Actions

grub live boot menu entry

From Whonix

Ambox warning pn.svg.png grub-live should not yet considered amnesic! Anti-forensics testing has yet to be done!

Introduction[edit]

One of primary objectives of grub-live is preventing malware from gaining persistence and having an unchanged system after reboot. It would require targeted [1] malware which gains super user (root) access to re-mount the disk for write access.

It is also recommended to regularly boot into persistent mode for installation of updates.

Installation[edit]

As per Whonix Packages for Debian Hosts.

Comparison[edit]

Table: Comparison of grub-live and Tails

Thing grub-live on the host [2] /
grub-default-live on the host
Tails DVD only Tails USB / DVD, with persistent USB Tails read-only medium all other writable disks unplugged [3] [4]
common [5] mode of operation Yes Yes Yes No [6]
amnesic / protects against disk modifications [7] Yes Yes Yes Yes
protects against malware persistence on hard drive after malware compromise No [8] No [8] No [8] Yes [8]
protects against firmware trojans after malware compromise No [8] No [8] No [8] No [8]
avoid writing to any host disks ? Yes [9] Yes [9] Yes [9]
disables removable drives auto-mounting No Yes [10] Yes [10] Yes [10]
disables swap ? Yes Yes Yes
wipe RAM on shutdown No [11] Yes but with limitations. [12] Yes but with limitations. [12] Yes but with limitations. [12]
wipe video RAM on shutdown No [13] No [14] No [14] No [14]
emergency shutdown on USB removal No Yes Yes Yes
Live Mode Usability [15] Not great. [16] Good [17] Good [17] Good [17]
Live Mode Indicator For XFCE only. Not yet documented. [18] Not needed. Not needed. Not needed.
Unified Amnesic + Anonymous User Experience No [19] Yes Yes Yes
easy standard ("everyday") upgrades [20] Yes ? ? ?
release upgrades [21] possible anytime [20] Yes No [22] No [22] No [22]
live boot by default
  • grub-live: No [23]
  • grub-default-live: Yes
Yes Yes Yes
persistent boot by default
  • grub-live: Yes [23]
  • grub-default-live: No
No No No
full disk encryption compatibility ? No No No
encrypted persistence supported Yes Yes [24] Yes [24] Yes [24]

Forum Discussion[edit]

https://forums.whonix.org/t/whonix-live-mode/3894/123

Footnotes[edit]

  1. Re-mounting the disk for write access is not yet a default feature of off-the-shelf malware. No such reports are known to us.
  2. Meaning, grub-live not in a virtual machine. For grub-live in a VM, see Whonix Live.
  3. Assuming Tails on a DVD which can only be written to once, not DVD-RW.
  4. Or Using Tails USB with physical, active and effective (non-circumventable by software) write protection switch enabled.
  5. As in a substantial user group willing and able to do this.
  6. This would be a prudent approach but search engines indicate that no or very few users run this configuration.
  7. excluding malware compromise
  8. 8.0 8.1 8.2 8.3 8.4 8.5 8.6 8.7 Once targeted malware got active it can circumvent read-only settings, mount harddrive, add malware which gets active after next boot.
  9. 9.0 9.1 9.2 Quote https://tails.boum.org/contribute/design/

    Tails takes care not to use any filesystem that might exist on the host machine hard drive, unless explicitly told to do so by the user. The Debian Live persistence feature is disabled by passing nopersistence over the kernel command line to live-boot.

  10. 10.0 10.1 10.2 Quote https://tails.boum.org/contribute/design/

    Removable drives auto-mounting is disabled in Tails 0.7 and newer.

    https://git-tails.immerda.ch/tails/plain/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults

    https://git-tails.immerda.ch/tails/plain/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults contains config for GNOME only, which is OK in context of Tails since Tails' default desktop is GNOME and others are unsupported.

  11. It might be possible to create a separate package wiperam. Then some meta package amnesia could depend on both, grub-live and wiperam, to simplify live boot for users.
  12. 12.0 12.1 12.2 https://tails.boum.org/contribute/design/memory_erasure/
  13. https://github.com/QubesOS/qubes-issues/issues/1563
  14. 14.0 14.1 14.2 https://redmine.tails.boum.org/code/issues/5356
  15. The user being aware of currently running in live mode vs persistent mode.
  16. Without Live Mode Indicator (see below) it is not obvious to the user if the user booted into persistent or live mode. The user could easily make a mistake by not choosing live boot at grub boot menu and confuse having booted into live mode while the user actually booted into persistent mode.
  17. 17.0 17.1 17.2 Always good because amnesia always has been a core feature of Tails. It is always obvious to the user that everything is non-persistent except folders for which the user enabled selective persistence.
  18. https://github.com/Whonix/whonix-xfce-desktop-config
  19. Whonix ™ is primarily run inside virtualizers. grub-live is an extra configuration step on the user's host.
  20. 20.0 20.1 Using standard package managers such as apt.
  21. Such as from Debian stretch to Debian buster.
  22. 22.0 22.1 22.2 Release upgrade of Tails from lets say Debian stretch to Debian buster is a non-trivial development effort. See also: https://tails.boum.org/doc/first_steps/upgrade/index.en.html
  23. 23.0 23.1 Persistent boot is the default option in grub boot menu
  24. 24.0 24.1 24.2 https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html

No comments for now due to spam. Use Whonix forums instead.


Random News:

Want to get involved with Whonix ™? Check out our Contribute page.


https | (forcing) onion

Follow: Twitter | Facebook | gab.ai | Stay Tuned | Whonix News

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.

Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.