diff --git a/src/freedombone-image-customise b/src/freedombone-image-customise
index 67ca7890..8fca8084 100755
--- a/src/freedombone-image-customise
+++ b/src/freedombone-image-customise
@@ -782,7 +782,7 @@ chroot "$rootdir" apt-get install -y avahi-daemon avahi-utils avahi-discover ava
 chroot "$rootdir" apt-get install -y iptables dnsutils net-tools network-manager iputils-ping
 chroot "$rootdir" apt-get install -y libnss-mdns libnss-myhostname libnss-gw-name nano man ntp
 chroot "$rootdir" apt-get install -y locales locales-all debconf wireless-tools wpasupplicant
-chroot "$rootdir" apt-get install -y usbutils
+chroot "$rootdir" apt-get install -y usbutils cryptsetup zsh pinentry-curses
 
 sed -i "s|#host-name=.*|host-name=${PROJECT_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
 sed -i "s|host-name=.*|host-name=${PROJECT_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
diff --git a/src/freedombone-image-mesh b/src/freedombone-image-mesh
index 3139e43c..fb1f7452 100755
--- a/src/freedombone-image-mesh
+++ b/src/freedombone-image-mesh
@@ -547,10 +547,16 @@ function create_tomb {
 		tomb >> /var/log/${PROJECT_NAME}.log
 	fi
 	TOMB_TEMP_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)"
+	echo "$TOMB_TEMP_PASSWORD" > /mnt/ramdisk/${tomb_name}.tomb.pass
 	tomb forge /mnt/ramdisk/${tomb_name}.tomb.key --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
 	tomb lock /tmp/${tomb_name}.tomb -k /mnt/ramdisk/${tomb_name}.tomb.key --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
 	tomb open /tmp/${tomb_name}.tomb -k /mnt/ramdisk/${tomb_name}.tomb.key --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
+	# update /etc/crypttab so that the rest of the os has access
+	cryptsetup luksAddKey --key-file=/mnt/ramdisk/${tomb_name}.tomb.key /tmp/${tomb_name}.tomb newkey --password="${TOMB_TEMP_PASSWORD}"
+
+	# stop stuff from popping up
 	pkill caja
+
 	# clear the temporary password
 	TOMB_TEMP_PASSWORD=
 }
@@ -563,6 +569,12 @@ function setup_amnesic_data {
 		return
 	fi
 
+	# clear crypttab
+	if [ -f /etc/crypttab ]; then
+		shred -zu /etc/crypttab
+		touch /etc/crypttab
+	fi
+
 	tomb_name=log
 	create_tomb ${tomb_name} $TOMB_LOG_SIZE_MB
 	if [ -d /media/${tomb_name} ]; then