Live encripted ISO (without userinput of a password)

Hello I have a question that might not be easy to understand or to answer.

I am trying to build a live OS to run a custom aplication.
For that I am using:

  1. debootstrap/chroot to build/assemble the a minimal Linux OS
    1.1) Install a kernel
    1.2) Configure and install all the packadges needed
    1.3) Add all the custom application files and scrips
  2. mksquashfs to make the image
  3. xorriso to make the iso

But I need to protect the custom aplication files (or at least make it dificult to access and read them)

Is there a way to encript the ISO and allow it to run without the user having to input the password?
If there is can you give me any pointers on how to do that?

Thank you.

Ok, so encrypting the ISO sounds like overkill if you just want to protect the application code. Historically applications would be compiled and only the binary form would be included in an image - which at least protects the source. Can I ask what language the application is written in?
If it’s .js, then things like webpack is good for obscuring source … for Python I use “pyinstaller” etc … i.e. obfuscation of the source is probably the best you can do, especially if you don’t want to use a password for decryption.
(the other option would be to only present it online …)
I guess it depends on what specifically you want to protect and who from?

Thank you for you answer.

I use a lot of things that are “secret” bash scripts, C/C++ aplications, python, configurations files, user data files.

The this is that I need to protect from reading and from using them. Ofuscating just avoid people understanding the code it does not avoid them to use it.

Yes encricpting the full OS might be a little to much but it also prevents any access.

Ok, so if you prevent access via encryption, how do you propose people gain access? … in order for the system to load, it will need to read the CD, i.e. decrypt the contents. In order to do that, it will need a decryption key. This will need to be accessible by the system when booting. If the system can see it, then the user will be able to see it. If the user can see it, then the encryption is pointless, so what you’re asking for is a bit of a catch-22.

Ultimately you will need some sort of password or key … for example you could build your application as an ISO then present it as a mountable partition with a pass key, which I think is how Ubuntu used to do encrypted home folders.

However (!) once mounted, the system (and hence the user) will then be able to read the contents of the ISO … so …

The final user will never have access to the terminal (he will never have the root password).
The applications will run on boot and then just reboot the machine in the end.

Ok, so here are the problem scenario’s;

  • users inserts cd into running system and mounts ISO on a dummy mount point - entire ISO contents visible
  • … I count go on, but to what end … ?

Terminal, irrelevant, root password, irrelevant … if you were going to rely on no terminal sessions and no root password, encryption is kind of irrelevant too.

You really need to decide what it is you’re trying to achieve.
If you’re trying to stop people from looking inside the ISO, forget it.
If you’re trying to stop people from copying the ISO, forget it.

Thank you for your input.
If I figure a way to make it work (with some compromises) I will tell.