Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Install MBR on removable USB
Install MBR on removable USB
I am experimenting with a security technique I heard about which is to put the MBR on a removable USB drive. The OS itself will be encrypted on the internal drive but to boot the OS one would need to physically insert the USB drive. I installed GRUB on a separate USB but cannot boot the OS from it or from the internal drive. So how do you install GRUB on a different drive from the OS and still be able to boot ?
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Install MBR on removable USB
How exactly did you attempt that? Please post the exact command(s) used along with any configuration files.
EDIT: instructions removed.
Last edited by Head_on_a_Stick on 2022-07-04 04:43, edited 1 time in total.
deadbang
Re: Install MBR on removable USB
During the install the installer asked where I wanted to install GRUB - I chose a USB drive rather than the internal drive where the I installed Debian.Head_on_a_Stick wrote: ↑2022-07-03 17:46 How exactly did you attempt that? Please post the exact command(s) used along with any configuration files.
EDIT:
I will try again with the way you suggest.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Install MBR on removable USB
Don't bother, it won't work. Sorry for the trouble but I've never used encryption so I'll have to leave this thread to people who have.
deadbang
-
- df -h | grep > 20TiB
- Posts: 1418
- Joined: 2012-10-06 05:31
- Location: /dev/chair
- Has thanked: 80 times
- Been thanked: 191 times
Re: Install MBR on removable USB
I'm not seeing the advantage of putting the MBR on a USB drive over just putting the LUKS (Presumably, you mention encryption) keys there. Either way you'll need the USB device to boot, and while I haven't tried it myself, from a cursory internet search the latter method appears well documented.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: Install MBR on removable USB
GRUB for BIOS boot is divided in 3 parts :
- boot image in the MBR
- core image in reserved sectors on the same drive
- files in /boot/grub/ (config files, font, modules) which may be on a different drive
/boot may be encrypted with restrictions but it is not supported by the Debian installer.
GRUB < 2.06 (up to bullseye) supports only LUKS1 format but the installer uses LUKS2.
GRUB 2.06 (testing) supports LUKS2 only with PBKDF2 but the installer uses Argon2.
An attacker with physical access may tamper with the unencrypted boot files when they are on the main drive.