< Wrapper

Secure Kali Pi 2019

Like Kali Pi 2018, but with the bugs fixed

WARNING, I’m not done with this yet.

Secure Kali Pi 2019

Posted on May 12, 2019

This tutoial is meant to assist those looking to create a full disk encryption on a Raspberry Pi 3 B+ using Kali and LUKS. I attempted to use the Kali website and follow their instructions (See: https://www.kali.org/tutorials/secure-kali-pi-2018/), but there were several issues that arose from their methods. It might be because the instructions are a year old at this point, or just that they are incomplete. But if you were starting from just hardware and you need to get to the point where Kali is loaded, the disk is encrypted and you can ssh into it with keys, then this is the tutorial for you.

The tutorial on the Kali website says that you will:

  1. Create a normal Kali Linux RPi installation
  2. Prepare the system for encrypted boot with remote disk unlock
  3. Create an initramfs configured with Dropbear and SSH keys to allow the unlock to occur
  4. Backup existing data
  5. Configure the encrypted partitions
  6. Restore our data
  7. Configure LUKS Nuke
  8. Hack away!

But this tutorial will also include

  • 1.1 The actual installation of Kali,
  • 1.2 Setting up ssh host keys with Dropbear,
  • 1.3 Fixing some configs that are neccassary for the initramfs to work and even
  • 1.01 Fixing Kali’s date if it loads improperly (because it did for me several times).

Hopefully this tutorial will keep you from having to reload Kali 5 times on the same SD card just to get the encryption right.

First things first, go get yourself some Kali on their website. It’s important to not only download Kali but verifying the signiture on the download. The last thing you need is to download a bad version of Kali to start with. I got my version of kali for pi from offensive security: https://www.offensive-security.com/kali-linux-arm-images/ The Pi version is in the list at the bottom.

Then use the instructions for verifying your image. https://docs.kali.org/introduction/download-official-kali-linux-images

Then use the instructions for your particular system to put Kali onto your SD card: https://docs.kali.org/downloading/kali-linux-live-usb-install Which, so long as you’re on Linux or Unix is basically just…
sudo dd if=kali-linux-2019.1-rpi3-nexmon-64.img of=/dev/disk2 bs=1m
With whatever the location of your kali is as the if= and whatever your disk is as of=, but see the link for more description.

When you first boot up, make sure that your dates are correct. This was an issue for me several times. So run the command :
If your date is off, I have a good way to help you out with it. Run this command :
ntpdate ntp1.eecs.wsu.edu
It will ping the WSU.edu university time servers to update your machine. :)

Run the two most basic first things you should:
apt-get update
apt-get full-upgrade
And go get a coffee, because this will take a while.
Then make sure to reboot.

Get all the packages you will need to make this work:
apt install cryptsetup lvm2 busybox dropbear


Leah Zulas, PhD