Backtrack 4 – Bootable USB Thumb Drive with “Full” Disk Encryption

NOTICE FOR BT5

The new Backtrack 5 how to is here.

------------------------------------------------------------

UPDATE: Everything that applies to R1, applies to R2. However, I have gone ahead and increased the boot partition to 200MB just to make it an even number. I have also removed all references to Backtrack Final. Some other changes are a result of testing for speed and the desire to reduce writes to our USB drive to extend its life. This means we don't create a swap partition and change the root partition to mount as ext2 instead of ext3. We will use ext3 to build it, but mount as ext2 to disable journaling. Finally, there are now two ways to configure the system to use the encrypted volume. Hat tip to Andrew Suffield for the final bit to make the new way work.

If you were working from the R1 version of the how-to, you can still see it here.

This is a step-by-step guide showing how to create a encrypted bootable Backtrack 4 USB thumb drive.

Before we get started, here are a few housekeeping items:

  • There is a PDF version of this article available here. ( Slightly out of date. Make sure to use 200MB for the boot partition.)
  • I also made a video of the process. It is here. (The video is a bit out of date too)
  • Finally, if you want to be notified of updates to this page, subscribe to my RSS feed here.

I put quotes around full in the title because technically the whole disk isn't encrypted. We use LVM and the native encryption routines included in Ubuntu 8.10 to encrypt all partitions except for a small boot partition that never contains any data.

This is a fairly involved process, but I have done my best to document each detail. Please let me know if I missed anything or you have any questions. I can be reached via the contact form on the 'About' page of this website or via the comments below.

I strongly recommend you read through this guide at least once before starting. I will be making a PDF available in the near future.

As in all my how-tos, user entered text is bold and comments are preceded by a # sign and generally not part of the output of a command.

Finally, a couple of posts from the Ubuntu Community Documentation site were instrumental in getting this working.

https://help.ubuntu.com/community/EncryptedFilesystemOnIntrepid

https://help.ubuntu.com/community/EncryptedFilesystemLVMHowto

WARNING: Before you start, please be aware that you can cause the system you are using to build this with to not boot correctly. During the install process below there is a warning about indicating where you want the boot loader to be installed. Be very careful at this point.

First we are going to need some stuff.

Tools and Supplies

  1. A USB thumbdrive for the install - minimum capacity 8GB for Backtrack Final or 16GB for Backtrack 2
  2. A Backtrack 4 DVD or an additional USB thumbdrive  (minimum 2GB, must be Backtrack 4)
  3. Optional: UNetbootin - A tool to transfer an iso image to a USB drive.
  4. Working internet connection once Backtrack 4 is booted.

Let's get started!

Let's grab a copy of the Backtrack 4 R2 ISO.

BackTrack 4 R2 Release ISO

Last Update: 22.11.2010
Name:: bt4-r2.iso Size: 2000 MB
MD5: 9a94caa0e980a7331e9abc1d4c42c9a9

Now that we have the goods in hand, we can get to cooking. This tutorial is based on booting Backtrack 4 first. This means that you need some form of bootable Backtrack 4 media. This can be a virtual machine, DVD, or USB drive. Use your favorite method of creating a DVD or USB drive or you can use UNetBootin to create the thumb drive.  Below is a screenshot of using UnetBootin to install Backtrack 4 on a USB drive.


It is as simple as selecting the image we want to write to the USB drive, the drive to write it to, and then clicking the 'OK' button. Warning: Make sure you pick the correct destination drive. You don't want to shoot yourself in the foot. 🙂

Partitioning

The first step is the physical partitioning of the drive.

Boot up Backtrack 4 from your DVD or USB drive. We will need both networking and the graphical interface running. The following commands will get us there.

/etc/init.d/networking start
startx

We will also need to figure out which drive is our target drive.  The following command will show the drives available and you can determine from that which is the new USB drive. Open a terminal windows and execute the following.

dmesg | egrep hd.\|sd.

We need to physically partition the target drive as follows:

  1. The first partition needs to be a primary partition, 200 MB in size, set to type ext3. Also remember to make this partition active when you are creating it. Otherwise you might have some boot problems.
  2. The rest of the drive should be configured as an extended partition and then a logical partition created on top of it.

Below are the steps to take to get the drive partitioned.  A '# blah blah' indicates a comment and is not part of the command and user typed commands are bolded. One note, we will need to delete any existing partitions on the drive. Final note, the cylinder numbers below are specific to my test machines/thumb drives, yours may be different.

fdisk /dev/sdb # use the appropriate drive letter for your system

# delete existing partitions. There may be more than one.

Command (m for help): d
Partition number (1-4): 1

# create the first partition

Command (m for help): n
Command action
e   extended
p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-1044, default 1): <enter>
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-1044, default 1044): +200M

#create the extended partition

Command (m for help): n
Command action
e   extended
p   primary partition (1-4)
e
Partition number (1-4): 2
First cylinder (15-1044, default 15): <enter>
Using default value 15
Last cylinder, +cylinders or +size{K,M,G} (15-1044, default 1044): <enter>
Using default value 1044

# Create the logical partition.

Command (m for help): n
Command action
l    logical (5 or over)
p   primary partition (1-4)
l
First cylinder (15-1044, default 15): <enter>
Using default value 15
Last cylinder, +cylinders or +size{K,M,G} (15-1044, default 1044): <enter>
Using default value 1044

# Setting the partition type for the first partition to ext3

Command (m for help): t
Partition number (1-4): 1
Hex code (type L to list codes): 83

# Setting the first partition active

Command (m for help): a
Partition number (1-4): 1

Command (m for help): w

It is now time to get a couple additional packages installed that we need for LVM and encryption. First we need to update the local repositories and then install lvm2 and hashalot. Output has been ommitted.

apt-get update
apt-get install hashalot lvm2

Our next step is to enable encryption on the logical partition we created above and make it available for use.

Before we do that though, there is an optional step we can take if we want to make sure no one can tell where our data is on the drive. It isn't really necessary since anything written will be encrypted, but if we want to be thorough and make sure no one can see where our data even sits on the drive, we can fill the logical partition with random data before enabling encryption on it. This will take some time, as much as a couple hours or more. Execute the following command:

dd if=/dev/urandom of=/dev/sdb5

The following commands will setup encryption services for the partition and open it for use. There are several ciphers that can be used, but the one indicated in the command is supposed to be the most secure and quickest for Ubuntu 8.10. Please note that the case of the command luksFormat is required.

cryptsetup -y --cipher aes-xts-plain --key-size 512 luksFormat /dev/sdb5

WARNING!
========
This will overwrite data on /dev/sdb5 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: (enter passphrase) [type passphrase]
Verify passphrase: (repeat passphrase) [type passphase]
Command successful.

cryptsetup  luksOpen /dev/sdb5 pvcrypt
Enter LUKS passphrase: [type passphrase]
key slot 0 unlocked.
Command successful.

If you should happen to get a "cannot access device" error when trying to perform the cryptsetup setup commands above, make sure the USB drive has not been mounted. That can happen sometimes.

Now that that's all done, we can create our root and swap partitions using LVM. Again, the commands below will do so. 7.3 GB was the largest I could make my root partition. Play around with it a little and you may be able to make it a bit larger or you may have to make it a bit smaller.

pvcreate /dev/mapper/pvcrypt
Physical "volume /dev/mapper/pvcrypt" successfully created
vgcreate vg /dev/mapper/pvcrypt
Volume group "vg" successfully created
lvcreate -n root -l 100%FREE vg
Logical volume "root" created.

The final step is to format the logical volumes we just created. I have not included the output below for brevity's sake.

mkfs.ext3 /dev/mapper/vg-root

Believe it or not, we are finally ready to start installing Backtrack. To do, click on the install.sh icon on the desktop. This will start the graphical installer.

WARNING: You must click on the advanced tab on the next page and select your USB drive as the target for installing the bootloader. You will break your system if you do not.

We have now installed the main distribution to our thumb drive. The next step is to configure the newly installed system to use LVM and open the encrypted partition.

However, before we do that we need to figure out the UUID of our encrypted volume. We want to do this so that we don't run into problems if the device name of the drive changes from machine to machine. The command vol_id will give us the information we need. So execute vol_id as below.

vol_id /dev/sdb5
ID_FS_USAGE=crypto
ID_FS_TYPE=crypto_LUKS
ID_FS_VERSION=2
ID_FS_UUID=09330b5a-5659-4efd-8e9d-0abc404c5162
ID_FS_UUID_ENC=09330b5a-5659-4efd-8e9d-0abc404c5162
ID_FS_LABEL=
ID_FS_LABEL_ENC=
ID_FS_LABEL_SAFE=

Make a note of the ID_FS_UUID value which is in italics above. We will need it later. Note: your output will be different than mine.

Now time to configure our newly installed system. The first thing we have to do is make the newly installed system active so we can make changes to it. We do that by mounting the partitions and chrooting to it.

mkdir /mnt/backtrack4
mount /dev/mapper/vg-root /mnt/backtrack4
mount /dev/sdb1 /mnt/backtrack4/boot
chroot /mnt/backtrack4
mount -t proc proc /proc
mount -t sysfs sys /sys

To make everything truly operational, we can mount /dev/pts, but every time I try I have problems unless I reboot first. That is a real pain, so I just don't mount /dev/pts. We will get a couple warnings/errors as we go along, but they do not affect our install.

The magic to making all this work is to rebuild the initrd image that is used to boot our system. We need to include some things, load some modules, and tell it to open the encrypted volume, but first we have to go through the whole process of installing software again. We have to do this because we are essentially right back where we started when we booted the live cd. Do the following again.

apt-get update
apt-get install hashalot lvm2

The next step is to configure how initramfs-tools will create our initrd file.

There are two ways to do this, an easy way and a slightly harder way.

The Easy Way

The easy way involves editing two files, the /etc/crypttab file and the /etc/fstab file. I use the vi editor, but you can use  your favorite editor.

vi /etc/crypttab

We need to add the following line to the file. If you are new to vi, hit the o key and the type the following:

pvcrypt      /dev/disk/by-uuid/<uuid from above>         none         luks

When you are done typing that line, hit the esc key and then type ':wq' without the quotes to save and exit vi. The file should look like this. The uuid is unique to my case. Make sure yours matches your system.

# <target device>   <source device>   <key file>   <options>
pvcrypt      /dev/disk/by-uuid/09330b5a-5659-4efd-8e9d-0abc404c5162    none         luks

Then we need to edit the /etc/fstab file and replace the line that describes the device name for root. We will also change the mount type at this time to ext2 so we can reduce the number of writes to our USB drive.

Again, use your favorite editor or vi.

vi /etc/fstab

The file will look something like below. The UUIDs will be different though.

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
# /dev/mapper/vg-root
UUID=c8d9b9a0-2198-4966-bc3a-39259df6a2c2 / ext3    relatime,errors=remount-ro 0       1
# /dev/sdb1
UUID=6af425ad-99b8-44a5-9ee1-0349141f9b1f /boot   ext3    relatime 0       2
/dev/hdc        /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0

The only line we need to change is the line for vg-root which is bolded above. For those new to vi, position the cursor on first 'U' of the line using your arrow keys and type 'dd', then move the cursor to the '#' in the line above and type the letter o, then type the line below, hit the esc key and type ':wq' without the quotes to save the file.  The line needs to look like below when done:

/dev/mapper/vg-root / ext2  defaults 0 1

Once that is done, execute the following commands.

update-initramfs -u

If all goes well, you are now ready to cross your fingers and reboot. The system will start to boot then ask you for your LUKS passphrase. Type that bad boy in and, if all goes well, your system will boot.

If you have problems, you can use the troubleshooting directions below to get back to the state where you can try to figure out how what went wrong.

System All Booted

Once you have a booting system, you are ready to login. The default userid is root and the default password is toor. You are now ready to login and being playing. Don't forget to change the root password as soon as you login the first time.

That's it. You can make some final tweaks if you want like setting the network to start automatically and starting KDE at boot, but for all intents and purposes you have successfully installed Backtrack 4 to USB drive and don't have to worry about sensitive information being intercepted if it gets lost of stolen.

Slightly Harder Way

This method involves adding two scripts and editing the modules file. I have added the text of the scripts here, but also provided a command that will grab them from my website.

The first script we need to create is /etc/initramfs-tools/hooks/pvcrypt. This script will copy the needed files for the initrd image. Executing the following will get the script where it needs to be.

cd /etc/initramfs-tools/hooks
wget -O pvcrypt http://www.infosecramblings.com/hooks-pvcrypt

The contents of the script should look like this.

PREREQ=""

prereqs()
{
   echo "$PREREQ"
}

case $1 in
prereqs)
  prereqs
  exit 0
  ;;
esac

if [ ! -x /sbin/cryptsetup ]; then
  exit 0
fi

. /usr/share/initramfs-tools/hook-functions

mkdir -p ${DESTDIR}/etc/console-setup
cp /etc/console-setup/boottime.kmap.gz ${DESTDIR}/etc/console
copy_exec /bin/loadkeys /bin
copy_exec /bin/chvt /bin
copy_exec /sbin/cryptsetup /sbin
copy_exec /sbin/vol_id /sbin

The next script we need to create is /etc/initramfs-tools/scripts/local-top/pvcrypt. This script tells the system to open the encrypted volume and requests the passphrase. Executing the following will get the script where it needs to be.

cd /etc/initramfs-tools/scripts/local-top
wget -O pvcrypt http://www.infosecramblings.com/local-top-pvcrypt

Unlike the first script, you will need to edit this script to point to your encrypted volume. This is where the UUID we found earlier comes in. Replace the word UUID with the value you noted above.

PREREQ="udev"

prereqs()
{
        echo "$PREREQ"
}

case $1 in
# get pre-requisites
prereqs)
        prereqs
        exit 0
        ;;
esac

/bin/loadkeys -q /etc/console-setup/boottime.kmap.gz
modprobe -Qb dm_crypt
modprobe -Qb sha256
modprobe -Qb aes_i586
modprobe -Qb xts

# The following command will ensure that the kernel is aware of
# the partition before we attempt to open it with cryptsetup.
/sbin/udevadm settle

sleep 10

if grep -q splash /proc/cmdline; then
    /bin/chvt 1
fi
/sbin/cryptsetup luksOpen /dev/disk/by-uuid/UUID pvcrypt

Both scripts need to be executable.

chmod +x /etc/initramfs-tools/hooks/pvcrypt
chmod +x /etc/initramfs-tools/scripts/local-top/pvcrypt

The final change we need to make before rebuilding initrd is to edit the /etc/initramfs-tools/modules file and add a couple encryption modules. This will make sure they are copied into the initrd image. We can do this one of two ways. We can use our favorite editor and add the following lines to the bottom of the file and save it.

aes_i586
xts

or use a wget command like above.

cd /etc/initramfs-tools
wget -O modules http://www.infosecramblings.com/initramfs-modules

Either way, your /etc/initramfs-tools/modules file should look like this:

# List of modules that you want to include in your initramfs.
#
# Syntax:  module_name [args ...]
#
# You must run update-initramfs(8) to effect this change.
#
# Examples:
#
# raid1
# sd_mod
fbcon
vesafb
aes_i586
xts

We still need to make the change to mount the filesystem as ext2 to disable journaling, again to reduce writes to our USB drive.

To do that, we need to edit the /etc/fstab file and replace the line that describes the device name for root. We will also change the mount type at this time to ext2.

Again, use your favorite editor or vi.

vi /etc/fstab

The file will look something like below. The UUIDs will be different though.

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
# /dev/mapper/vg-root
UUID=c8d9b9a0-2198-4966-bc3a-39259df6a2c2 / ext3    relatime,errors=remount-ro 0       1
# /dev/sdb1
UUID=6af425ad-99b8-44a5-9ee1-0349141f9b1f /boot   ext3    relatime 0       2
/dev/hdc        /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0

The only line we need to change is the line for vg-root which is bolded above. For those new to vi, position the cursor on first 'U' of the line using your arrow keys and type 'dd', then move the cursor to the '#' in the line above and type the letter o, then type the line below, hit the esc key and type ':wq' without the quotes to save the file.  The line needs to look like below when done:

/dev/mapper/vg-root / ext2  defaults 0 1

Now it's time to rebuild our initrd image.

update-initramfs -u

If all goes well, you are now ready to cross your fingers and reboot. The system will start to boot then ask you for your LUKS passphrase. Type that bad boy in and, if all goes well, your system will boot.

System All Booted

Once you have a booting system, you are ready to login. The default userid is root and the default password is toor. You are now ready to login and being playing. Don't forget to change the root password as soon as you login the first time.

That's it. You can make some final tweaks if you want like setting the network to start automatically and starting KDE at boot, but for all intents and purposes you have successfully installed Backtrack 4 to USB drive and don't have to worry about sensitive information being intercepted if it gets lost of stolen.

Troubleshooting

If you run into any problems, you don't have to start over. As long as your encrypted volume is built correctly and you have the correct LUKS passphrase, you can get back to the place you were with the Live CD. Simply boot with the original Live CD/USB drive and enter the following.

/etc/init.d/networking start
apt-get update
apt-get instal hashalot lvm2
cryptsetup luksOpen /dev/[your logical partition] pvcrypt
mkdir /mnt/backtrack4
mount /dev/mapper/vg-root /mnt/backtrack4
mount /dev/[boot partition] /mnt/backtrack4/boot
chroot /mnt/backtrack4
mount -t proc proc /proc
mount -t sysfs sys /sys
mount -t devpts devpts /dev/pts

You can now do any trouble shooting you need to do and try to reboot again. One note, if you want to check the UUID of your partition, do it before you chroot.

-Kevin

Creative Commons LicenseBacktrack 4 – Bootable USB Thumb Drive with “Full” Disk Encryption by Kevin Riggins is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
Permissions beyond the scope of this license may be available at http://www.infosecramblings.com/about/.

Reblog this post [with Zemanta]

http://www.infosecramblings.com/backtrack/backtrack-4-bootable-usb-thumb-drive-with-full-disk-encryption/#comment-32660

{ 441 comments… read them below or add one }

usr_local December 30, 2009 at 5:39 am

K,
This walk-through is exquisite. The details are enough that anyone can get this right the first time. I enjoyed the read and will soon proceed to follow and recommend this guide.

Thanks,
usr

Reply

kriggins December 30, 2009 at 6:37 am

@usr_local,

Thanks! Please let me know if you run into any problems or have any suggestions for making it better.

Kevin

Reply

Sam December 30, 2009 at 8:15 am

About to give this a go, will let you know how it goes.

Reply

Sam December 30, 2009 at 9:18 am

# Setting the partition type for the first partition to ext3

Command (m for help): t
Partition number (1-4): 1
Hex code (type L to list codes): 83
Changed system type of partition 1 to b (W95 FAT32) <—– your guide says this – is that correct?

Reply

kriggins December 30, 2009 at 10:29 am

@Sam,

Ooops. Copy and paste error. The commands are correct. Just that statement line of text is wrong. Will fix momentarily.

Kevin

Reply

Sam December 31, 2009 at 7:01 am

only differences to the guide that i experienced were that at this step:
lvcreate -n swap -L 512M vg
/dev/cdrom3: open failed: Read-only file system. # this is normal <—–these were not observed
Logical volume "swap" created.
lvcreate -n root -L 7.3G vg
/dev/cdrom3: open failed: Read-only file system. # this is normal <—–these were not observed
Logical volume "root" created.

only other problem encountered was that:

root@bt:/etc/initramfs-tools/scripts/local-top# wget -O pvcrypt http://www.infosks-pvcrypt
–2009-12-31 12:49:10– http://www.infosecramlbings.com/hooks-pvcrypt
Resolving http://www.infosecramlbings.com... failed: Name or service not known.
wget: unable to resolve host address `www.infosecramlbings.com'

was resolvedd by manually editing the script file

Reply

kriggins December 31, 2009 at 7:06 am

@Sam,

Thanks for the feedback. I typoed my own website address. Sheesh. Fixed now. Sorry you had to manually enter the scripts.

I appreciate you helping me work out the kinks.

-Kevin

Reply

Sam December 31, 2009 at 7:58 am

no problems
i have however just rebooted and tried to boot from the usb but am greeted by a blank screen with a flashing cursor.
Also this process seems to have interfered with my primary install on sda1 – specifically grub loader “error 21”

i will have to look into this see if it can be easily fixed.

SAm

Reply

kriggins December 31, 2009 at 8:04 am

Booting with the install disk for your original OS, selecting repair and typing grub-install /dev/sdx, where x is your drive, should fix grub on your main install. I’m sorry this happened. I haven’t experienced it in my tests.

Kevin

Reply

kriggins December 31, 2009 at 12:10 pm

To all who have been looking at the how-to, I forgot an important step. Please review the how-to again and make sure you pay attention to the step where you select the drive to install the boot loader too. Bad things can happen if you miss it.

Kevin

Reply

Sam January 1, 2010 at 5:33 am

Installation process works fine now, up and running on a sandisk 8gb “cruzer”
one possible copy/paste error – both the wget commands have the same target file?

(btw just noticed the little smiley at the bottom of the page 😀 )

Reply

kriggins January 1, 2010 at 7:25 am

@Sam,

Thank you very much for the feedback. It was very helpful. I’m glad it is working now.

The wget lines are not a copy and paste error. The target filenames probably doesn’t matter, but the reference documentation did it that way so I stuck with it.

-Kevin

Reply

Didier Stevens January 2, 2010 at 3:24 pm

Kevin, I do believe there is a copy-paste error in the second wget:

cd /etc/initramfs-tools/scripts/local-top
wget -O pvcrypt http://www.infosecramblings.com/hooks-pvcrypt

Doesn’t it have to be:

cd /etc/initramfs-tools/scripts/local-top
wget -O pvcrypt http://www.infosecramblings.com/local-top-pvcrypt

?

Trying this on my EEEPC, failed the first time, trying again.

Reply

kriggins January 2, 2010 at 3:45 pm

@Didier,

Well blargh. 🙂 You are completely right. Corrected now.

Kevin

Reply

kriggins January 2, 2010 at 3:50 pm

@Sam,

I apologize. I misread your comment. You were correct that there was a typo in that second wget file. Thought your were referring to the -O pvcrypt and not the http part.

Kevin

Reply

Didier Stevens January 2, 2010 at 5:45 pm

I gave it a second try and it failed again, but I believe I know why now.
In the second pvscript you show a sleep 10 command. This sleep command is missing from the script I download with wget.

Reply

kriggins January 2, 2010 at 6:16 pm

@Didier,

Sheesh. Fixed that now too. It could be the culprit. The sleep 10 is to give udev a chance to settle down. Different systems and technologies need different times.

What specifically is failing? Maybe I can help.

Kevin

Reply

Didier Stevens January 2, 2010 at 6:50 pm

@Kevin

It is working now, thanks to the sleep 10 command I can boot and enter the disk password.

Now need to get the Wifi working.

Thanks for this howto!

Reply

kriggins January 2, 2010 at 6:52 pm

@Didier,

Awesome. You are welcome and thanks for helping make it better.

Kevin

Reply

Dark_Matter(s) January 3, 2010 at 1:01 am

Ok, so I just finished my first attempt at following your (excellent) guide, but have hit a snag somewhere. After booting up the drive, I get the following error:

modprobe: FATAL: Could not load /lib/modules/2.6.29.4/modules.dep: No such file or directory

Then, it attempts to mount the drive, prompting for my LUKS passphrase. However, after entering the pass 3 times, I am dropped to a shell. The only thing I figure I may have done wrong when performing the installation was inserting the UUID into the the script without including “ID_FS_UUID=”. This was meant to be included, correct? Anyways, how might I rebuild the initrd image without starting over? Or am a little screwed at this point? Thanks for the great tutorial–I’m sure I’ll get it working, even if I have to start all over again.

Reply

kriggins January 3, 2010 at 7:43 am

@Dark_Matter(s),

The modprobe error is “normal” and doesn’t affect boot. I think I have figured out how to fix it, but need to test it before including it in the how-to.

When you enter the UUID, you only want the part after the = sign. I need be a little more clear in the how-to. I will be adding that update as well. If you feel that the UUID bit is causing you a problem, you can replace it with /dev/sdx where sdx is your logical volume. This works well for testing, but can cause problems if you move from machine to machine.

Finally, you don’t have to start over. Boot with the original Live CD or UBS drive, do the following:

/etc/init.d/networking start
apt-get update
apt-get instal hashalot lvm2
cryptsetup luksOpen /dev/[your logical partition] pvcrypt
mkdir /mnt/backtrack4
mount /dev/mapper/vg-root /mnt/backtrack4
mount /dev/[boot partition] /mnt/backtrack4/boot
chroot /mnt/backtrack4
mount -t proc proc /proc
mount -t sysfs sys /sys
mount -t devpts devpts /dev/pts

You will be back to the place where you can check things out and re-run update-initramfs if you need to.

-Kevin

Reply

kriggins January 3, 2010 at 8:09 am

@Dark_Matter(s),

Oops. Lovely Wordpress took some of my comment above as html. The cryptsetup line should be:

cryptsetup luksOpen /dev/[your logical partition] pvcrypt

I fixed it in the comment above too.

Kevin

Reply

Dark_Matter(s) January 3, 2010 at 12:18 pm

@kriggins

Thanks for the reply. I was able to mount the device last night following some reading on the Ubuntu forums–but I may have made the problem a little worse, as I can no longer mount the drive. I think I’ll just give it another try, and let you know how it goes. Again, thanks for the quick response.

Reply

Greg January 7, 2010 at 11:54 am

Holy cow Batman!! Nice job. I am also going to use this for a HDD install, it appears that is exactly what you did here vs the “persistent live CD” on USB in your previous writeups.

Thanks for your time and best wishes for the New Year!

BTW, any idea on the samdump2 update error via apt-get upgrade (repositories)? I suppose you could recompile from source, however I may have to look into doing that…

Gm

Reply

kriggins January 7, 2010 at 6:14 pm

@greg,

Thanks and best wishes for you in the New Year too!

I should mention in the how-to that this method can be used for an HDD install too.

I haven’t looked any further into the upgrade error. I should really look at that.

Kevin

Reply

Shockrates January 8, 2010 at 7:07 am

@kriggins

Regarding the modprobe fatal error on boot, i used this solution from the forums.
————————————————————————-
cd /boot
cp initrd.img-2.6.29.4 initrd-2.6.29.4.old (Just making a backup)
depmod -a
update-initramfs -k 2.6.29.4 -c
cd /tmp
gzip -dc /boot/initrd.img-2.6.29.4| cpio -id
touch lib/modules/2.6.29.4/modules.dep
find ./ | cpio -H newc -o > /boot/initrd.img-2.6.29.4.new
gzip /boot/initrd.img-2.6.29.4.new
cd /boot
mv initrd.img-2.6.29.4.new.gz initrd.img-2.6.29.4

Reboot and it should be gone.
———————————————————————-

Source: http://forums.remote-exploit.org/backtrack-4-bugs-fixes/23688-modprobe-fatal.html

Reply

Shockrates January 8, 2010 at 7:24 am

I just rebooted and the problem is gone.

Also i forgot to mention that i ran the above commands after i booted using my usb thumb drive.
I didnt run them using the original live cd, and chrooting to the usb, mounting etc..

By the way, in your guide before we rebuilt initrd, you said doing depmod -a would solve an annoying error on boot. Was this the error it was supposed to solve? (For the record i run your depmod -a during the installation)

P.S.: One of the most informative guides i have read. 🙂

Reply

kriggins January 8, 2010 at 7:50 am

@shockrates,

Thanks for the compliment on the how-to. Much appreciated.

Thanks for the tip above. I thought my method worked, but I was probably doing three things at once and got things mixed up. That being said, I think I have another way to fix it using the built scripts function of initramfs. I will be testing that this weekend and will update the how-to appropriately if it pans out. If it doesn’t I will add your comments to the how-to.

-Kevin

Reply

Insomniac January 8, 2010 at 11:25 am

After everything is finished, should we update&upgrade the system normally using aptitude?

I had this error:
Starting PostgreSQL 8.3 database server: main* The PostgreSQL server failed to start. Please check the log output: EST FATAL: could not load server certificate file “server.crt”: No such file or directory.

I think this is a common problem. A good idea would be to do say in the guide how to solve the problem, and then put an aptitude update etc.

P.S.: Maybe it would be a good idea, to copy the Nessus section and tweaks section from the other article here, so most people dont have the mixed up. (The tweaks part in the other article contains stuff about truecrypt which here we dont use etc). And maybe put in the title of the original article, backtrack 4, on usb using truecrypt for encryption, and here backtrack 4, on usb with persistant changes with “full” encryption.

Reply

kriggins January 8, 2010 at 7:54 pm

@Insomniac,

Thank you for the comment and suggestions.

Yes, you can use apt-get or aptitude to update and upgrade after you are done. I haven’t experienced the PostgreSQL error, but I also haven’t done a full update recently.

The existing how-to with Nessus is going to be updated to include this method of install. That url is popular enough that I leave it as the main url with each subsequent update. This how-to stands on it’s own for those that only wish to install Backtrack to a USB key. I also found a way to do the changes partition in an encrypted fashion on the remote-exploit forums that I may include in the main how-to.

-Kevin

Reply

Max January 9, 2010 at 8:33 am

Nice tutorial. But I am having problem when I apt-get update as I am behind a proxy. How can I configure proxy in terminal?

Thanks

Reply

Max January 10, 2010 at 6:45 am

Never mind. I got it sorted out. But I got another problem. After doing all the instructions and reboot my USB, I got this error messages:

modprobe: FATAL: could not load /lib/modules//2.6.29.4/modules.dep no such file or directory.
aes_generic: unknown parameter ‘i586’
aes_i586: unknown parameter ‘i586’

Any help?

Reply

kriggins January 10, 2010 at 7:40 am

@Max,

The modules.dep error is normal and won’t cause any problems. I am working on making it so that isn’t an issue.

The aes_generic and aes_i586 errors lead me to believe there is a problem with the /etc/initramfs/modules file. We need to have the aes_i586 and xts lines added to that file so that the modules are included in the initrd image. Double check that spelling is correct and that each is on its own line.

Kevin

Reply

Max January 11, 2010 at 5:06 am

Thanks. I started the whole process and it worked this time. My mistake. I apologize.

Great howto though.

Max

Reply

kriggins January 11, 2010 at 6:11 am

@Max,

No apology necessary and thanks for the compliments.

Kevin

Reply

Hedin January 12, 2010 at 12:22 pm

Hi, first of all, very nice guide.

but souldn’t the boot partition be sdb1 in your example?

Reply

kriggins January 12, 2010 at 12:51 pm

@Hedin,

Thanks and you are absolutely correct. That’s what I get for installing to sda and sdb. Grabbed the screen shot from the wrong session. I have added a note to warn about that and will update the image as soon as I can.

Thanks for noticing and letting me know.

Kevin

Reply

Obito January 12, 2010 at 12:52 pm

Hey, Great work first of all. I myself appreciate the time you put into this. That being said will this process work on BT4 Final (released yesterday). I just downloaded it and started this process. I received no errors and everything seemed to go very smoothly however when I boot up my USB stick and I enter the password it tells me that no matching passphrase was found. I am entering the correct passphrase I checked by booting back into the LiveCD and mounting it with “cryptsetup luksOpen /dev/sdb5 pvcrypt” and it accepts the key. I’ve done this enough to assure myself I am not making typos at boot lol. Was just wondering if anyone else had this problem?

Reply

Nick February 1, 2011 at 4:22 am

I am having this same problem, and i have tested it the same way you did. Find a solution?

Reply

kriggins January 12, 2010 at 12:57 pm

@obito,

I tested the how-to last night, which also resulted in a couple edits and it worked just fine. Double check your /etc/initramfs/scripts/local-top script. Often the culprit is that the device it is referencing in the cryptsetup line at the end is entered incorrectly. You can try with /dev/sd[x][y] where x is your disk and y is the logical partition. Be aware that boot order and drive enumeration can make it fun trying to figure out which /dev/sd[y] to use.

Kevin

Reply

Hedin January 12, 2010 at 1:17 pm

I have just installed bt4 final on an 16GB usb stick and it worked nearly perfect… only minor issue is that i wasn’t asked about user settings or root password.

and a cosmetic one: it says Ubuntu in the grub menu.

Agen, Very nice guide / howto 🙂

Reply

Hedin January 12, 2010 at 1:22 pm

Doh… just saw the passwd in your guide:)

Reply

Greg January 13, 2010 at 12:06 pm

I just made a fresh install on BT4 final on my 8gb USB stick, I also noticed the user account creation screen was gone, after I was done and rebooted from the USB the root account was already unlocked (unlike the BT4-pre and Ubuntu defaults). Normal login “root” and pw “toor”. There is no longer a need to userdel any user accounts.

Reply

kriggins January 13, 2010 at 2:15 pm

@Greg,

I updated the How-to the same day the final release happened to include the things you mention. The PDF didn’t get updated until last night though. Sorry. BTW – I still owe you an email and I haven’t forgotten. 🙂

Kevin

Reply

Stealth January 13, 2010 at 4:01 pm

Hey kevin:

I followed you tut, but upon reboot I am getting the following error:

…Done
Gave up waiting for root device. common problems:

-Boot args (cat /proc/cmdline)
-check rootdelay= (did the system wait long enough? Note: I could not download your scripts so I entered the scripts manually!!
Check root=(did the system wait for the right device?)ls /dev)
Alert! /dev/mapper/vg-root does not exist. Dropping to a shell!! (I definitely created /dev/mapper/vg-root!!
-Missing modules (cat /proc/modules;

What might I be missing?

Reply

Stealth January 13, 2010 at 4:58 pm

Hi again Kevin:

I am trying again with the a bt4 cd but am getting error that “no /dev/pts exists”. I ran the last command after running all the others which have been successful upon rebooting with CD. The
mount -t devpts devpts /dev/pts command is not working.

One other question when including the “ID_FS_UUID=09330b5a-5659-4efd-8e9d-0abc404c5162” in the script, is the value only included or is this whole is this whole number included? I only included the value in the script and left out the ID_FS_UUID= part of the whole parameter. I don’t do much of this scripting so I could be wrong.

BTW- I did not use the parameter above, it was taken from this post, I used the value for my USB which is SDA. I am using a 16G San ScanDisk.

Reply

kriggins January 13, 2010 at 5:14 pm

@Stealth,

I am going to answer the questions in your second comment first.

1. I often find that /dev/pts wont’ mount correctly after a chroot. It is not a fatal problem. Just ignore it if that happens.
2. Yes, you only want the part after ID_FS_UUID=

For trouble shooting purposes, you can change the /dev/disk/by-uuid part to /dev/sda5. This should work in your case since it is enumerating the drive as sda.

Now for the questions in your first comments.

A couple questions first. Did you get the LUSK Passphrase prompt after you rebooted? Did it open the device correctly? If the answer to both of those questions is yes, then it looks like maybe lvm2 didn’t get installed after you chrooted to the installed system. This step has to be redone after the chroot step and before you perform the update-initramfs -u step.

If you didn’t get the LUKS Passphrase prompt or it didn’t open the device correctly, there is likely a problem with your scripts. I am a little concerned that you said you couldn’t download the scripts as it shouldn’t be a proble, particularly if you successfully perform the apt-get update and apt-get install after chrooting.

Hope this helps. If it doesn’t, write down all the stuff that gets displayed to the screen upon reboot and put it in a comment so I can see the entire boot process.

-Kevin

Reply

Stealth January 13, 2010 at 5:33 pm

Well hold on a minute…I may have made a stupid errors as to why I couldn’t download your scripts. I tried again and they are downloaded to me just fine. I am doing everything as you stated again and hopefully I will have success upon reboot….Going to reboot now after updating the “initramfs” file…Ok so far so good asked me for my luks password …seems to be booting…signed in as root…graphical interface is coming on line!!!! Thanks Kevin, you gave me all the information I need to make this work!!! I have success, have a happy and prosperous New Year!!

Apparently I made a mistake with my hand generated scripts you identified. Also, I forgot about the mistakes that were identified in the post.

Reply

kiamo January 14, 2010 at 5:36 am

As I prepared the usb flash drive in a hard drive install of backtrack, I have had to reboot and continue the process from the live dvd.

Am I correct in thinking that the random data that we filled up the logical drive in the DD step does not need to be redone?

btw, thanks for this awesome howto! 😀

Reply

kriggins January 14, 2010 at 6:25 am

@Stealth,

Glad you got it working!

@Kiamo,

You are correct. Once you have filled the drive with random data, you don’t ever need to do it again.

-Kevin

Reply

Cryptosond January 14, 2010 at 1:16 pm

Hey kriggins,

thanks for this super tutorial, i’ve almost finish the whole without problem, exceptly for the end :”update-initramfs -u” i’ve got an error: “update-initramfs is disabled since running on a live CD, any help ll be really appreciated 🙂 thanks in advance.

Reply

Cryptosond January 14, 2010 at 1:30 pm

nvm, i solved this prob
“mv /usr/sbin/update-initramfs /usr/sbin/update-initramfs.old
ln -s /rofs/usr/sbin/update-initramfs /usr/sbin/update-initramfs”

After rebooting i’ve got :”Disabling IRQ 18″ – ” Missing modules ( cat /proc/modules; ls /dev), any idea maybe ?

Reply

kiamo January 14, 2010 at 2:27 pm

As far as I can tell I’ve completed the steps as stated. However, when I boot up from the usb stick and enter my luks passphrase, i get the following error:

device-mapper:table:253:0:crypt:Error allocation crypto tfm
command failed. No key available with this passphrase

then further down the screen it says:

ALERT! /dev/mapper/vg-root does not exist

I’ll keep fiddling with it but any help would be much appreciated 🙂

Reply

kriggins January 14, 2010 at 3:10 pm

@cryptosond,

I suspect the reason you are getting the errors you are getting is because you have not successfully chrooted to the newly installed system before finishing the configuration. You need to be chrooted before you setup the pvcrypt files, edit the /etc/initramfs/modules file and install lvm and hashalot again.

-Kevin

Reply

kriggins January 14, 2010 at 3:11 pm

@kiamo,

Did you make sure and install hashalot and lvm2 after chrooting to the newly installed system?

-Kevin

Reply

kiamo January 14, 2010 at 3:24 pm

yup, iv run through the steps a few times now.

chroot /mnt/backtrack4
apt-get update (no new updates)
apt-get install hashalot lvm2 (hashalot and lvm2 are newest versions)

This is so weird…

Reply

kriggins January 14, 2010 at 3:39 pm

@kiamo,

After chrooting and mounting proc and sys can you paste the contents of /etc/initramfs/modules, and /etc/initramfs/scripts/local-top/pvcrypt here so I can take a look. It will be an hour or so until I can, but I will then.

Kevin

Reply

kiamo January 14, 2010 at 3:59 pm

Sure, and thanks again for the help 🙂

After the comments in /etc/initramfs/modules is this:

fbcon
vesafb
aes_i586
xts

/etc/initramfs/scripts/local-top/pvcrypt looks like this:

PREREQ=”udev”

prereqs()
{
echo “$PREREQ”
}

case $1 in
# get pre-requisites
prereqs)
prereqs
exit 0
;;
esac

/bin/loadkeys -q /etc/console-setup/boottime.kmap.gz
modprobe -Qb dm_crypt
modprobe -Qb sha256
modprobe -Qb aes_i586
modprobe -Qb xts

# The following command will ensure that the kernel is aware of
# the partition before we attempt to open it with cryptsetup.
/sbin/udevadm settle

sleep 10

if grep -q splash /proc/cmdline; then
/bin/chvt 1
fi
/sbin/cryptsetup luksOpen /dev/disk/by-uuid/b8f7efe5-d87d-4a1f-890d-1198defa7729 pvcrypt

Kiamo

Reply

kriggins January 14, 2010 at 5:05 pm

@Kiamo,

That all looks correct which is a bummer, because now we don’t have a quick fix. This leads me to believe one of two things:

1) There is a problem with the initrd image or
2) There is a problem with partition enumeration.

Execute the following commands from the chrooted environment:

cd /tmp
mkdir foo
cd foo
zcat /boot/initrd.img-2.6.30.9 | cpio -iv

This uncompresses the initrd image so we can check somethings.

First we want to confirm the that the modules we need were copied over. Make sure /tmp/foo/lib/modules/2.6.30.9/kernel/arch/x86/crypto/aes-i586.ko and /tmp/foo/lib/modules/2.6.30.9/kernel/crypto/xts.ko exist.

We also want to confirm that they are listed in the modules file so cat the /tmp/foo/conf/modules file and make sure aes_i586 and xts are included. There will be other stuff in there, but those two are the ones we want to confirm.

Finally we want to confirm that lvm is included and our pvcrypt script is where it belongs. Make sure /tmp/foo/sbin/lvm and /tmp/foo/scripts/pre-mount/lvm2 exist and that /tmp/foo/scripts/local-top/pvcrypt exists.

If any of the above is not true, then we have an issue with the rebuild of the initrd image. Run update-initramfs -u again and recheck this stuff. If that doesn’t work, I’m not sure what is going on.

If all that is in good shape, I suggest changing /dev/disk/by-uuid… in the cryptsetup line in /etc/initramfs/scripts/local-top/pvcrypt to be the logical partition, i.e. /dev/sdb5 or whatever the case is in your situation. You need to do this in /etc/initramfs/scripts/local-top/pvcrypt and run update-initramfs -u again to build the new initrd image.

If none of that helps, I am a bit of a loss on next steps other than to start over completely by deleting any partitions and rebooting.

Kevin

Reply

Stealth January 14, 2010 at 10:15 pm

Hi Kevin:

I am getting an error on boot:

/scripts/local-top/pvcyrpt: line 33: /bin/chvt: Not found, However, this has not affected the functionality. Should I edit the script. I haven’t checked the script since downloading.

Backtrack has loaded just fine, although sometimes it seems a little slower then on the CD or HD.

Also my wireless is not working I keep getting a code error 80ba or something like that when I enter the password for the wireless access point. When I do “iwconfig wlan0 key [pwd] I get that error above.I had no problem with my wireless when I had bt4 installed on my HD. Any suggestions? I know this isn’t a wireless forum but just thought I would ask since I hadn’t had any problems before.

BTW-This was a great “tut,” I was so excited that everything worked, Although wishing you a properous New Year, I forgot to give you your well deserved “props.” Thanks again.

Reply

Stealth January 14, 2010 at 10:43 pm

Kevin:

Just logged on again I do iwconfig wlan0 essid “[my ID] key “my girlfriends key” , and her key (without quotes]. The OS then complained with “Error for wireless request “Set Encode” (8B2A) :
I then did a dhclient lookup
I then got frustrated and tried NetworkManager which is not installed, but I found a “work around”and and got wicd Network connection manager started. Previously I installed and used Network Manager.

I don’t know what the problem is because on my other installation of the HD all I had to do was provide the essid and pwd in text from the command line. I also tried providing the pwd in hex. The system is taking the essid just fine as reflected in iwconfig cmd. Do you have any suggestions or do you know of any issues with wireless when used on the USB? Thanks again.

Reply

Stealth January 14, 2010 at 11:57 pm

Kevin:

Forget the stuff about the wireless, I think I figured it out. I have gotten the wicd working and it is trying to obtain and ip address. I also got the wireless to accept my girl friends pwd after again coverting to hex. Now all I got to do is get it to give me an IP address, hopefully I can figure that out soon. I also did a update for backtrack and it may have “broke a few things. My Mozilla browser is broke, but that shouldn’t be too much of problem. I hope that is all that is broke.
Thanks again, but still, any of your suggestions are welcome. This is definitely a process!! LOL

Reply

kiamo January 15, 2010 at 3:19 am

hmm, it seems xts.ko does not exist and xts is not included in the modules file. Also /tmp/foo/scripts/pre-mount/lvm2 does not exist either.

Iv tried updating initramfs again but its exactly the same. I’ll have another go at it from the beginning in the morning.

Thanks for the howto, its gonna be awesome once I have it working 😀

Reply

kriggins January 15, 2010 at 9:00 am

@Stealth,

That is pretty bizarre stuff with the wireless. Unfortunately, I don’t have any suggestions for you. A trip to the remote-exploit.org forums might help though.

@Kiamo,

The fact that xts.ko is missing makes complete sense along with the other stuff. Something bad happened. As you indicate, a re-install is probably the best thing to try.

-Kevin

Reply

Stealth January 15, 2010 at 11:40 am

Kevin:

I just noticed that the first script (/etc/initramfs-tools/hooks/pvcrypt) is missing. However, the second script (/etc/initramfs-tools/scripts/local-top-pvcrypt) is there and is mirrored as above. Should I try to download it again or paste it in as above? Of should I leave it as it is, currently empty?

Reply

kriggins January 15, 2010 at 11:48 am

@stealth,

Yes, you want to make sure that script is there. It is used every time a rebuild of the initrd image is done and makes sure some important files are copied to the image.

You should be able to download it with the wget command in the how-to.

-Kevin

Reply

william January 15, 2010 at 11:57 am

I’ve got to the point where we prepare disk space. I do not have a boot partition on my 8GB thumb drive. I’ve gone through the tutorial multiple times, but it just isn’t shown in my partitions list. I did use fdisk to create it in an earlier step. Is there a step missing? Thanks.

Reply

kriggins January 15, 2010 at 1:06 pm

@William,

Everything needed to complete the install is included in the how-to. My first guess is that the partition table is not getting written correctly. What does the out put of

fdisk -l /dev/sd[x]

look like?

-Kevin

Reply

william January 15, 2010 at 1:32 pm

fdisk -l /dev/sdb2
/dev/sdb1p1 * 1 14 112423+ 83 Linux
/dev/sdb1p2 15 975 7719232+ 5 Extended
/dev/sdb1p3 15 975 7719201 83 Linux

Opening the install.sh script and viewing the partitions shows this:
/dev/sda
/dev/sda1
/dev/sda2
/dev/sda3

/dev/sdb
/dev/sdb1
free space

I’m using sdb1 for the install (8GB sandisk). According to your screenshot, I should have a 100MB boot partition. I’ve gone through the tutorial 4 times, start to finish, and always get stuck on this part.

Reply

kriggins January 15, 2010 at 2:00 pm

@William,

I’m a little confused by the output above. /dev/sdb2 usually refers to a partition, not a full disk. It almost looks like there is one large extended partition that is then partitioned into more logical partitions. The contents of the install.sh script do not really mean anything at this point.

My suggestion would be to delete all partitions from /dev/sdb, write that partition table to disk and then start again. First create the 100MB primary partition, then create the extended partition with the rest of the drive and create the logical partition. The output of the fdisk -l command should look more like this:

fdisk -l /dev/sdb
/dev/sdb1 * 1 14 112423+ 83 Linux
/dev/sdb2 15 975 7719232+ 5 Extended
/dev/sdb5 15 975 7719201 83 Linux

Hope this helps.

-Kevin

Reply

kriggins January 15, 2010 at 2:01 pm

@william,

Note: I think I also realized something else you are doing. It looks like you are creating the 3rd partition as a primary partition and not a logical one.

Kevin

Reply

Stealth January 15, 2010 at 2:37 pm

Thanks Kevin, I downloaded the script but it was again blank. So, I just added the 1st. script manually, updated its permissions, and then did an update for initramfs but I am getting an error:

“cryptsetup: WARNING: invalid line in /etc/crypttab.” Does this mean my crypto is no longer going to function? I am rebooting now to see if it had any negative effects.
OK, it at least asking me for the LUKS passphrase. Mmmm…every loaded fine with no errors.

Do I need to be worried about the error in etc/crypttab?

Reply

Stealth January 15, 2010 at 3:20 pm

Kevin:

What do you think the chances of me being hacked using the LAN with the encrypted file system? During a network hack where I was on the LAN would the encrypted disk ask anyone that attempted to connect for the LUKS pwd, or would the system allow a connection to mount the drive encrypted drive. I would think hopefully not.

Reply

kriggins January 15, 2010 at 3:25 pm

@Stealth,

Once you have booted the system and entered the password, the drive is accessible to locally logged on users. If you turn on samba or nfs or some other file sharing service and allow anonymous access or some gains access to that service, they will see the files on disk. The encryption ensures that a lost thumb drive cannot be read, not an up and operating system.

Kevin

Reply

kiamo January 15, 2010 at 3:34 pm

Kevin

Thanks for the awesome tutorial! I started from the top and this time everything went smoothly. No hitches at all.

Only thing I’m noticing is that the thumb drive seems to freeze sometimes, and takes a few moments longer to be read/written to. It started to do it after the backtrack4 installation stage, and has continued after I’ve restarted and booted from it.

Could that be the encryption?

Thanks again for the great tutorial, and all the help that followed, I really appreciate it.

-kiamo

Reply

kriggins January 15, 2010 at 4:23 pm

@Kiamo,

I glad it is working for you now and thank you for the kudos.

Enabling encryption does affect performance slightly, but the thumb drive and computer itself contribute more to the equation in my experience.

-Kevin

Reply

Stealth January 15, 2010 at 5:37 pm

Thanks Kevin:

Great insight on the network security part of this. I wasn’t exactly sure how all of this was working, I just wanted to get it working on my usb. However, in my spare time I will read up on how all of this works together and get a more deeper and granular understanding of the crypto and functionality. Now I know I should have enabled iptables first before going on the network, hopefully I was lucky enough that nobody attempted any local hacks from the network on the os. Hopefully BT4 comes reasonably secure in the default that I was not totally insecure. Thanks again for all your insight and assistance.

Reply

Whiskey January 16, 2010 at 3:46 am

I did a quick run through on your tutorial only to run into partitioning problems not realizing sdb, sdb1, sdb2, etc. all referred to the same device but different partitions…

Not an issue! I will start over. However I do recall after issuing the fdisk write command “w” that I got a strange error “WARNING: Re-reading the partition table failed with error 22: Invalid argument. The kernel still uses the old table. The new table will be used at the next reboot. Syncing disks” Now a quick google showed it can be normal…but do I need to do any other steps before continuing?

Thanks for your help,

Whisk

P.S. I assume to you your own passphrase! 🙂 lolz not “passphrase”

Reply

capron January 16, 2010 at 10:21 am

Thanks.

It works great. Nice tutorial. Good thing too use LVM it makes it awsome 🙂

As an alternative too wipe disk faster but less secure this command can be used
badblocks -c 10240 -s -w -t random -v /dev/XXX

I will now test to convert my ext3 too ext4.

Reply

kriggins January 16, 2010 at 2:51 pm

@Stealth,

Backtrack out of the box is very secure. There are no listening services so chances of anything bad happening are very very slim. You are welcome.

@Whiskey,

I have experienced that error before. It has never gotten in the way that I can remember and, yup, pick your own passphrase..passphrase is mine 🙂

@Capron,

Thanks for the alternate command for randomizing the disk. I’m interested in hearing how the ext3 -> ext4 conversion goes.

-Kevin

Reply

Whiskey January 16, 2010 at 5:30 pm

**Thank-you kriggins! I have followed your tutorial and have successfully created a fully encrypted Back|Track 4 installation on my 8gb flash drive. Your well-written article is an excellent addition to the Back|Track homepage how-to section. =)

As a side note to any users following this tutorial, here are some of the things I encountered that confused me.

1.) If “fdisk -l” lists out multiple partitions on your drive. Say (1-3) In the first step hit “d1” “d2” “d3” To make sure you delete everything!

2.) Using the final write (w) command using fdisk can give you an error 22 about the kernel still using the old table…just ignore it or use the o command on your drive before performing ANY of the partitioning steps and it should not bug you when you go to write.

3.)The dd urandom command does indeed take at LEAST an hour. I think mine was 2 actually. Capron said this is a less secure alternative “badblocks -c 10240 -s -w -t random -v /dev/XXX”

4.) On the type passphrase step. Please enter your own! I can see fifty users out in the world with this advanced encryption scheme all with the same log-in pass…I almost entered passphrase! Make up your own!

5.) The script and modules files you have to edit might be hidden if you use Konquer file explorer. Just cd into the directory and use nano to edit the files.

That’s all folks!

Reply

Pocket October 14, 2010 at 3:12 pm

Thank you for suggestion #5
I was having a helluva time trying to find a way to edit the file. Used nano, and it worked great!

Reply

capron January 17, 2010 at 10:38 am

@kriggins

The convention ext3 –> ext4 whent okey.It made me think of trying too to skip the installtion script and do it all manually. I dont think it wood be that much more work.

A quick howto in converting , The partions can not bee mounted I rebooted using my
backtrack CD and install apt-get install hashalot lvm2 again.

Convert the logical disks ext3 -> ext4
tune2fs -O extents,uninit_bg,dir_index /dev/mapper/XXX
e2fsck /dev/mapper/XXX
(The /boot partion shud not bee converted grub do not yet support ext4 )

Edit fstab and grub config
mount your converted ( root ) partion and edit the /etc/fstab too use ext4
mount your boot partion and edit menu.lst ( add rootfstype=ext4 as option)
Exampel “kernel /vmlinuz-2.6.30.9 root=/dev/mapper/your_root ro quiet splash rootfstype=ext4”

Reply

aalex January 18, 2010 at 4:15 am

Hi Kriggins and thanks for this excellent guide.

I followed your instructions and i managed to complete the installation procedure with success.

However when i tried to boot from the “target” USB drive, the system asked for my passphrase which i entered. I then got the following:

device-mapper: table: 253:0: crypt: Error allocating crypto tfm
Command failed: No key available with this passphrase

I thought i had maybe entered the wrong passphrase and thought it best to check it using the process in your guide where it says that if you remember the passphrase you dont need to do everything all over again. So i booted with my “installer” USB and then went to mount the logical partition of my “target” usb in order to check that my passphrase was correct or wrong. The command i used is: cryptsetup luksOpen /dev/[your logical partition] pvcrypt

The system then asked for my passphrase – i used the one i had used previously and it was accepted.

This leads me to the conclusion that my passphrase was correct.Why then does the system not accept it at boot time, yet accepts it if i try to mount the encrypted partition from within the installer?

Maybe i am all wrong here, but i wouldn’t know as i am a complete newbie 😉 but i would love it if you could throw some insight my way.

Thanks a lot for all your work

aalex

Reply

kriggins January 18, 2010 at 7:27 am

@aalex,

Thank you for the compliment. The error you are seeing is usually an indication that one of the crypto modules did not make it into the initrd image. Here is a series of things to check after you have remounted the encrypted image and chrooted to that environment.

Execute the following commands from the chrooted environment:

cd /tmp
mkdir foo
cd foo
zcat /boot/initrd.img-2.6.30.9 | cpio -iv

This uncompresses the initrd image so we can check somethings.

First we want to confirm the that the modules we need were copied over. Make sure /tmp/foo/lib/modules/2.6.30.9/kernel/arch/x86/crypto/aes-i586.ko and /tmp/foo/lib/modules/2.6.30.9/kernel/crypto/xts.ko exist.

We also want to confirm that they are listed in the modules file so cat the /tmp/foo/conf/modules file and make sure aes_i586 and xts are included. There will be other stuff in there, but those two are the ones we want to confirm.

Finally we want to confirm that lvm is included and our pvcrypt script is where it belongs. Make sure /tmp/foo/sbin/lvm and /tmp/foo/scripts/pre-mount/lvm2 exist and that /tmp/foo/scripts/local-top/pvcrypt exists.

If any of the above is not true, then we have an issue with the rebuild of the initrd image. Run update-initramfs -u again and recheck this stuff. If that doesn’t work, I’m not sure what is going on.

If all that is in good shape, I suggest changing /dev/disk/by-uuid… in the cryptsetup line in /etc/initramfs/scripts/local-top/pvcrypt to be the logical partition, i.e. /dev/sdb5 or whatever the case is in your situation. You need to do this in /etc/initramfs/scripts/local-top/pvcrypt and run update-initramfs -u again to build the new initrd image.

If none of that helps, I am a bit of a loss on next steps other than to start over completely by deleting any partitions and rebooting.

The other individual who had this same problem ended up starting over and it worked the second time around.

Kevin

Reply

aalex January 18, 2010 at 7:41 am

Thanks for the prompt response Kevin!

I will try and follow your advice and go through the checks you mentioned.

If it doesn’t work then i will start everything from the beginning.

I will let you know the outcome.

aalex

Reply

capron January 18, 2010 at 5:40 pm

Maybe my write speed cud be better. What do you guys get in creating one gig file off zero ?

I use ext4 , aes-xts-plain –key-size 512 320G ide disk. CPU athlon xp

time dd if=/dev/zero of=1G bs=1024 count=1000000

1024000000 bytes (1.0 GB) copied, 40.7775 s, 25.1 MB/s
real time 0m40.822s

Reply

Exe January 20, 2010 at 1:37 am

Hello guys.
I have next problem. I use ur guide, all good, but this error stop me:

root@bt:/etc/initramfs-tools# update-initramfs -u
update-initramfs is disabled since running on a live CD

any solutions make this on live-cd?

P.s. english bad, its my third language =)

Reply

Exe January 20, 2010 at 1:43 am

Guys, i do it. help this tip:

update-initramfs.distrib -c -k all

Anyway thx for guide guys. its cool =)

Reply

aalex January 20, 2010 at 3:37 am

@Kevin

Thanks very much for the advice on my question above. In the end i just re-did everything from scratch and it worked like a charm.

I am now trying to get my TP-LINK TL-WN321G to work (so far i was using a wired ethernet connection) but i am having difficulties. Its strange. Some people say it works out of the box, others say you need to install new drivers. I tried both but no luck… Is there any chance for some help in this endeavor 🙂

Once again thanks for your time and for all your help

aalex

Reply

kriggins January 20, 2010 at 9:36 am

@capron,

I haven’t done any speed tests, but the numbers you put up don’t seem to terribly unreasonable for a usb thumb drive.

@exe,

You haven’t chrooted to the newly install system. Go back to the how-to and see where you need to chroot to the system after you finish the install.sh script. You will also need to reinstall hashalot and lvm2 again and follow the rest of the steps.

@aalex,

My experience with getting wireless working on Backtrack has been hit or miss. I can’t really offer much in the way of suggestions other that to go check out the remote-exploit.org forums. Sorry.

-Kevin

Reply

Stealth January 20, 2010 at 10:55 am

Kevin:

All “props” again to you, this is awesome tutorial. I have everything working fine. The initial errors are all gone and once I placed the 1st script in its proper place good things really started to happen. My whole system updated properly as i had run the upgrade for BT4 earlier. As you stated previously the initrd image must have gotten updated by that script after I placed it correctly. Wireless is working great after setting it manually, I was making some very basic errors and it is suggested that it be set manually instead of dynamically at the BT forums. Good to know that BT4 is pretty secure coming out of the box, I have configured iptables instead of the UFW also. Thanks again.

Reply

capron January 20, 2010 at 7:43 pm

kriggins

Hehe no it is not my USB drive that has only 6 MB/s

The encryption has a impact om speed but not that bad belive it is my old and slow CPU
that limits it most.

My 500G wester driver simpel write /dev/zero with dd
59.1 MB/s uncrypt
29.7 MB/s crypt

Reply

pikkker January 21, 2010 at 4:34 pm

@kriggins

thx very much for this how-to…. it is a gooooooooooooooood one!

but i have one problem, when I’ve done everything and want to boot from my stick it is not booting. the grub loader comes up but then i get into a shell.
I’ve looked in the initrd.img-2.6.30.9 file and found that there is no /tmp/foo/lib/modules/2.6.30.9/kernel/crypto/xts.ko in it. I think that this is my only problem now that this how-to dosen’t works on my stick. have you maybe an idea?
I already have done the procedure more then 10 times for now, it dosen’t work. I have a 8gig stick when you need this info.

pikkker

Reply

kriggins January 21, 2010 at 5:15 pm

@pikkker,

Others have experienced this problem and it went away on redoing the build, but apparently that is not working for you. The only suggestion I have is to double check the /etc/initramfs/modules file and make sure there is no type or extra characters on the line that has xts. The full file should look something like this:

# List of modules that you want to include in your initramfs.
#
# Syntax: module_name [args …]
#
# You must run update-initramfs(8) to effect this change.
#
# Examples:
#
# raid1
# sd_mod
fbcon
vesafb
aes_i586
xts

Confirm that it looks like this or do the following after mounting and chrooting to the installed Backtrack environment:

cd /etc/initramfs
wget -O modules http://www.infosecramblings.com/initramfs-modules

After doing that, run update-initramfs -u again.

-Kevin

Reply

kriggins January 21, 2010 at 5:37 pm

I made a small update to this how-to.

Some people are having issues with the xts.ko module not getting copied to the initrd image. This makes the the root and swap partitions unmountable because the encrypted partition can’t be opened. Most have been able to correct this by redoing the install, but I wondered if maybe a consistent modules file would help, i.e. don’t require the reader to edit the file.

To that end, I have modified the how-to. I created a preconfigured modules file like I did for the two pvcrypt scripts and added the wget command to download it. I also added what the contents of that file should look like.

Both the on-line how-to and the pdf have been updated.

Note: The video does not show this step. It still shows the manual method.

-Kevin

Reply

capron January 22, 2010 at 7:29 am

Maybe we can save some space and computer power just too do the luksformat direct too the primary ( /dev/hda2 ) ? Or is there some reson to have it on a logical partion ?

Reply

Jack January 22, 2010 at 8:22 am

Hi,

thank you very much for this tutorial!

Now, I’m trying to install BT on a USB thumbdrive to be used with a legacy laptop that does not support boot from USB. So I have to install the boot partition on the internal hard disk (which is seen as hda) and the root partition on the USB external device (sda).
The problem is that the “Prepare partitions” wizard (for both manual and guided partition) shows the sda drive only!
The hda disk is only shown if I launch the install process without any attached USB drive.

How can the steps above be modified to have the system boot from the internal hard disk, and then load the encrypted file system from the USB thumbdrive?

Thank you in advance for any hint!

Jack

Reply

kriggins January 22, 2010 at 12:41 pm

@capron,

It should be be possible to do skip the lvm part and directly use encrypted partitions. I tried that initially and didn’t get far, but that doesn’t mean it can’t be done.

However, you will have to create two partitions, one for root and one for swap. You will also have to update the scripts to unlock both partitions at boot.

You could run with a swap partition, but might experience performance problems.

Personally, I don’t think the use of LVM significantly impacts performance.

@Jack,

When the partitioning portion of the install.sh script starts on my machine I see all devices on the system, both USB and hard drives. I wonder if the age of you system is getting in the way. I’m not sure what to tell you at this point. I will think about it and let you know if I come with anything.

-Kevin

Reply

damian January 22, 2010 at 2:31 pm

when i run:

update-initramfs -u

i get an error say that i cant update “initramfs” because i am using a live cd

can you tell me why I am getting this error

Reply

damian January 22, 2010 at 2:43 pm

nevermind someone has already posted this

i will re-install and try again

but thank you for the tutorial

Reply

capron January 24, 2010 at 12:19 pm

@kriggins

Today I installed ubuntu 9.10 on my crypt hdisk. Following this http://nedos.net/2010/01/21/ubuntu-luks-lvm/ It is very diffrent from your installation procedure. He don’t use scripts too config initfsram , and only edit /etc/cryptab in a more simpel way. Damm 🙂

Do you think this also cud work for backtrack ? ( Grub2 is used in 9.10 ubuntu )

Reply

Dan January 25, 2010 at 4:08 am

Is it possible to format the free space as NTFS and use that partition on windows?

Reply

Jack January 25, 2010 at 7:06 am

@kriggins,

After reading your post, I started playing around with partitions, making some additional check that they were all unmounted, and trying with different USB ports… at the end, I relaunched the install process and both drives were magically recognized!

Sorry for annoying you with that, I should have tried harder 😉
Many thanks!

Jack

Reply

Dan January 25, 2010 at 2:50 pm

I also receive this error:


device-mapper:table:253:0:crypt:Error allocation crypto tfm
command failed. No key available with this passphrase

I tried booting with the livecd, and then seeing if I can open the encrypted portion, same error. This has happened to me twice (starting from scratch both times)

Reply

Mattias January 26, 2010 at 4:02 pm

Greetings from Sweden! I just wanted to say thank you for this guide. It worked like a charm! Much appreciated you took the time to make this.

Mattias

Reply

AthBot January 26, 2010 at 6:33 pm

Hello i have been having a problem , all the procedure until the installation is exactly as above no problems there but when i go in the manual install no partitions are made in the flash drive , i tried with an 8G and a 16G flash drive no luck. And also if i proceed with the installation then during the installation a get a fatal error and the hole procedure stops.Everything works up until that moment and i don’t what it could be, any thoughts?

Reply

nate January 29, 2010 at 5:27 pm

I tried following the instructions while booting from a dvd, had some issues arise while installing hashalot and lvm2 apt-get returned an error regarding “update-initramfs disabled” because of using a live cd environment. a possible workaround is to replace the update-initramfs binary e.g

cd /usr/sbin/
mv update-initramfs update-initramfs.old
ln -s /rofs/usr/sbin/update-initramfs /usr/sbin/update-initramfs

this must be done before installing hashalot and lvm2.
In the end I found running backtrack4 in VirtualBox (installed not live disc) worked best and returned no errors throughout the process. In the end this was an awesome “how to” thanks for the work.

Reply

kriggins January 30, 2010 at 5:14 am

@nate,

That is not actually an error. The programs get installed correctly. The update-initramfs runs fine once we have installed Backtrack to the target drive and then chrooted to it. That error is only because the install process tries to rebuild the initrd image and can’t because it is running from a read-only medium.

-Kevin

Reply

kriggins January 30, 2010 at 5:18 am

@dan,

I’m not sure what you are asking. The how-to calls for using all space on the target drive. If you have a large enough drive, say 16 GB or bigger, you could setup a partition that is FAT or NTFS formatted to use with Windows, but you would lose the encryption option for that partition.

The error you received means that some step in the process was missed or didn’t work correctly. The required encryption modules are no in the initrd image on the drive. Usually, redoing the install carefully will take care of this.

@Mattias,

Thanks!

@Athbot,

Make sure you are deleting any partitions on the target drive before you try to create the new ones. Sometimes you have to delete the partitions, write the table to the drive, quite fdisk, reboot and then create the new partitions.

-Kevin

Reply

kriggins January 30, 2010 at 5:20 am

@capron,

I don’t know if the method you found for 9.10 will work for this. Give it a try and let us know.

-Kevin

Reply

Ulrick13 February 1, 2010 at 6:07 am

Thanks a lot for the guide, it was really helpful (especially the scripts part) which would have been very difficult to figure out alone.

And just FYI i did the install on a HD and not on a USB stick with only minor adaptations and it works like a charm.

Thanks again.
Ulrick

Reply

kriggins February 2, 2010 at 7:30 pm

@Ulrich,

Thanks. I’m glad it worked well for you. I really should add a note that this method works for hard drive install as well as thumb/SD/USB drives.

Kevin

Reply

Daniel February 3, 2010 at 3:06 am

Awesome, works for me. Thanks for your help!

Reply

kriggins February 4, 2010 at 10:31 am

@daniel,

You are welcome. Thanks for the feedback.

Reply

Justitia February 4, 2010 at 4:27 pm

Thanks for the guide. Real cool .

Reply

vtwin1800 February 5, 2010 at 9:40 am

Great guide and videos…Thanks for taking the time to put this out here.

Reply

kriggins February 5, 2010 at 10:43 am

@Justitia and @vtwin1800,

Thank you for the comments and I’m glad you found the guides helpful.

Kevin

Reply

mosler February 8, 2010 at 4:06 pm

it appears to me that you made 2 partitions in this guide. sdb1 and sdb2. where does sdb5 come from? If this is an obvious thing please forgive my ignorance i am still getting used to linux.

Reply

mosler February 8, 2010 at 5:18 pm

yeah i didn’t read very good, my bad…

Reply

mosler February 9, 2010 at 2:59 pm

pvcreate /dev/mapper/pvcrypt

Device /dev/mapper/pvcrypt not found (or ignored by filtering)

any thoughts?

Reply

mosler February 9, 2010 at 3:01 pm

once again as soon as i post i find my mistake…

Reply

phrag February 9, 2010 at 10:41 pm

works a treat! usb install went so well in fact, i’m doing the same with my laptop next
thankyou very much for this tutorial, very useful, appreciate =)

Reply

Kyle February 12, 2010 at 10:55 am

I am not sure what I did wrong but I am getting:

“Command failed: Can not access device” after I reboot.

Reply

kriggins February 12, 2010 at 8:04 pm

@kyle,

That is usually indicative of the mistyped UUID or other problem. Try the troubleshooting tips at the end of the how-to to make sure you can mount the device outside of booting and then double-check the /etc/initramfs-tools/scripts/local-top/pvcrypt script for the correct UUID or device name.

You can paste it here if you would like me to take a look.

-Kevin

Reply

pyros February 13, 2010 at 8:08 am

I’d like to say thanks for the guide, one of the most thorough ive read in a while.
Just getting a few problems:

Im getting “operating system not found” when trying to boot, could be a mistake in my installation, but ive had it on the 2 different devices i have tried to install on. Although when manually editing the boot partition in the install process, i get a different window than the one in your screenshot, more.. basic.

Could be related but im getting the error “Command failed: Can not access device” when doing “update-initramfs -u” when i have chroot’d onto the usb stick.

Will try a full reinstall again, i just dont want to keep repeating the 3 hour wait while filling the partition with random data, or the hour or so wait while installing.

Any thoughts on the errors?

Reply

kriggins February 13, 2010 at 8:45 am

@pyros,

The problem with the update-initramfs command concerns me because it means that things are not getting written correctly to the usb device.

The no operating system found could be related to that or to the final step when you select the device to install the boot loader to. Make sure you are picking the correct device.

Finally, you only have to write random data once. No need to do it again.

-Kevin

Reply

pyros February 13, 2010 at 9:55 am

The no operating system found could be related to that or to the final step when you select the device to install the boot loader to.
Regarding that, am i meant to select the device (sda) or the boot partition of the device (sda1)? The guide shows the device itself, so i chose it, but just to be clear

No need to do it again
Good to know

Ill get back to here when ive reinstalled

Reply

Andrew February 13, 2010 at 11:29 pm

Hey thanks for this guide… unfortunately i am getting an error where it finds the UUID I put in but then it says attempting to resume from… with a UUID that is diff than mine.. it then says doing a normal boot… then just sits there…. nothing else.

any ideas?

Also did anyone;s install take like 2 hours? on a gen one macbook?

Reply

kriggins February 14, 2010 at 8:44 am

@pyros,

You select the device itself.

@Andrew,

That resume message is normal and shouldn’t be causing any issues. Is this happening after you have enter your LUKS key or before. I can’t speak to the gen one macbook specifically, but it does take quite a while for an install to finish on my laptop, even when I don’t write random data to the drive.

-Kevin

Reply

pyros February 14, 2010 at 9:02 am

Seems my first problem was an error with the bios – it was counting my usb drive as a hard drive, which pushed it down to second priority and so didnt boot.

After reinstalling, update-initramfs did work, so i have no idea what was wrong with it.

Many thanks for the assistance and the guide, i now have a smooth running OS on my USB stick

Reply

Andrew February 14, 2010 at 4:31 pm

Kevin, the resume msg is happening after i put in the key.. am i not waiting long enough.. also i skipped the writing random data part of the guide

Reply

kriggins February 14, 2010 at 4:47 pm

If you don’t get a can’t access device error then you should be okay. I’d give it a least a few minutes to boot just to see if that’s the problem.

Kevin

Reply

Andrew February 14, 2010 at 5:28 pm

Ok tried again… it says boot from dev (blah, blah) then my UUID..
then asks for key…. enters fine
kinit: name_to_dev_t( blah/blah/ NOT my uuid)
resuming from (also not my UUID)
no resume file found
starting normal boot
then nothing

ive let it sit now for 15 mins.. nothing

Reply

Andrew February 14, 2010 at 5:57 pm

OK booted into a vmware backtrack session to try to repair
after running the hashalot and lvm updates i ran
#cryptsetup luksOpen /dev/sdb pvcrypt
Enter LUKS passphrase: (my password)
Command failed: No key available with this passphrase.

Reply

Andrew February 14, 2010 at 6:01 pm

never mind last comment it needed to be sdb5.. ok now im checking the uuid in the script to make sure that isnt the issue

Reply

Andrew February 14, 2010 at 6:26 pm

here is my pvccrypt

PREREQ=”udev”

prereqs()
{
echo “$PREREQ”
}

case $1 in
# get pre-requisites
prereqs)
prereqs
exit 0
;;
esac

/bin/loadkeys -q /etc/console-setup/boottime.kmap.gz
modprobe -Qb dm_crypt
modprobe -Qb sha256
modprobe -Qb aes_i586
modprobe -Qb xts

# The following command will ensure that the kernel is aware of
# the partition before we attempt to open it with cryptsetup.
/sbin/udevadm settle

sleep 10

if grep -q splash /proc/cmdline; then
/bin/chvt 1
fi
/sbin/cryptsetup luksOpen /dev/disk/by-uuid/eef9d0f6-88a6-4341-847a-48587882a3af pvcrypt

Reply

kriggins February 15, 2010 at 9:24 am

@Andrew,

That file looks good. One thing you can try is to change the /dev/disk… line to be /dev/sdb5 and see if that works. It definitely shouldn’t sit for 15 minutes.

I have had several people who, for whatever reason, have had problems with their first install, but starting over has worked. Something to consider.

Kevin

Reply

John February 15, 2010 at 3:02 pm

Hi,

After enable encryption the BT installer run but close in the 3rd screen (Prepare disk space) without notice.

I start from scratch and the same happens. Any idea? (Lenovo 3000 N200)

Regards

Reply

kriggins February 15, 2010 at 6:59 pm

@John,

I don’t know what might be causing that behavior. Maybe try a different USB thumb drive.

-Kevin

Reply

3616833 January 9, 2011 at 4:15 pm

Hi,

I’ve got exactly the same problem, I’ve rebooted my computer and checked its not a corrupt file, the 3rd screen shows fine if my encrypted drive isn’t plugged in but as soon as it is the screen disappears.

Regards

Reply

3616833 January 10, 2011 at 3:29 pm

Hi again,
i solved it, i just restarted the tutorial after formatting the drive and it seems to be working fine.

Reply

John February 15, 2010 at 8:51 pm

Hi,

Iam trying to do with HDD no USB.

Error: the kernel is unable to re-read the partitiontable…. vg-swap

regards,

Reply

kriggins February 15, 2010 at 9:11 pm

@John,

You might try performing the initial partitioning step. Rebooting, installing lvm2 and hashalot and then encrypting the device and creating the logical volumes.

Not sure why you would be getting that error on vg-swap since it isn’t a partition, but a logical volume.

-Kevin

Reply

john February 15, 2010 at 9:44 pm

Hi,

thx for reply. this laptop is using Hitachi HDD (HTS54168). According to System>Gparte>Show features

linux-swap Read, Check, Label (not available)
ext2/ext3 are ok.

any ideas?

Reply

John February 16, 2010 at 12:03 am

Hi,

It seems there’s an issue when creating root logical volumen:

pvcreate /dev/mapper/pvcrypt
Physical “volume /dev/mapper/pvcrypt” successfully created
vgcreate vg /dev/mapper/pvcrypt
Volume group “vg” successfully created
lvcreate -n swap -L xM vg
/dev/cdrom3: open failed: Read-only file system. # this is normal
Logical volume “swap” created.
lvcreate -n root -L xG vg
/dev/cdrom3: open failed: Read-only file system. # this is normal
Logical volume “root” created.

After i created swap logical volume i use “vgdisplay” to see the “Free PE” available, so i used “lvcreate -n root -l yyy vg” instead. Replace “yyy” with Free PE

I still have to finish the gui install … i’ll let you know of any issues.

Regards,
J

Reply

marcel February 16, 2010 at 8:14 am

im not sure which thumdrive to down load back track to, which one to do the partition on, and which one to instal it on. please get back to me asap i really want to try this sofeware.

Reply

kriggins February 16, 2010 at 9:05 am

@marcel,

Careful reading of the how-to will provide you with all the answers you need, but, in short, you install Backtrack using Unetbootin to one device, boot from it and perform all other actions to the second device.

The first device can be 2GB or larger, but the second must be at least 8GB or larger.

Again, read all steps very carefully, particularly when partitioning and installing the bootloader. These two steps can cause your system OS to not boot if done incorrectly.

-Kevin

Reply

John February 17, 2010 at 3:58 pm

Hi,

Everything is working fine! Thx for this great tutorial!

One thing i have noticed is that “creation of a second account” (non-root) is skipped? installer jump from step 4 to 7.

i guess after BT is installed i just create a regular account using: “adduser useraccount” … right?

Best regards,
J

Reply

kriggins February 17, 2010 at 4:37 pm

@John,

You can add a non-admin account if you want just like you indicate. For Backtrack and the uses I have for it, I just run as root.

Kevin

Reply

Matthew February 19, 2010 at 7:33 am

When doing “update-initramfs -u” at the end. I got the “update-initramfs is disabled since running on a live CD”. What do I do then? Thanks!

Reply

kriggins February 19, 2010 at 7:51 am

@Matthew,

It looks like you missed the chroot step. Go back to that point in the how-to and repeat all the steps after chrooting.

Kevin

Reply

Derek February 19, 2010 at 3:33 pm

OK, I finally got the LUKS part to work, but after saying “Command successful.”, it dumps:

Gave up waiting for root device. Common problems:
– Boot args (cat /proc/cmdline)
– Check rootdelay= (did the system wait long enough?)
– Check root= (did the system wait for the right device?)
– Missing modules (cat /proc/modules; ls /dev)
ALERT! /dev/mapper/vg-root does not exist. Dropping to a shell!

…and then I get a (initramfs) prompt.

Any ideas?

Reply

kriggins February 19, 2010 at 3:53 pm

@derek,

It looks like maybe the lvm modules didn’t get copied into the initrd image. You might try the troubleshooting options at the bottom of the post and redoing the apt-get install lvm2 and update-initramfs commands.

-kevin

Reply

Derek February 19, 2010 at 10:29 pm

Thanks Kevin, you were right – my lvm2 install was fubar’d the first time around, but I started over and got it right and now everything is running smooth. Truly excellent write-up and support! We all appreciate the help!!

Reply

tobias February 20, 2010 at 12:13 pm

Hi,

First thanks for this gread tut
!I’ve installed all but when I try to boot is just says

Searching for Boot Record from USB RMD-FDD…OK
GRUB

And at this point nothing happens…
Can anybody help my?

Tobias

Reply

Aco February 21, 2010 at 8:24 pm

At last installation step (running install.sh) after running up to about 25% progress, installation crashes with Errno 5, saying there is not enough space left on USB. After trying to re-initiate install, I figure that I cannot assign boot for /dev/ as per screenshot (as it is probably already written).

Will be figuring out with smaller USB, as my 8Gb takes 2-4 hours to execute dd command, and about 2 hours last time for installation.

Reply

kriggins February 22, 2010 at 6:17 am

@tobias,

In my experience, this often happens when the wrong device is selected for the bootloader to install to. This is the last step in the install.sh script. Make sure you select the right boot device.

@aco,

A full install requires 6.5 GB or so. You will not be able to use this method with a smaller USB thumb drive. Double check your partition sizing. It seems like maybe you are not using the entire disk as described in the howto. Alos, you only have to do the dd step once. I’m not sure what you are asking about with the assign boot question.

-Kevin

Reply

tobias February 22, 2010 at 8:05 am

Hi,

I tried it now twice and I dont think that its because of selecting the wrong device…
I will install it again now to make shure its the right device!

But is there any other possible reason for this??

Tobias

Reply

kriggins February 22, 2010 at 5:00 pm

@Tobias,

I’m not sure what might be causing this if it isn’t due to the wrong device being picked.

If you can post the contents of /boot/grub/menu.lst and fdisk -l /dev/sd, I will check to see if I see anything obvious.

-Kevin

Reply

wh_hrb February 23, 2010 at 12:21 am

Why do you want to use the usb disk 8G. Bt4 now only 1.5g of the dvd iso file

Reply

kriggins February 23, 2010 at 6:27 am

@wh_hrb,

You need that large of a disk because of the updates that will be installed and the encryption step. You really need it if you use the new method of full disk encryption that is referenced at the very top of the how-to.

If you are just putting Backtrack on USB device and aren’t worried about persistence, then all you need is a 2GB drive.

-Kevin

Reply

tobias February 23, 2010 at 7:16 am

Hi,

I will post the results when Ive finished the installation…
I found a difference to your installation after choosing the manual part at the top there are also 2 parts of my hard disk.:
dev/hda
dev/hda1 ntfs
free space

and after that comes the “normal” part.
May this cause my problems?

tobias

Reply

Tobias February 23, 2010 at 9:18 am

menu.lst:

# By default, boot the first entry.
default 0

# Boot automatically after 30 secs.
timeout 30

vga=0x317image=/boot/grub/bt4.xpm.gz

title Start BackTrack FrameBuffer (1024×768)
kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quie
t vga=0x317
initrd /boot/initrd.gz

title Start BackTrack FrameBuffer (800×600)
kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quie
t vga=0x314
initrd /boot/initrd800.gz

title Start BackTrack Forensics (no swap)
kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent rw vga=
0x317
initrd /boot/initrdfr.gz

title Start BackTrack in Safe Graphical Mode
kernel /boot/vmlinuz BOOT=casper boot=casper xforcevesa rw quiet
initrd /boot/initrd.gz

title Start Persistent Live CD
kernel /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet
initrd /boot/initrd.gz

title Start BackTrack in Text Mode
kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent textonl
y rw quiet
initrd /boot/initrd.gz

title Start BackTrack Graphical Mode from RAM
kernel /boot/vmlinuz BOOT=casper boot=casper toram nopersistent r
w quiet
initrd /boot/initrd.gz

title Memory Test
kernel /boot/memtest86+.bin

title Boot the First Hard Disk
root (hd0)
chainloader +1
### BEGIN AUTOMAGIC KERNELS LIST
## lines between the AUTOMAGIC KERNELS LIST markers will be modified
## by the debian update-grub script except for the default options below

## DO NOT UNCOMMENT THEM, Just edit them to your needs

## ## Start Default Options ##
## default kernel options
## default kernel options for automagic boot options
## If you want special options for specific kernels use kopt_x_y_z
## where x.y.z is kernel version. Minor versions can be omitted.
## e.g. kopt=root=/dev/hda1 ro
## kopt_2_6_8=root=/dev/hdc1 ro
## kopt_2_6_8_2_686=root=/dev/hdc2 ro
# kopt=root=UUID=a76c7835-eb6f-459f-a891-496f16bc00eb ro

## default grub root device
## e.g. groot=(hd0,0)
# groot=a76c7835-eb6f-459f-a891-496f16bc00eb

## should update-grub create alternative automagic boot options
## e.g. alternative=true
## alternative=false
# alternative=true

## should update-grub lock alternative automagic boot options
## e.g. lockalternative=true
## lockalternative=false
# lockalternative=false

## additional options to use with the default boot option, but not with the
## alternatives
## e.g. defoptions=vga=0x317 resume=/dev/hda5
# defoptions=vga=0x317

## should update-grub lock old automagic boot options
## e.g. lockold=false
## lockold=true
# lockold=false

## Xen hypervisor options to use with the default Xen boot option
# xenhopt=

## Xen Linux kernel options to use with the default Xen boot option
# xenkopt=console=tty0

## altoption boot targets option
## multiple altoptions lines are allowed
## e.g. altoptions=(extra menu suffix) extra boot options
## altoptions=(recovery) single
# altoptions=(recovery mode) single

## controls how many kernels should be put into the menu.lst
## only counts the first occurence of a kernel, not the
## alternative kernel options
## e.g. howmany=all
## howmany=7
# howmany=all

## should update-grub create memtest86 boot option
## e.g. memtest86=true
## memtest86=false
# memtest86=true

## should update-grub adjust the value of the default booted system
## can be true or false
# updatedefaultentry=false

## should update-grub add savedefault to the default options
## can be true or false
# savedefault=false

## ## End Default Options ##

splashimage=a76c7835-eb6f-459f-a891-496f16bc00eb/boot/grub/splash.xpm.gz

title Ubuntu 8.10, kernel 2.6.30.9
uuid a76c7835-eb6f-459f-a891-496f16bc00eb
kernel /boot/vmlinuz-2.6.30.9 root=UUID=a76c7835-eb6f-459f-a891-496f16b
c00eb ro vga=0x317
initrd /boot/initrd.img-2.6.30.9
quiet

title Ubuntu 8.10, kernel 2.6.30.9 (recovery mode)
uuid a76c7835-eb6f-459f-a891-496f16bc00eb
kernel /boot/vmlinuz-2.6.30.9 root=UUID=a76c7835-eb6f-459f-a891-496f16b
c00eb ro single
initrd /boot/initrd.img-2.6.30.9

title Ubuntu 8.10, memtest86+
uuid a76c7835-eb6f-459f-a891-496f16bc00eb
kernel /boot/memtest86+.bin
quiet

### END DEBIAN AUTOMAGIC KERNELS LIST

Reply

Tobias February 23, 2010 at 9:20 am

fdisk -l /dev/sda:

Disk /dev/sda: 8036 MB, 8036285952 bytes
255 heads, 63 sectors/track, 977 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x000af478

Device Boot Start End Blocks Id System
/dev/sda1 * 1 14 112423+ 83 Linux
/dev/sda2 15 977 7735297+ 5 Extended
/dev/sda5 15 977 7735266 83 Linux

Reply

I_Z February 23, 2010 at 4:19 pm

Ive got it all working perfectly – i only have one problem.

On any computer except that which i originally set the USB/OS up on (lets call this laptop 1 for now), luksOpen wont accept my passphrase on bootup, ie if i tried it on laptop 2, i would get an error with something along the lines of passphrase does not exist, whereas it will accept it and boot perfectly on laptop 1.

The local-top script itself points to the disk UUID so im relatively sure it isnt pointing to the wrong drive and not finding the passphrase, unless this changes with computer (i dont have much experience in partitioning although i presume this does not happen).

Reply

Mike Smith February 23, 2010 at 10:45 pm

cryptsetup error:

cryptsetup -y –cipher aes-xts-plain –key-size 512 luksFormat /dev/sdb5

Result: overwrite:YES

Command failed: Can not access device

Everything is find until I issue this command.

dd if=/dev/urandom of=/dev/sdb5

Thanks,

Mike

Reply

Source February 28, 2010 at 5:50 am

Please!
Help me)
my system during boot gives me a message:
Give up waiting for root device.Common problems:
-Boot args cat /proc/cmdline
-Check rootdelay = (did the system wait long enough?)
-Check root = (did the system wait for the right device)
-Missing modules (cat /proc/modules , ls /dev)
ALERT!: /dev/mapper/vg-root does not exist. Dropping to a shell

Reply

kriggins February 28, 2010 at 3:05 pm

@source,

It looks like LVM didn’t get installed right after chrooting. Try the recovery steps at the end and do the apt-get install portion again.

-Kevin

Reply

Aaron February 28, 2010 at 1:04 pm

Worked great for me… Thanks for the guide!

Reply

kriggins February 28, 2010 at 3:06 pm

@Aaron,

Awesome. Glad it worked ans you are welcome.

-Kevin

Reply

Tobias March 1, 2010 at 2:03 am

cant anybody help me with my problem?
Ive posted the menu.lst and the result of fdisk -l /dev/sda.

The system doesnt boot:

Searching for Boot Record from USB RMD-FDD…OK
GRUB

And at this point nothing happens…

Tobias

Reply

Erik March 2, 2010 at 12:31 pm

hi
I would like to know how uoy do if you want to restore your usb thumb drive to original if you dont want backtrack or just want to start over again

//Erik

Reply

Kevin March 2, 2010 at 4:23 pm

Give up waiting for root device.Common problems:
-Boot args cat /proc/cmdline
-Check rootdelay = (did the system wait long enough?)
-Check root = (did the system wait for the right device)
-Missing modules (cat /proc/modules , ls /dev)
ALERT!: /dev/mapper/vg-root does not exist. Dropping to a shell

I am getting the same error as above. I have gone through the recovery steps a few times with no luck. I have followed the directions (three times now) and still the same results. Ideas? I hate to lose…lol

Reply

max3d March 3, 2010 at 4:07 am

It finally worked and the BT4 got installed onto a flashdrive.

Thank you for support!

Reply

Trikketto March 3, 2010 at 12:05 pm

Same problem as Kevin and Source.
Just type on prompt:
cryptsetup luksOpen /dev/[your logical partition] pvcrypt
and your passfrase
When is ok, type exit and the system will boot.
I’m new in linux, any idea to fix this?

Reply

Kevin March 3, 2010 at 12:50 pm

@Trikketto

That allows me to boot from the drive from the shell…. very odd. It appears the drive is simply not going through that command or the decrypt process is taking too long and it is timing out? Yes, that is a question 🙂

Reply

igrowstuff March 3, 2010 at 3:03 pm

@Kevin

I went through the steps above and had the same problem as you.

I booted back into the live environment and went back through the troubleshooting steps. I found that despite doing the wget for the initramfs-modules file I did not have the two aes_i586 xts modules within the file. I added these and then ran update-initramfs -u.

Everything now works as required.

Hope this is of help 🙂

Reply

Trikketto March 3, 2010 at 7:41 pm

@Kevin
Ok dude, check the UUID in the second script
on
/etc/initramfs-tools/local-top.
Mybe is wrong 🙂

Reply

firingforeffect March 5, 2010 at 5:44 am

Thanks for the great install write-up. I just got this working last night on a new 8GB memory stick. The install went smoothly, and I can boot up on the stick, unlock the volume, and log in. The system, however, is ridiculously slow. A quick look at top shows 100% wa usage when executing nearly any command. This indicates the system is waiting for an i/o operation to complete. I’m wondering if there is something that needs to be tweaked to get the usb drive writing at acceptable speeds. As of right now, the system is nearly unusable due to the slow write speeds.

Reply

kriggins March 9, 2010 at 8:17 am

@firingforeffect,

I haven’t noticed significant slowdowns. Is it possible you are plugged into a USB 1.1 port? The only other thing I can think of is that the stick is faulty.

-Kevin

Reply

Bizzle March 5, 2010 at 3:35 pm

Nice guide. I am however having a little trouble. When issuing the ‘lvcreate’ commands, I don’t get the messages saying ‘open-failed: read-only file system’. Then when I get to the install it thinks vg is on my hard drive or something instead of on the usb drive. Any suggestions would be appreciated.

Reply

kriggins March 9, 2010 at 8:16 am

@bizzle,

Did you get things working? If not, the open-failed message doesn’t always happen. Can you provide a screen shot or list of the devices that the install.sh script sees. I might be able to guide you with that info.

-Kevin

Reply

Kevin March 8, 2010 at 7:06 am

@Trikketto

I checked the script… the UUID matches 🙁 I can get the system to boot, but I do have to drop to a shell then unlock the partition with a manual command instead of it doing it automatically… sigh. I will keep at it a bit.. I hate when I can not solve a problem… still taking suggestions.

Reply

Kevin March 8, 2010 at 7:19 am

OK….

I walked away from it for a couple days and tried again…. when issuing the command update-initramfs -u, now i get this error

cyptsetup: WARNING: invalid line in /etc/crypttab –
cyptsetup: WARNING: invalid line in /etc/crypttab –

yes, twice…. here is the contecnt of that file

#

ideas????????

Reply

Qwafzefoni March 8, 2010 at 7:41 am

These tutes of yours have been my starting point with new BT installs for at least 2 years now. They’re brilliant; clear, concise and yet providing a little more background where needed.

Sadly, though, mine has suddenly b0rked! I’m thinking I may go through it all again – no big loss since I save nearly nothing on there anyway; my only concern is, of course, avoiding a repeat.

Here’s what happens:

I boot, I’m prompted for the passphrase of my encrypted home directory, and then get the message

Error: Volume slot unavailable

What would be the correct way to troubleshoot this, anyone? I’m not sure whether it’s a case of a mount point not being freed (last shutdown was normal and clean, though). The error seems to relate to the encryption software and how it handles the containers it creates, and their mappings, but to be honest too many components in the mix here for me to figure it out unguided.

Many thanks, regardless of any assistance – the write-up is still great!

Reply

Kevin March 8, 2010 at 7:43 am

I can’t explain it, but i reboot after I got the errors and it worked fine…. heh.. go figure.

Thanks everyone fro your help !!

Reply

Qwafzefoni March 8, 2010 at 7:54 am

Please ignore my previous request for help.

I’ve just noticed how I managed to confuse two of kriggin’s articles – thankfully only at the point of looking for help;I’m fairly confident I only used one when configuring!

The method I used was the TrueCrypt-based article, and kriggins specifically mentions that issues with device names might well cause this to happen when moving from one machien to the other.

Omni-kudos.

Reply

kriggins March 9, 2010 at 8:14 am

@Qwafzefoni,

Glad you figured it out and thanks for the kudos.

-Kevin

Reply

iops March 14, 2010 at 4:29 pm

@Kevin & others: if you receive error ALERT!: /dev/mapper/vg-root does not exist. Dropping to a shell … it means that you did not perform apt-get install hashalot lvm2 after you chroot’d to the USB drive. Without these programs you will not be able to open the encrypted volume when you boot using the usb drive.

Reply

hash420 March 15, 2010 at 4:12 pm

After a full day dealing with this on 2 laptops i almost got it!
but I get the same error and droped to shell busybox like ‘iops’

“ALERT!: /dev/mapper/vg-root does not exist. Dropping to a shell”
like some ppl up here…

i ran the trublshooting thing again from live cd and no luck!

HELP!

Reply

Hash(&alot)420 March 15, 2010 at 4:38 pm

Hurey!!! @igrowstuff

thanks@ u advise solved it!

it booted
after 24 hours of trying (damit!) Kevin tnx for all ur help! (on the other post as well)
hope this will help other ppl.

one Q doh… I made the swap 200M and the USB is 16G when i try to open the encrypted folder doh its unlocked I get an error and also will I only have 200M to run BT4? where does it all go (Im preety sure it get encrypted in the logical partition & then again – I DONT KNOW) .

Cheers!

p.s: Bill gates hes cencer and he is dead… so is bush =]

Reply

R3za March 17, 2010 at 3:28 am

Hi all,

Got same problem with Mike Smith (see post #13)

cryptsetup error:

cryptsetup -y –cipher aes-xts-plain –key-size 512 luksFormat /dev/sdb5

Result: overwrite:YES

Command failed: Can not access device

Any solution?

Reply

kriggins March 17, 2010 at 8:45 am

@R3za,

This is usually one of few things.
1. Somehow the device had gotten mounted. I have had this happen a couple times. No real explanation for how it happens, but it does.
2. Double check the device name. The how-to uses sdb, but yours may be different.
3. The partition table did not refreshed in memory after being written to the drive or it just didn’t take. Verify the partition table is correct.

Kevin

Reply

Lance March 18, 2010 at 4:16 am

Thanks for a great tutorial! I’d like to share a couple of quick points that I’ve discovered, if I may. Mind, I was performing an encrypted install to a hard disk (/dev/sda) but the experiences may useful.

1) When creating the root partition, you can use the -l 100%FREE option to use the entire available space within the volume group.

2) The kernel apparently doesn’t load the new filesystem you create with fdisk until you reboot. So the cryptsetup command will fail until that point.

3) Ubiquity will die as it attempts to load the partition tool (dmesg will show a mount error) unless you first format the /dev/sdb1 partition (100 megs, used for the key) via the mkfs.ext3 /dev/sdb1 command.

4) If, after doing those steps, the “Prepare Disk Space” window never appears and you went directly into the “Prepare partitions” view… you mounted /dev/sdb1 at some point, and it won’t be available for you to use in the installer – it seems that the ubiquity installer doesn’t like that. umount it and try again.

5) The system choked when I attempted to format the drives in the partition tool. Therefore, I told it not to format (given, as you note, that it’s already been formatted). This seems to have resolved (well, bypassed) the issue.

After that, everything works great. Thanks for the tutorial!

Reply

kriggins March 18, 2010 at 6:50 am

@Lance,

Thanks for contributing to the how-to with your tips, particularly the -l 100%FREE.

I will offer that most of the problems you mention are not issues all the time, but occur in some cases. Either way, great help.

-Kevin

Reply

kurtdriver March 19, 2010 at 9:01 pm

This is great and I’m going to start in on it a couple of days. You’re booting from Backtrack4 to do all this? The first image, Unetbootin.jpg, has the usb key as drive I: Again, thanks.:)

Reply

Warlockzzz March 20, 2010 at 3:31 pm

Strange, after folling this guide completely and booting the usb key…
I get a black screen with no information on it and no error message.
One of you guys know what is wrong?

Reply

George March 21, 2010 at 4:33 am

Hi how to fix this ??? I use Micro SD HC 8GB

root@bt:~# pvcreate /dev/mapper/pvcrypt
Physical volume “/dev/mapper/pvcrypt” successfully created
root@bt:~# vgcreate vg /dev/mapper/pvcrypt
Volume group “vg” successfully created
root@bt:~# lvcreate -n swap -L 512M vg
Insufficient free extents (91) in volume group vg: 128 required <—–No create
root@bt:~# lvcreate -n root -L 7.3G vg
Rounding up size to full physical extent 7.30 GB
Insufficient free extents (91) in volume group vg: 1869 required<——- no create
root@bt:~# mkswap /dev/mapper/vg-swap
/dev/mapper/vg-swap: No such file or directory<——— ? why
root@bt:~# mkfs.ext3 /dev/mapper/vg-root
mke2fs 1.41.3 (12-Oct-2008)
Could not stat /dev/mapper/vg-root — No such file or directory<——why?

The device apparently does not exist; did you specify it correctly?

Reply

Warlockzzz March 21, 2010 at 7:55 am

@George :
You forgot : cryptsetup luksOpen /dev/sdb5 pvcrypt
after : cryptsetup -y –cipher aes-xts-plain –key-size 512 luksFormat /dev/sdb5
That is before everything you posted.

Reply

Cezary March 21, 2010 at 8:43 pm

What I need to set the partition size to 4 GB flash drive? because I have a problem with the 4 final stage of installation. I can continue with probably the wrong size of either partition, but the installation of up to 30% lasted “only” 1 hour and canceled a. Thank you for your reply.

Reply

Michael March 23, 2010 at 11:17 am

Kevin,
First of all, thanks for taking the time and putting together such a detailed tutorial. I was working my way through yesterday, but after the system installation was complete on my usb drive I had to shut down for the day. Now that I’ve restarted bt4 this morning (via live cd) at what point do I pickup at the tutorial?

I tried continuing at “vol_id /dev/sdb5” but when I get to “mount /dev/mapper/vg-root /mnt/backtrack4” I get ‘special device… does not exist.’

Reply

Michael March 23, 2010 at 4:22 pm

Got it. Forgot to run “cryptsetup luksOpen…’
Works like a champ!

Reply

Chris March 24, 2010 at 1:42 pm

I would like to thank you for this tutorial. After several attempts, I have finally got Backtrack working on an 8GB Cruzer (using it now to post this). I do notice that it is running a little laggy, but it’s manageable for what I am using it for.

Reply

Kalle March 25, 2010 at 7:35 pm

Finaly found the the problem with entering the password during boot!

There is a problem in ubuntu 8.10 with special character in passphrase this only applies when unlocking during boot. It works perfectly if you boot from the live cd and then unlocks.

I just booted from the CD and entered a second passphrase with luksAddKey to get it working

Reply

kriggins March 28, 2010 at 8:03 am

Sorry for being MIA for a bit.

@kurtdriver,

Yup, booting the Backtrack first is the easiest way to accomplish this.

@warlockzz

Thanks for stepping in and helping George. I assume you got things working.

@Cezary,

I’m not sure what you are asking. The install does take a long time and I do now recommend using an 8GB drive.

@Chris and @Mike,

Great! Glad it is working.

-Kevin

Reply

acehacker March 31, 2010 at 3:44 am

hey i need your help!!
i’m a newbie in this stuff. i’m trying dis with the final edition and when i type this:
cryptsetup -y –cipher aes-xts-plain –key-size 512 luksFormat /dev/sdb5 and YES phrase i get
Command failed: Can not access device what should i do? till this step everything goes fine.
thanx in advance

Reply

rosswindows April 1, 2010 at 10:10 am

Yup, I’m getting the same problem as acehacker. I’ve tried it on multiple machines and always get the same message at that step. Any thoughts?

Reply

rosswindows April 5, 2010 at 10:41 am

I figured out the problem. I don’t know if you want to call this a noob error or just plain stupid but…

@ acehacker
Read the how-to again specifically under Tools and Supplies, #2
“A Backtrack 4 DVD or an additional USB thumbdrive (minimum 2GB, must be Backtrack 4)”
The keyword here, is “additional”.
I solved the problem by using Nero to burn the bt4final.iso to a dvd, booted to that, then the usb will not be ‘busy’.

Reply

john April 7, 2010 at 5:12 pm

when i try to boot it i get an error saying ubntu 9.10 box is busy any advice irould apresiate it thanks

Reply

VashTheVicious April 8, 2010 at 1:49 pm

Well I get a few errors before it boot my ass into something of a shell.

/scripts/local-top/pvcrypt: LINE 1: PREREQ: Not found!
/scripts/local-top/pvcrypt: line 28: /bin/chvt: not found
/sbin/cryptsetup: Unknown action

Then…. the usual not waiting for root… good bye here is your shell.

and thats it.

Yes… lvm2 and hashalot is installed after i chroot the USB drive
along with mounting all the correct mounts (proc, sys, and devpts)

I am really clueless as to what is going on here.

Reply

Chris April 9, 2010 at 1:01 pm

Hey kriggins, I was just wondering what you think would be better. I am looking at putting Windows Vista, Ubuntu, and Backtrack 4 Final on my 250G HDD. I have Vista on the first 150G, was thinking of putting Backtrack on the rest and installing Ubuntu side-by-side with Vista. Do you think I will need to set primary sda3 100M, extended sda4 and logical sda5? I’m fairly new to Linux systems so I am not sure if I can just use GRUB in the primary boot partition Vista uses, or if I need to set the boot on sda3 for Backtrack alone. (Hopefully this makes sense) Any feedback is appreciated 🙂

Reply

Bubahlu April 10, 2010 at 11:16 pm

I have done everything “to the T” so far, other than installing on a 16gb flash drive, and when I get to the “mkswap /dev/mapper/vg-swap” part, I get a response of “bash: /sbin/mkswap: Input/output error”. I am fairly certain that this isn’t the same as your response omitted for brevity =P I get a similar error when attempting the “mkfs.ext3 /dev/mapper/vg-root” with the error being “bash: /sbin/mkfs.ext3: Input/output error”. It is frustrating to know that I am so close to being done, but seemingly so far. Any help is greatly appreciated.

Reply

Bubahlu April 11, 2010 at 12:12 am

Nvm, got it =D Rebooted, and for some reason worked fine after.

Reply

Eirik April 12, 2010 at 9:32 am

Hey!
First of all, I’ve got to say thanks for this awesome guide. After running into almost every problem mentioned here, I think I’ve reached the last one: I’m having problems installing hashalot and lvm2 after I chroot, ’cause when I try to boot from the usb stick, it asks me for LUKS passphrase, and it decrypts it successfully, but then it times out and drops to a shell.

When I try to apt-get install hashalot lvm2 after chroot, I get this:
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following NEW packages will be installed:
hashalot lvm2
0 upgraded, 2 newly installed, 0 to remove and 32 not upgraded.
Need to get 0B/375kB of archives.
After this operation, 1065kB of additional disk space will be used.
dpkg-preconfigure: unable to re-open stdin:
Can not write log, openpty() failed (/dev/pts not mounted?)
(Reading database … dpkg: error processing /var/cache/apt/archives/hashalot_0.3-5_i386.deb (–unpack):
failed in buffer_read(fd): files list for package `linux-image-2.6.30.9′: Input/output error
Errors were encountered while processing:
/var/cache/apt/archives/hashalot_0.3-5_i386.deb
Processing was halted because there were too many errors.
E: Sub-process /usr/bin/dpkg returned an error code (1)

Any idea as to what may be causing this? Thanks for all your help so far. I would never have come this far without your answers to the many questions in the comments.

Reply

newbie April 12, 2010 at 7:50 pm

hey guys. i just saw where some of yall are running into problems with the crypto thing. you have to install it either on a live cd or another USB and then the USB you are def using gets all the typing done to it. i used 2 USB the first was sdb and the second was sdc. when you do cryptsetup -y –cipher aes-xts-plain –key-size 512 luksFormat /dev/sdb5
i had to change the sdb5 to sdc5 and so on with the sdc. i hope this helps. hope i didnt confuse you to much

Reply

J April 15, 2010 at 1:45 am

Hi, Followed the guide and got everything up and running on an IDE hard drive, only problem is when i try access hda5, i get an error saying “Method “Mount” with signature “ssas” on interface “org.freedesktop.Hal.Device.Volume” doesn’t exist”, what can i do to fix this error? and is there a way to undo the networking starting at boot time?
Thanks
J

Reply

kriggins April 16, 2010 at 7:08 am

@John,

I’m not sure what is up with that error. Backtrack 4 is based on Ubuntu 8.1 not, 9.1.

@VashTheVicious,

It looks like the initramfs-tools files are not updated correctly. They are responsible for copying the files you need. I would boot with the troubleshooting steps at the bottom of the how-to and double check all the files you need to change in the initramfs-tools section.

@Chris,

First, Backtrack is based on Ubuntu so you might want to consider just having Vista and Ubuntu. That being said, GRUB can be used as the boot loader. It does require a bit of finagling which is beyond the scope of this how-to. There are several good ones on the net that show how to dual-boot linux and Vista/Windows 7 with Linux and GRUB.

Second, If you want to use encryption then yes, you will have whatever partitions that exist for Vista and then you will need a small primary boot partition and an extended partition.

@Eirik,

My only guess is that either the hashalot package is getting corrupted during download, it is corrupted on the update site or there is a problem with your USB drive. I was installing last weekend and the hashalot file was okay then.

@J,

I am not familiar with that error. The backtrack-linux.org forums might be able to help.
You can stop networking from starting automatically by executing:

/usr/sbin/update-rc.d -f networking remove

-Kevin

Reply

Eirik April 16, 2010 at 9:20 am

Thanks for your reply! It’s wierd though, ’cause I’m able to download and install hashalot and lvm2 just fine prior to chroot. I guess this is one of those problems that are easier to bypass by just starting over, than to spend hours dealing with. Thanks for your help, non the less.

Reply

Ion April 20, 2010 at 9:37 pm

excellent tutorial, it worked like a charm! currently writing this from my new c4mr0n-1.0 chip, this totally rawks!

only one thing : i left out the swap partition, since i’ve read it cripples the flash life… what do you think ?

Reply

merlyn April 21, 2010 at 1:47 pm

Hi there,

I have followed the instructions to the end but when I enter

update-initramfs -u

I get the message

update-initramfs is disabled since running on a live CD

How do I get it to update? Is there a work around?

Am trying to set up on a 8Gb usb drive, using acer ferarri and second usb key (2Gb) that backtrack4 is running from,

Please can anyone help or advise me what more info I can give you to help find a solution?

Reply

kriggins April 21, 2010 at 2:35 pm

@Ion,

Provided your system has a enough system memory and you don’t go nuts, you should be okay. I have run Backtrack without swap successfully before. The persistent method does so.

Another things you can do is modify the filesystem mount options to turn of atime updates.

@merlyn,

You have not successfully chrooted your system after the install finishes. This message occurs when you are still operating from the original 2GB booted Backtrack. Go back to the how-to and carefully read the chroot instructions.

-Kevin

Reply

sean April 22, 2010 at 5:43 am

i have followed all of the above and get boot issues.

here is what i get during boot:

Command failed: Can not access device
Gave up waiting for root device.Common problems:
-Boot args (cat /proc/cmdline)
– Check rootdelay= (did the system wait long enough?)
– Check root= (did the system wait for the right device?)
-Missing modules (cat /proc/modules: ls /dev)
ALERT! /dev/mapper/vg-root does not exist. Dropping to shell!

Reply

sean April 22, 2010 at 10:10 am

dont bother i fixed the problem by watchin the video whch has some extra commands which are not in the above tutorial dB)

Reply

James S. April 24, 2010 at 4:06 pm

is there any reason that i would repeatedly end up with an install which causes a Grub Error 17??? I’ve followed the instructions provided here to the letter multiple times. I’ve also followed the slightly different instructions in the video and have the same result. This is the fourth day I’ve spent on this and cannot for the life of me figure out what i’m doing wrong.

Please Help!
Thanks in advance

Reply

kriggins April 26, 2010 at 9:50 am

@james,

I have not had this problem nor has anybody else mentioned it.

You might try the forums at backtrack-linux.org.

-Kevin

Reply

charley April 28, 2010 at 9:43 am

I am having the same prob that sean had:

Command failed: Can not access device
Gave up waiting for root device.Common problems:
-Boot args (cat /proc/cmdline)
– Check rootdelay= (did the system wait long enough?)
– Check root= (did the system wait for the right device?)
-Missing modules (cat /proc/modules: ls /dev)
ALERT! /dev/mapper/vg-root does not exist. Dropping to shell!

I have gone through the tutorial twice, and this has happened both times. I ran the Live CD off of another USB, which was sdb, so I had to replace all your instances of sdb with sdc (which was the 8G). Everything seemed to go through alright until I tried to reboot, at which point, the above problem came up. Any ideas?

Reply

kriggins April 29, 2010 at 6:44 am

@charely,

Sean managed to resolve his issue by watching the video. All commands necessary to build the system are in the how-to, but the video might provide some clarity.

The problem you are having is usually indicative of the logical volume manager (lvm2) not being installed again after chrooting. Check out the how-to again and pay particular attention to the section after the install.sh script is finished running.

-Kevin

Reply

charley April 29, 2010 at 6:03 pm

@kriggins

thanks, following the video this time seemed to help – though im not sure why. I assume there is something in the video that is different from the article, though I haven’t combed through it to find the possible discrepency

or, lol, more probably, i have fat fingers and made a typo somewhere the last two times I tried :D.

anyway, thanks alot, works like a charm

Reply

Mala May 5, 2010 at 9:15 am

I’ve hit a snag… I messed something or other up, so I rebooted into the livecd and tried to mount the encrypted flash drive. However, the

mount /dev/mapper/vg-root /mnt/backtrack4/

fails for me with a “You must specify the filesystem type”. Specifying ext3 fails with dmesg returning:

VFS: Can’t find ext4 filesystem on dev dm-2.
EXT4-fs: Update your userspace programs to mount using ext4
EXT4-fs: ext4dev backwards compatibility will go away by 2.6.31
VFS: Can’t find ext4 filesystem on dev dm-2.
VFS: Can’t find ext3 filesystem on dev dm-2.

Apologies for my ignorance, I haven’t done much with lvm or crypto

Reply

Hugo May 13, 2010 at 9:50 am

Hello,

First thing first, I’m quite into computers but am a total noob

I’ve been trying to set “BT4 – Bootable usb Thumb Drive” a couple of times now to no avail.

I’ve followed the how to video,
also the written how to,
and the hak5 video as well which seems to be following to some extent the non encrypted persistent bootable usb how-to instructions (cf: youtube: hak5 backtrack)

Having clearly failed a couple of times before, I simply started again, I feel I’ve done it right the last 3 times and yet my key still won’t boot! 🙁

Here are the only three things (that i can see) which I believe may have gone wrong:

1- when running the graphical installer (ie: install.sh) my boot partition is of the type fat32 NOT ext (this has happened twice now and I can’t see why!) I DID follow the instructions to the letter, and after that have gotten what I deemed satisfactory outputs (ie: same as in video)
Nonetheless I still “used as : Ext3 file journaling system” etc…

2- when editing the scripts, it felt like my keyboard was acting up, nonetheless I got through it all (with some white ~ instead of blue ones) and some extra #s but once again the output was satisfactory

3- my usb is a 16gb imation perhaps its the hardware’s fault ?

I still have everything as is, in the hope that I don’t need to start all over again.

Thanks a lot,
and I still maintain that despite my difficulties, these how-to’s are great, and I’m starting to really like the whole Ubuntu etc community !

Hugo

Reply

Marvin May 18, 2010 at 2:15 pm

Am creating the bootable encrypted usb drive. I am in no way a Linux person. Starting to learn a little. There were 2 scripts to run. One of them needed the UUID added to it, /etc/initramfs-tools/scripts/local-top, and the other, /etc/initramfs-tools/modules file to add the encryption modules. I do not know how to find this file to edit it. I assume once I find it , I copy it to an editor, delete the file in the dir, modify it in the editor, and paste it back to the dir.

I created the boot disk, but it does not prompt for the luksOpen passphase.

Reply

Alex May 20, 2010 at 1:48 pm

Hi Kevin,

Thanks a lot for the excellent How-To.

I have a Question which is more speed-related than anything. I got a 16GB SanDisk USB pen drive, and formatted it as follow: 8GB primary partition (fat32) and the rest 8GB are exactly as your setup: 100MB for boot partition under /dev/sda2, then extended partition under /dev/sda3 then root and swap under /dev/sda5 (logical).

Everything seems fine except that it took about 3 hours to do the install (copying of files from the CD to the USB drive). I think it should not take more than 10 to 20 minutes. I did a transfer of the image of BT4 to the FAT32 (first partition), and the whole iso took 2 minutes and 50 seconds, so I know my key is OK (thats write average of 8.8MB/sec).

Is it because the partition is encrypted (I dont think so), or because its a logical one (again, dont think so), so some other factor?? Any ideas are appreciated. Thanks.

Reply

kriggins May 20, 2010 at 7:56 pm

@mala,

I’m not sure what is going on with your problem, but make sure you have executed the cryptsetup luksOpen command before you try to mount the vg-root partition.

@Hugo,

If the filesystem is showing as fat32 after you have partitioned and formatted it as ext3, something very strange is going on. I am not sure where to point you other than you might try booting, deleting all partitions and writing the partition table so the drive is blank, rebooting again and then try partitioning as in the how-to.

@marvin,

You should be able to edit the files in place with vi, nano or pico.

@Alex,

For whatever reason, it has always taken forever for the install.sh to finish. I think it is a function of the fact that we are writing to an encrypted volume and we are also decompressing a good bit of data during the install. The iso is 1.4GB, but the installed system takes almost 6.5GB.

Kevin

Reply

Alex May 20, 2010 at 9:34 pm

Kevin,

Oh I had the impression it took about 10 minutes or so from the clock in your video.. Also, with BT3, it was a matter of copying 2 folders, boot and bt, about 700MB, and we were almost set. I think this time it actually installs itself, plus the factors u mentioned makes it just slower. How long it took for your installation to finish?

I also noticed that copying from the CD takes longer than directly from another USB key.

Reply

Alex May 21, 2010 at 9:51 am

Am stuck. I followed the tut word by word, then I get:

ALERT! /dev/mapper/vg-root does not exist. Dropping to shell!

I rebooted, and entered all the commands needed and get stuck at the last one:

root@bt:/boot# mount -t devpts devpts /dev/pts
mount: mount point /dev/pts does not exist

So I ran apt-get upgrade and apt-get install hashalot lvm2

root@bt:/etc# apt-get install hashalot lvm2
Reading package lists… Done
Building dependency tree
Reading state information… Done
hashalot is already the newest version.
lvm2 is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 39 not upgraded.

which confirms they were run before I rebooted.

I also checked everything under /etc/initramfs-tools again, and everything was correct.

Am even sending this post form after I chrooted 😛

Reply

Alex May 21, 2010 at 2:35 pm

UPDATE:

Only way to get this working was to change that line to:

to /sbin/cryptsetup luksOpen /dev/sda5 pvcrypt

Not sure why it does not like that Vol_id even though its 100% correct (copy/pasted).

The OS boots fine, but I get hanging while using it. I think a faster USB flash with better read and write speeds would be much better option.

Reply

ray May 22, 2010 at 9:29 am

Hey mate, great work, exact same problem as cryptosond right now. Everything so far has been a charm up to this command.

Yeah, any help would be very much appreciated. Again, great work you’ve put into this 😀

Reply

ray May 22, 2010 at 9:31 am

Dammit. Been answered already, don’t know how I missed it.

Will try fix…

Reply

Hugo May 25, 2010 at 4:18 pm

Update:

haven’t retried the full process, but it would seem that it’s due to the usb key itself

seen as Karmic Koala won’t work on that usb key either !
(whereas it has on my other 4gig usb key )

as far as I can tell this wold mean that there exists usb keys on which the described BT$ installation process won’t work

in this case (and until further notice) don’t use:
Imation usb 2.0 Nanopro Flash Drive 16gb

(also it would seem that someone had an issue with a similar usb key in the closed down forum)

Hugo

Reply

Seth May 26, 2010 at 10:53 am

I finished the install, and it all went through fine. So first, thanks for the excellent tutorials. 🙂 However, when I first booted, it didnt accept the default root:toor combination. Which is fine, I changed the root pw using passwd, and it seems ok. I just wanted to make sure this is normal. Also, It seems to be running with a noticeable slowdown compared to the 2GB usb install. Is this normal because of the encryption?

Reply

kriggins May 31, 2010 at 6:31 am

@Alex,

Glad you got it working. USB drive speed is important along with making sure you are using a UBS 2.0 or greater port on your system. Encrypting does slow things down a bit.

I have had some issues using vol_id before, but it has always been rather random. Sorry I can’t be of assistance on figuring that out.

@ray,

Did you get things working?

@hugo,

Thanks for the info. I have had others mention that some thumb drives just don’t work.

@seth,

Running slower is normal as is there being no password set after install.

Kevin

Reply

mr_me May 31, 2010 at 9:24 am

works like a charm, thanks alot !

Reply

Alex May 31, 2010 at 11:43 am

Anyone (Kevin?) knows how I can backup /dev/sdb2 or /dev/sdb5 on the USB flash, if for example I have 2 USB keys (same size) and I would like to use the same configuration,etc on both keys so I would not have to reinstall everything from scratch??

I also rather have a backup I can just put back in case the OS gets corrupt or I lose my key and have another one ready…

Reply

Alex May 31, 2010 at 11:45 am

BTW, I grabbed one of the fastest USB drives around, the 32GB Corsair Flash Voyager GTR, it has write speeds of 28mb/sec and about 30mb/sec read, that thing is REALLY fast. It transfers 1.5GB of data in about 54 seconds, and it loads BT4 with the encrypted partition reallly quick. No hickups, no slowdowns. Its a bit pricey but with the speed and storage, its worth it IMO.

Reply

LoudMetal June 13, 2010 at 2:33 pm

Everything seems to be working fine until I get to the installation step. It starts, acts like it’s formatting the drives, then I get an error saying:

“The attempt to mount a file system with type ext3 in LVM VG vg, LV root at / failed. You may resume partitioning from the partitioning menu.”

I then have the option to “Go Back” or “Continue”, each of which takes me back to the partitioning menu.

I’m not sure what would be giving me a mounting error, any help would be greatly appreciated.

Reply

kriggins June 16, 2010 at 8:34 am

@LoudMetal,

I’m not sure what is happening here. Did you format the partitions before you started the install? I have seen forgetting to do that step cause problems before. You can also try to tell the install.sh script to not format the partition during install. See if that gets you past this issue.

-Kevin

Reply

LoudMetal June 16, 2010 at 11:33 pm

Thank you for the quick response.

After trying again, and looking into the problem some more, I believe it may be my flash drive that is giving me the problems. I’ll post again if/when I find a solution.

Reply

Wiseguy June 22, 2010 at 3:02 am

Hi Kevin,

Great tutorial, thanks! I also have a problem which makes me pull my hair out.. Ik have succesfully created the partitions on my 16 GB Corair GT drive and enabled encryption and mounted the partitions. No problems there..

However, i can’t get the installation to complete. It takes about 20 minutes to get to 50% and then my computer freezes! I’ve thried it 4 times at least and the best i could manage was 74%. Any thoughts what could be wrong? I managed to install backtrack 4 on the internal HDD before, so i don’t think it can be a hardware issue other than my flashdrive? I checked the ISO MD5 and that’s fine.

I read something above about the swap partition crippling the flashdrive? can you tell me more about that?

Thanks in advance!

Reply

Wiseguy June 23, 2010 at 1:28 am

I’ve solved the problem.. It seemed that my laptop got too warm during installation, that’s why it keeps on freezing. I’ve completed the installation on my desktop without any trouble! I”ve tested the USB drive on serveral machines and it works like a charme, fully encrypted 🙂

Thanks for the guide!

Reply

Stealth June 23, 2010 at 5:26 am

Kevin:

I just completed all steps and attempted to “pvcreate /dev/mapper/pvcrypt”
I got the error “Device /dev/mapper/pvcrypt not found or ignored by filtering”
Do you have any idea whats going on. I have done this before without a problem and it worked just fine. I would also note that I forgot to put in the UUID this time and had to do this all over. I just entered in the LUKS passphase successfully.

Reply

Stealth June 23, 2010 at 7:28 am

Kevin:

After researching this problem on the Internet, I decided to start all over and use the DD command to erase the whole usb and then I will format it again and start all over. Hopefully this will correct the problem with pvcreate and I will not have any problems with the other commands to create volumes groups. I will let you know if it works for anyone else that encounters the problem.

Word to the wise, TAKE YOUR TIME AND DO’NT RUSH!! Had I taken my time, I don’t think I would have had this new problem with the pvcreate command. I think it is a result of blocks left on the disks after I messed up not including the UUID number in the script.

Reply

Stealth June 23, 2010 at 7:56 pm

Kevin:

My ideas above all flat out failed. I am still getting the same error from my post above, do you have any idea what the problem may be.

Reply

Stealth June 23, 2010 at 7:59 pm

Oh, one more thought. There is no file or script by the name of pvcrypt located in the /Dev/mapper directory.

Reply

Stealth June 23, 2010 at 9:21 pm

I have been researching the Internet and the Control file located in the /dev/mapper appears to be some kind of device file. However, I do not know how it works and I am researching trying to get a clue as to why it no longer works. Before I crashed the disk, and had to start all over, I had gotten all the way to the end and the pvcreate command worked just find. As well as all the vg commands.

What do you suggest? What could possibly make the command no longer work? The bt4 installation is no a cd-r disk and should not be corrupted upon reboot. Therefore all files should be accurate and working as they were on the first install. The USB seems to be working find when I use it on the windows machine, I have once again reached the point of successfully entering the luks passphrase and attempting to create the volume groups.

Reply

Andrew July 2, 2010 at 4:04 am

Hey thanks for the tutorial its ausome! However im getting stuck at the point where you enter the following command:
cryptsetup -y –cipher aes-xts-plain –key-size 512 luksFormat /dev/sdb
right after this command i type YES and it tells me “command failed: cannot access device”

im using BT4 in VMware with a usb drive connected that im trying to install to

ANY help would be appreciated! Thanks!

Reply

Drew July 2, 2010 at 4:07 am

Im having a problem after I issue the following command:

cryptsetup -y –cipher aes-xts-plain –key-size 512 luksFormat /dev/sdb5

I enter YES and i get the following error

“Command failed: Can not access device”

Im using BT4 in VMware

ANY help would be greatly appreciated!!!

Reply

William July 5, 2010 at 11:09 am

Thanks for the great guide. I’ve successfully installed BT4 on my SanDisk Cruzer 16 GB Pendrive. It’s unbearably slow though. Does anyone here experience the same thing and/or got a fix for it?

Reply

Edvard July 6, 2010 at 1:42 am

Hello. I followed this tutorial with some small problems and at the end it didn’t work. Now I decide to do it without full encryption, but it shows that I have only 105MB (of 8GB) free space on USB. How to fix that?

Thanks.

Reply

bjidar July 12, 2010 at 12:13 pm

I tried to install it and now I have a problem I can not go into your windows

Reply

kriggins July 12, 2010 at 1:13 pm

@bjidar,

You likely installed the boot loader to the wrong drive.

Do a search for partition recovery tools and use one to get your boot partition straightened out for Windows.

-kevin

Reply

sk July 14, 2010 at 9:06 pm

hi, after i have go thru all the installation finally i go to reboot,after reboot it show me GRUB multiboot menu. i try to boot in ubuntu but it fail.
Any one know what step i have miss ? or any solution ?
Cause i have windows system in the hd and try to boot my backtrack in usb.
thanks

Reply

kriggins July 16, 2010 at 6:23 am

@sk,

What error message are you getting when you try to boot?

-Kevin

Reply

Gigs July 16, 2010 at 1:30 pm

Thanks for this. It worked well.

I installed BT4 to USB and actually got it to boot on my late 2009 macbook pro.

What I did was use EFI GPT partitioning type. I let MacOS do the initial partitioning of the USB disk to convert it to GPT, installed rEFIt on my system hard disk, then I started following your howto.

I used “parted” in linux when I got to the partitioning part of your tutorial. I blew away the EFI boot partition that MacOS made, and then made the 100MB and the other partition in parted. Other than it being sdb2 instead of sdb5 because it wasn’t DOS extended everything else was pretty much the same.

Note that if anyone tries this you may have to boot your macbook and then pick “reboot” from rEFIt to do a warm reboot before you can see your USB linux in the boot menu. Also don’t pick “synchronize partitions” in rEFIt under any circumstances… it breaks things for some reason. If you do accidentally, it can be fixed by slightly resizing your MAIN disk partitions from within MacOS. That restores the original partition configuration and the ability to boot BT4 from the thumb drive.

Once you get this right, you can boot this thumb drive on Mac or PC… either one works great. A truly portable copy of BT4. Thanks Kevin for your help.

Reply

kriggins July 19, 2010 at 8:51 pm

@Gigs,

Thanks for the kind words and the tips.

Kevin

Reply

JD July 25, 2010 at 8:28 pm

Would it not be best not to use a swap partition, to limit of the amount of writes on the SSD?

Source:
http://wiki.archlinux.org/index.php/SSD#Tips_for_Minimizing_SSD_Read.2FWrites

Reply

Davide July 26, 2010 at 12:05 pm

Hi, thank you for the guide, very detailed.

However, i’m getting this error http://img204.imageshack.us/img204/7514/errorkw.png after about 20 minutes after pressing the “Install” button.
I have followed your guide EXACTLY and did not get any other errors.
I did get a warning, not sure if it is related to the problem:

=============================================
root@bt:~# fdisk /dev/sdb

The number of cylinders for this disk is set to 14941.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)
=============================================

I’m using a 16GB usb flash drive.
I have also tried to make the usb flash drive bootable with UNetbootin, and that works. However, i’d like it to be persistent and use the disk encryption…

Please advice 🙂
Thanks in advance, regards Davide.

Reply

kriggins July 27, 2010 at 6:35 am

@JD,

Probably, been covered in previous comments. The how-to will be updated soon to mention this and also mounting the filesystem as ext2 to disable journaling for the same reason.

@Davide,

I’m sorry, but I don’t have any hints for you on that one. I have never come across it.

-Kevin

Reply

JD July 27, 2010 at 11:58 am

Why is an 8GB USB stick required? If an unencrypted BT4 can install onto a 2GB stick (all I have), or am I missing something.

Reply

JD July 27, 2010 at 12:01 pm

Sorry, I meant 4GB for the above comment.
Is it possible with this.

Reply

kriggins July 27, 2010 at 12:18 pm

@JD,

It has to do with the way the install works for the fully encrypted version. Essentially the entire distribution is expanded and copied to the USB drive. It takes about 6.5 GB. You can install and have an encrypted volume using the persistence method how-to on this site, but space becomes a real issue as you start up update things.

Kevin

Reply

Richy July 28, 2010 at 8:29 am

so this version isn’t persistent ? if not how would we make the full disk encryption persistent if at all possible

Reply

kriggins July 28, 2010 at 8:48 am

@Richy,

The install with full encryption does not use the persistence mechanism built into Backtrack. It is a full install on the USB drive which acts like a PC on a stick. So, yes, this is ‘persistent.’ Every thing you do will be saved between boots.

-Kevin

Reply

problem July 31, 2010 at 11:00 am

hey i have a problem at the installation part.

the error was

the attempt to mount a file system type ext3 at partition #1 scsi ‘/’ LVM VM vg, root has failed

the 2 option they give both bring me back to the formatting partition GUI installer step 5/7

please help me?

Reply

Eric August 3, 2010 at 11:28 pm

Hello,
Great guide! I was able to follow it all the way up to the part where I need to edit the script to point to the encrypted volumes. I’m not to sure on how to edit them or what I use to edit them or even the command to edit them. Your help with this would be greatly appreciated!
Thank you,
Eric

Reply

fitd August 9, 2010 at 9:59 am

First I want to say thank you for your complete and detailty discription how to create an encrypted file system and install backtrack on it. This guide helped me a lot.
I’ve installed it to my second ide harddrive with 14G (I’ve only usb1.0 here :D).
But after my bt installation, I made another installation (debian) and GNU/Debian did not detected my earlier backtrack grub-entry on the 14G hd. Debian wrote grub into my first harddrive so I can’t boot bt anymore.

I tried to add the entry from the first, working grub.config (I have a backup):

title Ubuntu 8.10, kernel 2.6.30.9
uuid 336ded4d-b9c3-49fa-8297-964b59c54de4
kernel /vmlinuz-2.6.30.9 root=/dev/mapper/vg-root ro quiet splash
initrd /initrd.img-2.6.30.9
quiet

I think the problem is, that “root” does not point directly to the second ide harddrive.
Have you an idea how I can add the Backtrack boot partition to grub(1) that it works again?

Thank you in advance and sorry for my horrible english.

Reply

Sickboy August 9, 2010 at 7:54 pm

Hi amazing guide

I encountered one problem although I think this is to do with using the newer R1 release iso instead of the older pre release one.

When creating the first (primary) partition, +100M is no longer enough. +120M however seems to work without any problems.

Cheers
Scott

Reply

kriggins August 9, 2010 at 9:03 pm

@Scott,

Thanks for the info. The how-to has been updated to reflect this change.

Kevin

Reply

Tim Tucker August 10, 2010 at 7:09 pm

Maybe it’s because I used BT4R1 and not just BT4, but even after skipping the swap partition to leave more space for root, after the install I had only a few hundred kB left. It wasn’t even enough to install hashalot and lvm2. ( That is of course on the recommended 8GB USB drive. ) I started the install on a generic 16GB drive I picked up because it was wicked cheap, but I think it would be faster to write all the 1s and 0s out by hand… If I can get the thing to boot I’ll start looking for things that can be removed without losing functionality. If I make any decent progress I’ll post again, and if anyone can point me in the right direction, I’d appreciate it. TT

Reply

kriggins August 10, 2010 at 9:02 pm

@Tim,

Thanks for the info. I just confirmed what you experienced with Backtrack R1. Updating the how-to in a few minutes to require a 16 GB drive.

Kevin

Reply

stumped August 11, 2010 at 1:32 am

Is there a way to reformat a drive once you’ve encripted it?when I partioned the lvm swap I accidentally left the “G” off at the end and ended up with an 8 meg partiton is there any way to undo this?

Reply

Soderstrom August 11, 2010 at 3:05 pm

Great guide! I managed to successfully install and boot backtrack 4 on my 16G thumb drive. The only problem is that I followed your guide exactly, and now I get an error saying that my root partition is full.

Because I have so much space left, I would like to know if there is some way to resize the /dev/mapper/vg-root partition without loosing any information or mess up everything so I have to start over?

———————

For all of you who get a warning message during fdisk about GPT structure on the USB thumb drive, there is a easy solution to this problem. Simply open gparted, delete all partitions on the sdb or what ever your drive is, then go to edit partition table and select msdos. Now the warning message is not there anymore and you can follow the guide doing all the steps in of making partitions with fdisk.

Reply

kriggins August 11, 2010 at 7:50 pm

@Soderstrom,

As long as you have space in the logical volume, you and use the lvextend command to extend a partition.

-Kevin

Reply

janus August 12, 2010 at 4:21 pm

Wow, great tutorial. Thanks a bunch for sharing.

I followed everything according to plan but when I try to reboot and enter the Luks passphrase I get the following error:

device-mapper: table: 253:0: crypt: Error allocating crypto tfm
Command failed: No key available with this passphrase.

Weird I thought since I know the passphrase is correct. Anyway, i booted through the LiveCd and ran the cryptsetup luksOpen command and was able to unlock it no problem. So the error must lie somewhere in building the initramfs no?
Darn. So close after all this time and yet so far.

By the way, @Andrew and @Drew up top. You’re getting the “command failed: cannot access device” error message probably because your device (sdb in this example) is already mounted. I had the same problem and was able to work around it by booting from the CD and making sure my USB drive was not mounted before running cryptsetup. Make sure through mtab and fstab that your USB drive isn’t being mounted. If it is just umount it. Hope this helps.

Now if anyone can help with my LUKS device mapper problem I’d really appreciate it.

Thanks

Reply

kriggins August 12, 2010 at 5:05 pm

@Janus,

That is usually an indication that there was a problem when the initrd image was built with update-initramfs. This particular error usually means that the correct encryption modules were not included in the initrd image. Try using the troubleshooting tips at the end of the how-to to get the system mounted and then double check the /etc/initramfs-tools/modules file. It must contain the lines

aes_i586
xts

to get the modules copied into the initrd image.

Kevin

Reply

kriggins August 12, 2010 at 5:06 pm

@Janus,

BTW – if you are using the R1 version, you may be hitting a space limitation issue on the boot partition. I updated the how-to a couple days ago to increase the boot partition to 120MB.

Kevin

Reply

janus August 12, 2010 at 5:53 pm

Kriggens,
Thanks for such a quick reply. I mounted the drive and the correct modules are there.
I saw your update and so space on the boot partition shouldn’t be a problem.

Ah well, maybe I’ll rebuild the initrd image and try again.

Reply

Dave August 12, 2010 at 7:18 pm

Hey Kevin,

Thanks for your continued efforts in keeping the guide clean and up to date. I’ve used it to set up many a drive 🙂

My current problem is only happening with the new R1. I partition and encrypt the drive as usual, but when I get to the ‘install.sh’ stage and go to ‘manual’ partition, ***Ubiquity does not recognize the partitions I set up with fdisk. I see /dev/’device’, but no partitions below it. I Double and triple checked with fdisk and cat /proc/partitions and they are there.

Now I have tried installing it on both an 8gb USB drive [that worked great with BT Final and your guide] and a 16gb SDHC. Neither would work, both having identical issues.

I tried reinstalling R1 live cd onto my thumb drive, no dice, then I tried doing it through VMware. Neither worked.

I then resorted to using Ubiquity’s partitioner to make the partitions. Then encrypting, etc, then installing. Now this did get fairly far, until it got to the end [94%] and tried installing GRUB and the boot loader. It would then crash. I did select my correct device name to install the boot loader on. I did this twice with the same result to make sure.

I am really running out of ideas here. I could go without encryption, but then I would rather just use the live CD. Any ideas on how to oversome this?

Thanks,
Dave

***Research also revealed others with the same issue:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/559110
However, the suggested fix does not work on Backtrack.

Reply

Dave August 20, 2010 at 7:36 pm

Ok, I have figured out the problem. Both drives I was working with had been formatted many times. Silly me, I thought that it being formatted in windows, then partitioned with fdisk would work. I could have swore that is what I had done in previous installs. It had FAT32, but maybe windows created a partition and made THAT partition FAT32 instead of making the entire device FAT32?

This time, I used “mkfs.ext3 /dev/device” to make the entire device ext3 before partitioning it with fdisk. Low and behold, ubiquity now recognizes my partitions. What a relief…

I recommend adding a ‘formatting’ step in the beginning just as a precautionary for all those who have formatted/wiped their devices erroneously.

Thanks again Kevin for taking the time to humor my issue 🙂

Reply

kriggins August 12, 2010 at 7:44 pm

@Dave,

Very interesting. I must admit that I have not verified the encrypted portion yet. I did a quick install with out encryption to check file space. I will probably not be able to get to until this weekend. I will let you know if a) I have the problem and b) figure out a way around it.

-Kevin

Reply

kriggins August 12, 2010 at 7:47 pm

@Janus,

Check out comment 58 for some other troubleshooting tips. The person who had that problem actually ended up starting over and had success.

-Kevin

Reply

janus August 13, 2010 at 10:02 am

kriggins,

Thanks again for your help. I followed the tips in comment 58 and I have found some things are missing. First some info. I’m using BT4 R1 and a sandisk cruzer 18GB. My kernel is therefore different than the one in your tips (2.6.30.9). Mine is 2.6.34.

1) I’m missing the xts module in tmp/foo/lib/modules/2.6.34/kernel/crypto/ and also no xts in my modules file either (strangely aes_i586 is fine on both counts). For some reason when my image gets built xts disappears. I imagine this could be the root of my problem so I’m going to redo those steps and rebuild the image.

2) I don’t have a pre-mount directory like in /tmp/foo/scripts/pre-mount/lvm2. Instead I have /tmp/foo/scripts/init-premount/lvm2 (lvm2 is obviously there). Was this a typo or should I have a directory named pre-mount?

Anyway, I’ll keep at it and let you know how I progress so others don’t have to go through this.

Reply

janus August 13, 2010 at 10:32 am

Yes! I’m writing this through my encrypted USB BT4 R1 so obviously my problem has been solved.

The problem was indeed with the xts module missing from the initrd image. Don’t ask me why, but it was missing so all I did was rebuild it, and the 3rd time was the charm. Now everything is working well although it seems to hang slightly sometimes when I’m writing this which I guess is due to me being used to a fast HD BT install and not a USB one.

Anyway, thanks again for your tutorial and your help. I love this blog so keep up the good work.

Janus

Reply

kriggins August 13, 2010 at 1:08 pm

@Janus,

Awesome! Glad you got it working.

Kevin

Reply

Dave August 16, 2010 at 4:42 pm

Kevin, Any luck on the issue?

Reply

kriggins August 16, 2010 at 7:15 pm

@Dave,

I ran into VirtualBox issues this weekend and have just gotten those sorted out. That is where I do all my testing. I am trying the install now. I will say that I have gotten some comments from folks where things worked fine for both USB installs and disk installs.

Kevin

Reply

kriggins August 16, 2010 at 8:16 pm

@Dave,

Ubiquity had no problem finding the partitions. I will offer that I have had a similar issue before if I did not format the partitions prior to starting the install.sh script. I didn’t think about that until I was doing this install. Everything else worked fine too.

Kevin

Reply

kriggins August 16, 2010 at 8:16 pm

@Dave,

Meant to include that I don’t have an 8GB USB drive handy. I will pick one up and see what happens.

Kevin

Reply

lakis August 17, 2010 at 12:36 am

well seems we need a slipstreamed version…. since now i have removed the dictionaries (useless in my netbook) ,x-chat , feed reader , foo printing support and got about 30MB free space in my 8GB SD.

its a pity in BT4 final we had more than 700MB free , i need to find what they added…

We need to free space , whoever finds big spaceconsuming applications tell us , 16GB are affordable yet!

Reply

Daniel August 18, 2010 at 6:38 am

Hi! I can’t boot from usb! I tried with Unetbootin, make usb bootable, than i reboot, open bios, set it to boot from usb zip, or hdd, and won’t worck! I’m running windows 7, and windows xp on my hard drive. 🙁 I’we broken my dvd cd-rom. So i have to boot it from usb! I tried another usb flash drive, same problem. It’s just doesent boot! Can you please help me? If you can, i need some details for it.

Thanks!
P.S.
Sry for ma english 😉 😛

Reply

kriggins August 19, 2010 at 8:14 pm

@Daniel,

I have not experienced this problem. Do you get any error messages or does it just not boot?

Kevin

Reply

DR. GONZO August 19, 2010 at 6:01 pm

Hello and a huge THANK YOU for a most EXCELLENT, easy-to-follow, and much-needed comprehensive tutorial! I successfully performed this procedure the first time and could boot backtrack 4 R1 on different machines from the stick-drive successfully. If this ol’ high-tech RedNeck (i.e. *me*) can do it, ANYone can! Thanks again for a kick-@$$ comprehensive how-to for us n00bs. I have been experimenting w/ many “live” Linux distros for years now, but only recently delved into terminal/command-prompt procedures, and I learned a lot from this exercise.

I have a significant concern however: I used a 16G Toshiba TransMemory stick-drive to install Backtrack 4 R1 on, and again it boots successfully. However, I set the root partition to 7.3G as mentioned in your guide. I’m wondering if I should have tried something more like 15.5G instead (since you mentioned at the beginning that there’s very little space left over on an 8G drive with BT4 R1). If so, is it possible to “fix” this somehow (even if I have to completely reinstall) on the same drive, OR has the partition table been irrevocably set and I’d have to start over with another new stick drive (Please pardon my ignorantramusness; I’m also a n00b when it comes to disk-partitioning!)? Any more guidance you can provide will be greatly appreciated! Thank you 🙂

Reply

kriggins August 19, 2010 at 8:10 pm

@Dr. Gonzo,

Thanks for the kind words. You have not set the partition table for ever. You can delete the partitions and start over without any problems. However, it should be possible to use the lvextend command to add any unused space to the vg-root logical volume. I have not tried this and it does depend on how you partitioned the disk and defined the volume group. Easiest is probably to just redo it.

Kevin

Reply

DR. GONZO August 19, 2010 at 9:20 pm

Thank you for your prompt response! Until I have time to research the syntax of the lvextend command, I’ll just delete the partitions and re-start first thing in the morning. It actually was a very painlesss process…..most of the time was just waiting for the random-data generator to complete (took about 4 hours here). Thanks again for being a valuable asset to us Backtrack-ers in particular AND the entire Linux community in general 🙂

Reply

StannC August 22, 2010 at 4:15 am

I am having a little trouble with the scripts. When I run the commands of cd/ and wget/ in the konsole it runs and saves the scripts. I am not able to edit the script after running the wget command. In the second script you have to edit ur UUID which I cannot do after that command gets run. Should I just edit the script then copy and paste it into the konsole or what? Also, i tried to just run it without editing the script and it failed as expected. Can I just follow those after failure commands and edit the script somewhere there or do I have to do the entire install process again?

Reply

kriggins August 24, 2010 at 9:02 pm

@StannC,

Check out this comment for instructions on editing the scripts.

http://www.infosecramblings.com/backtrack/backtrack-4-video-usb-encryption/#comment-13982

Kevin

Reply

Digitalyzer August 22, 2010 at 7:36 am

I’m having problem when I come to ubiquity part. I’m doing install from BT4 R1 in vmware, I put all options in ubiquity as in tutorial. After that if I don’t mark sda5 (swap) not to be used, my Continue button is disabled on last step, if I changed I pass that but after begining partitioning I got message that root ( / ) is unmountable, that I have to stop some process? to unmount manually?

Reply

kriggins August 24, 2010 at 9:03 pm

@Digitalyzer,

I haven’t run into this problem so can’t really provide any guidance. My apologies.

Kevin

Reply

phill August 23, 2010 at 3:31 pm

The video was so kool with perfect music track. thanks for the video

I am newbe and I am following the video to make a bootable BT4 usb but it failed to install when I got READY TO INSTALL Screen and I choose my 8gb usb to boot and clicked INSTALL . Later realised that I need a 16gb usb for BT4-R1 so I have decided to stop and wait until I buy 16 gb USB.

As the 8gb usb is Encrypted I cannot able to use it now. it shows 103mb ahhh 🙂 I cant even foramt in windows it shows 103mb to format and I cant use my 8gb.

Please help

Reply

kriggins August 24, 2010 at 9:04 pm

@phill,

You can reboot with the DVD or USB key you used at the very beginning and delete the partitions and recreate them the way you want them.

Kevin

Reply

Phill August 25, 2010 at 8:14 am

Thanks for the reply kevin

It did not install the Boot in USB. It FAILED to Install the boot files on USB saying some error.

I am very new to BT and linux so I am wondering If you can give me some step by step commands to decrypt the USB and use it as a normal usb

when I buy 16 gb usb I can install again BT4-R1

Reply

Phill August 26, 2010 at 9:32 am

@Kevin

I found out how to delete the partitions on USB and create new ntfs partion to use the USB with windows. I did from BT4-R1 GUI mode.

Now the problem is the 8gb Usb appears as 7.46Gb ? did I lost 54mb for trying usb boot or what happend is there any way to get my usb 8gb back

Reply

Martin August 28, 2010 at 10:35 am

I’ve just installed bt4 r1 on a 16GB stick without any problems. I have adjusted swap space to 1GB, also no problems. The instruction worked fine.

Martin

Reply

Rob August 28, 2010 at 9:39 pm

I was having trouble with the boot all I was getting is GRUB and that’s it doesn’t move at all after that. What can I do to fix the problem I read this and watch the video of this as well for hands on view. Is there a way to fix that? Also on my boot partition its suppose to be 115M mine is for some reason 1024M or something and when you type in 115M it doesn’t take it or puts it was 350 or something and says that its to small. Any ideas about that or about to get the boot to load.

Reply

kriggins August 29, 2010 at 7:16 am

@Rob,

Without more detailed information about what exactly is shown on the screen at boot time, it is hard to determine what the problem might be. The fact that you are having problems partitioning the drive is the first place I would look. I am not sure why you are having that issue. For BT4 R1 you need a 120MB boot partition. My suggestion is to start over from the beginning.

Kevin

Reply

Rob August 29, 2010 at 4:55 pm

@Kevin
Yea I dunno what the deal was about the first partition was all about. I know I didn’t really explain my problem as best as I could of just was a last minute thing. I’ll redo and start from beginning and if I run into any problems I’ll be sure to right it all down at what step and what was said. Thanks for the quick responds back.
Rob

Reply

Rob August 29, 2010 at 11:11 pm

Ok I redid it all over again still having problems.
step: update-initramfs -u
output: update-initramfs :Generating /boot/initrd.img-2.6.30.9
couldn’t get a file descripter referring to the console
Command failded: Device already exists (dunno if that is normal)
next problem I ran into was at the reboot and boot from the USB
after it was all said and done it says
ALERT!! /dev/mapper/vg-root does not exist (which I installed the /dev/mapper/vg-root)
So I try to mount the USB to see if I could find out why there is not /dev/mapper/vg-root file

/etc/init.d/networking start (this worked)
apt-get update (this worked)
apt-get instal hashalot lvm2 (this Worked)
cryptsetup luksOpen /dev/sdb5 pvcrypt (this worked passphrase and all)
mkdir /mnt/backtrack4 (this worked)
mount /dev/mapper/vg-root /mnt/backtrack4 (this worked)
mount /dev/[boot partition] /mnt/backtrack4/boot (this worked)
chroot /mnt/backtrack4 (this worked)
mount -t proc proc /proc (this worked)
mount -t sysfs sys /sys (this worked)
mount -t devpts devpts /dev/pts (this didn’t work)
I did all that and type in cd /dev/mapper/vg-root tells me no such file or directory
same with the /dev/mapper/vg-swap no such file or directory
and when I did the whole install thing it showed files
my output at the install set up was:
/dev/mapper/vg-root type ext3 size 7369MB used 266MB
/dev/mapper/vg-swap type swap size 536MB used 0MB
/dev/sda1 type ext3 size 10485MB used 347MB
/dev/sda2 type ntfs 309584MB used unknown
/dev/sdb1 size 133MB used unknown
/dev/sdb5 size 7911MB used unknown
so it showed up at the install but its telling me that there isn’t a /dev/mapper/vg-root file on boot up
here is a video of the entire boot up on the USB
http://www.youtube.com/watch?v=Nb0Y7q9uMY4
I did another video of trying to mount the USB and the steps I did when I was mounting it up shortly
maybe this might help a little better then last time I really dunno what is going on with this. Thanks for helping.
Rob

Reply

pronids August 31, 2010 at 7:47 am

Hi Kevin,
I installed backtrack 4 on usb by following your tutorial. Everything works fine, except shutdown OS. I used poweroff, shutdown -h now but I had to turn off computer by using hard bottom. Is any solution you suggest?
Thanks a lot

pronids

Reply

Rob September 1, 2010 at 1:53 pm

@Pronids
In the konsol type in reboot that will shut down your computer.

Reply

GP September 4, 2010 at 3:32 am

hi, thank you for all of this information.. i’ve created a PDF file from this page with the latest info & updates available. you can view & download it from:

https://docs.google.com/fileview?id=0BwYxtiXDDhFbNGNjMDdmN2EtNDFmNy00NGVjLWFjYmItN2M2OWU4MTBlNmRm&hl=en

regards,
GP

Reply

Capt J September 8, 2010 at 8:36 pm

This is excellent work! Thank you very muh for sharing!

I tried to download the PDF file you mentioned on your 4 Sep 2010 post but got:

Sorry, the page (or document) you have requested is not available.

Please check the address and try again.

Can you verify your link?

Reply

Capt J September 6, 2010 at 9:26 pm

This is excellent work! Thank you very muh for sharing!

I tried to download the PDF file you mentioned on your 4 Sep 2010 post but got:

Sorry, the page (or document) you have requested is not available.

Please check the address and try again.

Can you verify your link?

Reply

root September 13, 2010 at 12:58 pm

I was also getting a GRUB prompt with a flashing cursor and nothing else, the problem was my /etc/initramfs-tools/modules file had a blank line before the 2 modules I added (well, I added the blank line, didn’t think it would hurt)

After editing the file and rebuilding the initrd image, the key booted with no problems.

Thanks for the awesome tutorial. One little suggestion: it might be a good idea to add a few common pitfalls in the tutorial, as I see people keep complaining about the same errors, so mentioning little things like:
-if you get an error saying the kernel still uses the old partition tables, reboot and carry on
-the modules file doesn’t seem to like blank space, so make sure there isn’t any
-etc.
in all the appropriate places might help the noobs avoid repeating the same questions over and over again 🙂

Anyways, now that I have that installed, I will have to learn how to use everything. Cheers!

Reply

RJ September 16, 2010 at 1:55 pm

Okay så i tried to follow you guide, but one thing your missing i to make CLEAR when you boot the live cd and when you boot the USB., here is an example:
[i]
To make everything truly operational, we can mount /dev/pts, but every time I try I have problems unless I reboot first. That is a real pain, so I just don’t mount /dev/pts. We will get a couple warnings/errors as we go along, but they do not affect our install.

The magic to making all this work is to rebuild the initrd image that is used to boot our system. We need to include some things, load some modules, and tell it to open the encrypted volume, but first we have to go through the whole process of installing software again. We have to do this because we are essentially right back where we started when we booted the live cd. Do the following again.[/i]

My question is, between to two text parts, are you booting to the usb or are you still on the live cd??

Pleas make this clear in the guide:
– When to reboot
– What media to boot to 🙂

Else a VERY good guide! THX!

Reply

BPB September 18, 2010 at 5:38 am

Let me start by saying this is a great guide – the obligatory praise, but it’s true!
One correction: where you have the resume instructions,
“If, however, you run into any problems … Simply boot with the original Live CD/USB drive and enter the following…
apt-get instal hashalot lvm2”

There’s only one “l” on install. I just found this after mindlessly copying and pasting when resuming a setup on my flash drive.

One issue I’m having, that might be an easy fix, is this. I’m booted up without problem and the volume seems to be decrypted. If I go to open the “Unmounted Decrypted Removable Medium”, a.k.a. /dev/sdb5, in Konqueror I get the error message “Method ‘Mount’ with signature ‘ssas’ on interface ‘org.freedesktop.Hal.Device.Volume’ doesn’t exist.” I know this is a somewhat generic error message when media isn’t recognized. So dropping into a shell and trying to manually mount sdb5 I get the error message “mount: unknown filesystem type ‘crypto_LUKS’ ”

Am I missing something obvious? (Probably.) Still, I’ll take any advice on this. Thanks for the great guides!

Reply

Jims NOob September 24, 2010 at 7:14 pm

# Setting the partition type for the first partition to ext3

Command (m for help): t
Partition number (1-4): 1
Hex code (type L to list codes): 83

NOTE: You might want to (for noobs like me) explain that at this step the USB drive needs to be unmounted using umount ‘u’ I kept getting an error until I unmounted it. Correct me if Im wrong (really correct me lol).
Great walk through though

Reply

Kevin September 27, 2010 at 6:56 pm

Great job with this tutorial. It took me a few time, but I finally got it working…

Reply

AR September 29, 2010 at 1:17 am

Excellent set of tutorials.

I’ve completed the persistent/nessus one on an 8gb drive and tonight I did the full encryption on a 16gb fast flash usb. Everything works and boots up fine on multiple machines, however, there is some strange keyboard/mouse glitch going on after I run startx. Once I am in kde, every time I type something nothing shows up until I move the mouse, at which point whatever I’ve typed appears rapidly as if it was buffered and waiting for the mouse to move. I tried the drive on multiple machines and all of them had a choppy KDE/startx. Same error on both: typing something doesn’t show up in konsole or anywhere else until I move the mouse. Very annoying to say the least.

These same machines will run the persistent/nessus drive perfectly. Any idea why I get such bad KDE/startx performance?

Would truly appreciate any help. The only thing I found after hours of searching was to make sure “Slow Keys” was disabled… it had never been turned on. Basically once I startx, the machine feels frozen until I move the mouse, it’s extremely strange. In straight console, the keyboard performs fine. This is the last piece of the BT4 install puzzle for me (I’m installing RC1).

Thanks!

Reply

AR September 29, 2010 at 10:26 am

I should mention that I see the following errors when startx uh.. starts:

/dev/fb0 not found
cannot run in framebuffer mode please specify
(EE) preinit returned null for keyboard
(EE) preinit returned null for mouse

I also tried putting vga=0x315 like we did in the persistent changes doc in the boot, but that didn’t fix it.

Reply

AR September 29, 2010 at 10:36 am

More errors that I didn’t put last time:

(EE) grab failed. Device already configured?
(EE) PreInit returned Null for “PS/2 Generic Mouse”
(EE) config/hal: NewInputDeviceRequest failed

and then the same 3 lines for the keyboard

Reply

SOLVED September 29, 2010 at 2:37 pm

OMG – I just solved my own problem.

Sometimes things come together in strange ways, I’ve worked on this for 24 hours and finally decided to shutdown and install the persistent live CD without full disk encryption instead. As the shutdown processes were running I noticed something that said “Shutting down mouse emulation…. PID doesn’t exist.”

Since my error had to do with the mouse/keyboard, I googled the error message and found that having mouseemu running on ubuntu can screw things up for some people, so I did an : aptitude purge mouseemu and just like magic, everything works great!

I can’t believe I figured that out, still in shock, stayed up till 4am trying to tweak things to fix that ONE thing….

Reply

Jinba October 5, 2010 at 9:15 pm

Went through the whole tut, got a couple errors but fixed my mistakes. For some reason i cant run “update-initramfs -u” due to the fact that i am on a live cd? And i cant boot from the external hdd until after this step right? Or am i doing something wrong?

Reply

kriggins October 5, 2010 at 9:50 pm

@jinba,

There is a step where you have to chroot to the newly installed environment. It looks like you missed it or it didn’t take. Review the how-to for that part and retry just that part.

-Kevin

Reply

Bruno October 8, 2010 at 10:45 am

Hi,

This tutorial looks really good and fulfill a need I keep in mind since a long time… I will give it a try soon.

But may I add some requirements/nittygritties :
– I want this config (as in the tutorial) on my 16Go usb key
– the same config on my hard drive (250Go), but just on 16Go in order to keep some free unpartitioned space for other installs…
– *** the must *** : an asynchronous redundancy between my usb key and my laptop regarding data (I mean by asynchronous that I can’t synchronize data when the key is not plug on the PC while I am modifying data on my laptop… neither when I am booting an other PC with my key).

I will be really happy to have some ideas regarding this kind of redundancy following such architecture.

In any case, thank you for the tutorial !

Bruno.

Reply

buffer overflow October 22, 2010 at 5:11 pm

Why the mouse cursor not responding after booting Backtrack 4 R1 from DVD disk? I have tried Backtrack 4 and it works. Where did I go wrong? Thanks

Reply

Chris October 30, 2010 at 7:24 pm

After I do the chroot part I can not connect to get the updates with apt-get update it just fails to fetch. Any ideas?

Reply

Chris October 30, 2010 at 9:31 pm

Also I tried doing the networking start again after mounting and I get “Configuring network interfaces…ifup: failed to open statefile /var/run/network/ifstate: No such file or directory failed”
touch: cannot touch ‘/var/run/network/initialized’: No such file or directory”

Reply

Bruno November 14, 2010 at 3:44 pm

It works just fine for me and I enjoy to be able to boot my PC directly on the key or to launch a VM with VirtualBox.

There is just a little trick for the second case :
– create a VirtualBox “raw disk” for your usb device :

$ sudo VBoxManage internalcommands createrawvmdk -filename //.VirtualBox/HardDrives/file.vmdk -rawdisk /dev/sdb -register

and attach the harddrive to your VM.

Thank you.

Reply

johnny seven November 21, 2010 at 11:23 pm

I have never left comments before but this is the best written DIY I have ever used. It works perfectlly. totaly killer…Thanks for the hard work

johnny

Reply

Chris November 23, 2010 at 12:51 pm

How could I install nessus with full encryption? The part about nessus in the other tutorial is mixed up with TrueCrypt and I’m a bit confused as I’m still new to BackTrack.

Reply

Max November 24, 2010 at 12:16 am

Will this work with Backtrack R2?

Reply

Rebirthocool November 26, 2010 at 6:13 pm

I can confirm this works with BT4R2

However, I was having the same difficulties as reply #52. Four times I tried fresh installs to no avail. As it turns out, the initrd image wasn’t including the xts module no matter how many times I updated it. This is what I did to fix it:

update-initramfs -d -k all
update-initramfs -c -k 2.6.35.8

Reply

Srb November 27, 2010 at 4:55 am

How do I save at the end?

Reply

Srb November 27, 2010 at 5:23 am

We can use our favorite editor and add the following lines to the bottom of the file and save it.

Reply

Döner December 17, 2010 at 11:00 am

Why should we add
/dev/mapper/vg-root / ext2 defaults 0 1
into fstab in the easy way?

We made an ext3 with the installer Oo.

Reply

kriggins December 17, 2010 at 11:12 am

@doner,

I have had issues trying to install using ext2 in the past, that’s why we use ext3 during install. I admit to being lazy and not testing ext2 during install lately.

We want to use ext2 to disable journalling which causes more writes.

That reminds me that I need to add that chunk to the other method of configuring encryption.

-Kevin

Reply

Greg M December 17, 2010 at 2:18 pm

Greets:

For those of us who are using this for a HDD install (with changes to how grub is configured), my understanding is that ext3 is still the way to go, and a swap space on the encrypted volume is still appropriate. Thanks for the reminder that ext2 is better for USB stick installs, I’m going to redo my USB soon.

Reply

Fraser Gough December 18, 2010 at 12:45 am

Hello, great tutorial. I’m a beginner at Back Track and I have got to the stage of editing the script. This may sound stupid but how do I go about opening/editing the script after I have retrieved it? It doesn’t open automatically.

root@bt:~# cd /etc/initramfs-tools/scripts/local-top
root@bt:/etc/initramfs-tools/scripts/local-top# wget -O pvcrypt http://www.infosecramblings.com/local-top-pvcrypt
–2010-12-18 06:41:32– http://www.infosecramblings.com/local-top-pvcrypt
Resolving http://www.infosecramblings.com... 173.230.138.148
Connecting to http://www.infosecramblings.com|173.230.138.148|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 549 [application/octet-stream]
Saving to: `pvcrypt’

100%[======================================>] 549 –.-K/s in 0s

2010-12-18 06:41:32 (29.4 MB/s) – `pvcrypt’ saved [549/549]

root@bt:/etc/initramfs-tools/scripts/local-top#

Many Thanks Fraser

Reply

kriggins December 18, 2010 at 7:22 am

@Fraser,

Use the text editor vi. Look at the latest version of the how-to above towards the bottom and there are some directions on using vi.

-Kevin

Reply

Roman December 27, 2010 at 12:45 pm

Hi kriggins, happy holidays, great writeup. I am using a VMWare image to create my usb drive and everything worked great except for 1 error.
After I setup the partition stuff in the installation and select the drive to install to and click install, it comes up with an error “Failed to unmount partitions” “The installer needs to commit changes to partition tables, but cannot do so because partitions on the following mount points could not be unmounted: /
Please close any applications using these mount points.
Would you like the installer to try to unmount these partitions again?”
My options are go back and continue and both lead me to the partitioning part in the beginning of the installation. What am I doing wrong? Thanks.

Reply

AlanHolds February 26, 2011 at 1:21 am

I have same problem! Spent 3 days on this problem! Arrrg. I still don’t have a solution.

Reply

Thomas December 29, 2010 at 10:34 am

Hey Kevin,

I think i make something wrong, but i don’t know what?

I have chosen the “Slightly harder way” and when i try to edit the /etc/fstab file it looks not like in your tutorial it looks like this:

aufs / aufs rw 0 0
tmpfs /tmp tmpfs nosuid,nodev 0 0

i tried to edit with vi but there’s the same problem

I hope you could tell me how i can solve the problem and excuse my bad english

Best Regards

Thomas

Reply

Chris December 31, 2010 at 3:40 pm

hey guys i cant get the
cryptsetup -y –cipher aes-xts-plain –key-size 512 luksFormat /dev/sdb5

part to work this is what happens

WARNING!
========
This will overwrite data on /dev/sdb5 irrevocably.

Are you sure? (Type uppercase yes): YES
Command failed: Can not access device

any ideas? I have done everything this guide has said

tHanks

Reply

James Scurby January 1, 2011 at 3:34 pm

Everything seems to work for me until I am actually installing. At 28% it tells gives me a “input/output” read/write error.

But I know this USB (32GB Kingston DATA Traveler) works very well, as I have installed regular Ubuntu to it, etc. What could be the problem? I have tried using a Live CD and Live USB from more than one computer. Same result.

Thanks!

Reply

James Scurby January 3, 2011 at 4:16 pm

EDIT: Problem fixed! My bt4-r2.iso file was corrupt. 🙂

Reply

chatumao January 6, 2011 at 4:58 pm

hey there, 2 quick questions:
is it obsolete for rc2 to use a 16gb drive or can a 8 gb be sufficient?
2. any possibility to add an encrypted partition that can be accessed by all os out there?

regards

Reply

kriggins January 6, 2011 at 9:34 pm

@chatumao,

Using an 8GB drive only leaves a few hundred meg of space. Not much when you start updating the packages and saving some data.

Regarding your second point. You could do so using Truecrypt by partitioning off a portion of the drive and then setting up Truecrypt to access that partition both in Backtrack and other operating systems.

Kevin

Reply

Michiel January 12, 2011 at 9:37 am

If I am not mistaken; I can use this tutorial to install backtrack on an ecnrypted hard disk (/dev/sda) on my netbook right?

Reply

kriggins January 12, 2011 at 6:28 pm

@Michiel,

Correct, although I would go ahead and configure a swap space if you are doing that.

Kevin

Reply

Michiel January 13, 2011 at 3:04 am

@Kriggins,

That is correct but I have 2 GB memory and don’t need the swap space 🙂
I have a small update for the problem most people have with fdisk and creating the Luks device:
########################################################
“cryptsetup -y –cipher aes-xts-plain –key-size 512 luksFormat /dev/sdb5

I enter YES and i get the following error

“Command failed: Can not access device” ”
########################################################

This is due to the fact that Backtrack will automount your predefined swap partition on your USB/IDE/SATA disk.
I installed Backtrack with this tutorial on my /dev/sda device and it automounted /dev/sda5 as swap.
Therefor I was getting an error when creating the new partitions with fdisk and the above error when creating the LUKS device.

And I would change the linke saying that you will change the line in /etc/fstab, I would say remove as remove/dd is exactly what you do and you copy a complete new line in. (I was a little bit confused by the word ‘change’ imho)

And last: I would change the word: ‘/’ by a bold and font.
Just so people know they only have to change that word|sentence.
I was a little bit confused by the ‘/dev/disk/by-uuid/’ path as it looks like a ‘substitue-this-with-the-real-path’.
But that is also MHO 😉

I must say: a very very good and clear tutorial which helped me a lot to run my favorite pentesting distro on an ecnrypted disk (I really want to run pentest programs from disk and not USB as it is really slow – think about an OpenVAS scan! and I want my information stored encypted).

Thanks again for this nice helpfull tutorial!

Michiel

Reply

kriggins January 13, 2011 at 5:33 pm

@Michiel,

Thanks for the tips and suggestions. All have been incorporated into the how-to.

-Kevin

Reply

christian January 13, 2011 at 4:24 pm

I have a problem, beside i have erase my boot on my windows 7 thats the first one
the second is that im stuck on
i have taken the slightly harder way
after I input
vi/etc/fstab
i need to i place the cursor on U of UUID –correct then type dd
then move the cursor to the # in the line above and typy 0 — which applies a new line and hit esc key—- should at this point something needs to happen???

Im very close of finishing help pls
thank you

Reply

kriggins January 13, 2011 at 5:18 pm

@christian,

After typing the letter ‘o’ as in oscar, you should get a new line. You then type:

/dev/mapper/vg-root / ext2 defaults 0 1

and do the rest of the steps detailed in the paragraph you referenced.

-Kevin

Kevin

Reply

christian January 13, 2011 at 6:32 pm

so did what you suggested and i get and error after
i input
update-initramfs -u

the error is:
cryptsetup: warning invalid line in /etc/crypttab –

what did I did wrong??
aslo when the instruction refers to # is it refering to the first # ( next to /etc/fstab: static file system information )? or the # next to /dev/mapper/vg-root ???

thank you for help

Reply

christian January 13, 2011 at 6:40 pm

also when is ask from the instruction to type
vol_id dev/sdb5
my is
vol_id dev/sdc5
when did we use the italic highlighted UUID ?
i dont it see it where? on the area under slightly harder way

Reply

Ahnahth January 13, 2011 at 5:05 pm

Hi,

Thanks for this tutorial!

I have one problem, however. When I try to chroot /mnt/backtrack4 I get the error:

chroot: cannot run command `/bin/bash’: No such file or directory

What could be the reason? How can I find out?

Thanks,
Ahnahth

Reply

kriggins January 13, 2011 at 5:20 pm

@Ahnahth,

It would appear that either something didn’t get installed correctly or something didn’t get mounted correctly. Those are the only two things I can think of that would cause the problem. Just after mounting the partition, check that /mnt/backtrack4/bin/bash exists. If it doesn’t and you mount command is correct, then something didn’t go right in the install. The best thing is to start from the beginning and try again.

-Kevin

Reply

Ahnahth January 14, 2011 at 1:23 pm

Hi,

Thank you for your quick answer!

Starting from the beginning helped. In my last attempt I tried to follow the instructions with a virtual Backtrack image. Obviously, that didn’t work out. Beginning again without a virtual image following the instructions succeeded in a working Backtrack USB thumb drive install.

Thanks again for your valuable tutorial!
Ahnahth

Reply

christian January 13, 2011 at 8:06 pm

I think i have found the problem that im having
is that i dont know how to use “scripts”—–
i get lost after
slightly harder way
(this is what i do)
cd /etc/initramfs-tools/hooks
wget -O pvcrypt http://www.infosecramblings.com/hooks-pvcrypt

I dont know how to look at scripts—————
and then i type
cd /etc/initramfs-tools/scripts/local-top
wget -O pvcrypt http://www.infosecramblings.com/local-top-pvcrypt

then

chmod +x /etc/initramfs-tools/hooks/pvcrypt
chmod +x /etc/initramfs-tools/scripts/local-top/pvcrypt

and
I skip aes_586 ———cuase they dont work for me I think

cd /etc/initramfs-tools
wget -O modules http://www.infosecramblings.com/initramfs-modules

then

vi /etc/fstab

at this time

something like this but not the same appears

# /etc/fstab: static file system information.
#
#
proc /proc proc defaults 0 0
# /dev/mapper/vg-root
UUID=c8d9b9a0-2198-4966-bc3a-39259df6a2c2 / ext3 relatime,errors=remount-ro 0 1
# /dev/sdb1
UUID=6af425ad-99b8-44a5-9ee1-0349141f9b1f /boot ext3 relatime 0 2
/dev/hdc /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0

and I keep following the reference but i get and error

thank you for your help

Reply

christian January 13, 2011 at 9:43 pm

Im officially lost I need help! i need help from the steps of either “the easy way” or “Slightly harder way”

if any one wants to help me out I will greatly appreciated

thank you
christian

Reply

Michiel January 14, 2011 at 3:07 am

@christian

This tutorial is as simple as it can gets, if you don’t know what your physical hard drive is and what device is your usb stick, don’t bother using backtrack on an ecnrypted USB stick.
I’ve used this tutorial and used “the easy way”, after 5 minutes I got a full blown backtrack 4 r2 on my encypted disk on my netbook.
The errors you;re getting is because you put the wrong line in /etc/crypttab and perhaps /etc/fstab.

/etc/crypttab should look like:
pvcrypt /dev/disk/by-uuid/ none luks

you only put in a number on the ” part. the number from the command vol_id /dev/sdc5
in /etc/fstab you remove the :
‘UUID=*your UUID here* / ext3 relatime,errors=remount-ro 0 1’ and literally copy/paste the following line in there on the above line you just removed:
‘/dev/mapper/vg-root / ext2 defaults 0 1’
Save the /etc/fstab file (ESC – Shift+zz also works) and run: ‘update-initramfs -u’
Now reboot and see how that works.

Reply

christian January 14, 2011 at 10:33 am

i have figure which is my hard drive, i fix the boot loader for windows 7.

i have figure how to input etc/cyttab

but when i input /etc/etc/fstab i get a blank

and my screen does look like this

# /etc/fstab: static file system information.
#
#
proc /proc proc defaults 0 0
# /dev/mapper/vg-root
UUID=c8d9b9a0-2198-4966-bc3a-39259df6a2c2 / ext3 relatime,errors=remount-ro 0 1
# /dev/sdb1
UUID=6af425ad-99b8-44a5-9ee1-0349141f9b1f /boot ext3 relatime 0 2
/dev/hdc /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0

ps..

how can reformat my usb since when i try i only get 120mb as it was my usb, im working wiht a usb 16gb

Reply

christian January 15, 2011 at 1:18 pm

so im following the easy method at the end

when i type vi /etc/fstab
my screen looks like this

ufs / aufs rw 0 0
tmpfs /tmp tmpfs nosuid,nodev 0 0
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
s

and i dont know but shouldnt look like this he following

# /etc/fstab: static file system information.
#
#
proc /proc proc defaults 0 0
# /dev/mapper/vg-root
UUID=c8d9b9a0-2198-4966-bc3a-39259df6a2c2 / ext3 relatime,errors=remount-ro 0 1
# /dev/sdb1
UUID=6af425ad-99b8-44a5-9ee1-0349141f9b1f /boot ext3 relatime 0 2
/dev/hdc /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0

why is that when i type
vi /etc/fstab
my screen does look like the previous one

thank you for help me out

Reply

christian January 15, 2011 at 1:19 pm

my screen does not look like the previous one

Reply

christiano January 15, 2011 at 10:44 pm

okay i am on the last step but i get an error

root@bt:/etc/initramfs-tools# update-initramfs -u
update-initramfs is disabled since running on a live CD

i dont know why, i rebooted bt4 cuases i need to used my comp
this might be why, how can i fix this error

thank you for your help

Reply

kriggins January 21, 2011 at 12:42 pm

@christiano,

This indcates that you didn’t successfully chroot after installing. Double check the tutorial and make sure to follow all steps.

-Kevin

Reply

Michiel January 21, 2011 at 8:56 am

Hello Kriggins,

I have a small question about the /etc/fstab line swap/change.
Why do you put in ext2:
/dev/mapper/vg-root / ext2 defaults 0 1

and not ext3?
It is formatted with the gparted tool to ext3 and I rather have ext3 then ext2 ..yesterday it said I have rebooted the system for 27 times and had to watch a fsck on the /dev/mapper/vg-root device..that was horrible slow :/
Is that due to the ext2 entry in /etc/fstab?

Regards,

Michiel

Reply

kriggins January 21, 2011 at 12:45 pm

@Michiel,

The reasons for choosing to mount ext2 over ext3 are detailed in the how-to in a couple places, but, in short, it is to save write cycles on the USB device. You can go ahead and mount the file system as ext3 if you wish or if you are installing to a disk.

Kevin

Reply

Robert January 25, 2011 at 8:37 am

I used this guide for a HD install and it worked surprisingly well. Since read/write wasn’t an issue on a HD though I put in a swap file (50% of installed ram) and left journaling enabled. I also had to increase the boot partition size to a minimum of 165MB for some reason. I set it at 200MB and left it at that.

For those less inclined on security for the initial wipe /dev/zero is faster in most cases. There is a reason urandom is used but for my netbook it was god awful slow. 1.7MB/sec vs 97MB/sec when comparing urandom vs zero.

Reply

kriggins January 29, 2011 at 10:04 pm

@robert,

Your point is a good one. I even go step further for speed and don’t worry about zeroing out the drive at all unless it has had sensitive unencrypted data on it before.

-Kevin

Reply

gavin January 26, 2011 at 10:28 pm

Hi im very new to this and ran into problem when i try to enter the luks passphrase [ type passphrase ] it wont let me type it in, any help would be very appreciated.thanks

Reply

gavin January 29, 2011 at 8:30 pm

got passed passphrase problem now crypt problem will figure out myself though thanks for input, guess new guys discouraged , i will survive and haunt y-all.just joking bk4 /encryt, i will conker(abstract english joke)

Reply

kriggins January 29, 2011 at 10:02 pm

@gavin,

I often don’t get around to responding to comments for several days in a row. I’m glad you got past your first problem. I am happy to help when I can. Feel free to email me, my address is all over the site, if you need assistance.

-Kevin

Reply

Kyle January 30, 2011 at 6:53 am

With R2, I get a warning at the install step after I manually select the partitioning scheme. It tells me that the first partition (/boot) isn’t as big as it should be. I can’t remember the exact wording, but something along the lines of “/boot doesn’t meet the recommended partition size (X bytes). You can continue, but prepare to be sad.” Also, at the image you provided of this step, the sdb1 was 213 MBs, so you may have not gotten this warning. Did I miss something?

Thanks!

Reply

kriggins January 30, 2011 at 8:08 am

@kyle,

I haven’t had any problems with using a 200MB boot partition. I’m not sure why the images says 213 other than when partitioning, you sometimes don’t get exactly what you ask for because of sector sizes and such. What size boot partition did you create?

-Kevin

Reply

Kyle January 30, 2011 at 4:04 pm

I made a 120 MB boot partition, following the tutorial to the letter to ensure that it works (cough) 😛 . The exact error message follows:

“Some of the partitions you created are too small. Please make the following partitions at least this large (in bytes):

/boot 162026496

If you do not go back to the partitioner and increase the size of these partitions, the installation may fail.”

So I assume my boot partition must be at least 155 MBs? What’s a good size, here? 200 MBs as you used? I didn’t think the boot partition needed to be all that big.

Reply

kriggins January 30, 2011 at 8:10 am

@kyle,

I also don’t remember getting the warning you got although I might have. I have done this so many times that I tend to click through pretty fast 🙂

Kevin

Reply

kriggins January 30, 2011 at 5:13 pm

@kyle,

*sheepish grin* Oops. Looks like I missed an edit. The update comment at the top of the how-to says 200, the image says 200, but the manual partitioning step didn’t get updated. My deepest apologies for that. Frankly, I am amaze that it took this long for this to get caught. 🙂

I have updated the how-to to be correct. I chose 200 as a nice even number with a little bit of growth for kernel updates and such.

-Kevin

Reply

Kyle January 30, 2011 at 5:18 pm

Hahahahaha, now that darn image makes sense! No apology needed– I appreciate your well-done guide, and thank you for answering my questions 🙂 . 200 it is!

Reply

Kyle January 31, 2011 at 8:04 pm

So when you edit fstab, is there a reason to leave /boot as it is (i.e. ext3)?

Reply

kriggins January 31, 2011 at 9:47 pm

@kyle,

Nope. But it is only read/written to on boot or updates, so doesn’t really matter from a USB device longevity perspective.

Kevin

Reply

grossghost February 4, 2011 at 6:40 pm

Worked the first time around with no problem. I’m surprised.

Reply

kriggins February 6, 2011 at 8:08 am

🙂

Reply

Recent February 6, 2011 at 2:03 am

Followed everything pretty well, got an error during the final
root@bt:/# update-initramfs -u
update-initramfs: Generating /boot/initrd.img-2.6.35.8
W: Possible missing firmware /lib/firmware/2.6.35.8/e100/d102e_ucode.bin for module e100
W: Possible missing firmware /lib/firmware/2.6.35.8/e100/d101s_ucode.bin for module e100
W: Possible missing firmware /lib/firmware/2.6.35.8/e100/d101m_ucode.bin for module e100

Ignored, attempted boot. got past the encryption, then it said gave up waiting for root device???
ALERT! /dev/mapper/vg-root does not exist. Dropping to a shell!

This is my first time actually doing a persistant install to a flash drive, let alone an encrypted one. Help?

Reply

kriggins February 6, 2011 at 8:14 am

@recent,

Haven’t seen that e100 error. I believe the e100 modules is a driver for an Intel network adapter, but I am not sure. It looks like something happened during the write phase of the initrd.img file. The ‘can not find /dev/mapper/vg-root’ error is because the volume manager is not loading correctly, again because the initrd.img appears to be corrup. There are some steps towards the end of the how-to you can follow to get the system remounted and try to redo the initrd step or you can start over.

Kevin

Reply

Recent February 6, 2011 at 8:35 am

So by saying to redo the initrd step, do you mean that I have to do the entire “easy way” step all over again? I can get it remounted pretty easily, i just don’t know what to do next 🙁

PS. Thank you for swift response, it is much appreciated.

Reply

kriggins February 6, 2011 at 9:35 am

@recent,

Assuming everything went well during the install and all other edits are correct, you should just have to redo the update-initramfs part. If that doesn’t resolve the problem, the a redo from at least the install.sh point is probably called for.

Kevin

Reply

Recent February 6, 2011 at 12:01 pm

I’ve tried redoing the update, maybe my live cd is corrupt somewhere 🙁 I will reformat and try again. I might skip the random numbers this time though, took like 4 hours last time. Thanks for the help, I’ll post my results later.

Reply

dan February 6, 2011 at 7:50 pm

Hy
I`ve managed to do all the steps, i`ve booted in but when i try to download anything on my OS I get an error like this one /etc/init.d/mysql: ERROR: The partition with /var/lib/mysql is too full!
there is not enough space….
any ideas??

Reply

kriggins February 6, 2011 at 9:25 pm

@dan,

What size device did you use? Anything less than a 16GB doesn’t leave much, if any, space.

Kevin

Reply

dan February 7, 2011 at 5:27 am

well I`ve used a 8Gb one but i get those errors right after install with nothing extra added.Anyway thank you for your replay.

Reply

Pattie Ollig February 11, 2011 at 8:56 am

Precisely what I was searching for, thanks for putting up.

Reply

kriggins February 17, 2011 at 9:02 am

@pattie,

You are welcome.

Kevin

Reply

Dave Whitelegg February 12, 2011 at 3:46 pm

Many Thanks for sharing this brilliant guide Kriggins, I meet you after you did a demo of setting up a non-encrypted installation on a thumbdrive in London in 2009.

Just to share a “gotcha” I had, with the solution to it.

Passphrases with Special Characters Gotcha (non-US)
If you have find the “Enter LUKS passphrase: [type passphrase]” isn’t accepted while attempting to boot from your USB thumbdrive, but your passphrase does works after booting BT from the Live DVD with the “cryptsetup luksOpen /dev/[your logical partition] pvcrypt”, AND your passphrase has special characters in it (i.e. @,”,$,%), AND you are using a non-US keyboard, it is likely to be a keyboard translation issue with those pesky special characters.

To prove this is the case, you can try changing or adding an additional passphrase without special characters to your encrypted partition, here’s how.

WARNING: Getting these commands wrong may leave you with an irreversibly encrypted drive!

1. Boot off BT4 DVD

2. Enter

/etc/init.d/networking start
apt-get update
apt-get install hashalot lvm2
cryptsetup luksOpen /dev/[your logical partition] pvcrypt

3. To add a new passphrase without special characters, now type in
“cryptsetup luksAddKey /dev/sdb5” Change “sdb5” to the name of your encrypted partition, although it’s likely to be the same if you followed Kriggins guide.

4. Type in the your current LUKS passphrase when prompted, which will unlock an additional passphrase slot

5. Now enter a new passphrase (without special characters), and then verify this by entering it again when prompted.

6. To delete your original passphrase (optional), type
“cryptsetup luksKillSlot /dev/sdb5 0” Again change “sdb5” to the name of your encrypted partition. Enter your original passphrase, which means only the new passphrase will work from this point forward.

7. Finally boot from your USB thumbdrive, and see if new your passphrase without special characters works.

Reply

kriggins February 17, 2011 at 9:02 am

@dave,

I remember our conversation. Thanks for the info above.

Kevin

Reply

shinobi February 14, 2011 at 4:15 pm

hey folks, im having trouble installing backtrack onto my 32gb still formated as above.

i get the following message –

The attempt to mount a file system with type ext3 in LVM VG vg, LV root at / failed.

You may resume partitioning from the partitioning menu.

any help would be appreciated.

thanks

Reply

kriggins February 17, 2011 at 9:03 am

@shinobi,

When exactly are you getting this errror? During boot? During install.sh script execution?

Kevin

Reply

Shinobi February 19, 2011 at 10:15 am

Hi Kevin

I’m getting the error durIng the install.sh after you setup the install and boot directories. I’ve went through the guide a few times with the same results. I did get a warning regarding the cylinder count of the drive during the fdisk phase, could this have any impact?

Thanks

S.

Reply

green0ne February 17, 2011 at 4:06 am

Many, many thanks for an awesome tutorial!
Question: Is there anything special that needs to be done to backup and restore the drive in case of failure? Is just transferring the contents to an external drive and restoring it to another drive the same as it’s always been or what is the best of of backing up and restoring the drive in case of hardware/software failure? Also, can you just clone the entire drive onto a second thumb drive?
Many thanks!

Reply

kriggins February 17, 2011 at 9:05 am

@greenone,

I have never tried to backup, restore, or clone this type of installation. Of the top of my head, I think cloning is going to be a problem because we use volume identifiers for several things. Doesn’t mean it can’t be done, but it would probably entail some surgery after the cloning process to make the new drive work.

Regarding backup, I just copy the files I want to keep right after using the device. I consider the drives to be through-aways.

kevin

Reply

AdamHolds February 26, 2011 at 4:24 pm

Thank you! Thank you! Thank you! Well done.

Reply

AdamHolds February 27, 2011 at 1:42 pm

[I’m a noob so take this with a grain of salt… but… when people get messages that the partitioner can’t unmount root or cdrom…
__________
The installer needs to commit changes to partition tables,
but cannot do so because partitions on the following mount
points could not be unmounted:
/
Please close any application using these mount points.
__________
The SOLUTION for me was to install BackTrack from the ORIGINAL bootable Live USB (UNetbootin-BackTrack ISO) that I created for myself, and not try to install BT4 from an install of BT4.

In my specific case, I’m on an Asus Netbook
I used an SDHC card as my ORIGINAL bootable Live USB (UNetbootin-BackTrack ISO).
Then I booted into it (pressed [esc] when booting) and installed BT4 to a USB memory stick.
Then from THAT USB drive I was trying to install back to a fresh SDHC card. It no work-e.
When I did that, the partitioning part would fail with the above error message.

Hope that helps someone.

Reply

reklrekl March 1, 2011 at 2:53 pm

First of all, it’s the Best Tutorial i’ve found. But my question is: can i make a FAT32 partition for Windows(yeah, Windows sucks, but it’s good for gaming) on my 16G USB Flash drive?
I made the partitions and the encryption in VMware (i’m scared of “little” accidents with gparted). Then i added the FAT32 Partition but on Windows i only could See the 200M Boot Partition.

Does anyone Know the Problem And can help me?

Reply

Harry March 10, 2011 at 4:30 am

I’ve been having the same problem as Thomas

Thomas December 29, 2010 at 10:34 am

Hey Kevin,

I think i make something wrong, but i don’t know what?

I have chosen the “Slightly harder way” and when i try to edit the /etc/fstab file it looks not like in your tutorial it looks like this:

aufs / aufs rw 0 0
tmpfs /tmp tmpfs nosuid,nodev 0 0
___

I did chroot but this fstab is from the live cd…
If I go to /mnt/backtrack4/etc then the fstab is like on this tutorial !

Did I miss something ? I feel stupid :/

Thanks for your help !

Reply

Harry March 10, 2011 at 8:26 am

Nevermind I understood the problem…
Do not close the term window after chroot !

Reply

xeon March 28, 2011 at 11:18 am

enybody please copy here yours a file variant >>>
/etc/fstab
As I do not understand as it is necessary to change it
my variant is

#/etc/fstab: static file system information.
#
#
proc /proc proc defaults 0 0
/dev/mapper/vg-root / ext2 defaults 0 1
# /dev/sda1
UUID=88dfecf5-878a-4c47-bef7-c2cbc842dd09 /boot ext3 relatime 0 2
# /dev/mapper/vg-swap
UUID=f3dd6180-498d-4816-9332-eaef6f2f201a none swap sw 0 0
/dev/hdc /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0

Reply

Crester March 29, 2011 at 4:23 am

Thank you.
Working fine after second try because it was installed in kingston datatraveller 112 – 8Gb, and the drive doesn’t want to boot.
it was solved following this link:
https://fedorahosted.org/liveusb-creator/ticket/80

the only trouble I had was with update-initramfs and the intel drivers, that it is not solved right now:

Processing triggers for initramfs-tools …
update-initramfs: Generating /boot/initrd.img-2.6.35.8
W: Possible missing firmware /lib/firmware/2.6.35.8/e100/d102e_ucode.bin for module e100
W: Possible missing firmware /lib/firmware/2.6.35.8/e100/d101s_ucode.bin for module e100
W: Possible missing firmware /lib/firmware/2.6.35.8/e100/d101m_ucode.bin for module e100

Reply

Crester April 4, 2011 at 9:31 am

8Gb is not enought to work with Backtrack.
it is impossible to start MySQL, i.e.

Reply

Boris April 8, 2011 at 1:47 pm

Hey,

I have followed this guide twice now and both times seem to have donr it ok without any errors. When i boot to usb however, I see the word ‘grub’ in the top left corner and a blinking cursor. I wait and wait and wait for 15 minutes and nothing more happens. I can’t type anything there. All i can do is reboot and remove the usb stick.

Any ideas?

Reply

Morgan April 22, 2011 at 5:43 pm

I am not sure if I missed a step or just simply didn’t see but everything goes just fine up to the point when I use the install shell and hit the ‘install’ button at the end. It displays this error:

“The installer needs to commit changes to partition tables, but cannot do so because partitions on the following mount points could not be unmounted:
/
Please close any applications using these mount points.
Would you like the installer to try to unmount these partitions again?”

I am now lost and am not sure what it’s asking me to unmount. Any ideas?
Thanks a bunch!

Reply

Morgan April 22, 2011 at 5:49 pm

Oh, and I’m installing from a VM in VMware…if that helps.

Reply

naseweis April 25, 2011 at 5:26 am

hello

I have installed bt4r2 on 16G USB Stick if i try to startx the following error display

mktemp:cannot create temp file /tmp/serverauth.PaRKwM6155: read only file system
xauth:error in locking authority file /root/.xauthority

any ideas?

Reply

Steve April 28, 2011 at 7:38 am

Hola,

Just followed the guide – and now have BT4_R2 booting off a 16GB HP usb stick.

One thing that is confusing me though:

pvdisplay says PV size is 14.74GB;
vgdisplay says VG size is 14.74GB;
lvdisplay says LV size is 14.74GB.

But, df is showing the root partition as 7.0GB ?!?

What is limiting the size of the root parition to 7GB? Where has my other 8GB gone to?!? 😉

Cheers,

Steve.

Reply

PACmanX May 10, 2011 at 10:32 pm

Just tried this with BackTrack 5 GNOME 32-bit, and ran into trouble. The boot partition at 210MB is TOO SMALLL! I wasn’t sure exactly HOW to undo the disk encryption. I panicked, and used: “apt-get install gparted”… With the encryption unlocked (or so I thought), I deleted ALL partitions on my 16GB SDHC card. After, I could not create NEW partitions of any size or type to SDHC flash drive. Rebooted to Windows XP, tried to format FAT32 to the drive, no luck. Fortunately, I was able to recover the SDHC drive by using this tool: http://www.pcworld.com/downloads/file/fid,64963-page,1/description.html (Googled: HP USB Disk Storage Format Tool). Starting over from scratch, this time making a LARGER boot partition. Will update with results!

Reply

The math guy May 11, 2011 at 5:04 am

Tested with Backtrack 5 KDE.
used a boot partition of 1000mb.
It works perfectly.
I did notice though, that when I’m supposed to enter the luks password the screen is not in a shell anymore, but in a full purple ubuntu 10 loading screen

Reply

James May 12, 2011 at 10:37 am

I tried BT5 twice. The only changes I made were to use ext4 and ‘blkid’ instead of ‘vol_id’.
I couldn’t get it to work. It loaded all the drivers, showed the Backtrack5 splash screen, then returned to the black loading drivers screen (with the backtrack5 frame) and froze.

BTW, I used a 400MB /boot partition once and a 300MB /boot the other time and it installed without complaints.

Reply

James May 12, 2011 at 11:11 am

After letting it run for a while it finally gave me the dreaded “ALERT! /dev/mapper/vg-root does not exist. Dropping to shell!”
I followed the video, chrooted, re-installed hashalot lvm2 etc. still won’t work. Are there any other solutions to this problem?

Reply

dalamarek May 17, 2011 at 9:17 am

Hi i tried to follow your guide few times, and all the time the same problem.(bt4r2 – maybe thats a problem)

cryptsetup luksOpen /dev/sdb5 pvcrypt
Enter LUKS passphrase:
Command failed: No key available with this passphrase.

I tried booting from CD, VMware. I noticed when i install hashalot and lvm2 the lvm2 writes:
Processing triggers for initramfs-tools …
update-initramfs: Generating /boot/initrd.img-2.6.35.8
W: Possible missing firmware /lib/firmware/2.6.35.8/e100/d102e_ucode.bin for module e100
W: Possible missing firmware /lib/firmware/2.6.35.8/e100/d101s_ucode.bin for module e100
W: Possible missing firmware /lib/firmware/2.6.35.8/e100/d101m_ucode.bin for module e100
but i assume that lvm2 is not the problem of my luksOpen.

I checked the steps you mentioned in 59 comment from this site:
http://www.infosecramblings.com/backtrack/backtrack-4-bootable-usb-thumb-drive-with-full-disk-encryption/
and i cannot find aes_i586 and xts in /tmp/foo/conf/modules file.
I found lvm but lvm2 is in different dir, there is no pre-mount dir.
The pvcrypt is not there too, i couldn’t find it.

So i have no clue how to pass through this guide in bt4r2, i tried this on bt4 and with the same results.

Reply

kriggins May 18, 2011 at 7:06 am

@dalamerek,

I suggest you use the Backtrack 5 how-to.

Kevin

Reply

paul May 29, 2011 at 6:45 pm

i need this

Reply

dalamarek June 2, 2011 at 6:49 am

But as i mentioned the same problem i have with bt4 and bt4r2.

Reply

Renee Eifler June 17, 2011 at 3:04 am

Hello, I think your site might be having browser compatibility issues. When I look at your website in Chrome, it looks fine but when opening in Internet Explorer, it has some overlapping. I just wanted to give you a quick heads up! Other then that, superb blog!

Reply

eric September 8, 2011 at 2:03 pm

Hello,

I have a strange problem. I installed BT5 using this great guide. I worked several times with it. Now it don’t boot any more.

The BT image appears, then after some time

[code]
Alert! /dev/mapper/vg-root does not exist. Dropping to a shell!
[/code]

this shell, of course is useless (no real commands) .. so I looked at it from my debian notebook:

[code]
vgscan
vgchange -ay vg
lvs
mount /dev/vg/root /mnt/somepoint -o ro,user
[/code]

and I have acces. Which tells me that the system is not corrupt.

What can I doto make BT boot again? Any hints? I’am desperate.

Reply

Emohz October 6, 2011 at 9:40 am

Question, would this work only for thumb drives or does this apply to portable HDD as well?

Reply

JF December 19, 2011 at 6:11 am

So I had this working perfectly for months (using the first method). I have updated the kernel etc with apt-get and all worked fine. A few days ago I booted this with VMware and installed the VMware tools – they installed fine once I made sure the kernel headers were in place, problem is now it won’t boot. I get the following and then it drops in to a useless ramfs shell.

Alert! /dev/mapper/vg-root does not exist. Dropping to a shell!!

I’ve unlocked and mounted the volume using a debian live-cd, have then chrooted and uninstalled VMware tools but it’s still broken. Pretty sure it’s something to to with the initramfs boot image but I have no idea how to fix it – help please!

JF.

Reply

Ted January 6, 2012 at 11:44 am

Hi,

I did the installation, but now I have some problems with booting.
Got grub> command line. Trying with grub-install but the same result.
What now?

Thanks in advance,
Ted

Reply

Funashiko March 1, 2012 at 8:53 pm

i have a 15gb usb how long is it supposed to take after this command?
dd if=/dev/urandom of=/dev/sdb5

Reply

Celius April 1, 2012 at 11:03 am

Excellent instructions, writing this right now from a fresh install of BT5R2 with full disk encryption.

I just have one question.. How do I find out how much free space I have on the usb stick?
I installed on a 16gb stick so there should be “plenty” of room left, but how I check?

Reply

:) good April 1, 2012 at 3:48 pm

🙂 really i like this system ,but I still don’t know how i use it ^_^”

i want to learn but how can help me 🙁
thank you

Reply

Mc0rm1k April 17, 2012 at 11:59 am

I need help, I’ve succesfully installed BT5R1 on my pen, but in these days I ‘ve changed my oldest GF 8600GTS by a new GF 550GTX; and when load the kernel in the Grub, give me an error with the noveaufb driver, I use the default driver I don’t install any nvidia binary driver, what can I do, thanks!!

Reply

Trey August 21, 2012 at 8:36 pm

Hey Poofer;

Thanks for the commitment with the tutorial! Hopefully you can help me resolve this issue I have. Everything occurs normally until I get “..the partition table failed with error 16:…”. You tell us to reboot, so I hold my computer’s power button until it turns off. When it turns back on I try to boot Backtrack 5 through my USB, but it says “Operating System Missing”.

I also tried continuing with the guide and ignoring error 16, but as you said, I had problems along the way. Any help would be great;

~Trey

Reply

Leave a Comment

{ 17 trackbacks }