> On Aug 20, 2024, at 3:53 PM, Kenneth Morris via Tails-dev <tails-dev@???> wrote:
>
> Someone mentioned to me that tails now has a page file or swap partition.
> Why does tails include a swap and doesn’t this defeat the purpose of anti-forensics?
> I have used tails to edit files on external drive and don’t remember anything about worrying about files swapping onto the external drive?
I'm not a Tails developer, but here's the status as I understand it.
In short, it doesn't weaken Tails' resistance to attack.
Tails currently swaps to "zram". This is a swap device in *RAM*. It works by
compressing the memory before swapping it to zram. It's never written to
a permanent storage device, so there are no fundamental impacts;
if your attacker can read arbitrary memory you have bigger problems.
This ability is important; graphical programs often take a lot of memory, and this
ability can often turn a crash into a temporary slowdown.
Discussion:
https://gitlab.tails.boum.org/tails/tails/-/issues/5740
Implementation:
https://gitlab.tails.boum.org/tails/tails/-/merge_requests/1064
Linux kernel docs:
https://docs.kernel.org/admin-guide/blockdev/zram.html
There's been some efforts to warn users when RAM is getting low. There's been
progress, though it's more complicated than you might think.
There's been discussion about swapping on a USB stick itself:
https://gitlab.tails.boum.org/tails/tails/-/issues/19442
There's general agreement that as long as there's an ephemeral key, and the
user is the one who enables it, it should be fine. However, it does not currently exist in Tails.
You can hand-force this on an individual execution of Tails but logging in
as root and enabling a swap file, but that requires knowing how to do this.
--- David A. Wheeler
