Live USB with single NTFS partition, GRUB2 boot loader and encrypted file for sensitive data.

USB partition scheme

Sources are published on GitLab. About MBR.


It is uncomfortable to erase/program USB stick when you need Live USB with some distro and create partitions back in case if you want to watch the movie on TV or take some files. We will create USB which will be both available as simple mass storage device in Windows and available as boot device with Live Linux distro.

How make bootable USB

You can see the list of block devices with executing lsblk.

sda              8:0    0 223,6G  0 disk  
├─sda2           8:2    0   488M  0 part  /boot
└─sda4           8:4    0 222,1G  0 part  
  └─sdb4_crypt 253:0    0 222,1G  0 crypt /
sdb              8:16   0 465,8G  0 disk  
└─sdb1           8:17   0 464,8G  0 part  
  └─data       253:1    0 464,8G  0 crypt /media/data

Lets assume that needed block device is /dev/sdb. Lets create partition with GParted.

sudo apt install gparted
sudo gparted /dev/sdb

In appeared window:

  1. Create new partition table (if device is raw). Chose standard msdos table type.
  2. Create single NTFS partition and name it as you want.

Now we have one partition – /dev/sdb1. Next we need to mount and install GRUB2 (can take a long time).

sudo mount /dev/sdb1 /mnt
sudo grub-install --boot-directory /mnt/boot /dev/sdb

Copying configs, images and scripts.

cp -rvf * /mnt/boot
mv /mnt/boot/grub.cfg /mnt/boot/grub

Now we can unmount partition.

sudo umount /mnt

Now you should be able to boot from that USB stick.

Encrypted file

We can also create encrypted file for sensitive data.

dd if=/dev/zero of="$F" bs=1M count="$S"
cryptsetup luksFormat "$F"

You can easily mount that file with script  

sh ./scripts/ -f "$F" -n 'my_crypt' -p '/somewhere/here'

And umount adding -u.  

sh ./scripts/ -f "$F" -n 'my_crypt' -p '/somewhere/here' -u