Given the general tendency of personal computing devices getting more and more "handheld" (tablets, smartphones …) we need to start working on better support for such platforms in order to stay relevant and not fade into oblivion.
This is more of a meta-task listing tasks (some which eventually should have their own todo pages) necessary for this to become true:
- Port Tails to ARM (Feature #10972).
- Make sure there’s good touchscreen support (both hardware- and software-wise). Is Jessie’s GNOME Shell good enough for touch usage? Do apps we ship work well for this usecase?
- Make sure Tails has good hardware support for common handheld hardware in general (especially graphics cards, wireless NICs and 2G/3G/whatever modules). We may also want to disable some hardware, if possible, like GPS modules, bluetooth (
- Make sure that Tails works well on low-resolution screens (some of our current Tails specific applications have static window sizes that could be problematic, e.g. gpgApplet).
- Make sure that our future persistence support works well on SD-cards (or whatever removable storage media moderns handhelds support).
- Document how to use Tails on different handheld devices (may include stuff like jailbreaking).
- To the previous point easier for the end user we may also consider improving our USB installer (
- Support SD cards and other removable storage devices (especially those supported by modern handhelds).
- Detect handhelds connected via USB/Bluetooth/whatever, offer to jailbreak (if necessary) and install Tails to its (removable) storage media.
Let’s wait for "running GNU/Linux on handheld hardware" to be better supported in general.
Agreed. Should be easier on miniaturized PC x86 devices like the OQO and Sony UX Series and any future x86 device(s). Many Linux distributions already run unmodified on the OQO and Sony UX as these are just standard x86 computers in pocket-sized form factor. OQO Model 01+ & Debian Linux Ubuntu, Debian, Suse, Fedora, etc
- Handheld Tails lends itself to being a handheld Tails VoIP device. See VoIP support (Feature #5709). Tails may already work fine on the standard x86 pocket-sized OQO and Sony UX computers (testing needed, everything is likely to work fine except we don’t know if there is a driver for the inbuilt 3G modem). One could then also install mumble+onioncat and setup their own pocket-sized Tails VoIP device with some manual effort
|Feature #7543: Reconsider whether Tails should support touch and/or handheld devices||Confirmed||
|Feature #8444: Monitor development of screen keyboard in GNOME||Confirmed||alant||
|Feature #8445: Try to configure Florence better for handheld devices||Resolved||
|Feature #8446: Test if accessibility features can be useful on tablets||Confirmed||
|Feature #10039: Publish specs to incite upstream to work towards handheld Tails||Confirmed||
|Feature #11678: Have tails work on a few x86 tablets||Confirmed||
Related to Tails -
Related to Tails -
|Related to Tails - Feature #10972: Port Tails to ARM platforms||In Progress||2016-08-20|
Related to Tails -
Has duplicate Tails -
Has duplicate Tails -
Blocked by Tails -
Blocked by Tails -
#7 Updated by sajolida 2014-12-11 11:14:53
This thread suggests that it is already possible to run Tails on some x86 tablet:
- Touchscreen is working
- Main block is virtual keyboard from Greeter
About GNOME for touchscreen devices: https://wiki.gnome.org/Design/OS/Touchscreen
About GNOME screen keyboard: https://wiki.gnome.org/Design/OS/ScreenKeyboard
#8 Updated by sajolida 2014-12-11 11:27:26
Reported to work on:
- HP Slate 500
- Samsung Series 7 Slate
- Microsoft Surface Pro
#11 Updated by png 2015-01-15 04:05:07
At sajolida’s request, a few more comments. Although I’ve been able to run Tails on several different PC tablets (listed above) and a few other machines, all of these have been traditional systems with the full PC architecture. My real interest is to be able to run Tails from the internal storage on a dedicated low-cost x86 tablet. Toward that end, I recently acquired a Toshiba Encore 2 tablet that nominally supports booting from USB media (it has a firmware boot select screen), but I’m unable to make that feature work. I’ve tried the standard Tails 1.2.2 image, the latest 1.3 UEFI dev ISO at http://nightly.tails.boum.org/build_Tails_ISO_devel/latest.iso , and the Linux Mint 17.1 “Rebecca” distribution. All of these USB drives will boot a Surface Pro and a MacBook Pro, but not the Encore 2. While the Encore 2 also has a MicroUSB slot, it doesn’t even offer to boot from it. (For the record, I did disable Secure Boot on this machine.) Any further guidance, or (especially) a way to install Tails onto the machine’s internal hard disk, would be welcome —png
#12 Updated by png 2015-01-21 08:35:18
I got Ubuntu to boot to the desktop using this method: http://askubuntu.com/questions/392719/32-bit-uefi-boot-support . The networking and sound don’t work, but the touchscreen does, and I even figured out how to bring up the on-screen keyboard by assigning it to the volume-up button. So that method might work with Tails, too.
#14 Updated by intrigeri 2015-01-21 09:12:56
> I got Ubuntu to boot to the desktop using this method: http://askubuntu.com/questions/392719/32-bit-uefi-boot-support .
Thanks for the report! So this seems related to
#15 Updated by png 2015-01-22 07:10:24
Tonight I tried copying https://github.com/jfwells/linux-asus-t100ta/raw/master/boot/bootia32.efi into EFI/boot on a USB OTG flash drive with Tails 1.2.2 installed.
That does something, but not much— it gets me to a GRUB command line, but I have no idea what to do from there.
#16 Updated by png 2015-01-29 02:39:29
I bought one of these x86 Windows tablets: http://www.microcenter.com/product/439773/TW70CA17_Tablet_-_Black .
It’s super cheap— $65.98 delivered (if you can get to a store, reportedly open-box units are generally available for $48 plus tax)— and looks like a decent potential platform for Tails. Among the usual features for this class of device, it has a 7" 1280x800 LCD, an Intel BayTrail-T Z3735G 1.33GHz processor, 1GB RAM and 16GB of flash, and a microSD card slot that reportedly takes up to 64GB cards.
It also has a few features that might make it better for Tails than other low-cost Windows tablets I’ve seen. It has two USB ports (one micro-USB OTG-style port plus one full-size USB Type A port), and they do work independently. The Type A port reportedly supports USB 3.0, which is unusual; OTG ports generally don’t (and can’t, unless they’re the wider micro-USB 3.0 style). There’s an HDMI port, The machine has a full Phoenix BIOS, unlike some other tablets, which includes the ability to permanently reorder boot devices. Unfortunately it still uses 32-bit UEFI to boot. At least there is a boot option to bring up an EFI shell command line, which is nice.
I haven’t been able to figure out a key combination that will bring up the BIOS or a boot-select page, so for now I have to start Windows and go through the PC settings / Update and Recovery / Recovery / Advanced Startup tree in order to access those functions. Also, the SD card is apparently not supported as a boot device by the BIOS, which is consistent with the Toshiba Encore 2 and, reportedly, other low-cost x86 tablets.
In related news, although this machine and the Toshiba Encore 2 can clearly boot from USB and have no trouble getting to GRUB, they won’t boot a full OS reliably. Since my last comment I have also tried Fedlet ( https://www.happyassassin.net/fedlet-a-fedora-remix-for-bay-trail-tablets/ ) but it gets similar results.
I would be happy to buy one of these for a Tails developer who will commit to working out a way to boot Tails, even if it still requires a keyboard or pointing device to get the OS running. It shouldn’t be too difficult, and of course they’d get to keep the device after they publish the necessary instructions and code. I think if people try out such a proof of concept, they’ll recognize the value of a supplementary computing device with intrinsically strong security.
I also got an HP Stream 8, which is not otherwise unusual, but interesting for its T-Mobile 4G WWAN interface with a free 200MB/month data plan— not a bad deal for $150 on Amazon right now. Reportedly this service plan can be activated without providing any personal information beyond an email address, though my tablet wouldn’t activate properly (T-Mobile said the IMEI number wasn’t eligible for this plan; I’m still trying to get this straightened out).
#17 Updated by intrigeri 2015-01-29 11:01:31
> I would be happy to buy one of these for a Tails developer who will commit to working out a way to boot Tails, even if it still requires a keyboard or pointing device to get the OS running.
Indeed, this could be helpful to work on
Feature #8471 (32-bit UEFI support). I suggest emailing firstname.lastname@example.org to see if someone is interested.
Assuming we have 32-bit UEFI support in Tails, I don’t understand what would be the actual steps to boot Tails on that device: booting Windows, tweaking some setting, then rebooting? Does this need to be done every time one wants to boot Tails, or once for all?
#19 Updated by glennndavis 2015-03-03 15:40:41
Feature #8981 being about Raspberry PI not being hand held might not actually be a dup of this. However for the sake of curtesy I will address it here since it was claimed to be in Feature #8981. I would love to run tails on my $35 Raspbeerry PI (RPI 2B+) with a quad arm7. It runs a wheezy os variant called raspbian and 1 GB ram on an class 4 sd card (upto 32 GB if you can get that much on a class 4: I could only get “16GB” effectively getting 14.4GB. Also: Somewhere I read in a whitepaper that exceeding the class of an SD card slot causes backward compatably to class 1, wonderful but very slow. So using a class 10 may actually slow things down.).
Anyway, I would be interested to see the instructions to build a TAILS R PI box even if it fails something just because the bricking the PI only means reloading the SD after formating (Yes I did it already!).
Also, I think the RPI would be a great intermediate target for the full tablet and allow proving ARM compatibility if and when it can be compiled. If this does not fit here, Please move to Feature
Finally@BitingBird, Thanks for mentioning the conversation had with another person @ Feature
Feature #8981 Re: RPI. If you could share the link mentioned there with the rest of us We might ALL benefit. Thanks in advance.
Even if The build fails to work properly on PI2: It has to start somewhere. I hardly expect the forst few builds to succeed on the first go.
I want to share my excitement about this.
Again, Thanks & Thanks to all!
#22 Updated by png 2015-03-20 01:42:29
I took some time today to go through the Bay Trail tablets I own to confirm which of them can cold-boot from USB:
Dell Venue 8 7000, a Bay Trail tablet with Android: Not yet.
The default configuration apparently has no way to boot from USB, but this web page:
describes a procedure for unlocking the device’s bootloader, which might eventually make it possible to boot something other than Android. But it would probably take a lot of work.
HP Stream 8: Sort of.
Hold down Vol
, press Power for about a second, and release Vol when the boot options screen comes up. That screen gives access to a Boot Device Options menu, BIOS Setup, and other functions. There’s even a nice little on-screen keyboard that shows all the keys necessary to use these screens. But…
When you get into the Boot Options Menu, you can select Boot from EFI File and push the soft Enter key… and then, with a Tails boot drive, it goes to a File Explorer screen to allow the user to choose between booting from the Tails volume and the NO VOLUME LABEL volume on the USB thumb drive. But there’s no way to press Enter! The Stream 8 has a capacitive Windows button on the bezel, and that just isn’t active at this point. There isn’t a timeout autoselect for the first (presumably correct) option, either.
Of course this all works fine if you hooked up an OTG-Type A adapter cable, a USB hub, your USB thumb drive, and a keyboard. But who wants to go through all that??
Toshiba Encore 2: Yes.
With the machine cold, hold down the Vol+ button, then hold down the Power button, until the boot selection menu appears. Select the desired boot device and press the Windows key.
WinBook TW700: Yes, but…
The only way I’ve found to cold-boot the TW700 from USB is to configure the UEFI BIOS to put “USB HD” above the Windows Boot Manager or the internal eMMC storage. Then the USB device needs to be in the Type A port, not the Micro USB OTG port. Once those changes are made, the tablet will boot from USB without pushing any buttons, and you can still use the OTG port to power the tablet while running from Tails or other live USB OS. So this is a usable solution, and arguably superior to the other tablets for those who expect to use Tails more-or-less exclusively.
#24 Updated by intrigeri 2015-05-07 21:06:57
- Blueprint changed from https://tails.boum.org/blueprint/UEFI/32-bit/#hardware to https://tails.boum.org/blueprint/handheld/
Got Tails running on a Bay Trail tablet — the bootloader config is still WIP but it starts (that part is covered by
Feature #8471 and the corresponding blueprint). I’ll start listing what works and what doesn’t on the handheld blueprint, otherwise this ticket will quickly become unusable (and we’re not at the point when we should create sub-tickets yet IMO).
#26 Updated by N9iu7pk 2016-01-01 04:46:23
Started to port tails to arm platform.
The basic target is to get tails running in general on armv7 platforms. Basic motivation is to run tails on most small / less complex / open source (odroid) platforms which are as read only as possible (firmware, bios etc.). Porting and adapting to mobile devices is from my point of view the “next” step. Why armv7? I assume/expect, most of those small devices are arm architectures.
The plan is:
1.) setup the build platform
- (OK) target/test platforms are odroid, rpi 2 and beaglebone black
- (OK) build platforms are amd64
- (OK) cross compile and build arm7 packages
* failed with any cross compiler < gcc 5
* success with chroot (qemu-debootstrap)
- (OK) port at least one package installable and runnable to (armhf) rpi 2
- build the final build machine/platform
2.) build all tails packages for armhf
3.) live-buider for armhf (uBoot …)
#29 Updated by N9iu7pk 2016-01-07 20:25:55
Finished my “build” platform:
- very great thanks to kytv’s howto http://killyourtv.i2p.xyz/howtos/sbuild+btrfs+schroot, what a great idea to use btrfs … - I’m currently not using sbuild, instead dget, dpkg-source and dpkg-buildpackage.
- wrote a litte script to iterate through deb.tails.boum.org/pool/main to fetch all *.dsc names (latest version)
- wrote a litte script to run a a full package build for each *.dsc (installing missing packages etc. … would have been impossible without btrfs)
Currently the first “trial” of that batch build is running:
- I’m very exited how many packets may be build without failure … :)
- all in all the first script fetched 68 dsc/packages. The batch build will stop with the first packacke which fails to be build (no *.deb or some $? -ne 0)
- one of the packages I tried was vidalia - took a it’s time to compile and build … I expect, this batch build will run some hours :(
#30 Updated by N9iu7pk 2016-01-07 20:39:07
First results / impressions on runtime behaviour on armv7 (pi 2):
- crypted volumes: created two ext4 partitions, one encrpted, one not encrypted.
- wrote a lage file (1GB) and a lot of small files: Writing to the encrypted partition was arround 10% slower. I could not observe, that the “visible” CPU load was mentionable higher while writing to the encrypted partition. BUT all in all a first impression and fortunately not a general issue.
- ran tor with the own-build vidalia: Was slow, all pi 2 cores where running with high load and took several minutes to calculate the paths. After that the performance (surfing) was poor up to aceptable. In oposite to non-tor surfing the CPU/cores did work to serve surfing via tor …
#31 Updated by N9iu7pk 2016-01-07 20:48:49
> Excellent! Please keep us updated :)
Of course. But this can’t be a on-(wo)man-show, I would be glad to get contact to someone who is i.e. building “regular” Packages or maintaining the live-build. I’m not sure whether I got all packages, or I’m building them right or in the right way and and and … I’ll try to meet one of the next [Tails-dev] meetings.
> I think we’ll need a dedicated ticket for this port, before too many topics are mixed up here.
Yes. Who and/or how?
#32 Updated by Kurtis 2016-01-08 07:27:42
I suggest seperating the porting of Tails to ARM from this “Handheld Tails” ticket. There are more and more laptops that have ARM processors now, and the tasks needed to port Tails to those laptops would be much less than the tasks needed to port Tails to touchscreens and mobile devices.
As far as target devices go for ARM processor computers, I’d suggest the C201 Chromebook, which runs Libreboot. This should be a target device for Tails, imho. More info can be found at libreboot.org but this is the first laptop that can be bought brand new that can run with free firmware and a free bootloader. When you run libreboot with the GRUB payload, you can even encrypt the boot sector on operating systems, potentially paving the way for a Tails Live USB or DVD that can be fully encrypted, preventing anyone from knowing that a user possesses a Tails usb/dvd.
#33 Updated by N9iu7pk 2016-01-09 18:56:48
Batch build is still running … arround 1/4 of the packages couldn’t be built on the first trial (i.e. i2p fails with sig 11 …). I’d like to have the batch build run through all packages first. Then I’ll iterate all failed package by package and make them build.
> I suggest seperating the porting of Tails to ARM from this “Handheld Tails” ticket.
Of course. But I’m not familar with riseup. If I find some time I’ll go deeper into riseup to make that fork. Otherwise, can someone more riseup experienced help?
> When you run libreboot with the GRUB payload, you can even encrypt the boot sector
YES! That’s what’s really missing, a strong argument for that C201 (or other platforms running libreboot). Anyway, Odroid or other SoC are verry cheap and (mostly)firmware-/bios-less platforms nearly read-only platforms, less risk of bad hardware running Tails.
#34 Updated by N9iu7pk 2016-01-13 21:41:29
Still not finished with a first complete build run of all packages. But found the first (solvable?) problems:
- barry, in packets.h type off_t is not known at compile time, seems that sys/types.h is missing
- firepgp, a target in the make file (autoclean) is missing
- grub2, old qemu package/binary forced a segment fault.