Hi, a...@boum.org wrote (26 Sep 2012 17:44:34 GMT) : > We didn't reach a conclusion on this topic. The page on pcmcia is > still tagged "discuss".
Thank you for resurrecting this discussion! It's unclear to me what exact part of it you intended to resurrect, but anyway, I guess it's good to have the whole picture in mind, and we might even manage to find a common solution for PCMCIA, ExpressCard, FireWire, and perhaps even Bluetooth. This is all about todo/protect_against_external_bus_memory_forensics, that links to: * todo/disable expresscard? * todo/disable pcmcia? * todo/disable_firewire? > * If a firewire card was inserted into the slot and the bus is active, > pop up a dialog and ask "hey, you want to use firewire/etc.?" I'm not sure it's possible to let a bus / slot "enabled enough" so that the kernel and udev are able to pop up such a message, while *not* allowing the inserted device to do Badâ„¢ things. Details might be tricky to get right. I hope we don't need something that clever, implementation -wise. > * disable these buses by default, allow opt-in through tails-greeter > to enable I guess this would be our worst case solution, if we find nothing better. UX failure IMHO. > * ask that users assert they want to use this or that bus, and make > the assertion bind to a single device, rather than all devices > blindly I guess that's basically the same as the per-device pop up dialog idea. > * de-activate PCMCIA and ExpressCard on systems that don't have any > PCMCIA or ExpressCard devices after running for 5 minutes. This is > going to byte some users, but probably only the first time. I am strongly inclined towards this one, for PCMCIA, ExpressCard FireWire and even Bluetooth. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc _______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
