Feature request for deniable encryption?

Can we support Deniable Encryption for the entire operating system? Something that VeraCrypt does for Windows, unfortunately VeraCrypt does not support a hidden OS feature for Linux.

So the option should apply either for the home partition or the entire OS where it creates a hidden OS within the same partition or it creates a hidden home partition.

The way it would work is that the outer password would unlock the outer container, this is where a bunch of fake sensitive files will be stored, making it look like a daily operating system. Whereas the inner password would unlock the inner container of operating system or inner home partition, this is where the real files will be stored.

Having just a standard encryption is not enough as authorities can legally force the user to give up their encryption passwords, thus making standard encryption quite useless. Deniable Encryption can help circumvent this.

Would something like this work for you?

https://blog.linuxbrujo.net/posts/plausible-deniability-with-luks/

they really don’t have to force YOU to do anything. the librem 13/15 latops have not reached the point where they could be free of potential backdoors or other forms of penetration … see https://puri.sm/learn/freedom-roadmap/

this is because even if a driver bundled with the linux kernel might be open-source most of the time it calls upon proprietary firmware present in one of the non-yet-freed hardware (yeah ssd too) https://www.gnu.org/philosophy/loyal-computers.html

1 Like

Unfortunatly it is overly complicated though

it was designed to be like this so it would be very hard - almost impossible to break free. so what you have asked is possible only in regards to other users/entities such as yourself who don’t control the actual backdoor or other invasive means present at the lowest levels of the bare-metal individual components.

or you could in theory achive what you just asked if you knew first hand HOW those said “built-in features” worked in relation to the WHOLE.

I’ll give this one a shot. But before I do, anyone else done this? Is it really a practical solution to plausible deniability?

What can we expect with read/write speed changes and/or corrupted data risk with this solution?
What are others seeing?