Project

General

Profile

Feature #7475

Feature #8422: Support running Tails from internal hard drives

Feature #6397: Support booting from devices exposed as non-removable

Have live-boot honor FSUUID=

Added by intrigeri almost 6 years ago. Updated 27 days ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
Hardware support
Target version:
-
Start date:
06/30/2014
Due date:
% Done:

10%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
No
Affected tool:

Description

See parent ticket for the rationale, and desired user interface. boyska volunteered to add the needed support to live-boot.


Related issues

Duplicated by Tails - Feature #10944: When booting from DVD, if USB stick plugged, Tails ends up running from USB stick Duplicate 01/15/2016

History

#1 Updated by intrigeri over 4 years ago

I've just pinged boyska.

#2 Updated by intrigeri over 4 years ago

boyska can't work on this before September, and even then he encourages me to find someone else to work on this. Not sure how to proceed -- probably I'll send a call for volunteers on tails-dev@ + debian-live@, and then unassign this from me.

Also note that live-boot (at least 5.x) already supports some kind of UUID checking, but it's not suitable for security purposes: the UUID is generated at ISO build time, embedded in the initramfs and in the ISO filesystem, and at boot time the initramfs checks that the UUID on the boot drive is the one it knows about. Given the content of the ISO is public information, an attacker can very well plant the same in their fake Tails they put on the internal hard drive, so this doesn't help wrt. "not load the OS from an internal hard drives, while still looking for all devices even though they say they're not removable".

#3 Updated by intrigeri over 4 years ago

  • Subject changed from Wait for live-boot to support FSUUID to Have live-boot honor FSUUID=
  • Assignee deleted (intrigeri)
  • Type of work changed from Wait to Code

intrigeri wrote:

Not sure how to proceed -- probably I'll send a call for volunteers on tails-dev@ + debian-live@, and then unassign this from me.

Sent to tails-dev@: https://mailman.boum.org/pipermail/tails-dev/2015-July/009222.html.

#4 Updated by intrigeri over 4 years ago

boyska pointed out that a UI like live-media=boot-disk would be nicer than FSUUID=. However, I'm not sure if the initramfs has any reliable means to know what filesystem it was loaded from.

#5 Updated by sajolida over 4 years ago

  • Target version deleted (Sustainability_M1)

#6 Updated by emmapeel over 3 years ago

  • Duplicated by Feature #10944: When booting from DVD, if USB stick plugged, Tails ends up running from USB stick added

#7 Updated by intrigeri almost 3 years ago

This (re?)implements bits I was mentioning in #7475#note-2:

It's still not suitable for security reasons, but if we combine it with what I describe on #6397#note-42 (that would be enough to solve the parent ticket), then we get a nice bonus UX improvement (no more random behavior anymore when starting a computer with two Tails sticks attached), without having to fiddle with anything bootloader-specific. These two solutions can be combined as live-boot looks for the UUID only on devices that satisfy whatever live-media= specifies.

#8 Updated by intrigeri almost 3 years ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10

#9 Updated by intrigeri about 1 year ago

  • Status changed from In Progress to Confirmed

#10 Updated by intrigeri 27 days ago

intrigeri wrote:

This (re?)implements bits I was mentioning in #7475#note-2:

[…]

These URLs are broken currently but I have a clone locally. tl;dr: embed a UUID generated at build time into both the initramfs and the SquashFS; then, live-boot will look for a SquashFS that has the same UUID as the one found in the initramfs.

It's still not suitable for security reasons, but if we combine it with what I describe on #6397#note-42 (that would be enough to solve the parent ticket), then we get a nice bonus UX improvement (no more random behavior anymore when starting a computer with two Tails sticks attached), without having to fiddle with anything bootloader-specific.

That's true only when the two Tails sticks have a different version of Tails. If they have the same version of Tails, then the UUID will be the same on both sides, and then the SquashFS can very well be mounted from another USB stick that the user elected to boot from ⇒ confusion. IMO that's not good enough.

Additionally, now that we have FSUUID= passed by syslinux already (and soon by GRUB), "without having to fiddle with anything bootloader-specific" is not an advantage of this approach anymore.

So I think we're back to square one: nothing new on this very issue allows us to drop the idea that live-boot needs to honor the value passed with FSUUID= (which has drawbacks, that I'll discuss on the parent ticket).

Also available in: Atom PDF