Bug #16179
Research filesystems options to be usable accross Tails, Windows & MacOS X for Veracrypt
0%
Description
Hi,
Veracrypt interest maybe limited on MacOS X, because of the state of MacOS X NTFS support : even on recent mac os versions its readonly, and steps required to have a read write support may not be userfriendly.
It may be problematic for the filesystem of the veracrypt partition, and may being even more problematic for in case of the use of a container in which case both container file system and the one on which the container is stored, ùay have to be carefully chosen.
It may worth to,
- add a note about it in https://tails.boum.org/doc/encryption_and_privacy/veracrypt/index.en.html#index1h2
- Maybe Investigate if it and how an userfriendly way to have a macos x read/write support could be recommended (maybe out of scope)
[Description will be updated later to clarify]
Subtasks
Related issues
Related to Tails - |
Rejected | 2017-12-10 |
History
#1 Updated by mercedes508 2018-12-03 14:02:51
- Status changed from New to Confirmed
- Assignee set to segfault
I assign it to you segfault for the technical expertise, fell free to re-assign to sajolida, if it’s only about doc.
#2 Updated by intrigeri 2018-12-03 14:36:43
- Assignee changed from segfault to geb
Let’s first try to describe the problem in a bit more comprehensive way.
> Veracrypt interest maybe limited on MacOS X, because of the state of MacOS X NTFS support
I don’t understand how that’s related. If I use VeraCrypt on macOS and want to share files with Tails, why would I create a NTFS filesystem? Doesn’t VeraCrypt offer other options that will work both on macOS and Linux?
#3 Updated by geb 2018-12-03 16:20:20
Hi,
intrigeri wrote:
> Let’s first try to describe the problem in a bit more comprehensive way.
>
> > Veracrypt interest maybe limited on MacOS X, because of the state of MacOS X NTFS support
>
> I don’t understand how that’s related. If I use VeraCrypt on macOS and want to share files with Tails, why would I create a NTFS filesystem? Doesn’t VeraCrypt offer other options that will work both on macOS and Linux?
- If you create a Veracrypt partition/container on Windows, it will be by default in NTFS (and no step to select the filesystem will be presented, i don’t know if there is another option than to reformat to let you choose the filesystem), it will work fine with Windows and Tails, but it will be read only in Mac.
- If you create a Veracrypt partition/container in MacOS X, an additional step is presented to let you choose the filesystem : FAT, exFAT, HFS+ (or APFS? I dont remind..) are proposed. FAT which is the default choice will be usable on Tails/Windows/Mac but will suffer limitation, like filesize. I don’t know if/how other formats will work either with Tails or Windows. In case of a Veracrypt container, attention also have to be taken to the underlying filesystem.
https://tails.boum.org/doc/encryption_and_privacy/veracrypt/index.en.html#index1h2 documents Veracrypt has being portable to Tails, MacOS and Windows. However if veracrypt is portable by itself, the containers created may only be read only or may suffer limitation :
- a container/partition created in Windows, will be ok with Tails, but read only with MacOS X
- a container/partition created in MacOS X, will be by default usuable with both Windows/MacOS X and Tails but will suffer limitation : file size < 4GB and in case of a container : container size < 4GB because of the fact the underlying filesystem also have to be FAT…
While it may be out of scope for Tails to document if and how Veracrypt could be setup to be fully usuable accross Tails, Windows and MacOS X (as it is actually wrote in https://tails.boum.org/doc/encryption_and_privacy/veracrypt/index.en.html), it may also worth to be documented and maybe it may worth to invesigate if a good (readwrite, not limited to 4GB) option could be proposed (maybe exFAT if its possible to create and use a exFAT veracrypt volumes on Windows ?), especially if at a moment, proposing users to create veracrypt volumes is envisionned (Is it ? I did not found any ticket for that).
Feel free to reject if not relevent.
#4 Updated by geb 2018-12-03 16:21:38
- Type of work changed from End-user documentation to Discuss
#5 Updated by intrigeri 2018-12-03 16:38:59
Thanks a lot for the clarifications.
> While it may be out of scope for Tails to document if and how Veracrypt could be setup to be fully usuable accross Tails, Windows and MacOS X, it may also worth to be documented and maybe it may worth to invesigate if a good (readwrite, not limited to 4Gb) option could be proposed (maybe exFAT if its possible to create and use a exFAT veracrypt volume on Windows ?),
The scope of our VeraCrypt work was, perhaps implicitly and maybe erroneously, restricted to “interoperability between Tails and one of Windows and macOS”, which AFAIK works fine already. In that sense, documenting this is indeed out of scope. But if there’s a simple recommendation we can make, that works everywhere, indeed that would be nice :) I don’t think doing this research fits into any of the Core work roles we have but if someone does it and comes up with a solution, I guess that our tech writers could add it to the doc rather cheaply.
> especially if at a moment, proposing users to create veracrypt volumes is envisionned
Indeed.
> (Is it ? I did not found any ticket for that).
#6 Updated by intrigeri 2018-12-03 16:39:15
- Type of work changed from Discuss to Research
#7 Updated by geb 2018-12-03 17:18:22
- Subject changed from Document Veracrypt limitation on MacOS X because of NTFS support to Research filesystems options to be usable accross Tails, Windows & MacOS X for Veracrypt
- Description updated
#8 Updated by geb 2018-12-03 17:20:50
- related to
Feature #15227: VeraCrypt iteration 3: Support creating and modifying VeraCrypt volumes in GNOME added
#9 Updated by sajolida 2018-12-04 12:56:38
I fully agree with intrigeri on Bug #16179#note-5.