Documentation to prepare a Tails for receivers

[fpietrosanti]

This ticket is about documentation to prepare a Tails properly configured for receivers of a GlobaLeaks installation.

In a globaleaks installation is considered valuable to provide a Tails machine for use by Receivers in order to securely operate on leaks (receive it, download it, open it, process it) within an safe environment.

This will require a Tails image that's customized to be easily customable.

This ticket must also document the way that a separate, secure network of email and IM is setup for receivers, to provide them a fully separated and secure collaboration networks.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[fpietrosanti]

The kind of customization that can be done "before installing and activating it over a USB" could be the follow:

• Shortcut on the Desktop to access GlobaLeaks
  This would open the browser and load a Tor Hidden Service without having to type it
• Shortcut on the Desktop to write to technical support
  This would open thunderbird and pre-fil the To: field to the one of the technical support

The technical process to do the "customization" it is by following that guides:
https://tails.boum.org/contribute/build/
https://tails.boum.org/contribute/customize/

In that case the "customization" has as a pre-requisite:

• to have the final .onion Tor Hidden service setup
• to have the email address and PGP key for technical support
• to have image to be loaded as a desktop background

[fpietrosanti]

Below a summary of the tasks that has to be done to prepare and work on setting up the tails images for the journos.

Organizational

We need someone to:

• list all receivers contact details
• ask them which laptop do they will be using for viewing the leaks (will this be windows, macbook/which mobile, linux) to check compatibility issues
• create emails for receivers (to be later configured on Tails email client and pgp key)
• list all jabber-id of journos (that will be later created while activating tails)
• create an email and jabber account for technical support support
• buy the USB keys for the receivers

With this data it should be possible to plan for the journos deployments of tails.

Operational

I see the following major phases

0. Prepare a customized Tails image

• prepare customization

1. Prepare Tails USB key
   This require having the physical USB keys

• load tails on a usb key (it's a read-only image, to be done)

2. Configure Tails

• startup tails from usb
• "activate" write support to be able to customize and configure it
  this will generate a disk encryption key and ask for a password for it
• Generate PGP keys (this ask for a password for it)
• Configure email client

this require to create email accounts on a server and eventually to pre-configure addressbook

• Configure IM/jabber client

this require to create a jabber account and eventually add all other's people buddy

If we don't make the customized image, we will have 2 additional steps (create 2 shortcut on desktop) to be done during "Configure tails".

[fpietrosanti]

Consider exception to make Tails working over MacBooks:
Installing Ubuntu 12.04 on Macbook Pro 8.1 camielv.nl/thesis/installing-ubuntu-12-04-on-macbook-pro-8-1/

[hellais]

I have not tested this myself, but after doing a bit of research [1] [2] and reading a bit about it on the interwebz [3] [4] this appears to be the procedure for creating Mac OS X bootable USB disks (without requiring the user to install software):

1. Format the drive using FAT32 with a MBR

2. Create two nested directories on the drive called efi/boot/

3. Copy in the directory the file named BOOTX64.efi that can be downloaded from here or created following the instructions found here (installation media section).
   Note: Most of the guides on the internet [2] will tell you to download a sketch file from mediafire. I presume that the above file is the same file that they recommend to download, though I am not 100% sure.

4. Copy the TAILS live cd .iso to the efi/boot/ directory and rename it to boot.iso

5. Reboot the Mac and hold down the alt/option key and select the "EFI Boot" option.

If this fails be sure to check out the links below:

[1] http://carlton.oriley.net/blog/?p=15
[2] http://studyblast.wordpress.com/2011/08/14/guide-mac-os-x-lion-how-to-boot-a-linux-live-system-from-a-usb-drive-how-to-update-any-ocz-ssds-firmware/
[3] http://superuser.com/questions/236891/how-can-one-create-a-bootable-linux-usb-key-that-works-on-mac-intel-64-bit-cpu
[4] http://fedorasolved.org/Members/jmontleon/installing-fedora-16-on-macbooks-using-grub2-efi

[vodkina]

https://github.com/hellais/TAILS-OSX contains instructions and scripts to create a TAILS live cd that will boot on OSX without any additional software installed (no REFIT, etc.)

Tested on:

• Retina Mid 2012 OS X 10.8.4
• 13" Mid 2012 OS X 10.8.4

Issues:

• wireless card randomically not recognized by TAILS (13" Mid 2012 OS X 10.8.4): is it a module problem?
• persistance is not available: persistance use with Tails has some security drawbacks, as per https://tails.boum.org/doc/first_steps/persistence/warnings/index.en.html. A better solution could be to use an external ciphered storage).

Customization:
actually on discussion