Hi! Meta: redirecting from tails-project@ to our development mailing list and taking over from our Help Desk who, understandably, cannot handle this further than "this is not supported, sorry" :)
linux-service: > We are selling opensource computers and install default a system where a > tails iso on the harddrive is booted with grub2 toram. Interesting! There are a number of concerns with this approach but I'd like to help you do this in a way that's reasonably safe for your clients and does not cause us too much additional work. > The hdd(s) are not mounted. Is this way of booting tails equal secure as > booting from usb or dvd? There are a few concerns about this approach, some of them tackle your question: - How do you force live-boot to start from an internal drive? I assume you need to remove live-media=removable, no? Note that doing this implies full trust in the internal hard drive, which is not something the users may expect when using Tails. - Do you communicate to your clients, somehow, that the way you're installing this Tails system is unsupported by the Tails project and the resulting system may behave differently than a "real" Tails? - How do you keep the kernel command line up-to-date? Assuming you hard-code it in the GRUB configuration, please be aware that we sometimes change it. I'm worried your GRUB config and what the installed ISO expects might get de-synchronized over time. - How do handle upgrades? I'm worried that your clients are left with an obsolete Tails and no documented way to upgrade it. - We'll soon stop supporting the ISO image except for DVDs and virtual machines (https://labs.riseup.net/code/issues/15292). Probably not a big deal for you in terms of initial installation, but this will make upgrades even harder for your clients. And an important upcoming security improvement (persistent RNG seed) will only work when Tails is installed on a USB stick. - The Tails user experience relies more and more on our opt-in persistence feature. While we still support read-only Tails, be aware that you're shipping a flavour of Tails with a restricted feature set. It would be nice to communicate this to your users and point them to our doc about installing a full-blown Tails :) Cheers, -- intrigeri _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
