Skip to content

Support booting from devices exposed as non-removable

Tails refuses to boot from devices that expose themselves as non-removable. Historically, all USB sticks said they were removable, even if this is not correct according to the specification (removable is rather for devices that can be fed with removable medium, such as a floppy drive). Recently, quite a lot of new USB sticks (especially Sandisk) expose themselves as non-removable.

A simple plan could be to:

  1. pass the syslinux SYSAPPEND variable a bitmask that enables FSUUID= functionality (bit 0x40000): this feature appends, to the kernel command-line, the UUID of the partition the kernel is booted from (added in 6.03-pre9, see commit 386b59e1 in syslinux Git)
  2. add support to live-boot to search the SquashFS only on the filesystem specified by the FSUUID kernel command-line parameter, when present; when present, FSUUID should override any live-media= found on the command-line, so that we would still pass live-media=removable, that would only be taken into account when booting from DVD.

If this doesn’t work nicely, the backup plan could be:

  1. Have Tails Installer write down the UUID in boot loader config on initial install
  2. Have Tails Installer preserve the UUID in boot loader config on upgrade
  3. Have Tails Updater (IUK) preserve the UUID in boot loader config on upgrade
  4. Require booting from the UUID that is in boot loader config, that is add such an option to live-boot
  5. Stop requiring the removable flag at boot time
  6. Only allow using persistent volume fr om the boot medium, that is add such an option to live-persist and/or live-boot

Note that live-boot already knows how to check an UUID that live-build embeds in the initramfs, so this should not be too hard.

Once done, the “known issues” page should be updated to remove all the Sandisk sticks, and possibly others.

Feature Branch: feature/6397-stop-relying-on-the-removable-bit

Subtasks

Related issues

Original created by @intrigeri on 6397 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information