[Tails-dev] Tails: pcmcia / firewire / etc.

Delete this message

Reply to this message
Autor: tails
Data:  
A: tails-dev
Assumptes nous: Re: [Tails-dev] Tails: pcmcia / firewire / etc.
Assumpte: [Tails-dev] Tails: pcmcia / firewire / etc.

Hi,

(Please Cc: any subsequent reply to the public tails-dev@??? ML.)

> Disable all firewire kernel modules. This will help fight against
> forensics programs that will attempt to suck out memory with the
> internal firewire or a cardbus/pcmcia card.
> Disable all pcmcia kernel modules; we should try to power off the
> bus entirely.


Thanks for bringing up these issues.

They raise the question of usability vs. security balance. One of the
Tails usecase is indeed "Working on sensitive documents", which includes
audio and video. Such a task might include using external firewire
devices.

We thus have to discuss and investigate this issue furether.
Will be tracked there:
https://tails.boum.org/todo/disable_expresscard__63__/
https://tails.boum.org/todo/disable_pcmcia__63__/
https://tails.boum.org/todo/disable_firewire__63__/

Recent Linux kernels shipped by Debian use filtered physical DMA;
unfiltered physical DMA seems to be disabled
(CONFIG_FIREWIRE_OHCI_REMOTE_DMA is not set). Do you know which class
of attacks is still practicaly doable on such a system?


--