Make bluetooth opt-in in the Greeter
Like network cards, Bluetooth devices have MAC addresses which can potentially identify a user.
Bluetooth is enabled by default in Tails but we do not ship the corresponding userspace software stack. We now have a feature request to make it possible to disable bluetooth on boot/in the greeter.
A plan could be:
- at build time, blacklist
- at (early) boot, rfkill block bluetooth
- in the Greeter, allow opting-in for Bluetooth
- in PostLogin.default, pass Bluetooth user prefs to tails-unblock-network
- in tails-unblock-network, if Bluetooth is enabled, remove the blacklist file and
rfkill unblock bluetooth
- for added safety, disable system-wide daemon and/or move gnome-bluetooth files out of the way?
- hardware-dependent device drivers?
- support enabling Bluetooth post-login if I forgot?
#2 Updated by intrigeri almost 4 years ago
- Subject changed from Provide an option to completely disable bluetooth in the greeter to Make bluetooth opt-in in the Greeter
- Description updated (diff)
- Category set to Hardware support
- Status changed from New to Confirmed
- Type of work changed from Discuss to Code
#5 Updated by cypherpunx almost 4 years ago
I had a go on a patch to disable BT and enabling it later on in the greeter. The patch is older then one year an possibly completely outdated. Still useful might be the /etc/modprobe.d/blacklist-bluetooth.conf file
--- cut here ---
install bluetooth /bin/false
--- cut here ---
The first line is important since the 'blacklist' keyword doesn't seem to be effective if the bluetooth module is load as a dependency.
#6 Updated by intrigeri almost 4 years ago
I had a go on a patch to disable BT and enabling it later on in the greeter.
The patch is older then one year an possibly completely outdated.
I think that other bits of the patch (especially the non-GUI parts that enable bluetooth if the user wants it) can still be very useful!
Still useful might be the /etc/modprobe.d/blacklist-bluetooth.conf file
Sure! Thanks a lot :)