How to make Kali Linux 2021 Live USB with persistent and optional encryption (on Windows)
Table of contents
This page provides a complete guide to creating and further configuring Kali Linux on a portable media (memory card, flash drive, external drive). For brevity, the manual will say “on a flash drive”, although it means any of the listed media.
You can create a USB flash drive with Kali Linux 2021 Live USB right in Windows. In fact, this instruction is suitable for both Windows and Linux, since we need one cross-platform utility to write Kali Linux Live to USB. We will do other steps for setting up persistent storage from within Kali Linux itself.
In the instructions, we will create a persistent volume, that is, a persistent storage where files and settings will be saved between reboots. If desired, this volume can be made encrypted.
You will learn to:
- create a LIVE system on a flash drive with Kali Linux (in Windows or Linux)
- create persistence for your LIVE system
- create Kali Linux with encrypted persistent storage
An alternative method of getting portable Kali Linux on removable media: “How to install Kali Linux on a flash drive or external drive as a full-fledged OS”.
Making a LIVE bootable USB stick is one of the fastest ways to get Kali Linux up and running. This method has several advantages:
- fast deployment on a USB flash drive (since installation with unpacking of each package is not required)
- it is impossible to harm the main OS – when creating a bootable flash drive, the hard drives of the computer and the bootloader of the main system are not affected
- portability – you can boot from the flash drive on any computer
- you can set up persistent storage – a little extra effort and your Kali Linux LIVE system will be able to save files and new system settings
If you want a system with one or more persistent storages, then you need to start by creating a bootable USB flash drive with a LIVE system – this is the starting point for all subsequent actions. Therefore, in any case, we need an ISO image of the system from the official website: https://www.kali.org/get-kali/#kali-live
The latest release is available to choose from, as well as the Weekly Image (with more recent versions of the packages, but released without testing) – select any of them. You can download the image via a direct link or via torrent.
You will also need a USB flash drive. The faster the read/write speed of the flash drive, the more comfortable it will be for you. If you need a LIVE Kali Linux system and do not need persistent storage, then a flash drive of any size that exceeds the size of the ISO image is enough, i.e. it is 4 or more gigabytes.
If you plan to create one or more persistent storages, then a flash drive with a volume of 16 gigabytes or more is recommended.
We need a program to burn (write) ISO to USB stick. For these purposes, the cross-platform Etcher is ideal. That is, it doesn't matter if you are currently on Windows or Linux, you can use Etcher to write a disk image to a USB flash drive.
Go to the Etcher program website: https://www.balena.io/etcher/ and download it:
Plug in your USB stick, launch Etcher, select the downloaded Kali Linux LIVE ISO, then just hit the “Flash!” button and wait for completion.
I have a flash drive with a large capacity (256 GB), so the program shows me a warning: “You are about to erase an unusually large drive. Are you sure the selected drive is not a storage drive?”
If everything is correct (and in my case everything is as I want), then click “Yes, I'm sure”.
If you have already started your computer from a bootable USB flash drive, then repeat these steps for Kali Linux Live. For example, on my computer, I you turn it on, I need to press the ESC button many times (in some systems, it can be Delete or F12, F2, and so on), and then just select the USB flash drive.
If this did not work for you, then start booting the computer while holding down the SHIFT key (or reboot it holding down the SHIFT button). You can get to the following menu:
Select the “Use a device” section, there you will see your USB flash drive.
If that didn't work for you, then you probably have “Security Boot” and “Fast Boot” enabled. These settings must be disabled in the UEFI menu (new BIOS version).
To get into it, turn on the computer while holding down the SHIFT key. Go to the “Troubleshooting” section:
Go to “Advanced options”:
Select “UEFI Firmware Settings”:
Click the “Restart” button.
You will be taken to the UEFI settings, which resemble an advanced BIOS. The specific look and structure of the menu differs depending on the manufacturer of the motherboard. You need to find and disable the “Security Boot” and “Fast Boot” settings.
If the SHIFT key for some reason did not work for you, then use the command.
shutdown.exe /r /o
This command must be run with administrator rights. To do this, press Win+x, and then click the “Windows PowerShell (Admin)” option in the context menu that opens.
The Kali Linux 2021 Live boot menu looks like this:
Select the “Live system” option.
You will be logged in without a password. If the system at some point asks for a password, for example to unlock the screen, then enter “kali”.
See also: Default passwords in Kali Linux
Already at this stage, you can start getting to know Kali Linux. Among other things, you can:
- run tools
- update existing programs
- install new tools
- save files
All changes will be saved in the virtual file system and will be lost when the computer is restarted.
In order for the installed packages and saved files to not disappear after a reboot, you need to configure the persistence volume.
For example, I use a 256 GB flash drive, and the Kali Linux Live image takes 4 GB, which means that I can allocate up to 252 GB for persistence volume.
ATTENTION: This is a very crucial step, because if you are mistaken, you can delete data from the disk that you did not intend to erase.
Open a terminal and run the command there:
sudo fdisk -l
You will see a list of disks and partitions on them.
We need to find out the name of the disk (it looks like /dev/sd*) from which we booted Kali Linux. In the screenshot above, the drive names are highlighted in red.
The screenshot below shows two disks (1), to find the right one, look at the disk size (2), disk model (3), list of partitions (4).
A flash drive with a Kali Linux Live image should have two partitions:
Device Boot Start End Sectors Size Id Type /dev/sdb1 * 64 7866239 7866176 3.8G 17 Hidden HPFS/NTFS /dev/sdb2 7866240 7867711 1472 736K 1 FAT12
As we can see, the disk is called /dev/sdb, and the ISO image is written to the /dev/sdb1 partition.
To further verify the drive name, run the following command:
ls -l /dev/disk/by-label/Kali*
As you can see, the Live system is installed on the sdb1 partition, which means we really need the /dev/sdb disk.
ATTENTION: if you are not sure about the drive name, take a screenshot or a photo of all your drives (the output of the “sudo fdisk -l” command) and show them here in the comments – let's try to figure it out together.
So, on a flash drive with Kali Linux, I need to find out where the free space begins, for this use a command like this:
sudo parted /dev/DISK unit MB print free
For example, in my case the disk is called /dev/sdb, then the command is as follows:
sudo parted /dev/sdb unit MB print free
Pay attention to the line:
4028MB 256642MB 252613MB Free Space
4028MB is the beginning of free space. In total, 252613M (i.e. 252 Gigabytes) of free space on the flash drive is available to me.
The command for creating a new logical partition is:
sudo parted /dev/DISK mkpart primary ext3 BEGIN END
With the next command, I create a new logical partition on a flash drive (I have it on /dev/sdb), the partition will start at 4028MB and end at 100GB:
sudo parted /dev/sdb mkpart primary ext3 4028MB 100GB
- sudo parted – we call the parted program with superuser privileges
- /dev/sdb – path to my flash drive
- mkpart – internal command of the parted program that means creating a partition
- primary – partition type
- ext3 – partition filesystem
- 4028MB – start of a new partition
100GB – the end of the new partition, i.e. the new partition will be 100GB minus 4028MB, i.e. approximately 96 gigabytes. Instead of GB, you can specify MB (size in megabytes). ATTENTION: here you specify NOT the size of the partition, but the number of megabytes (or gigabytes) that you need to deviate from the beginning of the flash drive to the end of the partition being created.
The command shows the following warning:
Warning: The resulting partition is not properly aligned for best performance: 7867712s % 2048s != 0s Ignore/Cancel?
The essence of the message is that recording to discs is performed in blocks, and the selected settings do not fully correspond to the blocks – this is normal for media on which the ISO image is recorded. Therefore, enter “Ignore”.
The command will create the partition very quickly and display the following information, which can be ignored:
Information: You may need to update /etc/fstab.
You can see the new partition using the command
sudo fdisk -l
I have it displayed as
Device Boot Start End Sectors Size Id Type /dev/sdb3 7867712 195312500 187444789 89.4G 83 Linux
NOTE: if you want your persistent storage to be encrypted, then you do not need to complete the subsequent commands from this fourth section, you can go right now to the fifth stage “5. Persistent storage with encryption”.
The following command will create an ext3 filesystem on the specified partition and label it “persistence”.
sudo mkfs.ext3 -L persistence /dev/PARTITION
In my case, the partition is named /dev/sdb3, then the command is as follows:
sudo mkfs.ext3 -L persistence /dev/sdb3
Now we need to save a small file on the newly created partition, which is necessary for the normal functioning of the persistent storage. With the following commands, we will create a mount point on the current system, mount the USB flash drive (so that we can make changes to it), write the configuration file to enable persistent storage, and unmount the USB flash drive:
sudo mkdir -p /mnt/my_usb sudo mount /dev/sdb3 /mnt/my_usb sudo bash -c "echo '/ union' > /mnt/my_usb/persistence.conf" sudo umount /dev/sdb3
Note that in these commands you need to replace /dev/sdb3 twice with the name and number of your partition.
Now you can restart your computer and boot from the USB flash drive. At the beginning of the booting, select “Live USB Persistence”.
The system will now remember the changes made. For example, you can save files or install new programs, and they will not disappear after a reboot.
For the system to use persistent storage, select “Live USB Persistence” each time you boot. Otherwise, the normal Live system will boot.
You can encrypt the created persistent. As a result, all data stored on it will be securely protected. Each time Kali Linux boots up, it will ask for a password to decrypt the partition. Data will be automatically encrypted when written to encrypted and automatically decrypted when read from the partition.
You need to start by creating a persistent store, as described just above. Let's assume you've already created persistent storage, so let's continue.
If you have just created persistent storage and have not rebooted yet, then proceed to encrypting it. If you have already rebooted, then when you turn on the computer, you need to select “Live system” in the boot menu (and NOT “Live USB Persistence”) so that the partition that we are going to encrypt is not used by the system.
WARNING: Remember that in all subsequent commands it is very important for you to replace /dev/sdb3 with the name of your disk, otherwise you risk deleting data from the wrong disk.
When you encrypt a partition, all the data it contains will be destroyed and it will be impossible to recover it. To start encryption, enter the command
sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb3
The utility shows us a warning:
WARNING: Device /dev/sdb3 already contains a 'ext3' superblock signature. WARNING! ======== This will overwrite data on /dev/sdb3 irrevocably.
Its essence is that all data from the selected partition will be irrevocably overwritten.
If you are sure you need to enter the word “YES” (all capital letters).
Next, come up with a password that will open access to the encrypted partition. If you forget this password, there will be no way to recover your information. Although it will not go anywhere, it will be impossible to use it.
You may encounter an error:
The command ended with error code 16: The device /dev/sdb3, which is still in use, cannot be formatted.
This means that the system has automatically mounted the partition and you need to manually unmount it, this can be done with the command:
sudo umount /PATH/TO/PARTITION
Also, the utility may display the following message:
mke2fs 1.46.4 (18-Aug-2021) /dev/mapper/my_usb contains `OpenPGP Secret Key' data Proceed anyway? (y,N)
It says that this partition contains the “OpenPGP secret key” data. However, continue by typing “y”.
Now we open the encrypted partition to continue configuring it:
sudo cryptsetup open --type luks /dev/sdb3 my_usb
We are invited to enter a password to open the disk.
Let's create an ext3 filesystem and label it “persistence”:
sudo mkfs.ext3 -L persistence /dev/mapper/my_usb
Let's create a mount point, mount our new encrypted partition and write to the persistence.conf file and then unmount the partition:
sudo mkdir -p /mnt/my_usb sudo mount /dev/mapper/my_usb /mnt/my_usb sudo bash -c "echo '/ union' > /mnt/my_usb/persistence.conf" sudo umount /dev/mapper/my_usb
Close the encrypted channel to our persistence volume:
sudo cryptsetup luksClose /dev/mapper/my_usb
All is ready. When booting from a USB flash drive, select “Live USB Encrypted Persistence”.
At some point, the booting will stop, and you will need to enter a password. After entering the password, the system will continue booting.
How to change the Kali Linux language?
Run one the following command (specify the locale you need).
- To install English for Kali Linux, run the command:
sudo localectl set-locale LANG=en_US.UTF-8
- To install French for Kali Linux, run the command:
sudo localectl set-locale LANG=fr_FR.UTF-8
- To install German for Kali Linux, run the command:
sudo localectl set-locale LANG=de_DE.UTF-8
- To install Russian for Kali Linux, run the command:
sudo localectl set-locale LANG=ru_RU.UTF-8
The exact strings for the LANG values of your language can be found in the /etc/locale.gen file.
Finally, you can see a message like this:
It offers to change the name of the automatically created folders in the user's directory. That is, to change to translate their name into a new system language.
How to change the keyboard layout?
Go to Settings → Keyboard → Layout:
To configure, uncheck “Use system defaults”, as a result, you can add new keyboard layouts, select the default keyboard layout, change the key combination to change the keyboard.
To change and set other keyboard shortcuts, see the adjacent Application Shortcuts tab.
Continue reading: Kali Linux post-installation tips and settings
- How to install Kali Linux with full disk encryption or encrypted user's home folder (83.6%)
- How to install VeraCrypt on Linux (76.2%)
- How to install Kali Linux on a flash drive or external drive as a full-fledged OS (74%)
- How to try Linux: install to USB, virtual machine, or something else? (74%)
- Live USB flash drive with Linux does not boot, error ‘A start job is running for live-config contains the components that configure a live system during the boot process (late userspace)’ (SOLVED) (65.2%)
- How to hack Wi-Fi using Reaver (RANDOM - 1.4%)