Project

General

Profile

Feature #7475

Feature #6397: Support booting from USB devices exposed as non-removable

Have live-boot honor FSUUID=

Added by intrigeri about 5 years ago. Updated 4 months ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
Hardware support
Target version:
-
Start date:
06/30/2014
Due date:
% Done:

10%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
No
Affected tool:

Description

See parent ticket for the rationale, and desired user interface. boyska volunteered to add the needed support to live-boot.


Related issues

Duplicated by Tails - Feature #10944: When booting from DVD, if USB stick plugged, Tails ends up running from USB stick Duplicate 01/15/2016

History

#1 Updated by intrigeri about 4 years ago

I've just pinged boyska.

#2 Updated by intrigeri about 4 years ago

boyska can't work on this before September, and even then he encourages me to find someone else to work on this. Not sure how to proceed -- probably I'll send a call for volunteers on tails-dev@ + debian-live@, and then unassign this from me.

Also note that live-boot (at least 5.x) already supports some kind of UUID checking, but it's not suitable for security purposes: the UUID is generated at ISO build time, embedded in the initramfs and in the ISO filesystem, and at boot time the initramfs checks that the UUID on the boot drive is the one it knows about. Given the content of the ISO is public information, an attacker can very well plant the same in their fake Tails they put on the internal hard drive, so this doesn't help wrt. "not load the OS from an internal hard drives, while still looking for all devices even though they say they're not removable".

#3 Updated by intrigeri about 4 years ago

  • Subject changed from Wait for live-boot to support FSUUID to Have live-boot honor FSUUID=
  • Assignee deleted (intrigeri)
  • Type of work changed from Wait to Code

intrigeri wrote:

Not sure how to proceed -- probably I'll send a call for volunteers on tails-dev@ + debian-live@, and then unassign this from me.

Sent to tails-dev@: https://mailman.boum.org/pipermail/tails-dev/2015-July/009222.html.

#4 Updated by intrigeri about 4 years ago

boyska pointed out that a UI like live-media=boot-disk would be nicer than FSUUID=. However, I'm not sure if the initramfs has any reliable means to know what filesystem it was loaded from.

#5 Updated by sajolida almost 4 years ago

  • Target version deleted (Sustainability_M1)

#6 Updated by emmapeel almost 3 years ago

  • Duplicated by Feature #10944: When booting from DVD, if USB stick plugged, Tails ends up running from USB stick added

#7 Updated by intrigeri over 2 years ago

This (re?)implements bits I was mentioning in #7475#note-2:

It's still not suitable for security reasons, but if we combine it with what I describe on #6397#note-42 (that would be enough to solve the parent ticket), then we get a nice bonus UX improvement (no more random behavior anymore when starting a computer with two Tails sticks attached), without having to fiddle with anything bootloader-specific. These two solutions can be combined as live-boot looks for the UUID only on devices that satisfy whatever live-media= specifies.

#8 Updated by intrigeri over 2 years ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10

#9 Updated by intrigeri 4 months ago

  • Status changed from In Progress to Confirmed

Also available in: Atom PDF