Thursday, 26 February 2015

Add Liberte Linux with persistence to E2B


Liberte Linux is a secure, reliable, lightweight and easy to use Gentoo-based LiveUSB/SD/CD Linux distribution with the primary purpose of enabling anyone to communicate safely and covertly in hostile environments. Whether you are a privacy advocate, a dissident, or a sleeper agent, you are equally likely to find Liberté Linux useful as a mission-critical communication aid.

The latest version is 2012.3 and supports MBR and 64-bit and 32-bit UEFI-booting.

Liberte will automatically make a persistent file at \otfe\liberte.vol if an empty \otfe folder exists in the root of a FAT32 writeable storage medium. It does not seem possible to boot from the ISO with persistence however, so we must use a .imgPTN file:


Instructions

Note: If you already have a working Liberte USB Flash drive with persistence, go to Step 6 below and drag-and-drop the USB drive icon (e.g. H:) onto the MPI_FAT32 desktop shortcut. Step 10 can also be omitted if you have working persistence.

1. Download the latest .ZIP file (the .ISO file does not contain EFI boot files).

2. Extract the .ZIP file to an empty folder on your system (e.g. C:\temp\LIB)  (approx. 250MB)

3. If there is a liberte folder and a EFI folder, make sure the EFI folder is at the same level as the liberte folder.

e.g.
C:\temp\LIB\liberte
C:\temp\LIB\EFI

4. Make a new folder named otfe  - e.g. C:\temp\LIB\otfe

5. Decide on how big you want the persistent storage file to be and copy a file of a similar size to the otfe folder. Any file will do - it is just a place-holder and we will delete it later.

6. Drag-and-drop the C:\temp\LIB folder onto the MPI ToolKit MPI_FAT32 Desktop shortcut icon (you need to add the E2B MPI Toolkit to install the required Desktop shortcuts). Specify a filename like C:\temp\Liberte.imgPTN for the target file. Do not use the MPI_NTFS shorcut.

7. Add the .imgPTN file that was created in Step 6 to your E2B USB drive (e.g. to \_ISO\MAINMENU)

8. Now boot to the E2B USB drive (you can use a real system or VBox or QEMU) and select the menu entry for Liberte and run it to get to the CSM menu (see screenshot below).

9. The CSM menu now needs to be modified. Quit the VM or disconnect and reconnect it to your Windows system so that you can access the new partition on the E2B USB drive.
Now add the following lines to the bottom of the \menu.lst file using NotePad (the menu.lst file should be quite large - if it is only about 12 lines then you have not followed Step 8 and switched partitions!).

Liberte_Persistent.txt (can be found in \_ISO\docs\Sample mnu Files\linux folder in E2B)...

title \n
root ()

title Liberte\n Boot Liberte with persistence or other options.\n \\otfe folder must be present.
set PARAMS=video=800x600-32 quiet memtest=1 loglevel=4
#Optional params: readonly, [no]toram, gentoo={i2p,nosettings,noanon}. See http://dee.su/liberte-documentation
set KERNEL=/liberte/boot/kernel-x86.zi
echo
echo -e $[0x0c]Options:\nN = Boot as Normal\nR = ReadOnly\nS = No Settings\nV = VESA Graphics\nC = Console\nM = MemTest\n\n
if not exist /otfe/liberte.vol echo -e $[0x0e]WARNING: Persistence file /otfe/liberte.vol does not yet exist\nMake sure you have created the \otfe folder to enable persistence.\n
set ask=
set /p ask=Press ENTER to continue normally or choose N,R,S,V,C or M : 
echo
if /i "%ask%"=="V" set PARAMS=nomodeset gentoo=xvesa quiet memtest=1 loglevel=4
if /i "%ask%"=="C" set PARAMS=nomodeset gentoo=nox,root memtest=2 earlyprintk=vga loglevel=6
if /i "%ask%"=="M" set KERNEL=/liberte/boot/memtest86plus/memtest && set PARAMS=
if /i "%ask%"=="R" set PARAMS=video=800x600-32 quiet memtest=1 loglevel=4 readonly
if /i "%ask%"=="S" set PARAMS=video=800x600-32 quiet memtest=1 loglevel=4 gentoo=nosettings
#Show params for a while before booting...
echo
set /p:3 ask=kernel %KERNEL% %PARAMS%
kernel %KERNEL% %PARAMS%
boot

nosettings = Do not save/restore user-level application settings in /persist/settings/config.tar.xz
10. Now delete the file you put in the \otfe folder leaving an empty \otfe folder - this will make Liberte prompt you to create a new \otfe\liberte.vol persistence file when you next boot Liberte.

This is the file structure you should see once in CSM mode.

Now you should be able to UEFI-boot, Clover boot (option 2) or MBR boot (option 5) from the CSM menu - note that menu option 1 won't work (you can delete that menu entry from the \menu.lst if you have sufficient skills)!

The CSM menu (note you also can UEFI-boot using Clover)

 If you use the CSM Liberte menu entry (menu 5), you will be asked how you want to boot Liberte as shown below - for the default (persistent) mode, just hit the ENTER key...
Adding nosettings to the boot options temporarily inhibits
extraction and saving of user configuration.


When you first boot Liberte, you will need to choose new passwords:


11. As a final step, we should resize the persistent liberte.vol file that was made by Liberte on first boot, so that we use all the available free space instead of the default size of 1/4 free space. To do this click on the Shell Terminal icon in Liberte and type
sudo otfe-resize  XXX
where XXX is the new size in MiB of the liberte.vol file - for example, if the file was 30MB and you had 120MB of free space on the partition, use a size of 130  and if it doesn't work then reduce it slightly until it does work.

The icon for the Terminal is in the System Tray next to the Home icon.

Finished!

Once you have made the changes, boot to the CSM menu and select option 0 to get the E2B partition back. Now make a backup of the .imgPTN file in case you will need it again! You can also backup just the liberte.vol file separately too, if you wish.

Note that all you need to do to 'reset' the image in future (e.g. if it fails to fully boot due to a corrupt liberte.vol file), is to just delete all files from the \otfe folder.