[Tails-dev] modify FAQ language to mention compromised firmw…

Delete this message

Reply to this message
Author: Michael
Date:  
To: tails-dev
Subject: [Tails-dev] modify FAQ language to mention compromised firmware
Hi folks,

The current Tails FAQ states that only compromised hardware could render
a system unsafe to use Tails:

https://tails.boum.org/support/faq/index.en.html#index30h2

This is not true because malicious firmware can render a system unsafe
to use Tails.

Relevant paper that explicitly mentions this re: Tails:

http://legbacore.com/News_files/HowManyMillionBIOSesWouldYouLikeToInfect_Whitepaper_v1.pdf

I would suggest modifying the FAQ language to clarify. One example:

"""
Is it safe to use Tails on a compromised system?

Tails runs independently from the operating system installed on the
computer. So, if your regular operating system has been compromised by
malware (virus, trojan, etc.), it may be safe to use Tails on that
computer.

However, if the firmware of the computer has been compromised, or
untrusted hardware has been added by someone with physical access to the
computer, it may not be safe to use Tails.
"""

Thanks,
Michael