Is it possible to put only the boot partition on a usb stick?

Posted by Steve V. on Super User See other posts from Super User or by Steve V.
Published on 2011-01-10T22:06:27Z Indexed on 2011/01/10 22:55 UTC
Read the original article Hit count: 198

Filed under:

bootable-media

|

disk-encryption

I've been looking at system encryption with ArchLinux and i think I have it pretty much figured out but I have a question about the /boot partition. Once the system is booted up is it possible to unmount the /boot partition and allow the system to continue to run?

My thought was to install /boot to a USB stick since it can't be left encrypted and then boot from the USB stick which would boot up the encrypted hard disk. Then I can take the USB key out and just use the system as normal.

The reason I want to do this is because if an attacker was able to get physical access to the machine they could modify the /boot partition with a keystroke logger and steal the key and if they already had a copy of the encrypted data they could just sit back and wait for the key. I guess I could come up with a system of verifying that the boot has been untouched at each startup.

Has this been done before? Any guidance for implementing it on my own?

© Super User or respective owner

Related posts about bootable-media

PC only boots from Linux-based media and won't boot from DOS-based media

as seen on Super User - Search for 'Super User'
I have this problem where the PC only seems to boot from a floppy disk or CD if it was created as a Linux-based bootable media. If it was created as a DOS-based bootable media the system just freezes at the starting point of the boot process. I originally asked this under question 139515 for CD booting… >>> More
PC only boots from Linux-based media and won't boot from DOS-based media

as seen on Super User - Search for 'Super User'
I have this problem where the PC only seems to boot from a floppy disk or CD if it was created as a Linux-based bootable media. If it was created as a DOS-based bootable media the system just freezes at the starting point of the boot process. I originally asked this under question 139515 for CD booting… >>> More
Create bootable partition from image

as seen on Super User - Search for 'Super User'
I have a Macbook Pro with a dead CD drive. I don't have easy access to a replacement drive. I'm trying to install Ubuntu, and I can't get the MBP to recognize a USB stick as a bootable media (I believe MBP's have issues with booting from USB in some cases). Is it possible to take a disk image and… >>> More
Can´t install OS from usb flash drive

as seen on Super User - Search for 'Super User'
My previous problem was describe here: Can't boot OS from USB drive, showing black screen with blinking cursor and there are informations about my laptot. So please look there and then read rest here. I changed flash drive and it fix the problem but now when I boot to Ubuntu (or I tried Fedora… >>> More
Place a bootable ISO on a USB drive?

as seen on Super User - Search for 'Super User'
What's the best way of placing a bootable ISO on a USB drive? ISOs such as a live Linux preview disk, Windows installation ISO, etc. >>> More

Related posts about disk-encryption

Full Disk Encryption for Mac (Not PGP)

as seen on Super User - Search for 'Super User'
I purchased PGP Whole Disk Encryption for my Macbook Pro, and it's exactly what I need. After the Symantec acquisition, PGP no longer sells single licenses of the software so I can't purchase a second copy for my iMac. Since I can no longer buy PGP Whole Disk Encryption, can anyone suggest an alternative… >>> More
What options are available to perform whole disk encryption with Snow Leopard

as seen on Server Fault - Search for 'Server Fault'
We would like to encrypt the entire disk of a Snow Leopard workstation running some sensitive file, database and web services. PGP does not yet work for 10.6, and we cannot use FileVault as it is not compliant with FIPS and would require non-standard installation of services. What whole-disk options… >>> More
Free Mac whole disk encryption

as seen on Super User - Search for 'Super User'
Are there any free solutions for encrypting the entire boot disk on a Mac? I'm aware of PGP's Whole Disk Encryption, but it's a bit steep at $149. TrueCrypt's System Encryption seems to only work with Windows. >>> More
Speed of TrueCrypt whole disk encryption

as seen on Super User - Search for 'Super User'
I'm getting a new development laptop soon, and I'm thinking of using TrueCrypt to encrypt the whole disk. What kind of performance drop can I expect? 10%? 30%? more? Also, assuming the workload has an effect, would compiling/using Visual Studio be affected much? I cannot seem to find anything like… >>> More
Full disk encryption on dual boot system using TrueCrypt

as seen on Super User - Search for 'Super User'
I'm thinking about encrypting my whole harddrive for example using TrueCrypt, which I've used for encrypting file containers for a while. It is possible to encrypt the whole harddisk through the program and then add a password secured bootloader before the actual bootloader. Is it possible to do… >>> More