Hidden Manjaro OS request

Hi,

Veracrypt has a feature on windows that we don't seem to have on Linux, namely, hidden OS. Also hidden non-system containers.

This is extremely problematic as LUKs encrypted containers that are clearly encrypted, are almost USELESS in creating privacy from the authorities.

In many jurisdictions now, it is illegal if passwords to encrypted computers etc., are not handed over when requested - punishable by prison. I wouldn't want to go through any border control with a LUKS encrypted laptop, which because of such laws is the same as having a decrypted laptop with you.

Plausible deniability resolves this issue, as it can't be illegal to not provide a password, if it cannot be proved there is a hidden container. You can provide a password to the outer container which will be a dummy one.

As such, I've always looked out for a practical and easy solution like veracrypt where

  1. We can create an outer dummy Manjaro dummy install.
  2. We can create a hidden real Manjaro install
  3. Password A on boot takes us (1). password B takes us to (2)

The same for file/partition containers.
4. Dummy outer layer
5. Hidden inner volume.

Until now, there was no practical solution, but it seems a project has been created in linux to address this very serious problem.

  1. Hidden LUKS on operating system partition
    https://github.com/kriswebdev/grub-crypto-deluks

  2. Hidden LUKS on non-operating system partition.
    https://github.com/kriswebdev/cryptsetup-deluks

I've asked Calamares to utilise the above 2 projects into operating system installations.

However, they've said they will only incorporate if a distro first incorporates, making it feasible and workable for them to work with that distro and incorporate into Calamares.

Could the developers please please consider incorporating the DELUKS projects to allow a Hidden Manjaro boot, as its much needed.

ps. It would also be helpful in the meantime, if the boot screen didn't identify that a LUKs encryption password is required. Veracrypt gives this option by allowing custom login prompts. Instead of asking for password, we can simply display 'Hard Disk Error'. If a good password is entered, then it boots. If a bad password is entered, it doesn't response or give any error messages which would show a LUKS container is present. This prompt must be customisable by the user, to avoid being an indicator of a standard dummy prompt.

This sort of setup is only of value when you are either protecting highly sensitive and secretive information, or highly illegal information and content.

Either way I personally don't think this is something Manjaro should be pioneering.

You probably shouldn't be transporting such sensitive material through border checkpoints. There are many other ways to secure this sort of thing (remote data, encrypted USB device...).

It might be of interest to someone to produce a custom or community spin, but this isn't an aim of Manjaro.

1 Like

I agree with @sueridgepipe, This should be done, maintained and supported by a team of dedicated experts, like that Tails, Qubes, Parrot, Kali ...

BTW, btrfs can be a good container for such an obfuscated OS. A subvolume with a name of some library folder. Or better several subvolumes, each in different place. Just take care to have your Grub on a USB stick.

Thanks for replies. The issue isn't really how sensitive or legal your private data is or if its only going through a checkpoint.

The point is that if you accept privacy is a right, then plausible deniability ensures you have true privacy. LUKS doesn't protect the privacy, as current laws in more and more nations force people to reveal their passwords if and when required.

I work in the legal sector and can see when this is abused by authorities.

That is why Veracrypt works so well on windows, but not on Linux because of this failing.

DELUKS is already maintained by a dedicated project. Just not incorporated into a current distro.

I really do hope Manjaro pioneers incorporating this, as the hard work is already done by the DELUKS project, and Manjaro seems to be a distro which is at the forefront of many helpful problems and solutions.

This is a real problem for privacy.

Thanks

88 posts were merged into an existing topic: Discussion: Hidden Manjaro OS request

This is a valid and potentially valuable project, but not one the Manjaro team can take on at the moment. However, it would be well suited to a project for a community spin.

For discussion about the more philosophical aspects please use the split Discussion thread.

Use this thread for any development-related discussion (e.g. tools that could be used).

1 Like

Forum kindly sponsored by