Own platform build for PrivacyPi


The Platform build for PrivacyPi is a new distribution for the RaspberryPi hardware, that protects a user’s privacy by allowing them to safely store data within a hidden encrypted volume and the existence cannot be verified from an outside perspective. The already existing project PrivacyPi Reloaded is reworked into package, that main feature for the PrivacyPi OS.

Key terms

Privacy, deniable service, stability, robust, RaspberryPi Zero, RaspberryPi 4

Initial situation

This project is a continuation of a of P6 PrivacyPi Reloaded.
The P6 PrivacyPi Reloaded Project consists of a very fine and working solution of the PrivacyPi Project. The solution is well documented and can be easily adapted to any change needed. The solution has some short comings, like every defined partition is hard coded or an easy change of the storage solution is not possible e.g., switching storage from SD to SSD. Also, a later migration of the users PrivacyPi Installation onto a bigger SD Card have additional complexity, because just repartitioning and resizing of the fourth partition will delete the existing encrypted data.

Project Tagets

This project aims to provide a new system architecture for the operating system and an all-around hardened system to improve the robustness of the system against system errors and against attacks. All these improvements are to be made without breaking the privacy and deniability requirements, which the PrivacyPi Reloaded Project already fulfilled.

The fallowing project objectives where set:

Objective fulfilment

The new boot process with the PrivacyPi OS:

Simple boot process of PrivacyPi OS

Using squashFS, start the PrivacyPi similar to a known installation CD or Rescue CD. All changes to the data provided by squashFS are never saved, so the PrivacyPi OS can be rescued from almost any conceivable situation and unbootable destroyed. Except if you delete the squashFS, but who would do that?

Overall improvements the PrivacyPi:
The PrivacyPi can be flashed and start-up with any reboots. After 5-7 minutes (depending on the used hardware) the PrivacyPi can be fully used, the boot time decreases significantly after first boot.
The PrivacyPi user can create custom user and passwords with the new PrivacyPi OS.
The PrivacyPi backend was improved to be easier adapted to different systems e.g., by removing the need of partition which were hard coded into the system.

Enhancment to the PrivacyPi:
The features have been added and the PrivacyPi OS allowing users to configure the volume size of the hole encrypted partition:

PrivacyPi website configuration of encrypted volume size

And allowing the user to choose to configure the filesystem for their personal encrypted and hidden encrypted USB-drive:

PrivacyPi website Mass Storage Filesystem options: fat32, ext2-4 and ntfs

The features have been added and the PrivacyPi OS allowing users to setup a wireless connection with the web interface or the REST API.
The User can choose to connect to any Wireless network with SSID Name and password, or without a password.

PrivacyPi website Wifi configuration

The update feature is reworked to allow the PrivacyPi User to upload an officially signed update package and update the PrivacyPi OS.
Every only officially signed packages are installed and if something would break a backup can be easily restored.

PrivacyPi update OS

Project data


Martin Gwerder
Bahnhofstrasse 6
CH - 5200 Brugg

Project team

David Meier


Martin Gwerder, martin.gwerder@fhnw.ch

<< zurück