Commit 11a42ea6 authored by sajolida's avatar sajolida
Browse files

Merge remote-tracking branch 'origin/feature/15292-usb-image' into devel

parents 9727f4ec 4727d6c1
......@@ -133,11 +133,11 @@ interest of Tails.
The bad things that could happen if the mechanism fails are:
A. The signing key is not revoked while it should be. This could allow
possible attackers to distribute malicious Tails ISO images or publish
possible attackers to distribute malicious Tails images or publish
malicious information on our name.
B. The signing key is revoked when it should not have been. This would
prevent people from verifying our ISO images with OpenPGP until we
prevent people from verifying our images with OpenPGP until we
publish a new signing key.
Distribution of the shares
......
......@@ -30,7 +30,7 @@ receive it. Hence a thorough audit of the code can reveal if any
malicious code, like a backdoor, is present. Furthermore, with the
source code it is possible to build the software, and then compare the
result against any version that is already built and being
distributed, like the Tails ISO images that you can download from
distributed, like the Tails images that you can download from
us. That way it can be determined whether the distributed
version actually was built with the source code, or if any malicious
changes have been made.
......
......@@ -40,9 +40,9 @@ The advantages of this technique are the following:
- You only need a single Tails USB stick. The upgrade is done on the fly from a
running Tails. After upgrading, you can restart and use the new version.
- The upgrade is much smaller to download than a full ISO image.
- The upgrade is much smaller to download than a full USB image.
- The upgrade mechanism includes cryptographic verification of the upgrade.
You don't have to verify the ISO image yourself anymore.
You don't have to verify the USB image yourself anymore.
Requirements:
......
......@@ -125,6 +125,8 @@ using the Tails signing key.
- The signature is marked as <code>Good signature</code> since you
certified the Tails signing key with your own key.
<a id="dd"></a>
Install Tails using <span class="command">dd</span>
===================================================
......@@ -160,7 +162,7 @@ Install Tails using <span class="command">dd</span>
<strong>you risk overwriting any hard disk on the system</strong>.</p>
</div>
1. Execute the following commands to copy the ISO image that you
1. Execute the following commands to copy the USB image that you
downloaded earlier to the USB stick.
Replace:
......@@ -173,7 +175,7 @@ Install Tails using <span class="command">dd</span>
You should get something like this:
<p class="pre command-example">dd if=/home/user/tails-amd64-3.0.iso of=/dev/sdb bs=16M && sync</p>
<p class="pre command-example">dd if=/home/user/tails-amd64-3.12.img of=/dev/sdb bs=16M && sync</p>
If no error message is returned, Tails is being copied on the USB
stick. The copy takes some time, generally a few minutes.
......
......@@ -271,19 +271,19 @@ document.addEventListener("DOMContentLoaded", function() {
opaque(document.getElementById("continue-link-bittorrent"));
// Display "Verify with your browser" when image is clicked
document.getElementById("download-img").onclick = function(e) { displayVerificationExtension(e); }
document.getElementById("download-iso").onclick = function(e) { displayVerificationExtension(e); }
document.getElementById("download-img").onclick = function(e) { displayVerificationExtension(e, this); }
document.getElementById("download-iso").onclick = function(e) { displayVerificationExtension(e, this); }
function displayVerificationExtension(e) {
function displayVerificationExtension(e, elm) {
try {
e.preventDefault();
hitCounter("download-iso");
hitCounter("download-image");
toggleDirectBitTorrent("direct");
resetVerificationResult();
} finally {
// Setting window.location.href will abort AJAX requests resulting
// in a NetworkError depending on the timing and browser.
window.open(this.getAttribute("href"), "_blank");
window.open(elm.getAttribute("href"), "_blank");
}
}
......@@ -295,31 +295,33 @@ document.addEventListener("DOMContentLoaded", function() {
}
// Reset verification when downloading again after failure
document.getElementById("download-img-again").onclick = function(e) { resetVerification(e); }
document.getElementById("download-iso-again").onclick = function(e) { resetVerification(e); }
document.getElementById("download-img-again").onclick = function(e) { resetVerification(e, this); }
document.getElementById("download-iso-again").onclick = function(e) { resetVerification(e, this); }
function resetVerification(e) {
function resetVerification(e, elm) {
try {
e.preventDefault();
hitCounter("download-iso-again");
hitCounter("download-image-again");
toggleDirectBitTorrent("direct");
resetVerificationResult();
} finally {
window.location = this.getAttribute("href");
// Setting window.location.href will abort AJAX requests resulting
// in a NetworkError depending on the timing and browser.
window.open(elm.getAttribute("href"), "_blank");
}
}
// Display "Verify with BitTorrent" when Torrent file is clicked
document.getElementById("download-img-torrent").onclick = function(e) { displayBitTorrentVerification(e); }
document.getElementById("download-iso-torrent").onclick = function(e) { displayBitTorrentVerification(e); }
document.getElementById("download-img-torrent").onclick = function(e) { displayBitTorrentVerification(e, this); }
document.getElementById("download-iso-torrent").onclick = function(e) { displayBitTorrentVerification(e, this); }
function displayBitTorrentVerification(e) {
function displayBitTorrentVerification(e, elm) {
try {
e.preventDefault();
hitCounter("download-torrent");
toggleDirectBitTorrent("bittorrent");
} finally {
window.location = this.getAttribute("href");
window.location = elm.getAttribute("href");
}
}
......
......@@ -3,8 +3,8 @@
<div class="linux">
For example, you can press the <span class="keycap">Super</span> key,
then type <span class="command">disks</span>, then type
<span class="keycap">Enter</span>.
then type <span class="command">disk</span>, then choose
<span class="application">Disks</span>.
</div>
<div class="upgrade">
Choose <span class="menuchoice">
......
......@@ -220,7 +220,7 @@ the rest of the instructions afterwards, we recommend you either:
1. Which version of Tails are you trying to start?
1. How did you verify the ISO image?
1. How did you verify the USB image?
1. Which is the brand and model of the computer?
......
......@@ -24,6 +24,11 @@ Install Tails using <span class="application">GNOME Disks</span>
- Otherwise, install the <span class="code">gnome-disk-utility</span>
package using the usual installation method for your distribution.
You can also install Tails using the
<span class="command">dd</span> command from any Linux distribution
as described in our instructions for [[installing from Debian using
the command line|install/expert/usb#dd]].
[[!inline pages="install/inc/steps/install_with_gnome_disks.inline" raw="yes" sort="age"]]
[[!inline pages="install/inc/steps/restart_first_time.inline" raw="yes" sort="age"]]
......
......@@ -42,6 +42,112 @@ Install Etcher
[[!img install/inc/screenshots/eject_etcher_dmg.png link="no" alt=""]]
Instead of installing <span class="application">Etcher</span>, you can
also [[!toggle id="dd" text="install Tails using `dd` on the command
line"]].
[[!toggleable id="dd" text="""
1. Make sure that your USB stick is unplugged.
1. Open <span class="application">Terminal</span> from
<span class="menuchoice">
<span class="guimenu">Applications</span>&nbsp;▸
<span class="guisubmenu">Utilities</span>&nbsp;▸
<span class="guimenuitem">Terminal.app</span></span>.
1. Execute the following command:
<p class="pre command">diskutil list</p>
It returns a list of the storage devices on the system. For example:
<p class="pre command-output">/dev/disk0
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *500.1 GB disk0
1: EFI 209.7 MB disk0s1
2: Apple_HFS MacDrive 250.0 GB disk0s2
3: EFI 134.1 GB disk0s3
4: Microsoft Basic Data BOOTCAMP 115.5 GB disk0s4</p>
1. Plug your USB stick in the computer.
1. Execute again the same command:
<p class="pre command">diskutil list</p>
Your USB stick appears as a new device in the list. Check
that its size corresponds to the size of your USB stick.
<p class="pre command-output">/dev/disk0
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme &lowast;500.1 GB disk0
1: EFI 209.7 MB disk0s1
2: Apple_HFS MacDrive 250.0 GB disk0s2
3: EFI 134.1 GB disk0s3
4: Microsoft Basic Data BOOTCAMP 115.5 GB disk0s4
/dev/disk1
#: TYPE NAME SIZE IDENTIFIER
0: FDisk_partition_scheme *8.0 GB disk1
1: Apple_HFS Untitled 1 8.0 GB disk1s1</p>
1. Take note of the *device name* of your USB stick.
In this example, the USB stick is 8.0 GB and its device name is <span class="code">/dev/disk1</span>.
Yours might be different.
<div class="caution">
<p>If you are unsure about the device name, you should stop proceeding or
<strong>you risk overwriting any hard disk on the system</strong>.</p>
</div>
1. Execute the following commands to copy the USB image that you
downloaded earlier to the USB stick.
Replace:
- <span class="command-placeholder">tails.img</span> with the path to the USB image
<div class="tip">
<p>If you are unsure about the path to the USB image, you can insert the
correct path by dragging and dropping the icon of the USB image from
<span class="application">Finder</span> onto <span class="application">
Terminal</span>.</p>
</div>
- <span class="command-placeholder">device</span> with the device name found in step 6
<div class="tip">
<p>You can try adding <span class="code">r</span> before <span class="code">disk</span> to make the installation faster.</p>
</div>
<p class="pre command">diskutil unmountDisk <span class="command-placeholder">device</span></p>
<p class="pre command">dd if=<span class="command-placeholder">tails.img</span> of=<span class="command-placeholder">device</span> bs=16m && sync</p>
You should get something like this:
<p class="pre command-example">dd if=/Users/me/tails-amd64-3.12.img of=/dev/rdisk9 bs=16m && sync</p>
If no error message is returned, Tails is being copied on the USB
stick. The copy takes some time, generally a few minutes.
<div class="note">
<p>If you get a <span class="guilabel">Permission denied</span> error, try
adding <code>sudo</code> at the beginning of the command:</p>
<p class="pre command">sudo dd if=<span class="command-placeholder">tails.img</span> of=<span class="command-placeholder">device</span> bs=16m && sync</p>
<p>If you get an <span class="guilabel">invalid number ‘16m’</span> error, try
using <code>16M</code> instead:</p>
<p class="pre command">dd if=<span class="command-placeholder">tails.img</span> of=<span class="command-placeholder">device</span> bs=16M && sync</p>
</div>
The installation is complete once the command prompt reappeared.
"""]]
Install Tails
-------------
......
......@@ -1597,11 +1597,11 @@ msgstr ""
msgid ""
"To verify the integrity of a DVD from a separate trusted system, you can "
"verify the signature of the ISO image as documented in [[verify the ISO "
"image using OpenPGP|install/download#openpgp]] against the DVD itself."
"image using OpenPGP|install/download-iso#openpgp]] against the DVD itself."
msgstr ""
"Para verificar la integridad de un DVD desde un sistema confiado separado, "
"puedes verificar la firma de la imagen ISO como está documentado en "
"[[verifica la imagen ISO usando OpenPGP|install/download#openpgp]] al DVD "
"[[verifica la imagen ISO usando OpenPGP|install/download-iso#openpgp]] al DVD "
"mismo."
#. type: Bullet: '- '
......
......@@ -1626,11 +1626,11 @@ msgstr ""
msgid ""
"To verify the integrity of a DVD from a separate trusted system, you can "
"verify the signature of the ISO image as documented in [[verify the ISO "
"image using OpenPGP|install/download#openpgp]] against the DVD itself."
"image using OpenPGP|install/download-iso#openpgp]] against the DVD itself."
msgstr ""
"Pour vérifier l'intégrité d'un DVD depuis un système de confiance séparé, "
"vous pouvez vérifier la signature de l'image ISO comme documenté dans "
"[[vérifier l'image ISO en utilisant OpenPGP|install/download#openpgp]]."
"[[vérifier l'image ISO en utilisant OpenPGP|install/download-iso#openpgp]]."
#. type: Bullet: '- '
msgid ""
......
......@@ -1578,11 +1578,11 @@ msgstr ""
msgid ""
"To verify the integrity of a DVD from a separate trusted system, you can "
"verify the signature of the ISO image as documented in [[verify the ISO "
"image using OpenPGP|install/download#openpgp]] against the DVD itself."
"image using OpenPGP|install/download-iso#openpgp]] against the DVD itself."
msgstr ""
"Per verificare l'integrità di un DVD da un sistema di fiducia separato, è "
"possibile verificare la firma dell'immagine ISO come documentato in "
"[[verificare l'immagine ISO utilizzando OpenPGP|install/download#openpgp]] "
"[[verificare l'immagine ISO utilizzando OpenPGP|install/download-iso#openpgp]] "
"rispetto al DVD stesso."
#. type: Bullet: '- '
......
......@@ -511,7 +511,7 @@ the intended use cases, and the assumptions on which Tails is based.
We also try to limit the amount of software included in Tails, and we only add
new software with a very good reason to do so:
- We try to limit the growth of the ISO image and automatic upgrades.
- We try to limit the growth of the images and automatic upgrades.
- More software implies more security issues.
- We avoid proposing several options to accomplish the same task.
- If a package needs to be removed after its inclusion, for example because of
......@@ -638,7 +638,7 @@ liar; the answer of a true liar would always be "no".
- To verify the integrity of a DVD from a separate trusted system, you can
verify the signature of the ISO image as documented in [[verify the ISO image
using OpenPGP|install/download#openpgp]]
using OpenPGP|install/download-iso#openpgp]]
against the DVD itself.
- There is no documented method of verifying the integrity of a Tails USB stick
......
......@@ -15,7 +15,7 @@
Install an intermediary Tails
=============================
In this step, you will install an intermediary Tails using the Tails ISO
In this step, you will install an intermediary Tails using the Tails USB
image that you downloaded earlier.
<div class="note">
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment