|My wife's Windoze laptop, booted into Fedora using my phone|
That opens up a world of possibilities. Effectively you can carry your computer round in your pocket, with all the programs you want, and all your documents safely encrypted. For bonus marks, you can set your phone up to read the encrypted image and get access to your documents directly from your phone.
Here's what to do to get your phone set up for booting.
- Prepare a Fedora ISO image that you'd like to boot from. I've got my own that I built, with the programs on it that I generally use, but the easiest way to get one to experiment with is to download the live CD image from the Fedora web site.
- Make sure there's enough room on your phone's SD card. To play this game properly, you'll need enough space for the installation image (~650MB for the live CD), some space for a persistent overlay so that you can install and remove other programs and edit system settings (~350MB should be plenty), and some space for an encrypted filesystem containing your documents; so maybe 1GB plus document storage space. You don't need to repartition: this can all go on the FAT32-formatted partition you already have. (The whole process is non-destructive.)
- Set the FAT32 partition on your phone's SD card to be bootable. Plug your phone into your computer, put it in 'Disk drive' mode, and then use parted on Linux, or a GParted live CD, or whatever you Windows types use for partition management.
- Now install the image. I'm using Fedora, so the gubbins I need to perform the installation is already there, in the livecd-tools package; the command I use to install onto a USB stick is
livecd-iso-to-disk --reset-mbr --overlay-size-mb 350 --home-size-mb 1024Be very careful to get this right! You need to replace '/dev/sdb1' with the device representing your card's FAT32 partition. The '--reset-mbr' isn't as scary as it looks: it doesn't destroy the partition table, but it does set the master boot record to something that you can boot from.
- Reboot your phone to convince yourself you didn't brick it.
- Now boot your computer from your phone! Set your phone to 'Disk drive' mode again, reboot your computer, and hit F12 or whatever lets you choose a boot device, and select 'USB device' or equivalent.
Answers to questions for more excitable types:
- Do I need to have rooted my phone? No. All you're doing is using it to store some files. On the other hand, if you have rooted your phone, you'll be able to access the encrypted files directly from your phone.
- What happens if my phone battery runs out? It won't. On my phone, at least, the USB port supplies more than enough power to keep it operating as a disk drive, so it'll charge up rather than drain.
- What do I do if the phone rings? Answer it. There's nothing to stop you using your phone as a phone, as long as you don't unplug it, reboot it or turn it off 'Disk drive' mode. (That does mean that your FAT32 partition won't be mounted on your phone, so any apps that you've got stored on the SD card using the native Froyo system won't be operational. If you've used an A2SD-style separate partition, your apps will all work fine.)
- What's the best way to make use of all this? That rather depends on what you want to do. I use Unison to sync my files so that everything's up to date, but you could equally use Dropbox or similar. Really, the sky's the limit: you can use it to do anything you could do with your normal computer.
- How do I mount the encrypted partition directly from my phone? This takes a little bit of planning, and I'll write a full article on that soon. You need four things to get it to work:
- a rooted phone;
- a cryptsetup binary compiled for ARM (download);
- a recent busybox binary (if you haven't got it already, install from the Market or download);
- a phone kernel with compiled-in support for the encryption present in the encrypted partition.
adb shellto get a terminal on your phone.
Map the encrypted image to a free loop device:
busybox losetup -fto find a free one.
- Create it if necessary:
busybox mknod -m 0600 /dev/loopx b 7 x(replacing 'x' with the number of the first free device, if it doesn't exist).
- Check that the one you've created is still free! It should be, but for some reason, when I create /dev/loop0 through to /dev/loop3 on my phone, they all get eaten straight away. Anything numbered from 4 upwards works fine for me.
- Map the device:
busybox losetup /dev/loopx /sdcard/LiveOS/home.img
- Try to open it:
cryptsetup luksOpen /dev/loopx enchome
- If you're lucky, it'll open fine, and you won't need to change the encryption. If you get an error telling you to check your kernel for the right cipher support, it means you're going to need to change the encryption. If you've stored anything important in the encrypted image, stop and copy it out, because this will destroy it (but you only have to do it once):
- Format it with a different cipher:
You might need to try different cipher specs till you find one that your kernel supports. You could try 'aes-cbc-plain' or just 'aes' or even 'twofish'. A look at
cryptsetup --cipher=aes-cbc-benbi luksFormat /dev/loopx
/proc/cryptowill give you some clues as to what's available, but it's not easy to work out exactly what it all means. Make sure you stick to something that gives you a decent level of security.
- Try opening it again, using the
- You'll now need to format it again, with
If you get an 'applet not found' error, your version of busybox isn't recent enough.
busybox mke2fs -m 0 /dev/mapper/enchome
- Format it with a different cipher:
- Once you've successfully run the
luksOpencommand, you can now mount the image. Make an empty directory somewhere that you can mount it in (say, /sdcard/encimage), and then mount it with:
mount /dev/mapper/enchome /sdcard/encimage