Hi,
in the UUI 1.9.5.3 source tarball, the Tails-specific code is guarded by:
${If} ${FileExists} "$DestDisk\isolinux\live.cfg"
${AndIf} ${FileExists} "$DestDisk\isolinux\live486.cfg"
${AndIf} ${FileExists} "$DestDisk\isolinux\live686.cfg"
This has been obsolete for a while: live686.cfg has been replaced by
liveamd64.cfg a few months ago.
Nonetheless, it was actually good news that this obsolete code was
preventing the Tails-specific code to be run, as it is dangerous in
Tails' threat model: my understanding is that UUI 1.9.5.3 tries to
replace "live-media=removable" with "root=LABEL=UUI
live-media-path=/live". I haven't access to a Windows computer, so
I cannot test this, but my understanding is that:
* live-media-path=/live is useless, as it's live-boot's default
* root=LABEL=UUI makes the Tails initramfs gladfully load the root
filesystem from an internal hard drive, if an attacker has put
a carefully crafted one there; that's the dangerous part in Tails'
threat model, where we want to avoid trusting anything that can be
found on internal hard drives.
So, it seems to me that the special-casing of Tails should simply be
removed: it has not been in effect for months anyway, and I've seen no
complain, so it's not as if the lack of it was obviously
breaking anything.
On the other hand, I don't have the UUI big picture in mind, can't
really test things, and I have no idea why this code snippet was added
in the first place. The Changelog in Uni-USB-Installer-Readme.txt
doesn't help me much: I can read "11/07/13 - Version 1.9.4.6: Fixed
TAILS and Kon-Boot entries." in there, but I've no idea what actual
problem was fixed, that lead to the current code. Perhaps a bit of
history digging would be in order to understand what's going on
in there.
Thanks in advance!
@Tails developers: these 2 issues are tracked by #7411 and #7412 in
our but tracker.
Cheers,
--
intrigeri
