Re: [Tails-dev] Tails: pcmcia / firewire / etc.

Delete this message

Reply to this message
Autor: intrigeri
Data:  
Dla: The Tails public development discussion list
Temat: Re: [Tails-dev] Tails: pcmcia / firewire / etc.
Hi,

alan@??? wrote (26 Sep 2012 17:44:34 GMT) :
> We didn't reach a conclusion on this topic. The page on pcmcia is
> still tagged "discuss".


Thank you for resurrecting this discussion!

It's unclear to me what exact part of it you intended to resurrect,
but anyway, I guess it's good to have the whole picture in mind, and
we might even manage to find a common solution for PCMCIA,
ExpressCard, FireWire, and perhaps even Bluetooth.

This is all about todo/protect_against_external_bus_memory_forensics,
that links to:
* todo/disable expresscard?
* todo/disable pcmcia?
* todo/disable_firewire?

> * If a firewire card was inserted into the slot and the bus is active,
> pop up a dialog and ask "hey, you want to use firewire/etc.?"


I'm not sure it's possible to let a bus / slot "enabled enough" so
that the kernel and udev are able to pop up such a message, while
*not* allowing the inserted device to do Bad™ things. Details might be
tricky to get right. I hope we don't need something that clever,
implementation -wise.

> * disable these buses by default, allow opt-in through tails-greeter
> to enable


I guess this would be our worst case solution,
if we find nothing better. UX failure IMHO.

> * ask that users assert they want to use this or that bus, and make
> the assertion bind to a single device, rather than all devices
> blindly


I guess that's basically the same as the per-device pop up
dialog idea.

> * de-activate PCMCIA and ExpressCard on systems that don't have any
> PCMCIA or ExpressCard devices after running for 5 minutes. This is
> going to byte some users, but probably only the first time.


I am strongly inclined towards this one, for PCMCIA, ExpressCard
FireWire and even Bluetooth.

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc