Re: [Tails-dev] Create random seed at installation time with…

Supprimer ce message

Répondre à ce message
Auteur: intrigeri
Date:  
À: The Tails public development discussion list
Nouveaux-sujets: Re: [Tails-dev] Create random seed at installation time with Tails Installer
Sujet: Re: [Tails-dev] Create random seed at installation time with Tails Installer
kurono:
> ok great. I am still trying to get an idea of how to do this, but I
> think we could create a script in
> config/chroot_local-includes/lib/live/config/ where the early boot stuff
> is done. That script would copy the random-seed from the FAT filesystem,
> to the actual
> /var/lib/systemd/random-seed file.


An initramfs script run after live-boot has set up the root FS stack
(SquashFS + aufs) might be better in the sense that it'll run
*really* early. But whatever, as long as we do it before systemd
starts the service that will use this seed :)

> AFAIK, it only has to be updated when shutting down the machine.
> The idea is that this file can not be equal for all the Tails
> installations and neither all the Tails booting processes.
> The idea with the installer was to solve the first problem, but maybe we
> also can solve the second.


I see. So we'll need to remount the FAT filesystem read-write on
shutdown. The safest and most robust way might be to do it after we've
returned to the shutdown initramfs, see the new memory wiping design
doc for details. Anyway, that's for a later iteration :)

>> * What's the plan for upgrades of the Tails USB stick?


> If the upgrade is done with the installer, I guess the process is the
> same. If the upgrade is done internally by Tails, it depends if we
> manage to implement a solution for the second problem.


OK.

> Regarding the blueprint I can use the same we already had.
> https://tails.boum.org/blueprint/randomness_seeding/
> Or should I use other?


I didn't follow this much so I'll let you discuss this with your
team-mates.