Is it possible to boot from NK Storage?

Peacekeeper 2017-05-26 15:50:02 UTC #1

I have not tried it yet, just searched a bit around in the web documentation and wonder , if it is possible to boot an OS from the NK Storage 2GB Fat Partition ?

Idea: boot from the encrypted partition, unlock the encrypted partition after login to have access to the private data.

jan 2017-05-29 13:00:08 UTC #2

The Nitrokey Storage appears as an ordinary USB drive. In general you can install and boot any operating system from it. In particular you have to consider if the performance is sufficient or perhaps use a Linux distribution with a slim window manager. The encrypted volume can be unlocked with the Nitrokey App.
If you have test results, please let us know.

Peacekeeper 2017-05-29 20:33:00 UTC #3

Thanks ! So if I read right between the lines, you have not tested it until today ?! I will try it with either FreeBSD or a Debian System. I am not sure if I want a graphical env. I am ok using zsh and cmd-line stuff.

BTW: will there be a cmd-line version of NitroApp ? e.g to get the same status information, to unlock the hidden/encrypted etc.

szszszsz 2017-05-30 09:25:12 UTC #4

I have just run Ubuntu 17.04 installed with YUMI. No issues whatsoever. I did not feel any slowness caused by SD card read limit (test consisted of running the OS and opening the Firefox with a 2-3 minutes of browsing + terminal). It would be interesting to use Nitrokey App from a booted system and how it affects the general stability.

Currently we do not have one. As a workaround you can use libnitrokey’s Python C bindings (as in tests here) from within iPython. There are some 3rdparty projects in development, but do not appear to be mature enough (yet).

Peacekeeper 2017-05-30 14:05:51 UTC #5

Sounds good ! I will give it a try next weekend - I thinking of using a live system to allow a boot from any computer type (maybe with a small virus scanner on it ) . If that works I think NK Storage could be the perfekt replacement for any computer, when you are able to boot the host from USB during your travel journey

jan 2017-05-30 18:52:03 UTC #6

Somebody just developed nitrocli a command line tool to get status information, unlock encrypted volume etc. We haven’t tested it yet but you might give it a try.

mueller-daniel 2017-05-31 03:03:40 UTC #7

Idea: boot from the encrypted partition, unlock the encrypted partition after login to have access to the private data.

I don’t understand how you can boot from the encrypted partition and only unlock the same afterwards. Assuming you mean to boot from the unencrypted partition then yes, that is possible as from any other USB stick as Jan mentioned. My setup does exactly that (GRUB installed on nitrokey storage).

Nitrocli should work for the use case of opening the encrypted volume. Note that it currently relies on gpg-agent (and with it pinentry) to ask for the PIN and cache it (simply because that’s fine in my setup). That should not be a problem but if it turns out feel free to open an issue and I can address it (I am incidentally the author of that tool ;)).

Peacekeeper 2017-05-31 06:49:59 UTC #8

Ups, you are right there was a typo or one of these damn auto corrections , which makes thinks worse
Anyhow, cool that you have written the cmd-line tool. I will test it.

BTW: have you installed a live-linux to allow the boot from any type of computer or something customized to your own device ?

mueller-daniel 2017-05-31 07:15:39 UTC #9

Once you have a boot loader like GRUB2 installed on the stick you can boot anything it supports booting from. In my case I have different entries for my installed Linux (with the kernel on disk) and live images (.iso files stored on the stick itself). The former is only usable on one particular system, the latter pretty much everywhere.