Hi,
I have made a first draft solution for this, I have updated the ticket
accordingly:
https://labs.riseup.net/code/issues/11897
cheers,
kurono
On 07/28/2017 07:01 PM, intrigeri wrote:
> kurono:
>> ok great. I am still trying to get an idea of how to do this, but I
>> think we could create a script in
>> config/chroot_local-includes/lib/live/config/ where the early boot stuff
>> is done. That script would copy the random-seed from the FAT filesystem,
>> to the actual
>> /var/lib/systemd/random-seed file.
>
> An initramfs script run after live-boot has set up the root FS stack
> (SquashFS + aufs) might be better in the sense that it'll run
> *really* early. But whatever, as long as we do it before systemd
> starts the service that will use this seed :)
>
>> AFAIK, it only has to be updated when shutting down the machine.
>> The idea is that this file can not be equal for all the Tails
>> installations and neither all the Tails booting processes.
>> The idea with the installer was to solve the first problem, but maybe we
>> also can solve the second.
>
> I see. So we'll need to remount the FAT filesystem read-write on
> shutdown. The safest and most robust way might be to do it after we've
> returned to the shutdown initramfs, see the new memory wiping design
> doc for details. Anyway, that's for a later iteration :)
>
>>> * What's the plan for upgrades of the Tails USB stick?
>
>> If the upgrade is done with the installer, I guess the process is the
>> same. If the upgrade is done internally by Tails, it depends if we
>> manage to implement a solution for the second problem.
>
> OK.
>
>> Regarding the blueprint I can use the same we already had.
>> https://tails.boum.org/blueprint/randomness_seeding/
>> Or should I use other?
>
> I didn't follow this much so I'll let you discuss this with your
> team-mates.
> _______________________________________________
> Tails-dev mailing list
> Tails-dev@???
> https://mailman.boum.org/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to Tails-dev-unsubscribe@???.
>
