We have covered how to create secure "throw-away hack boxes" using the Raspberry Pi before, but we thought it was time to go back and take a look at the process again. With all the new Raspberry Pi models and Kali changes from when we last covered this, we found the old process was in need of some updating.
A couple of days ago one of us had the idea of adding a "nuke" option to our Kali install. In other words, having a boot password that would destroy, rather than decrypt the data on our drive. A few Google searches later, we found an old cryptsetup patch by Juergen Pabel which does just that - adds a "nuke" password to cryptsetup, which when used, deletes all keyslots and makes the data on the drive inacessible. We ported this patch for a recent version of cryptsetup, and posted it on github.