Just a small note and modest suggestion.
TAILS Source Code
I was looking to see if the Tails source code is easily downloaded. It is available, but via GIT, that may be a great thing and is currently trendy, but not an archiving / source control system I’ve ever used… It has some alien ideas in it that likely are good for massively distributed code development, but not so good for “just let me un-tar this and look at the source”… The learning curve doesn’t look too steep, but when you have maybe 30 minutes to spend on a “Is this idea worth it?” question, sinking a day or two into installing and learning a source code control system and how to navigate it is, er, a show stopper.
Source tree starts here: git clone https: //git-tails.immerda.ch/tails
The good news is that they have a “web interface” (that I’ve not explored so can’t comment on ease of use… due to my browser wanting to use a higher level of security than they accept, or maybe the other way around):
Secure Connection Failed
An error occurred during a connection to git-tails.immerda.ch.
Unable to generate public/private key pair.
(Error code: sec_error_keygen_fail)
* The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
* Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
Or maybe the NSA is trying do a “man in the middle” on it and fumbled things so I’m locked out instead of tracked… (Hey, NSA Guy! Fix your MITM code, will ya? I just want to browse the Tails sources and see if it is a load of work or not. Thanks!)
I’ll likely try a few other platforms, browser and source IP addresses and see if I can find a combo that works… (Hey, NSA guy! Starbucks, near the HP Pavilion, downtown San Jose. I’ll be the one with the Sharks hat on…)
ARM Port Status?
I then did “the usual” of looking to see if anyone was already doing an ARM chip port. The mail thread on it says “kinda sorta slowly maybe”. The folks are focused on portable and phones / tablets, not on ARM as ARM. That puts a giant road block in the front end as you need things like touch screens and ‘boot from unusual media’ glued in before you can even get started. This is typical:
My R&D group has actually been doing some work along these lines. I’ve
been working to get our current work open sourced so we can share some of
the lessons we have learned and some or all of our relevant code. I’m not
sure how long it will take for me to get permission, but I am hoping it
will be some time this month. Keep me in the loop on this discussion (if
it moves outside of this list, I already read this list).
One of the key issues here is that the “boot off CD” model for desktops /
laptops translates poorly into the main model of SD card boot on Android
devices. Most Android devices will not boot automatically from an SD card,
which means that in general traces must be left on the phone (we are
currently just working with phones) of the fact that you use / have used
Tails. We can ensure that anything that happens during a Tails session is
encrypted before it can touch persistent store, but we want the same level
of deniability offered by CD or USB boot on a laptop. If possible on an
un-rooted phone even.
On the same note: If someone has or wants to build a list of devices that
will automatically boot from SD card if it is inserted, or if some magic
key combination is pressed during boot, I would be insanely happy. I think
we have part of such a list which is one of the things I want to open up
when I can. I know there are some, but we want to build a solution for a
broader range of devices, and it seems like auto-SD boot is rare on phones.
On Thu, Jan 2, 2014 at 1:56 PM, Nathan of Guardian wrote:
> —–BEGIN PGP SIGNED MESSAGE—–
> Hash: SHA1
> Hello, everyone. Finally joining this list.
> I’d like to start an overdue discussion on how we can bring TAILS to
> smartphone or tablet hardware in a usable way. I know we can produce a
> firmware/ROM based on Android or possibly Ubuntu Touch that matches
> the TAILS spec, but the question for me has been how do we match the
> “boot from CD/USB” aspect of TAILS.
> There are two interesting developments on this front:
> 1) An increasing amount of devices allow you to mount USB storage 
> from the Micro USD port. This might be an opportunity to create a
> recover/bootloader that can load a TAILS Mobile image from attached
> 2) Ubuntu has just released a dual boot system that allows easy
> switching between Android and Ubuntu on one device. If TAILS Mobile
> were to be based on Ubuntu Touch, then this would allow for a nice
> device with a standard Android system for daily use, and then an easy
> to access TAILS mode for more sensitive work.
> Apologies if I have missed any discussion or progress on TAILS Mobile
> distribution, but better late than never!
> All the best,
There were a couple of messages “upstream” of this one that specifically just called out ARM, but it very rapidly moved to “phones and tablets” and not just ARM. No mention of ARM Chromebooks that can be made to boot Linux and are “good to go” as platforms, for example.
The FAQ is even less interesting:
Does Tails work on ARM architecture, Raspberry Pi, or tablets?
For the moment, Tails is only available on the x86 and x86_64 architectures. The Raspberry Pi and many tablets are based on the ARM architecture. Tails does not work on the ARM architecture so far.
Look for a tablet with an AMD or Intel processor. Try to verify its compatibility with Debian beforehand, for example make sure that the Wi-Fi interface is supported.
They also are rather absolutist about wanting 100% of every security feature with that meaning repudiation of Tails being on the box, so no Tails on an installed media. I think there ought to be a ‘middle ground’ where you can have a Tails box, like the Pi, but where the chip comes out and nothing is left on the box (just like pulling your USB drive from a PC…)
By using the Chromebook or Raspberry Pi, you get a keyboard, mouse, boot from SD card (IMHO just as able to be kept anon via pulling it) and all, and without taking on the hard bits of the cell phone “up front”. That gives an easier and likely quicker path to a phone port (IMHO). Stir in that all the main Linux and Onion bits are already ported, just how big is what’s left to port / adapt?
So my “modest suggestion” is just that maybe doing a Tails port to Raspberry Pi would be a lot easier place to start. It already has the ARM port of Debian done so has ported bits for pretty much all the bits that TAILS uses and has an existing TOR Router port.
Onion Pi turns Raspberry Pi into Tor proxy and wireless access point
“Foil the NSA and Prism with a Tor proxy,” Raspberry Pi Foundation says.
by Jon Brodkin – Jun 18, 2013 2:40pm EDT
There are folks talking about it on the Pi boards:
Though mostly complaining about paying for a DVD of the source archives. And some “Must be hard” negative waves.
by kamikazejoe » Tue Jul 29, 2014 9:04 pm
I don’t think there is any technical reason someone couldn’t port Tails to the Raspberry Pi. The biggest hurdle is likely the memory requirements. It would likely be unusable slow.
As they are both Debian based, and retrofitting the Tails mods into the Raspbian version of Debian ought to be straight forward, I fail to see why memory would be a significant hurdle. ( I’ve run Tails in small memory machines ) nor why a browser would be any slower than normal Tails.
But you get the picture. Both sides of the fence interested, two sides not talking, both thinking the other side is too hard. Sigh.
I’m interested, and likely could “do it”, but my kernel and OS code exposure was 25 years ago and BSD / SunOS / Ultrix / Unicos. Not ARM and Linux. And no GIT.
So a slow ramp up and learning curve. Add in that I’m not exactly “rich” on free time, and it’s looking like a big time sink with unclear success parameters. The Project Manager in me thinks more and different “resource” would do it better and faster…
Don’t know if I’ll ever get a “round tuit”. I’m going to at least explore how hard it would be to extract a source code set for “diffing” against the base code. But once I’m over “one day” whacking on it, I’m likely to move on.
If anyone “has clue” on this already, give a holler.