usb_install_and_upgrade.mdwn 7.42 KB
Newer Older
1
[[!meta title="USB install and upgrade"]]
amnesia's avatar
amnesia committed
2

3
[[!toc levels=3]]
amnesia's avatar
amnesia committed
4

5
6
7
8
9
Current state of things
=======================

Tails [[ships hybrid ISO images|contribute/design/hybrid_ISO]]. dd'ing
such a file to a USB stick produces a bootable Tails system and is
Tails developers's avatar
Tails developers committed
10
[[well documented|doc/installing_onto_a_usb_stick/linux]], but it
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
requires unfriendly command-line usage and overwrites any previously
existing partition table.

The current state of things implies two distasteful facts:

1. A given USB stick currently must be dedicated to Tails only;
   considering the ever-growing size of such devices, the amount of
   wasted bytes is not a minor one.
2. A given USB stick cannot be used to host both a Tails system *and*
   a persistent storage volume, which makes it hard to provide
   friendly integration of [[upcoming persistence
   features|todo/persistence]] for end-user.

Such user unfriendliness conflicts with Tails [[specified
goals|contribute/design]] and must be fixed.

Tails developers's avatar
TODO++    
Tails developers committed
27
28
Installing specification
========================
amnesia's avatar
amnesia committed
29

30
One should be able to easily install Tails to a USB storage device:
amnesia's avatar
amnesia committed
31

32
* by cloning an existing Tails system that is running from CD or USB;
33
34
* running a non-Tails operating system, from a downloaded ISO image.

Tails developers's avatar
Tails developers committed
35
When upgrading, the installation target may be an existing partition whose content
36
37
38
must be left untouched. The choice between possible destination
devices or partitions must be graphically proposed amongst the
available removable storage devices.
amnesia's avatar
amnesia committed
39

40
41
Moreover, at installation time, one should be allowed to setup an
encrypted storage space that can be used by the [[upcoming persistence
42
features|todo/persistence]]; earliest versions of the installation
43
44
program must at least leave room for it so that a later version can be
make use of it. Whether this storage space should better be a second
45
46
47
encrypted partition or a file-backed encrypted FS shall be researched
and decided upon. If the partition way is chosen, the installer
software must have partitioning capabilities.
48

Tails developers's avatar
Tails developers committed
49
50
Roadmap
=======
51

Tails developers's avatar
Tails developers committed
52
[[!tag todo/code todo/documentation]]
53
54
55

* [[what is left to do|usb_install_and_upgrade/todo]]
* [[what we've done so far|usb_install_and_upgrade/done]]
56
* [[notes about GPT|usb_install_and_upgrade/gpt]]
Tails developers's avatar
Tails developers committed
57
58
59
60
61
62


Our plan is to:

1. release something useful based on the work we've already done on
   the basis of Fedora liveusb-creator
Tails developers's avatar
Tails developers committed
63
64
2. probably start (again...) from Ubuntu's
   [usb-creator](https://launchpad.net/usb-creator), that has a
Tails developers's avatar
Tails developers committed
65
   much saner codebase; [[usb_install_and_upgrade/future_spec]]
Tails developers's avatar
Tails developers committed
66
67
68
3. take care of Windows support, partial upgrades, and postponed stuff
   (see the *Later* section on the [[usb_install_and_upgrade/todo]]
   page)
69
70
71

Our work on liveusb-creator is in a Git repository:

72
73
- anonymous, read-only: `git://git.immerda.ch/tails/liveusb-creator.git`
- developers read-write: `ssh://git@git.immerda.ch/tails/liveusb-creator.git`
74

Tails developers's avatar
Tails developers committed
75
76
77
Integration work is made in the `feature/usb_installer` branch in the
main Tails Git repository.

78
79
Research
========
80

81
Frontend UI
82
83
-----------

Tails developers's avatar
Tails developers committed
84
See roundup of existing tools at [[todo/usb_install_and_upgrade/archive]].
85
86

Unfortunately, no single existing piece of software satisfies the
87
above specification. It seems like everyone writes their own USB
88
89
90
installer; after the following round-up has been made, this is no
surprise at all: since such tools are designed to be dead easy for the
non-technical end-user, every author selects the few features that are
91
the most important ones for their intended audience, and generally
92
93
writes a very ad-hoc piece of software. Therefore, every Live system
project whose needs are slightly different from the others needs to
94
write its own USB installer, possibly reinventing more or less wheels
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
along the road.

We need to see if we can turn one of those tools into something that
satisfies our specification; sadly, proceeding this way *without
forking the existing tool* would probably need more initial
development time than writing a new installer from scratch; we are not
even sure any upstream author of such a software (good enough to be a
possible viable basis) would want to make it more generic and maintain
it this way; on the other hand, if we avoid forking or writing from
scratch, we also avoid maintaining a Tails-specific tool on the long
run.

Booting methods
---------------

Tails [[ships hybrid ISO images|contribute/design/hybrid_ISO]]. dd'ing
such a file to a USB stick produces a bootable Tails system but it
overwrites any previously existing partition table. This method is
therefore not suitable for us since it does not satisfy the
"non-destructive upgrade process" requirement.

Two alternatives booting methods have been investigated:

1. **Boot ISO file**: Setup a bootloader on the USB stick that is able
   to boot an ISO image dropped into the right directory of it. Even
   early boot files (kernel, initramfs) are loaded from *inside* the
   ISO file. The bootloader installed on the USB stick can either
   directly boot the kernel from inside the ISO file or chainload the
   ISO image's bootloader. In the first case, until the
   [[todo/boot_menu]] task is completed, the installed boot loader
   must present a boot menu that at least allows the user to choose
   her preferred language.

2. **Copy ISO's content**: Copy needed files (mainly the kernel,
   initramfs and SquashFS image that live in the `live/` directory)
   from the ISO filesystem to the destination partition, then setup a
   bootloader that uses files in that directory. The end result is
   more or less equivalent to dd'ing the ISO image to the USB stick,
   but achieved with a non-destructive process.

Tails developers's avatar
Tails developers committed
135
136
137
138
We have settled on the *copy ISO's content* way.

See roundup of such techniques, including GRUB2 integration, at
[[todo/usb_install_and_upgrade/archive]].
139
140
141
142
143
144
145
146
147

Partitioning
------------

[udisks](http://www.freedesktop.org/wiki/Software/udisks) provides a
D-Bus interface that makes it easy to programmatically partition a
storage device and create filesystems in there without messing with
low-level details; its LUKS encryption support probably is the killer
feature that makes it the perfect library for the job.
148

Tails developers's avatar
Tails developers committed
149
150
151
152
153
154
155
We have settled on creating GPT partition tables, that allow us to
reliably hide the Tails system partition from Windows' eyes, without
seeing it asking the user to *format an uninitialised volume*.

See [[details and research notes|todo/usb_install_and_upgrade/GPT]]
about it.

156
Upgrade
Tails developers's avatar
TODO++    
Tails developers committed
157
=======
158

Tails developers's avatar
TODO++    
Tails developers committed
159
160
161
162
163
164
One should also be able to easily and non-destructively upgrade a
given Tails system installed on a USB storage device.
Non-destructively means not touching any partition or file other than
the ones managed by the Tails installation system. Proceeding this way
is needed to make it possible using a single USB stick for the Tails
system *and* some persistent storage space.
165
166
167
The upgrade issue is actually twofold: network burden and writing the upgraded
live system on the USB stick.

Tails developers's avatar
TODO++    
Tails developers committed
168
169
Full upgrade
------------
170

Tails developers's avatar
TODO++    
Tails developers committed
171
Full upgrades happen between major releases, eg. 0.7 and 0.8.
172

Tails developers's avatar
TODO++    
Tails developers committed
173
174
Full upgrades should look as much as possible as a new installs. So it should be
possible to do it from any platform supported by the USB installer.
175

Tails developers's avatar
TODO++    
Tails developers committed
176
177
As for installing, people should be able to provide the ISO to the installer or
ask the installer to download it.
178

Tails developers's avatar
TODO++    
Tails developers committed
179
180
From inside Tails it should also provide an opt-in option to download the full
ISO outside Tor.
181

Tails developers's avatar
TODO++    
Tails developers committed
182
183
Once the upgrade is finished the old ISO is removed automatically from the USB
stick.
184

Tails developers's avatar
TODO++    
Tails developers committed
185
186
Partial upgrade
---------------
187

Tails developers's avatar
TODO++    
Tails developers committed
188
Partial upgrades only happen between minor releases, eg. 0.7 and 0.7.1.
189

Tails developers's avatar
Tails developers committed
190
See [[todo/incremental_upgrades]].