G,T,P} (4626432-240254975, default 240254975):
Created a new partition 3 of type ‘Linux’ and of size 112.4 GiB.

Command (m for help): The partition table has been altered.
Calling ioctl() to re-read partition table.
Re-reading the partition table failed.: Device or resource busy

The kernel still uses the old table. The new table will be used at the next reboot or after you run partprobe(8) or partx(8).

┌─[✗]─[root@parrot]─[/home/user]
└──╼ #

I spoke too soon about the “Live” “Encrypted Persistence” instructions from Kali Linux. They do properly flash the .iso and create the encrypted persistence partition, but Parrot 6.0 will not link the GRUB-activated system startup with the persistence partition, so no settings changes can be stored.

Unfortunately Parrot 6.0 merely boots into the Try/Install session.

The persistence partition shows up in caja’s file manager, and when you click on it, the authentication dialogue asks for your passphrase, but there are no RW and Work folders in the partition with which to hold persistence changes.

Conversely Kali’s “Live” version, kali-linux-2023.4-live-amd64.iso, works flawlessly.

From what I understood, user doesn’t need to flash the USB before making the persistence (ask I asked Danterolle, who wrote the doc). And ofc that didn’t work for me. Like 0 out of 10 worked.

The best method was using Kali’s instructions, and although this is the only solution where Parrot Ver. 6.0 will boot from GRUB, it still fails to connect with the encrypted persistence.conf file in the encrypted persistence partition, and thus generate the necessary RW and Work folders for storing packages and settings.

Parrot 6.0 was apparently released with this broken/missing feature.

What’s the plan for fixing this and issuing a new release, e.g., Ver. 6.0.1?

Yah the painful thing about this is I asked Danterolle about this tutorial like i said above. That’s odd.

I can’t tell. I’m not officially maintaining grub and core system packages. I’m continuing on AnonSurf right now. It’s a painful task porting code to Vala. And again, Gnome’s doc is the worst doc I’ve seen in my entire life. However, Vala syntax helps me have a very short and clean code compare to older version in Nim. I hope I can make a better quality of AnonSurf. … or not.

Okay, so to whom has this support ticket been tasked for coordination and status monitoring?

I can’t be the only person who has taken years to curate and perfect a “Live,” USB-based, encrypted persistence installation.

Hi, I don’t know if my reply below triggered your email, or not, so I’m trying again to find out who is handling “Live” encrypted persistence capabilities for Parrot going forward.

Sorry I was super busy handling stuff. Mostly trying to make some code from undocumented GTK API (and i’m doing some other stuff, including security research and more).
You shouldn’t worry about the maintainer of the “live” persistence. I’m still checking it when I have some time. I’m pinging Danterolle who wrote the persistence USB part in our doc about this topic. Hope he can check this sometime.

Hello everyone, thanks dm, I will test and update the guide as soon as possible.

Hello again everyone, as I had written, now the guide has been updated and is available online here: How to create persistent partition on USB | ParrotOS Documentation

the mkusb method is again not working . i tested it on latest image Parrot-security-6.0_amd64.iso. Can someone please help