Feature #16750: Persistence Plausible Deniability on Boot

Feature #16750

Persistence Plausible Deniability on Boot

Added by Anonymous 2019-05-24 03:01:38 . Updated 2019-06-02 12:52:52 .

Status:

Duplicate

Priority:

Normal

Assignee:

Category:

Persistence

Target version:

Start date:

Due date:

% Done:

Feature Branch:

Type of work:

User interface design

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

Issue: When user creates persistent volume the presence of it is visible on boot, because the greeter asks for persistent volume password. Any person besides the owner can clearly see the presence of persistent volume by booting usb. Therefore, this poses a significant security issue.

Solution: Instead of prompting user to enter persistent volume password, user is required to add it as an additional settings instead. The persistent storage may exist or it may not and, therefore, there is no way to prove it on boot. This provides an elegant solution to plausible deniability on boot that only requires user interface change.

Subtasks

Related issues

Related to Tails - ~~Feature #11681~~: Decide if/how we want plausible deniability for the persistent volume	Rejected	2016-08-20
Is duplicate of Tails - Feature #5929: Consider creating a persistence by default for plausible deniability	Confirmed	2016-08-20
Has duplicate Tails - ~~Feature #17608~~: Decoy persistent volume	Duplicate

History

#1 Updated by intrigeri 2019-05-24 05:54:36

QA Check changed from Dev Needed to Info Needed

Do I understand correctly that this would be useful only in the threat model when the adversary can see the user start Tails, but cannot get physical access to the boot medium?

#2 Updated by mercedes508 2019-05-27 11:14:29

Anonymous wrote:
> Any person besides the owner can clearly see the presence of persistent volume by booting usb. Therefore, this poses a significant security issue.

I’m wondering which security issue precisely?

Wouldn’t it be solved by the following?:

https://redmine.tails.boum.org/code/issues/5929

#3 Updated by sajolida 2019-06-02 12:52:12

Status changed from New to Duplicate
QA Check deleted (~~Info Needed~~)

#4 Updated by sajolida 2019-06-02 12:52:52

What Anonymous is proposing could be a UX solution to Feature #5929 but I’m still not convinced that we want that. See you on Feature #5929.

#5 Updated by sajolida 2019-06-02 12:53:02

is duplicate of Feature #5929: Consider creating a persistence by default for plausible deniability added

#6 Updated by sajolida 2020-04-13 16:55:57

has duplicate ~~Feature #17608~~: Decoy persistent volume added

#7 Updated by sajolida 2020-04-13 16:56:15

related to ~~Feature #11681~~: Decide if/how we want plausible deniability for the persistent volume added