Hi, I have made a first draft solution for this, I have updated the ticket accordingly:
https://labs.riseup.net/code/issues/11897 cheers, kurono On 07/28/2017 07:01 PM, intrigeri wrote: > kurono: >> ok great. I am still trying to get an idea of how to do this, but I >> think we could create a script in >> config/chroot_local-includes/lib/live/config/ where the early boot stuff >> is done. That script would copy the random-seed from the FAT filesystem, >> to the actual >> /var/lib/systemd/random-seed file. > > An initramfs script run after live-boot has set up the root FS stack > (SquashFS + aufs) might be better in the sense that it'll run > *really* early. But whatever, as long as we do it before systemd > starts the service that will use this seed :) > >> AFAIK, it only has to be updated when shutting down the machine. >> The idea is that this file can not be equal for all the Tails >> installations and neither all the Tails booting processes. >> The idea with the installer was to solve the first problem, but maybe we >> also can solve the second. > > I see. So we'll need to remount the FAT filesystem read-write on > shutdown. The safest and most robust way might be to do it after we've > returned to the shutdown initramfs, see the new memory wiping design > doc for details. Anyway, that's for a later iteration :) > >>> * What's the plan for upgrades of the Tails USB stick? > >> If the upgrade is done with the installer, I guess the process is the >> same. If the upgrade is done internally by Tails, it depends if we >> manage to implement a solution for the second problem. > > OK. > >> Regarding the blueprint I can use the same we already had. >> https://tails.boum.org/blueprint/randomness_seeding/ >> Or should I use other? > > I didn't follow this much so I'll let you discuss this with your > team-mates. > _______________________________________________ > Tails-dev mailing list > [email protected] > https://mailman.boum.org/listinfo/tails-dev > To unsubscribe from this list, send an empty email to > [email protected]. >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
