Feature #5918: Better internal hard disks lockdown

Feature #5918

Better internal hard disks lockdown

Added by Tails 2013-07-18 07:48:08 . Updated 2015-09-22 07:52:51 .

Status:

Confirmed

Priority:

Normal

Assignee:

Category:

Target version:

Start date:

Due date:

% Done:

Feature Branch:

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

Tails user can currently access their local hard disks. It is only possible when an administrative password is set at boot time, but still it would be better to make internal drives read-only at kernel level to prevent anything bad from happening, unless explicitly desired. The later is useful to wipe a file or the whole device.

About implementation: live-boot’s readonly option does the read-only part, but it does that for every device, including removable ones, which is painful when using persistence (~~Feature #5910~~) stored on the USB stick Tails is running from. We need to add a readonly=fixed option to live-boot that would do that only for fixed (internal) disks.

Once that is done, an option must be added to get write access back. Either in Tails Greeter or on the command-line.

Subtasks

Related issues

Related to Tails - Bug #17637: Spinning internal hard drive worries users

Confirmed

History

#1 Updated by sajolida 2015-09-22 07:52:51

Description updated
Target version deleted (~~Hardening_M1~~)

#2 Updated by intrigeri 2020-04-19 16:12:18

related to Bug #17637: Spinning internal hard drive worries users added