Re: [Tails-dev] Tails on compromised hardware

Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Tails on compromised hardware
sycamoreone:
> In https://github.com/rootkovska/x86_harmful/blob/master/x86_harmful.md
> Joanna Rutkowska remarked that:
>
>> Tails has long been (falsely) advertised as being capable of
>> providing security even on a previously compromised laptop^[E.g. a
>> laptop which used to run e.g. Windows OS that got subsequently
>> compromised.], as long as the adversary has not been allowed to
>> tamper with the hardware ...
>
> Tails still has a remark like this in the Warning page:
>
> https://tails.boum.org/doc/about/warning/index.en.html#index1h1
>> If the computer has been compromised by someone having physical
>> access to it and who installed untrusted pieces of hardware (like a
>> keylogger), then it might be unsafe to use Tails.
>
> I am not sure how best to phrase this, but would suggest the following
> patch:
>
> --- a/wiki/src/doc/about/warning.mdwn
> +++ b/wiki/src/doc/about/warning.mdwn
> @@ -13,9 +13,10 @@ make a good use of it.
> Tails does not protect against compromised hardware
> ===================================================
>
> -If the computer has been compromised by someone having physical access
> -to it and who installed untrusted pieces of hardware (like a
> -keylogger), then it might be unsafe to use Tails.
> +If the computer has been compromised by someone who installed
> +untrusted pieces of hardware (like a keylogger), or was able to
> +compromise low-level firmware or the BIOS, then it might be unsafe
> +to use Tails.


Thanks for the patch!

Did you take into account that we also have another warning called
"Tails does not protect against BIOS or firmware attacks" later on?

Maybe we should move "Tails can be compromised if installed or plugged
in untrusted systems" before "Tails does not protect against compromised
hardware", so that "Tails does not protect against BIOS or firmware
attacks" is right after "Tails does not protect against compromised
hardware".

See also the FAQ we have on this topic:

https://tails.boum.org/support/faq#compromised_system