<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Ah interesting. My method has a number of advantages in terms of
security plus you don't have to add any packages to the base
distro with my method, but that approach is more useable. Without
encrypted swap though it's pretty pointless, but they could easily
add that to their method. Anything that gets added as a package to
the Arch base install is overwritten on upgrades which is a pain.</p>
I'll tidy it up and get it on line at some point.
<p></p>
<div class="moz-cite-prefix">On 05/07/2023 13:50, U wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAFdyMxdH8ofxqJZgQS_MFubY0G4KW-4-yyVPu86yPOXm7-B-uQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>Hey</div>
<div><br>
</div>
<div>Sounds worthwhile to put it online, people are also using
vaults to store sensitive data as described here: <a
href="https://gitlab.com/popsulfr/steam-deck-tricks#encrypted-vaults-with-plasma-vault-and-gocryptfs"
moz-do-not-send="true" class="moz-txt-link-freetext">https://gitlab.com/popsulfr/steam-deck-tricks#encrypted-vaults-with-plasma-vault-and-gocryptfs</a></div>
<div><br>
</div>
<div>cheers<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Jul 5, 2023 at 1:32 PM
Ben Green <<a href="mailto:ben@bristolwireless.net"
moz-do-not-send="true" class="moz-txt-link-freetext">ben@bristolwireless.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hi all,</p>
<p>I went through a process of getting my Steam Deck secure
enough to use as a portable system. It doesn't come with
any encryption at all. Getting data from it would mean
putting undoing a few screws and removing the SSD. I
started on a set of scripts to:<br>
</p>
<ol>
<li>Create an encrypted swap partition.</li>
<li>Mount that as a swap.<br>
</li>
<li>Create an encrypted file partition.</li>
<li>Mount the file partition on all the sensitive places
of the /home/deck home using bind mounts<br>
</li>
</ol>
<p>Here's what you can't do on the Steam Deck that would be
useful.</p>
<ul>
<li>Use overlayfs (it's already used to mount the
imuttable root underneath the home directory) - might be
possible to make this work.<br>
</li>
<li>Install an different OS easily (possible on the SD
card but not so fun).</li>
<li>Have persistent changes on the root FS.</li>
</ul>
<p>I'm thinking the bits I've made, which are by no means
very complicated, might be helpful.</p>
<p>I think another Ben was interested in this project, so
I'm putting this here to contact him and to see if this is
of interest to anyone. Might bung it on gitlab if so.<br>
</p>
<p>Cheers,</p>
<p>Ben<br>
</p>
</div>
_______________________________________________<br>
HacktionLab mailing list<br>
<a href="mailto:HacktionLab@lists.aktivix.org" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">HacktionLab@lists.aktivix.org</a><br>
<a
href="https://lists.aktivix.org/mailman/listinfo/hacktionlab"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.aktivix.org/mailman/listinfo/hacktionlab</a><br>
</blockquote>
</div>
</blockquote>
</body>
</html>