‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Sunday, November 4, 2018 12:20 AM, sajolida <[email protected]> wrote:
> Pavel Penev: > > > Hi, UX helpers. > > Hi Pavel! > > > I'd like to see if there's some interest in adding Secure Boot support > > for TAILS. > > We're definitely interested in having Secure Boot working as right now > it's one of the major pain point when people try to get started with > Tails on PC. > > Our plan is to wait until Debian 10 (Buster) which will likely have > support for Secure Boot. > > See https://labs.riseup.net/code/issues/6560#note-9. > > > I'm not sure this is the right list, but, hopefully, you can > > direct me the right way. > > I think [email protected] would be more suited for this > discussion. I'm answering there since you mentioned this Ubuntu > technique that might be relevant to our developers. > > > There's a blog post with a description of how to patch a TAILS USB stick > > to run on a Secure Boot machine from Ubuntu: > > http://pav-computer-notes.blogspot.com/2017/10/patching-tails-usb-stick-for-uefi.html > > What's described there may not be sufficient for TAILS, since it doesn't > > protect against malicious modifications of what's on the USB device. > > (Proper protection would require a private TAILS key for signing kernel, > > initrd and module images, and a corresponding public key that's signed > > by a well-known authority.) However, it may be, arguably, better than > > requiring a user to disable a machine's Secure Boot in order to run > > TAILS on it. > > If that's not helpful, hopefully, you can direct me to what current > > problems stand in the way of getting that feature. > > Cool, thanks for writing this and letting us know! > > I'll let our developers have a look and see if such a technique could be > implemented in Tails before Debian 10 (Buster) scheduled for mid-2019. Thanks, Sajolida! I'm not subscribed to these lists, so I'm not sure I'll see the replies there, but, hopefully, people will by copying me, as well. -- P
publickey - [email protected] - 0x6DA8A3A6.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
