Project

General

Profile

Bug #11365

Feature #10178: Rephrase syslinux screen

Clarify the security implications of 'failsafe' startup option

Added by elouann over 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Low
Assignee:
-
Category:
-
Target version:
-
Start date:
04/25/2016
Due date:
% Done:

100%

Feature Branch:
feature/11975-boot-menu-wording
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

The documentation reads "The failsafe mode disables some features of the kernel and might work better on some computers. You can try this option if you think you are experiencing errors related to hardware compatibility while starting Tails."[1]

Many users are able to boot and use Tails with this option, the documentation should clarify which "features of the kernel" are disabled, especially wrt. security features

[1] https://tails.boum.org/doc/first_steps/startup_options

Associated revisions

Revision fe75a43e (diff)
Added by intrigeri almost 3 years ago

Replace the confusing "failsafe" wording with "troubleshooting mode" in the syslinux menu (refs: #11365).

Revision 3efaa0cf (diff)
Added by intrigeri almost 3 years ago

Make the syslinux menu wider, so that "Tails (troubleshooting mode)" fits (refs: #11365).

History

#1 Updated by intrigeri over 3 years ago

  • Assignee set to elouann
  • QA Check set to Info Needed

[...] the documentation should clarify which "features of the kernel" are disabled, especially wrt. security features

Is this ticket about the security impact of "failsafe" only? If yes, please clarify the title accordingly.

And then, my 2 cts: AFAICT, the options added by failsafe should have no security impact. They only affect how hardware is handled (e.g. various hardware features, such as SMP, won't be supported).

#2 Updated by elouann over 3 years ago

  • Subject changed from Clarify 'failsafe' startup option to Clarify the security implications of 'failsafe' startup option

Is this ticket about the security impact of "failsafe" only? If yes, please clarify the title accordingly.

Yes -> title changed

#3 Updated by intrigeri over 3 years ago

  • Assignee deleted (elouann)
  • Priority changed from Normal to Low
  • QA Check deleted (Info Needed)

Thanks! (No assignee and no big deal really => low priority.)

#4 Updated by huertanix over 3 years ago

Hi. "Is failsafe safer [meaning safer for privacy] than 'Live' mode?" was a common question at the Freedom of the Press Foundation's March 19th Tails training workshop in NYC. A possible improvement would be to clarify both Live and Live (failsafe) at the boot prompt by renaming it to something like "Normal Mode" and "Diagnostic Mode (failsafe)" to reflect the use cases that each is intended for.

#5 Updated by sajolida over 3 years ago

  • Assignee set to sajolida
  • Parent task set to #10178
  • Type of work changed from End-user documentation to Code

Thanks for moving this forward. It made me realize that this should be a subtask of #10178. In #10178#note-5, I suggested using "debug", maybe "troubleshooting" would do too. But I agree that "failsafe" is not appropriate. What do you think?

#6 Updated by sajolida over 3 years ago

  • Assignee changed from sajolida to huertanix
  • QA Check set to Info Needed

Reassigning to huertanix to have his opinion.

#7 Updated by cypherpunks over 3 years ago

Considering the failsafe mode sets nomodeset which causes /dev/dri/ to no longer be exposed, sending all graphics through /dev/fb0, rendered by Xorg in usermode instead, it ironically is much safer security-wise than the regular, non-failsafe mode. And nosmp cuts a lot of racy code out of the kernel too. Not that I'm suggesting the name is appropriate, just pointing it out.

#8 Updated by huertanix over 3 years ago

"Debug Mode" and "Troubleshooting Mode" might also work, but with limitations; I was thinking of using "diagnostic" because it might translate easier since "trouble shooting" might be confusing to non-technical users with English as a second language since both terms (trouble, shooting) have multiple meanings and might not make sense unless they have a technical background where they've head the phrase uses. "Debug" might have similar issues but I don't know how many other languages correlate software problems with insects.

#9 Updated by intrigeri over 3 years ago

  • Assignee changed from huertanix to sajolida
  • QA Check deleted (Info Needed)

(Requested info was provided, reassigning to sajolida for further triaging.)

#10 Updated by sajolida over 3 years ago

Thanks for the feedback.

When in doubt about terminology, I often look at what other style guides do. "Debug" is not in the Apple style guide but "troubleshoot" it. The Microsoft style guide has an entry for "debug" that reads: "Debug is a valid technical term in content for software developers. Do not use debug in any context as
a synonym for troubleshoot. Use troubleshoot or a more accurate word or phrase instead.". Which makes sense. So I'll go for "troubleshooting" I think.

#11 Updated by huertanix over 3 years ago

I see; It seems like Microsoft's explanation mentions it's oriented towards just software developers though? If "troubleshooting" is standardized enough to be understood by a wider range of people than just software developers, I think it's ok. We should definitely mention "Troubleshooting Mode" in that case though, so that people understand it's a mode and not a wizard interface or anything.

#12 Updated by sajolida over 3 years ago

I agree with "Troubleshooting Mode".

#13 Updated by intrigeri almost 3 years ago

  • Status changed from Confirmed to Resolved
  • Assignee deleted (sajolida)
  • % Done changed from 0 to 100
  • Feature Branch set to feature/11975-boot-menu-wording

Done on the topic branch, so let's close this ticket so that it's clearer (on the parent ticket) what's left to do.

Also available in: Atom PDF