I have simplified this process using a different approach and have written a simple yad shell script to automate it. You can check that out in my new forum thread here:
I have found a bug in this process, namely that without the sdcard the desktop environment doesn’t start up as I had thought. This is due to systemd being too clever with how it handles automatic dependency creation when it parses /etc/fstab, so that it disables the desktop environment if the micro SD card is missing. I’m researching alternatives and will update this post when I find an appropriate one.
Please do not follow these instructions yet until I discover how to resolve this issue so it can handle the case of a missing microsd card without disabling the desktop environment!
I will remove this warning once I discover the resolution to this issue.
Post-WARNING instructions once I resolve the issue
The subject of traveling with the Librem 5 came up again recently in this thread which led to my discussing the ideas of using replaceable “user personas” on the phone. I discuss the idea in more detail in this article, but to summarize, user personas allow you to compartmentalize your identities. You can have your regular “default persona” with personal files, contacts, accounts, and settings, and set up a new “travel persona” that has only the files, contacts, accounts settings you need to travel.
In my opinion it’s safest to travel such that you can always comply with border officials without losing sensitive data. You aren’t as good a liar as customs/border officials are at detecting lies. Attempting to smuggle things past them, using spycraft like duress codes that erase data, or preventing them from inspecting your computers could lead to more trouble, detention, confiscating your devices, and depending on the border, criminal penalties or deportation. With a travel persona, you can comply with searches safely without losing sensitive data. You can then restore your default persona either inside the border or once you get back home, depending on your threats and capabilities.
There are a few different ways one could implement user personas but they all revolve around the fact that likely all of your sensitive files and settings live inside your home directory (
/home/purism on the Librem 5). So to swap personas you could backup your current home directory, erase it, reboot, and you’d have a new blank account. You could then set that account up the way you want, back it up, and then erase and restore the home directory to whichever persona you want to use at the time.
I even thought about working on a simple GUI tool to help automate the backup and restore process, but after thinking about it, I’m starting to think the simplest approach for most people might be one where their home directory lives on a fast microSD card. That way, everything that constitutes a unique identity on the Librem 5 is removable:
- MicroSD card
- OpenPGP smart card (so you can store GPG secrets tied to a particular persona securely)
- Cellular Modem (IMEI)
- SIM card (IMSI)
- WiFi card (WiFi MAC)
Given you can potentially fit a lot more data on microSD cards than onboard storage anyway, I had already started using a large, fast microSD cards for media and other large files, so it makes sense to just move the whole home directory over there.
I just tested this approach and it seemed to work for me. Here’s what I did:
NOTE: My microSD card is formatted as ext4 and mounted at
/mnt/sda1, if you want to do something similar but mount your microSD elsewhere, you should adapt my steps to wherever you are mounting your microSD card.
Also, before you try these steps, please backup your important files to some other media than the microSD card you will be using for this exercise, just in case! We document two different approaches here and here.
Sync Files Over
sudo apt install rsync sudo rsync -avxh /home /mnt/sda1/
Because I have a lot of files, the first time this ran I didn’t bother with shutting down applications or anything as it was going to take awhile. Then once it completed, I shut down any open applications and refreshed any files that may have changed:
sudo rsync -avxh --delete /home/ /mnt/sda1/home/
Set up fstab
We need to tell the
/etc/fstab file that it should bind mount the home directory from the microSD card over the top of the existing home directory. Edit
/etc/fstab and add the following line (modify to account for where you mount your microSD card):
/mnt/sda1/home/purism /home/purism none auto,bind,nofail
Including the entry I added to mount my microSD itself, the changes from the factory default would look like:
/dev/sda1 /mnt/sda1 auto auto,nofail 0 2 /mnt/sda1/home/purism /home/purism none auto,bind,nofail
It is CRITICAL that you add the
nofail option to any microSD card-related entries in
/etc/fstab, that way if you boot without the microSD card it will fail to mount but still continue the boot process. Without the
nofail option, the boot will stall and you will have to modify the file system from a remote computer to remove the mount point from
Move the old home directory out of the way
Now I’m ready to reboot into my new home directory, but since it is going to be mounted on top of whatever is in
/home/purism, I want to move the old directory out of the way, and touch a file in the new directory so I can tell them apart:
sudo mv /home/purism /home/purism.bak sudo mkdir /home/purism sudo chown purism:purism /home/purism touch /mnt/sda1/home/purism/new
Reboot and test
Now you can reboot the phone and when it comes up, you should have all of your settings as they were before, and if you look, you should see an empty file named “new” in your home directory. Once you feel comfortable with this setup, you can remove the old
Congratulations, you now have your default user persona!
Creating additional user personas
To create an additional persona, format a new microSD card with ext4 on a separate computer and add an empty
home/purism directory structure on it owned by the purism user:
mkdir -p /mnt/sda1/home/purism chown 1000:1000 /mnt/sda1/home/purism
Then insert the microSD card into the Librem 5 when it’s powered off and then boot it, and you should be back to a default, fresh user with no settings. Just set up contacts, accounts and files you want to have for this persona and when you are done, you can power off the Librem 5 and replace it with the microSD card containing your default persona, and store the new persona somewhere safe until you need to use it.
Then to use the new persona, you power off the Librem 5 and swap the microSD cards.
What if my microSD card fails?
No storage lasts forever, and you should backup important files from your home directory on your phone to somewhere safe just like you should on a laptop. Since you are now using the microSD card as a home directory, it doesn’t make sense to store backups there as well, so you will want to copy backups over to a separate computer, a network mount point, a USB thumb drive, or some other option.
If your microSD card does fail, the file system gets corrupted, or there is some other problem, when you boot the system it will start with that empty
/home/purism directory that’s underneath the bind mount, and you will be presented with a fresh “like factory” install and will need to recreate any settings.
Or if you took backups, just format the new microSD card with ext4, and restore the home directory on it and replace the failed microSD card.
Of course this would be a lot safer if the file system on the microSD card were encrypted. Once we complete support for unlocking LUKS partitions at boot, we would then extend the same approach to unlocking an encrypted microSD card.