Consider creating a persistence by default for plausible deniability

Originally created by Tails on #5929 (Redmine)

Rationale

The "Warnings about persistence" page states "The persistent volume is not hidden. An attacker in possession of the USB stick can know that there is a persistent volume on it."

If every Tails USB stick had a persistent volume automatically created (with a random passphrase not known to the user), there would be no way to tell that the user had set up a persistent volume rather than just leaving the automatically created one in place. This would mean that a user who had created a persistent volume could plausibly claim that he/she hadn’t.

Of course, this wouldn’t protect against being tricked, and will be of at best variable efficiency against ‘rubber-hose cryptanalysis’, but it would be useful in a country like the UK where a court can compel you, on penalty of imprisonment, to reveal cryptographic keys and passphrases if it can prove that you know them.

Implementation

Implies modifying liveusb-creator and tails-persistence-setup.

Subtasks

#11681 (closed)

Related issues

Related to #6621
Related to #7269 (closed)
Related to #7544 (closed)
Related to #8861 (closed)
Related to #11679 (closed)
Related to #15292 (closed)
Related to #15653 (closed)
Related to #16485 (closed)
Has duplicate #7541 (closed)
Has duplicate #7630 (closed)
Has duplicate #11076 (closed)
Has duplicate #16750 (closed)
Has duplicate #17579 (closed)

_Originally created by Tails on [#5929 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/5929)_

# Rationale

The "Warnings about persistence\&quot; page states "The persistent
volume is not hidden. An attacker in possession of the USB stick can
know that there is a persistent volume on it."

If every Tails USB stick had a persistent volume automatically created
(with a random passphrase not known to the user), there would be no way
to tell that the user had set up a persistent volume rather than just
leaving the automatically created one in place. This would mean that a
user who had created a persistent volume could plausibly claim that
he/she hadn’t.

Of course, this wouldn’t protect against being tricked, and will be of
at best variable efficiency against ‘rubber-hose cryptanalysis’, but it
would be useful in a country like the UK where a court can compel you,
on penalty of imprisonment, to reveal cryptographic keys and passphrases
if it can prove that you know them.

# Implementation

Implies modifying `liveusb-creator` and `tails-persistence-setup`.

### Subtasks

- [x] tails/tails#11681

### Related issues

- **Related to** tails/tails#6621
  - **Related to** tails/tails#7269
  - **Related to** tails/tails#7544
  - **Related to** tails/tails#8861
  - **Related to** tails/tails#11679
  - **Related to** tails/tails#15292
  - **Related to** tails/tails#15653
  - **Related to** tails/tails#16485
  - **Has duplicate** tails/tails#7541
  - **Has duplicate** tails/tails#7630
  - **Has duplicate** tails/tails#11076
  - **Has duplicate** tails/tails#16750
  - **Has duplicate** tails/tails#17579

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information