Tails

#7 Updated by kurono 2016-01-05 18:06:35

As discussed with Sajolida and U,
it is not really clear whether is it useful
to port the full Tails installer to Windows,
or even if we are able to do it.

The description says:
“Looking at the diff between the upstream liveusb-creator and
Tails’ fork the changes in the Windows-specific class are minimal.”.
As today it is not longer true, since the Tails fork, including the Windows
specific parts are very different to upstream. So it would require good
analysis and good windows specific development skills.

One option would be just to have the Tails GPT
partition in an ISO, and copy it to
the USB stick (or device) directly with something like dd.
But we need to find if are there in Windows
native tools that allow this kind of installation.

I will research a little bit on this topic.

#8 Updated by intrigeri 2016-01-05 19:07:35

Thanks for the update!

> One option would be just to have the Tails GPT partition in an ISO, and copy it to the USB stick (or device) directly with something like dd.

Can you please elaborate what you mean with “the Tails GPT partition in an ISO”? Now I’m curious! Is it about storing the FAT filesystem in the ISO filesystem, somehow?

> But we need to find if are there in Windows native tools that allow this kind of installation.

If we only have the content of the partition, then we need tools to actually create the GPT and the partition, right?

> I will research a little bit on this topic.

Excellent, thanks :)

#9 Updated by sajolida 2016-01-06 16:00:44

At 32C3 I mentioned to at least kurono, spriver, and Lunar the crazy idea of distributing a disk image (with the GPT table, the FAT partition, etc.) instead of an ISO 9660 image. Saying that if we get to do this, then we won’t need a custom installer anymore. This is quite off-topic here so I’ll refrain myself from starting a complicated debate.

I know that you’ve also been wondering whether we really need a custom installer with all the associated costs, so this made me wonder whether we should move on quickly regarding Tails Installer in Windows or take the time to make sure we want to push Tails Installer forward. I think this is what kurono was referring to.

Maybe what we need is a broader discussion on what other possibilities than Tails Installer we could have, what needs to be research, how do we put energy during some time in both maintaining and researching whether we could kill Tails Installer, etc.

#10 Updated by kurono 2016-01-08 17:15:25

Yes, I was talking about the conversation with had at 32c3, I was assuming ISO == disk image, sorry for that.
I have been researching/learning a little about the topic, maybe I will write very obvious statement for you.
But anyway here it goes:

Clearly it is possible to copy a full disk image from an USB stick containing Tails, doing something like:

sudo dd if=/dev/sdb of=tails.iso bs=16M

So it will copy everything including GPT+FAT+Tails label+data.
We can take the resulting tails.iso and copy it in another USB
stick, like this:

sudo dd if=tails.iso of=/dev/sdb bs=16M && sync

the resulting USB stick works and boots without problems.
It is even possible to create a persistent partition.
I tried several USB stick of different sizes/brands.

That said, I haven’t found native windows tools to make
raw copies (dam windows!):
https://superuser.com/questions/664475/how-to-copy-a-floppy-boot-disk
http://wiki.networksecuritytoolkit.org/nstwiki/index.php/Copying_ISO_Images_To_USB#Direct_Write_For_Windows_Systems

So the fact that we can create full tails partition does bring immediate
benefit in windows at least. In the other hand it would be possible to make
a minimum change in the installer to only copy this raw tails disk image.

Of course, I lack the experience to say weather we can use such image in all
the cases (DVD/USb sticks/SSD cards), or even if it can replace the hybrid ISO
image.

At least it could simplify the installation method of tails for windows and also
mac (just the initial creation), leaving the advanced methods (upgrade, etc) for
the linux version current code.

#11 Updated by intrigeri 2016-01-08 18:38:31

> We can take the resulting tails.iso and copy it in another USB stick, like this:

Assuming tails.iso is suitable sized, does this preserve an existing persistence partition? I’m under the impression that the shiny new GPT won’t know about it, and as a result this method may not be suitable for full manual upgrades. I hope I’m wrong! :)

> Of course, I lack the experience to say weather we can use such image in all the cases (DVD/USb sticks/SSD cards), or even if it can replace the hybrid ISO image.

My next question was indeed about what was the plan regarding burning DVDs.

There may be ways, given enough expertise wrt. system boot, to craft a hybrid image that not only can boot from legacy BIOS + CD boot (as we have alraedy), but also is a valid GPT disk image (or, also the bits that can be extracted to make a valid GPT + FAT disk image). It could be awesome; one needs to keep in mind that maintaining such super-hackish things will require as much expertise as what’s needed to create them in the first place.

> At least it could simplify the installation method of tails for windows and also mac (just the initial creation), leaving the advanced methods (upgrade, etc) for the linux version current code.

Indeed it makes the initial installation easier, great! This implies that the only way for Windows users to do a manual full upgrade is to burn a DVD or a dd’ed new USB installation, and then “Clone and upgrade” from there. Not ideal I guess, but if this avoids us putting tons of effort into porting our Installer, that can possibly be the best solution.

#12 Updated by kurono 2016-01-14 17:33:44

> Assuming tails.iso is suitable sized, does this preserve an existing persistence partition?

Yes it does :)

It is possible to copy everything from this “tails.iso” with dd,
including GPT+Tails+persistence, to an USB Stick. This USB stick
is then able to boot Tails and use the persistent partition,
and it is also possible to make upgrades.

The only drawback is the partitions will be the same size as the original
ones, even if the second USB is bigger (which makes sense).

> There may be ways, given enough expertise wrt. system boot …
> Indeed it makes the initial installation easier, great! … that can possibly be the best solution.

I don’t know yet if the proposed “tails.iso” would work from a DVD,
I guess it doesn’t. But ok, I think we can use it to make easier
the first installation step at least for USB sticks.

#13 Updated by intrigeri 2016-01-14 20:53:51

> The only drawback is the partitions will be the same size as the original ones, even if the second USB is bigger (which makes sense).

This means that if this method was used to upgrade an existing Tails USB stick that has a bigger persistent volume already, than the size of the persistence partition declared in the GPT in the distributed ISO file, then the partition that holds the persistent volume would be truncated to a smaller size, and its data would be hard to access (== lost, for the average user). Right?

So we need to take lots of care to avoid users using, for upgrading their USB stick, the same method they learnt for installing it initially. This seems to be a clear drawback, in terms of the amount of procedures users need to learn, and in terms of risk of data loss if they do it wrong.

> I don’t know yet if the proposed “tails.iso” would work from a DVD, I guess it doesn’t. But ok, I think we can use it to make easier the first installation step at least for USB sticks.

Indeed.

If my guess above is correct, this means we would need to build, upload, distribute and validate a real ISO file as well as this newly introduce .img file (I suggest we stop using the name “.iso” since the plan is not to include anything like an ISO9660 filesystem in the disk image file that’s proposed).

(Don’t get me wrong: I have no strong opinion on this matter, I’m just trying to ask the hard questions that will need to be answered at some point anyway, if this solution is to become realistic and viable :)

#14 Updated by sajolida 2016-01-15 12:29:26

kurono, it’s still not 100% clear to me what happens if:

1. The disk image only has the Tails partition in it (no persistence).
2. You copy it to a USB stick.
3. You try to create a persistence on it Does this work?
4. You copy again (upgrade) the disk image on it. I guess then the persistence is removed from the partition table and not detected anymore, right? Do you think it would be possible to detect it back when booting Tails and propose to fix the partition table to recover it?

#15 Updated by kurono 2016-01-18 18:17:10

sajolida wrote:
> kurono, it’s still not 100% clear to me what happens if:
>
> # The disk image only has the Tails partition in it (no persistence).
> # You copy it to a USB stick.
> # You try to create a persistence on it Does this work?

Yes it works.

> # You copy again (upgrade) the disk image on it. I guess then the persistence is removed from the partition table and not detected anymore, right? Do you think it would be possible to detect it back when booting Tails and propose to fix the partition table to recover it?

It is possible using something similar to this:
https://unix.stackexchange.com/questions/177831/recovering-a-luks-partition

In my case:
sudo hexdump -s 2559983k -C /dev/sdb | grep LUKS
sudo losetup -o 0x9c400000 -r -f /dev/sdb
sudo cryptsetup luksOpen /dev/loop0 tails-persistence
sudo losetup —detach-all

But it only works if the tails image we are copying
over the USB stick is smaller or equal to the tails
partition already there. Otherwise we would be overwriting the
persistence partition data, making it not recoverable.

#16 Updated by intrigeri 2016-01-19 13:20:17

One way to recover from such a destructive upgrade path would be to detect the LUKS header and re-add the partition to the partition table. The problem is that it requires the boot medium to be writable, which is a shame for an amnesic live system (as long as we vaguely support read-only persistence, at least).