Document how much one effectively trusts non-Tails OS into which one plugs a Tails USB stick

As stated on https://mailman.boum.org/pipermail/tails-dev/2015-July/009234.html, about Hacking Team bits about Tails:

o Infecting USB device which appears to be a bootable disk (Antonio

Giovanni)§ It will drop (release) the scout, then it will run
a wipe.

Seems to be the same, but from a running and already infected non-Tails OS, when a Tails USB stick is plugged in it. That’s more concerning. We should check if we’re communicating clearly enough that:

the OS used to install or upgrade a Tails device can corrupt it
plugging one’s Tails device in an untrusted OS is dangerous

I constantly run into Tails USB sticks that have “hidden” files that indicate they have been plugged into Windows or OSX machines. Maybe I mostly run into users who don’t care about security (I doubt it), maybe we don’t do a good job at the 2nd point.

The 1st point became slightly more important now that we distribute Tails Installer outside of Tails: the Tails filesystem is mounted for several minutes during the installation process, which gives the attacker more time (and a nicer environment) to corrupt stuff than when doing a mere block copy (dd).

Setting priority >> normal, since it’s not a theoretical threat: the Hacking Team documents drop tells us that actual attackers are on it.

Related issues

Related to #7076 (closed)
Related to #8845
Related to #10884 (closed)
Related to #11137

Original created by @intrigeri on 11102 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information