著者: Joanna Rutkowska 日付: To: segfault CC: The Tails public development discussion list 題目: Re: [Tails-dev] Why Tails partition is non-deterministic?
On Sat, Aug 27, 2016 at 06:54:10PM +0000, segfault wrote: > Hi,
>
> somehow I missed this thread, just noticed it right now.
>
> intrigeri:
> > Hi,
> >
> > thanks Joanna for raising this topic!
> >
> > I've just thought about it a little bit and I see no technical reason
> > that prevents us from resetting all timestamps in the filesystem to
> > some fixed value that depends only (if at all) on the version of Tails
> > being installed/upgraded, during some late stage of the
> > installation process.
>
> I think you're right. I did not test if the modification date is indeed
> the only thing that differs, but I think Joanna is right, I don't see
> anything else that should differ. This would also make tails-verifier
> less complex, because we wouldn't have to look at each file but can
> check the whole partition at once, like Joanna suggested (although the
> file verification is not the complex part).
>
The added value would be ensuring the unused portion of the disk blocks
(occupied by the Tails partition) are not populated with some random garbage,
which might be e.g. user's previous (unencrypted) content, such as... family
pictures ;)
Generally, I think the Tails installer should at least ask the user to wipe the
disk with 'dd if=/dev/zero'. Admittedly, because of wear leveling mechanisms
this might not be effective, because AFAIU modern flash memories would include
(X*size) of the actual physical storage in order to expose (size) bytes of
storage to the host, where X > 1.
But perhaps if the wiping were repeated N times, where N = ceiling (X), with
random content this time (in order to fool any optimizations by the device),
then it should be fine?