[HacktionLab] Steam Deck encryption

Ben Green ben at bristolwireless.net
Wed Jul 5 13:57:55 UTC 2023 

Ah interesting. My method has a number of advantages in terms of 
security plus you don't have to add any packages to the base distro with 
my method, but that approach is more useable. Without encrypted swap 
though it's pretty pointless, but they could easily add that to their 
method. Anything that gets added as a package to the Arch base install 
is overwritten on upgrades which is a pain.

I'll tidy it up and get it on line at some point.

On 05/07/2023 13:50, U wrote:
> Hey
>
> Sounds worthwhile to put it online, people are also using vaults to 
> store sensitive data as described here: 
> https://gitlab.com/popsulfr/steam-deck-tricks#encrypted-vaults-with-plasma-vault-and-gocryptfs
>
> cheers
>
> On Wed, Jul 5, 2023 at 1:32 PM Ben Green <ben at bristolwireless.net> wrote:
>
>     Hi all,
>
>     I went through a process of getting my Steam Deck secure enough to
>     use as a portable system. It doesn't come with any encryption at
>     all. Getting data from it would mean putting undoing a few screws
>     and removing the SSD. I started on a set of scripts to:
>
>      1. Create an encrypted swap partition.
>      2. Mount that as a swap.
>      3. Create an encrypted file partition.
>      4. Mount the file partition on all the sensitive places of the
>         /home/deck home using bind mounts
>
>     Here's what you can't do on the Steam Deck that would be useful.
>
>       * Use overlayfs (it's already used to mount the imuttable root
>         underneath the home directory) - might be possible to make
>         this work.
>       * Install an different OS easily (possible on the SD card but
>         not so fun).
>       * Have persistent changes on the root FS.
>
>     I'm thinking the bits I've made, which are by no means very
>     complicated, might be helpful.
>
>     I think another Ben was interested in this project, so I'm putting
>     this here to contact him and to see if this is of interest to
>     anyone. Might bung it on gitlab if so.
>
>     Cheers,
>
>     Ben
>
>     _______________________________________________
>     HacktionLab mailing list
>     HacktionLab at lists.aktivix.org
>     https://lists.aktivix.org/mailman/listinfo/hacktionlab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.aktivix.org/pipermail/hacktionlab/attachments/20230705/63fb1913/attachment.html>

More information about the HacktionLab mailing list