[Tails-ux] TAILS Secure Boot Support

Supprimer ce message

Répondre à ce message
Auteur: Pavel Penev
Date:  
À: tails-ux@boum.org
Sujet: [Tails-ux] TAILS Secure Boot Support
Hi, UX helpers.

I'd like to see if there's some interest in adding Secure Boot support for TAILS.  I'm not sure this is the right list, but, hopefully, you can direct me the right way.

There's a blog post with a description of how to patch a TAILS USB stick to run on a Secure Boot machine from Ubuntu:

http://pav-computer-notes.blogspot.com/2017/10/patching-tails-usb-stick-for-uefi.html

What's described there may not be sufficient for TAILS, since it doesn't protect against malicious modifications of what's on the USB device.  (Proper protection would require a private TAILS key for signing kernel, initrd and module images, and a corresponding public key that's signed by a well-known authority.)  However, it may be, arguably, better than requiring a user to disable a machine's Secure Boot in order to run TAILS on it.

If that's not helpful, hopefully, you can direct me to what current problems stand in the way of getting that feature.

Thanks.