Feature #6621: Allow creating persistent volume onto a separate device

Feature #6621

Allow creating persistent volume onto a separate device

Added by porcino999 2014-01-21 09:24:03 . Updated 2018-06-08 08:57:50 .

Status:

Confirmed

Priority:

Low

Assignee:

Category:

Persistence

Target version:

Start date:

2014-01-21

Due date:

% Done:

Feature Branch:

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

For added plausible deniability I suggest adding the option of being able to install the persistent volume on a separate device other than the one running the OS.

This way Tails OS mass storage device 1 is physically different from Tails User Data mass storage 2. User data may be stored on easily concealable/disposable/hidable MicroSD card ; if properly concealed an oppponent cannot prove nor disprove whether Tails was used with or without persistent user data.

Boot sequence could look for external /home directory then revert to internal temporary /home if none are found.

Subtasks

Related issues

Related to Tails - Feature #5929: Consider creating a persistence by default for plausible deniability	Confirmed	2016-08-20
Related to Tails - ~~Feature #6853~~: Give an overview of the workflow from downloading an ISO to having a working persistent volume	Duplicate	2014-03-06
Related to Tails - ~~Feature #15662~~: Don't require encrypted partitions to be labelled "TailsData" in the GPT table.	Rejected	2018-06-18
Has duplicate Tails - ~~Feature #5561~~: Support persistence from a separate device when running on DVD	Duplicate
Blocked by Tails - Bug #8935: tails-persistence-setup check for persistence in use applies even when acting on a different device	Confirmed	2015-02-21

History

#1 Updated by sajolida 2014-02-01 09:24:48

Subject changed from Add USB device selection in Persistent Volume Assistant to Allow creating persistent volume onto a separate device
Category set to Installation
Status changed from New to Confirmed
Priority changed from Normal to Low
Type of work changed from User interface design to Code

First, note that it is already possible to run Tails from a MicroSD card.

Second, note that we already have a plan for plausible deniability of the persistent volume, see <https://labs.riseup.net/code/issues/5929>.

With that in mind, your idea is interesting, but I’m not sure about this value to defend plausible deniability of the persistent volume. Because if you are able to hide the separate device containing the persistent volume, then you might as well be able to hide a similar device containing Tails and the persistent volume, say on a MicroSD card.

Furthermore, once we have feature Feature #5929 implemented, using this trick might actually prove that there is interesting data in the separate device with only a LUKS partition.

Nonetheless, it might be an interesting usability feature. But still, I’m marking it as low priority as I doubt we will consider it as a priority for the time being.

#2 Updated by broncospasm 2014-09-20 22:47:01

Could this be a duplicate, in some sense, of ~~Feature #5561~~?

#3 Updated by sajolida 2014-09-21 01:19:44

has duplicate ~~Feature #5561~~: Support persistence from a separate device when running on DVD added

#4 Updated by BitingBird 2014-09-21 11:29:04

related to ~~Feature #6853~~: Give an overview of the workflow from downloading an ISO to having a working persistent volume added

#5 Updated by BitingBird 2015-01-04 22:53:19

Category changed from Installation to Persistence

#6 Updated by intrigeri 2015-02-22 20:23:46

blocked by Bug #8935: tails-persistence-setup check for persistence in use applies even when acting on a different device added

#7 Updated by sajolida 2015-04-08 19:19:43

related to deleted (~~~~Feature #6853~~: Give an overview of the workflow from downloading an ISO to having a working persistent volume~~)

#8 Updated by sajolida 2015-04-08 19:20:30

related to ~~Feature #6853~~: Give an overview of the workflow from downloading an ISO to having a working persistent volume added

#9 Updated by Gaff 2018-06-08 07:55:24

sajolida wrote:
> With that in mind, your idea is interesting, but I’m not sure about this value to defend plausible deniability of the persistent volume. Because if you are able to hide the separate device containing the persistent volume, then you might as well be able to hide a similar device containing Tails and the persistent volume, say on a MicroSD card.

It’s not about hiding - as long as you can plausibly explain what some random looking data on another device is you’re good. Currently it’s quite tricky to come up with alternatively explanations for random data on the tails device. On other devices it would be far easier.

This would also be useful for testing if nothing else!

Does anyone have any pointers on how this could be done? I could take a look…

#10 Updated by sajolida 2018-06-08 08:57:50

Note that the persistent volume in Tails uses LUKS which has a non-encrypted header that makes it clear that it’s an encrypted partition and not random data.

#11 Updated by Gaff 2018-06-18 11:22:16

related to ~~Feature #15662~~: Don't require encrypted partitions to be labelled "TailsData" in the GPT table. added