[guardian-dev] Fwd: Re: [Tails-dev] TAILS Mobile via USB or dual-boot

Nathan of Guardian nathan at guardianproject.info
Fri Jan 17 10:01:27 EST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Anyone else out there playing with MultiROM/boot?

- -------- Original Message --------
Subject: Re: [Tails-dev] TAILS Mobile via USB or dual-boot
Date: Fri, 17 Jan 2014 09:59:48 -0500
From: Nathan of Guardian <nathan at guardianproject.info>
Reply-To: The Tails public development discussion list
<tails-dev at boum.org>
To: tails-dev at boum.org

On 01/06/2014 01:55 PM, intrigeri wrote:
> Nathan of Guardian wrote (02 Jan 2014 18:56:22 GMT) :
>>> [...] but the question for me has been how do we match the 
>>> "boot from CD/USB" aspect of TAILS.
> Frankly, I personally am much less experienced in this area than 
> you, so I'm afraid I cannot help much.

Just want to announce some exciting progress made on the idea of a
TAILS Mobile edition booted from USB to an Android device. This is
just a hobby project right now, something to do in the spare time I
really don't have. However, like any interesting problem, I just can't
stop thinking about it :)

So, I have boot from USB key working on my Nexus 7 (the original 2012
wifi only edition), and am able to boot a locked down version of
Android from my Micro USB drive. This is enabled by rooting the
device, and flashing the MultiROM recovery firmware and app, which
handles the boot time switching. The point being that the main device
does not need to be modified an extraordinary amount, and can even
still run the stock firmware. It only requires root at this point.

This is all thanks to the amazing MultiROM project, of course, so I am
mostly just reporting back on testing:
https://github.com/Tasssadar/multirom

I can easily switch between the internal ROM and the USB booted ROM by
simply performing a device reboot and selecting the desired ROM to
boot from on startup, just like with a standard PC BIOS.

All user data is persisted to the USB drive, and I can setup Orbot to
autoboot with full transproxy, GnuPG for Android, ChatSecure etc. I am
going to try to setup full disk encryption on the USB booted firmware,
and will see how that goes. I have also run SecDroid on this which
effectively disables all unneeded services and turns off the ability
to install new apps.

There is a noticeable lag/freeze at times when the OS is
reading/writing from the USB, but it is not terrible. It may also be
related to the quality of the cheap noname USB flash drive I bought.
(ADATA
http://www.newegg.com/Product/Product.aspx?gclid=CIe9taeVg7wCFcFj7AodFnEAXQ&Item=N82E16820211829&nm_mc=KNC-GoogleAdwords&cm_mmc=KNC-GoogleAdwords-_-pla-_-USB+Flash+Drives-_-N82E16820211829&ef_id=UtgPqAAABF9bnY5c:20140116165816:s)

Sony has a new one coming out (micro USB OTG support) that I will test
with soon, that is also very very small physically, which matters if
you are going to have something hanging off your device's USB port.

I can also boot Ubuntu Touch from USB, but I am sad to say the state
of Ubuntu Touch is quite poor, at least running on this hardware
(which is actually fairly powerful). It is very slow and crashes quite
a bit. I will test more on the Nexus 7 2013 edition. I really need to
reach out to Ubuntu to understand their device support roadmap, and to
check out the reality of building upon their work vs. Android.

Otherwise, still investigating booting other variants of Debian on ARM
to see how easily we could "port" the existing TAILS work to a
solution like this, versus building something "similar but different"
from the ground up.

All the best!

+n

_______________________________________________
tails-dev mailing list
tails-dev at boum.org
https://mailman.boum.org/listinfo/tails-dev


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJS2UXHAAoJEKgBGD5ps3qpbcMQAJZs7eXkC+aImnrra0j6/FPC
lLmkeNo4Ec+eAs2TM59J3GLA6F4cwTSoiq3t2i1pVmS9cYiU15UlEZWGvzMNK0af
jdWpeFxNxqlV8Zu3C+73nWZWo9HEvN5G/LkbJCJDq49E58hJreGPqPQjR2Mr/Owo
u6fxGFwd5eKxKmJFln+WFNyEhxF6vkmMhQkpdOI0wtSCAvvTrbBkjIfQNI7u3nOE
US3/X+GnGRaG0sQIPzw7bdP0DJRoJRfTmndH6TlFut0brXVvXPA/M95FXBhynek8
CbpdBOcdf3JeS87uEu2O/bLMJ8PT7uahmWq7UXfZcn2LuFvWuIt4s4FRVzWj+ta2
hqhg/SsAnsvvW88Uh087MF6OT59zuqFA3NeNt5M4s2FuWYg9cmoLPAq4B+PcCing
5UthveLNLFIv/V6n03CCDkkiEUQT7Avy1k2Eoo6+AH8GIP1XuwGn6ibQlHURrcez
AJ/GtQ9+ny1q0TJ0X9/y0ll8gk++w580H9kNKusEQ8CiFr+e5knsTyo6aIjyWByC
EdUqsAInSqSQ07uvRjDbIM6aCsney/tU+m2ySO7pG/4Y51n4aEx2bBZYWvKVgEo8
z1wsT75pjZ3OjWq6Nwd2M4nW1vbyccjVyFGeVdpt7iwhA5/DhHOVLPjliLrZT499
7ZyCtoc1jdrYf5LeKna4
=y98H
-----END PGP SIGNATURE-----


More information about the Guardian-dev mailing list