{live-media-encryption|encryption}=TYPE
The only supported TYPE for this live-boot option is “aes” which refers to cryptoloop/loopaes and is deprecated.
We should have the ability to encrypt a USB device using LUKS (with detached header) or plain dm-crypt encryption, copy the Tails .iso over to it, and then boot off it. By adding “plain” or “luks” support for the above live-boot option, I believe this will be possible. The device can be mounted using gfxterm from a separate grub2 installation, whether from a coreboot BIOS or perhaps a decoy operating system.
This will provide plausible deniability for those who need to hide the fact that they use Tails/Tor.
I’m wondering if anyone else feels that this feature would be valuable.
Related issues
- Related to #5929
Original created by @anonymous on 16485 (Redmine)