Feature #5918
Better internal hard disks lockdown
0%
Description
Tails user can currently access their local hard disks. It is only possible when an administrative password is set at boot time, but still it would be better to make internal drives read-only at kernel level to prevent anything bad from happening, unless explicitly desired. The later is useful to wipe a file or the whole device.
About implementation: live-boot’s readonly
option does the read-only part, but it does that for every device, including removable ones, which is painful when using persistence (Feature #5910) stored on the USB stick Tails is running from. We need to add a readonly=fixed
option to live-boot that would do that only for fixed (internal) disks.
Once that is done, an option must be added to get write access back. Either in Tails Greeter or on the command-line.
Subtasks
History
#1 Updated by sajolida 2015-09-22 07:52:51
- Description updated
- Target version deleted (
Hardening_M1)
#2 Updated by intrigeri 2020-04-19 16:12:18
- related to Bug #17637: Spinning internal hard drive worries users added