Project

General

Profile

Feature #6621

Allow creating persistent volume onto a separate device

Added by porcino999 over 5 years ago. Updated about 1 year ago.

Status:
Confirmed
Priority:
Low
Assignee:
-
Category:
Persistence
Target version:
-
Start date:
01/21/2014
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
No
Affected tool:

Description

For added plausible deniability I suggest adding the option of being able to install the persistent volume on a separate device other than the one running the OS.

This way Tails OS mass storage device 1 is physically different from Tails User Data mass storage 2. User data may be stored on easily concealable/disposable/hidable MicroSD card ; if properly concealed an oppponent cannot prove nor disprove whether Tails was used with or without persistent user data.

Boot sequence could look for external /home directory then revert to internal temporary /home if none are found.


Related issues

Related to Tails - Feature #5929: Consider creating a persistence by default for plausible deniability Confirmed 08/20/2016
Related to Tails - Feature #6853: Give an overview of the workflow from downloading an ISO to having a working persistent volume Duplicate 03/06/2014
Related to Tails - Feature #15662: Don't require encrypted partitions to be labelled "TailsData" in the GPT table. Rejected 06/18/2018
Duplicated by Tails - Feature #5561: Support persistence from a separate device when running on DVD Duplicate
Blocked by Tails - Bug #8935: tails-persistence-setup check for persistence in use applies even when acting on a different device Confirmed 02/21/2015

History

#1 Updated by sajolida over 5 years ago

  • Subject changed from Add USB device selection in Persistent Volume Assistant to Allow creating persistent volume onto a separate device
  • Category set to Installation
  • Status changed from New to Confirmed
  • Priority changed from Normal to Low
  • Type of work changed from User interface design to Code

First, note that it is already possible to run Tails from a MicroSD card.

Second, note that we already have a plan for plausible deniability of the persistent volume, see <https://labs.riseup.net/code/issues/5929&gt;.

With that in mind, your idea is interesting, but I'm not sure about this value to defend plausible deniability of the persistent volume. Because if you are able to hide the separate device containing the persistent volume, then you might as well be able to hide a similar device containing Tails and the persistent volume, say on a MicroSD card.

Furthermore, once we have feature #5929 implemented, using this trick might actually prove that there is interesting data in the separate device with only a LUKS partition.

Nonetheless, it might be an interesting usability feature. But still, I'm marking it as low priority as I doubt we will consider it as a priority for the time being.

#2 Updated by broncospasm almost 5 years ago

Could this be a duplicate, in some sense, of #5561?

#3 Updated by sajolida almost 5 years ago

  • Duplicated by Feature #5561: Support persistence from a separate device when running on DVD added

#4 Updated by BitingBird almost 5 years ago

  • Related to Feature #6853: Give an overview of the workflow from downloading an ISO to having a working persistent volume added

#5 Updated by BitingBird over 4 years ago

  • Category changed from Installation to Persistence

#6 Updated by intrigeri over 4 years ago

  • Blocked by Bug #8935: tails-persistence-setup check for persistence in use applies even when acting on a different device added

#7 Updated by sajolida over 4 years ago

  • Related to deleted (Feature #6853: Give an overview of the workflow from downloading an ISO to having a working persistent volume)

#8 Updated by sajolida over 4 years ago

  • Related to Feature #6853: Give an overview of the workflow from downloading an ISO to having a working persistent volume added

#9 Updated by Gaff about 1 year ago

sajolida wrote:

With that in mind, your idea is interesting, but I'm not sure about this value to defend plausible deniability of the persistent volume. Because if you are able to hide the separate device containing the persistent volume, then you might as well be able to hide a similar device containing Tails and the persistent volume, say on a MicroSD card.

It's not about hiding - as long as you can plausibly explain what some random looking data on another device is you're good. Currently it's quite tricky to come up with alternatively explanations for random data on the tails device. On other devices it would be far easier.

This would also be useful for testing if nothing else!

Does anyone have any pointers on how this could be done? I could take a look...

#10 Updated by sajolida about 1 year ago

Note that the persistent volume in Tails uses LUKS which has a non-encrypted header that makes it clear that it's an encrypted partition and not random data.

#11 Updated by Gaff about 1 year ago

  • Related to Feature #15662: Don't require encrypted partitions to be labelled "TailsData" in the GPT table. added

Also available in: Atom PDF