Documentation to prepare a Tails for receivers

Question

Documentation to prepare a Tails for receivers

fpietrosanti opened this issue 11 years ago · 5 comments

This ticket is about documentation to prepare a Tails properly configured for receivers of a GlobaLeaks installation.

In a globaleaks installation is considered valuable to provide a Tails machine for use by Receivers in order to securely operate on leaks (receive it, download it, open it, process it) within an safe environment.

This will require a Tails image that's customized to be easily customable.

This ticket must also document the way that a separate, secure network of email and IM is setup for receivers, to provide them a fully separated and secure collaboration networks.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Answer 1 · 2013-06-26T18:03:42.000Z

The kind of customization that can be done "before installing and activating it over a USB" could be the follow:

Shortcut on the Desktop to access GlobaLeaks
This would open the browser and load a Tor Hidden Service without having to type it
Shortcut on the Desktop to write to technical support
This would open thunderbird and pre-fil the To: field to the one of the technical support

The technical process to do the "customization" it is by following that guides:
https://tails.boum.org/contribute/build/
https://tails.boum.org/contribute/customize/

In that case the "customization" has as a pre-requisite:

to have the final .onion Tor Hidden service setup
to have the email address and PGP key for technical support
to have image to be loaded as a desktop background

Answer 2 · 2013-06-26T18:06:06.000Z

Below a summary of the tasks that has to be done to prepare and work on setting up the tails images for the journos.

Organizational

We need someone to:

list all receivers contact details
ask them which laptop do they will be using for viewing the leaks (will this be windows, macbook/which mobile, linux) to check compatibility issues
create emails for receivers (to be later configured on Tails email client and pgp key)
list all jabber-id of journos (that will be later created while activating tails)
create an email and jabber account for technical support support
buy the USB keys for the receivers

With this data it should be possible to plan for the journos deployments of tails.

Operational

I see the following major phases

Prepare a customized Tails image

prepare customization

Prepare Tails USB key
This require having the physical USB keys

load tails on a usb key (it's a read-only image, to be done)

Configure Tails

startup tails from usb
"activate" write support to be able to customize and configure it
this will generate a disk encryption key and ask for a password for it
Generate PGP keys (this ask for a password for it)
Configure email client

this require to create email accounts on a server and eventually to pre-configure addressbook

Configure IM/jabber client

this require to create a jabber account and eventually add all other's people buddy

If we don't make the customized image, we will have 2 additional steps (create 2 shortcut on desktop) to be done during "Configure tails".

Answer 3 · 2013-07-10T06:53:55.000Z

Consider exception to make Tails working over MacBooks:
Installing Ubuntu 12.04 on Macbook Pro 8.1 camielv.nl/thesis/installing-ubuntu-12-04-on-macbook-pro-8-1/

Answer 4 · 2013-07-11T15:19:37.000Z

I have not tested this myself, but after doing a bit of research [1] [2] and reading a bit about it on the interwebz [3] [4] this appears to be the procedure for creating Mac OS X bootable USB disks (without requiring the user to install software):

Format the drive using FAT32 with a MBR
Create two nested directories on the drive called efi/boot/
Copy in the directory the file named BOOTX64.efi that can be downloaded from here or created following the instructions found here (installation media section).
Note: Most of the guides on the internet [2] will tell you to download a sketch file from mediafire. I presume that the above file is the same file that they recommend to download, though I am not 100% sure.
Copy the TAILS live cd .iso to the efi/boot/ directory and rename it to boot.iso
Reboot the Mac and hold down the alt/option key and select the "EFI Boot" option.

If this fails be sure to check out the links below:

[1] http://carlton.oriley.net/blog/?p=15
[2] http://studyblast.wordpress.com/2011/08/14/guide-mac-os-x-lion-how-to-boot-a-linux-live-system-from-a-usb-drive-how-to-update-any-ocz-ssds-firmware/
[3] http://superuser.com/questions/236891/how-can-one-create-a-bootable-linux-usb-key-that-works-on-mac-intel-64-bit-cpu
[4] http://fedorasolved.org/Members/jmontleon/installing-fedora-16-on-macbooks-using-grub2-efi

Answer 5 · 2013-08-09T18:14:36.000Z

https://github.com/hellais/TAILS-OSX contains instructions and scripts to create a TAILS live cd that will boot on OSX without any additional software installed (no REFIT, etc.)

Tested on:

Retina Mid 2012 OS X 10.8.4
13" Mid 2012 OS X 10.8.4

Issues:

wireless card randomically not recognized by TAILS (13" Mid 2012 OS X 10.8.4): is it a module problem?
persistance is not available: persistance use with Tails has some security drawbacks, as per https://tails.boum.org/doc/first_steps/persistence/warnings/index.en.html. A better solution could be to use an external ciphered storage).

Customization:
actually on discussion