‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Sunday, November 4, 2018 12:20 AM, sajolida <sajolida@???> wrote:
> Pavel Penev:
>
> > Hi, UX helpers.
>
> Hi Pavel!
>
> > I'd like to see if there's some interest in adding Secure Boot support
> > for TAILS.
>
> We're definitely interested in having Secure Boot working as right now
> it's one of the major pain point when people try to get started with
> Tails on PC.
>
> Our plan is to wait until Debian 10 (Buster) which will likely have
> support for Secure Boot.
>
> See https://labs.riseup.net/code/issues/6560#note-9.
>
> > I'm not sure this is the right list, but, hopefully, you can
> > direct me the right way.
>
> I think thattails-dev@??? would be more suited for this
> discussion. I'm answering there since you mentioned this Ubuntu
> technique that might be relevant to our developers.
>
> > There's a blog post with a description of how to patch a TAILS USB stick
> > to run on a Secure Boot machine from Ubuntu:
> > http://pav-computer-notes.blogspot.com/2017/10/patching-tails-usb-stick-for-uefi.html
> > What's described there may not be sufficient for TAILS, since it doesn't
> > protect against malicious modifications of what's on the USB device.
> > (Proper protection would require a private TAILS key for signing kernel,
> > initrd and module images, and a corresponding public key that's signed
> > by a well-known authority.) However, it may be, arguably, better than
> > requiring a user to disable a machine's Secure Boot in order to run
> > TAILS on it.
> > If that's not helpful, hopefully, you can direct me to what current
> > problems stand in the way of getting that feature.
>
> Cool, thanks for writing this and letting us know!
>
> I'll let our developers have a look and see if such a technique could be
> implemented in Tails before Debian 10 (Buster) scheduled for mid-2019.
Thanks, Sajolida!
I'm not subscribed to these lists, so I'm not sure I'll see the replies there, but, hopefully, people will by copying me, as well.
--
P
