Making a Swiss Army USB

Live USBs and live utilities like Ultimate Boot CD, Clonezilla, and Kali Linux can be very useful for troubleshooting and solving any number of computer and network issues. I used to have an altoids tin full of various USBs that provided live boots, installation media, and utilities that could be used offline, but this quickly become unyieldly-

Which one was FreeBSD again?

Considering how cheap USB storage is (128GB is just $15), I thought why can't I make an all-in-one Swiss Army USB for live-boots, installers, and utilities?

Live-Multiboot Software

I found two different pieces of software that allow for Multibooting from USB, Ventoy and YUMI. YUMI has been around for longer but its development seems to of stagnated. I ended up choosing Ventoy for this project because its development is more active, it supports Secure boot, and it's also cross platform.

After downloading and unpacking the relase from github, installing ventoy is easy:
sudo bash Ventoy2Disk.sh -i -g -s -r 51200 /dev/sdX
This single command installs ventoy to our USB (-i) with a GPT layout (-g) with Secure boot support (-s) and 50GB of space reserved above ventoy for other uses (-r 51200) where our USB device is specified with /dev/sdX.

With just this one command we've installed Ventoy and can start adding liveboots by simply copying over ISOs and IMGs over to the "Ventoy" partition. I'll be adding the following ISOs:

• Artix Linux
• Open Suse Tumbleweed
• Fedora Workstation
• Debian
• Kali Linux
• FreeBSD
• TrueNAS Core
• Proxmox
• OPNSense
• Ultimate Boot CD Live
• Clonezilla
• Windows 10

Making use of leftover space

So despite ALL of those ISOs I still have plenty of space. So with the 50GB I told Ventoy to keep intact I've added add:

• Encrypted OS Persistence for Kali Linux
• exFat partition for general data

So after carving out these partitions with cfdisk (any partition manager can work) I setup the persistent Kali partition with the following commands:

$ cryptsetup --verbose --type luks1 --cipher serpent-xts-plain64 \
  --key-size 512 --hash whirlpool --iter-time 10000 --use-random \
  --verify-passphrase luksFormat /dev/sdX3
  $ cryptsetup luksOpen /dev/sdX3 usb
  $ mkfs.ext4 -L persistence /dev/mapper/usb
  $ e2label /dev/mapper/usb persistence
  $ mkdir -p /mnt/usb
  $ mount /dev/mapper/usb /mnt/usb
  $ echo "/ union" > /mnt/usb/persistence.conf
  $ umount /dev/mapper/usb
  $ cryptsetup luksClose /dev/mapper/usb

Then to put on the final touch is to make all remaining space an exFat partition for general data which will be accessible from either Windows or Linux. One mkfs.exfat /dev/sdX4 later and we're all done!

Closing Remarks

With not much effort at all you can make one USB to rule them all. This is a lot easier to manage, a lot easier to clone, and is something I can just add to my keychain instead of having a mess of drives in an altoids tin. Definitely an upgrade.