{live-media-encryption|encryption}=TYPE

The only supported TYPE for this live-boot option is “aes” which refers to cryptoloop/loopaes and is deprecated.

We should have the ability to encrypt a USB device using LUKS (with detached header) or plain dm-crypt encryption, copy the Tails .iso over to it, and then boot off it. By adding “plain” or “luks” support for the above live-boot option, I believe this will be possible. The device can be mounted using gfxterm from a separate grub2 installation, whether from a coreboot BIOS or perhaps a decoy operating system.

This will provide plausible deniability for those who need to hide the fact that they use Tails/Tor.

I’m wondering if anyone else feels that this feature would be valuable.

Related issues

Related to #5929

Original created by @anonymous on 16485 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information