Linux on USB Stick

Carrying your private OS with you on an encrypted USB stick is very useful.

Here are my personal notes how I did this. I have written them carefully, however I assume no responsibility for them.

What you need:

  • Computer with Ethernet connection 1)
  • Fast and large USB 3.0 Drive (Sandisk Extreme 128GB) (INSTALLSTICK)
  • Any USB Drive with 4GB (STARTSTICK)
  • A current full backup of the computer you are using

Installing Debian on a USB Stick with encryption

  • Download ISO for the Distribution of your choice:
  • Copy ISO to the STARTSTICK using dd or on windows use ''Rufus''
  • Boot your computer with STARTSTICK. You may need to enter the BIOS and choose a temporary startup device and/or add the usb stick to the boot options. If the usb stick is not recognized, it may help to try different usb ports.
  • When STARTSTICK boots, choose graphical install
  • Plug in INSTALLSTICK
  • Go through the installation questions, choose “Full Disk Encrypted LVM”
  • Make sure that you choose the correct drive, e.g. Sandisk Extreme 128GB
  • The INSTALLSTICK will be prepared for encryption and erased, which will take some time.
  • In the question for GRUB install again make 100% sure that you select the proper drive.
  • After that, remove the STARTSTICK and boot into your new system.

Post install work:

  • To connect the computer to a wireless network, you will probably need to install non-free drivers. Open /etc/apt/sources.list and add non-free contrib to all lines after main, like so:
...
deb http://mirror.switch.ch/ftp/mirror/debian/ jessie main non-free contrib
deb-src http://mirror.switch.ch/ftp/mirror/debian/ jessie main non-free contrib
...
  • Then do sudo apt-get update; sudo apt-get upgrade; sudo apt-get install firmware-linux-nonfree

noatime

By default, the ext3/ext4 filesystem updates the access time attribute on a file system object whenever it's read. This results in even the most trivial file reads result in a write operation. Keeping the access time updated is only important for some very specific tasks which we're not likely to come across.

Open /etc/fstab and for each mount that is on your USB storage, add a noatime parameter. For example:

/dev/mapper/vg_root-lv_root /               ext4    errors=remount-ro 0       1

Becomes:

/dev/mapper/vg_root-lv_root /               ext4    noatime,errors=remount-ro 0       1

tmpfs

There should be no application that writes data that needs to be persistant to the /tmp directory. Let's move it into RAM so there are no disk reads or writes associated with it's usage.

Append the following to /etc/fstab:

tmpfs   /tmp    tmpfs   defaults,noatime,mode=1777      0       0

Kernel Boot Options

This one is purely for appearances. It can be disconcerting if you start up your machine and you get a blank screen for an extended period. This does happen though while the Kernel and InitRAMFS images are loaded from your slower storage. There is a simple alteration that makes Grub output a little imformation to let you know that things are happening

Open /etc/grub.d/10_linux and find the following stanza:

linux_entry "${OS}" "${version}" false \
  "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_EXTRA} ${GRUB_CMDLINE_LINUX_DEFAULT}" \
  quiet

We're just going to remove the quiet option:

  linux_entry "${OS}" "${version}" false \
    "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_EXTRA} ${GRUB_CMDLINE_LINUX_DEFAULT}"

Note: notice that the '\' is also removed from the second line. Even more output

If you're after even more output so you can watch the kernel go through it's startup, you can turn on verbose output.

Open /etc/default/grub and find the following line:

GRUB_CMDLINE_LINUX=""

Add the verbose option:

GRUB_CMDLINE_LINUX="verbose"

Now, use update-grub to apply your changed setting to grub.cfg and restart for the change to take effect.

sudo update-grub
sudo reboot

IO Scheduler

Reference: http://tombuntu.com/index.php/2008/09/04/four-tweaks-for-using-linux-with-solid-state-drives/

The default IO Scheduler used by Ubuntu is cfq. Changing this to deadline will see improved performance during times where multiple processes are trying to read/write to disk. You can change the default scheduler for all devices by adding a kernel parameter into grub.

Open /etc/default/grub and find the following line:

GRUB_CMDLINE_LINUX=""

Add the elevator option:

GRUB_CMDLINE_LINUX="elevator=deadline"

Or, if you added the verbose option earlier:

GRUB_CMDLINE_LINUX="elevator=deadline verbose"

Now, use update-grub to apply your changed setting to grub.cfg and restart for the change to take effect.

sudo update-grub
sudo reboot

To see that your new scheduler has taken effect you can query which scheduler is currently in use for a specific device with this command:

cat /sys/block/<device>/queue/scheduler
1)
wifi probably won't do because of missing drivers. You would have to copy those to the Installer stick
Enter your comment. Wiki syntax is allowed:
If you can't read the letters on the image, download this .wav file to get them read to you.