Feature #6621
Allow creating persistent volume onto a separate device
0%
Description
For added plausible deniability I suggest adding the option of being able to install the persistent volume on a separate device other than the one running the OS.
This way Tails OS mass storage device 1 is physically different from Tails User Data mass storage 2. User data may be stored on easily concealable/disposable/hidable MicroSD card ; if properly concealed an oppponent cannot prove nor disprove whether Tails was used with or without persistent user data.
Boot sequence could look for external /home directory then revert to internal temporary /home if none are found.
Subtasks
Related issues
Related to Tails - Feature #5929: Consider creating a persistence by default for plausible deniability | Confirmed | 2016-08-20 | |
Related to Tails - |
Duplicate | 2014-03-06 | |
Related to Tails - |
Rejected | 2018-06-18 | |
Has duplicate Tails - |
Duplicate | ||
Blocked by Tails - Bug #8935: tails-persistence-setup check for persistence in use applies even when acting on a different device | Confirmed | 2015-02-21 |
History
#1 Updated by sajolida 2014-02-01 09:24:48
- Subject changed from Add USB device selection in Persistent Volume Assistant to Allow creating persistent volume onto a separate device
- Category set to Installation
- Status changed from New to Confirmed
- Priority changed from Normal to Low
- Type of work changed from User interface design to Code
First, note that it is already possible to run Tails from a MicroSD card.
Second, note that we already have a plan for plausible deniability of the persistent volume, see <https://labs.riseup.net/code/issues/5929>.
With that in mind, your idea is interesting, but I’m not sure about this value to defend plausible deniability of the persistent volume. Because if you are able to hide the separate device containing the persistent volume, then you might as well be able to hide a similar device containing Tails and the persistent volume, say on a MicroSD card.
Furthermore, once we have feature Feature #5929 implemented, using this trick might actually prove that there is interesting data in the separate device with only a LUKS partition.
Nonetheless, it might be an interesting usability feature. But still, I’m marking it as low priority as I doubt we will consider it as a priority for the time being.
#2 Updated by broncospasm 2014-09-20 22:47:01
Could this be a duplicate, in some sense, of Feature #5561?
#3 Updated by sajolida 2014-09-21 01:19:44
- has duplicate
Feature #5561: Support persistence from a separate device when running on DVD added
#4 Updated by BitingBird 2014-09-21 11:29:04
- related to
Feature #6853: Give an overview of the workflow from downloading an ISO to having a working persistent volume added
#5 Updated by BitingBird 2015-01-04 22:53:19
- Category changed from Installation to Persistence
#6 Updated by intrigeri 2015-02-22 20:23:46
- blocked by Bug #8935: tails-persistence-setup check for persistence in use applies even when acting on a different device added
#7 Updated by sajolida 2015-04-08 19:19:43
- related to deleted (
)Feature #6853: Give an overview of the workflow from downloading an ISO to having a working persistent volume
#8 Updated by sajolida 2015-04-08 19:20:30
- related to
Feature #6853: Give an overview of the workflow from downloading an ISO to having a working persistent volume added
#9 Updated by Gaff 2018-06-08 07:55:24
sajolida wrote:
> With that in mind, your idea is interesting, but I’m not sure about this value to defend plausible deniability of the persistent volume. Because if you are able to hide the separate device containing the persistent volume, then you might as well be able to hide a similar device containing Tails and the persistent volume, say on a MicroSD card.
It’s not about hiding - as long as you can plausibly explain what some random looking data on another device is you’re good. Currently it’s quite tricky to come up with alternatively explanations for random data on the tails device. On other devices it would be far easier.
This would also be useful for testing if nothing else!
Does anyone have any pointers on how this could be done? I could take a look…
#10 Updated by sajolida 2018-06-08 08:57:50
Note that the persistent volume in Tails uses LUKS which has a non-encrypted header that makes it clear that it’s an encrypted partition and not random data.
#11 Updated by Gaff 2018-06-18 11:22:16
- related to
Feature #15662: Don't require encrypted partitions to be labelled "TailsData" in the GPT table. added