Advertisement
v1ral_ITS

Install Tails Encrypted USB OS

Aug 8th, 2020
725
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 17.83 KB | None | 0 0
  1. Install from Debian, Ubuntu, or Mint using the command line and GnuPG
  2. 16-20 minutes
  3.  
  4. Start in Debian, Ubuntu, or Linux Mint.
  5.  
  6. In this step, you will download and verify the Tails signing key which is the OpenPGP key that is used to cryptographically sign the Tails USB image.
  7.  
  8. To follow these instructions you need to have your own OpenPGP key.
  9.  
  10. To learn how to create yourself an OpenPGP key, see Managing OpenPGP Keys by Riseup.
  11.  
  12. This verification technique uses the OpenPGP Web of Trust and the certification made by official Debian developers on the Tails signing key. Learn more about the OpenPGP Web of Trust.
  13.  
  14.     Import the Tails signing key in your GnuPG keyring:
  15.  
  16.     wget https://tails.boum.org/tails-signing.key
  17.     gpg --import < tails-signing.key
  18.  
  19.     Install the Debian keyring. It contains the OpenPGP keys of all Debian developers:
  20.  
  21.     sudo apt install debian-keyring
  22.  
  23.     Import the OpenPGP key of Chris Lamb, a former Debian Project Leader, from the Debian keyring into your keyring:
  24.  
  25.     gpg --keyring=/usr/share/keyrings/debian-keyring.gpg --export chris@chris-lamb.co.uk | gpg --import
  26.  
  27.     Verify the certifications made on the Tails signing key:
  28.  
  29.     gpg --keyid-format 0xlong --check-sigs A490D0F4D311A4153E2BB7CADBB802B258ACD84F
  30.  
  31.     In the output of this command, look for the following line:
  32.  
  33.     sig!         0x1E953E27D4311E58 2020-03-19  Chris Lamb <chris@chris-lamb.co.uk>
  34.  
  35.     Here, sig!, with an exclamation mark, means that Chris Lamb verified and certified the Tails signing key with his key.
  36.  
  37.     It is also possible to verify the certifications made by other people. Their name and email address appear in the list of certification if you have their key in your keyring.
  38.  
  39.     If the verification of the certification failed, then you might have downloaded a malicious version of the Tails signing key or our instructions might be outdated. Please get in touch with us.
  40.  
  41.     The line 175 signatures not checked due to missing keys or similar refers to the certifications (also called signatures) made by other public keys that are not in your keyring. This is not a problem.
  42.  
  43.     Certify the Tails signing key with your own key:
  44.  
  45.     gpg --lsign-key A490D0F4D311A4153E2BB7CADBB802B258ACD84F
  46.  
  47. In this step, you will download the latest Tails USB image and verify it using the Tails signing key.
  48.  
  49.     Download the USB image:
  50.  
  51.     wget --continue http://dl.amnesia.boum.org/tails/stable/tails-amd64-4.9/tails-amd64-4.9.img
  52.  
  53.     Download the signature of the USB image:
  54.  
  55.     wget https://tails.boum.org/torrents/files/tails-amd64-4.9.img.sig
  56.  
  57.     Verify that the USB image is signed by the Tails signing key:
  58.  
  59.     TZ=UTC gpg --no-options --keyid-format long --verify tails-amd64-4.9.img.sig tails-amd64-4.9.img
  60.  
  61.     The output of this command should be the following:
  62.  
  63.     gpg: Signature made Mon Jul 27 08:37:55 2020 UTC
  64.     gpg:                using RSA key FE029CB4AAD4788E1D7828E8A8B0F4E45B1B50E2
  65.     gpg: Good signature from "Tails developers (offline long-term identity key) <tails@boum.org>" [full]
  66.     gpg:                 aka "Tails developers <tails@boum.org>" [full]
  67.  
  68.     Verify in this output that:
  69.         The date of the signature is the same.
  70.         The signature is marked as Good signature since you certified the Tails signing key with your own key.
  71.  
  72.     Make sure that the USB stick on which you want to install Tails is unplugged.
  73.  
  74.     Execute the following command:
  75.  
  76.     ls -1 /dev/sd?
  77.  
  78.     It returns a list of the storage devices on the system. For example:
  79.  
  80.     /dev/sda
  81.  
  82.     Plug in the USB stick on which you want to install Tails.
  83.  
  84.     All the data on this USB stick will be lost.
  85.  
  86.     Execute again the same command:
  87.  
  88.     ls -1 /dev/sd?
  89.  
  90.     Your USB stick appears as a new device in the list.
  91.  
  92.     /dev/sda /dev/sdb
  93.  
  94.     Take note of the device name of your USB stick.
  95.  
  96.     In this example, the device name of the USB stick is /dev/sdb. Yours might be different.
  97.  
  98.     If you are unsure about the device name, you should stop proceeding or you risk overwriting any hard disk on the system.
  99.  
  100.     Execute the following commands to copy the USB image that you downloaded earlier to the USB stick.
  101.  
  102.     Replace:
  103.  
  104.         tails.img with the path to the USB image
  105.  
  106.         device with the device name found in step 5
  107.  
  108.     dd if=tails.img of=device bs=16M oflag=direct status=progress
  109.  
  110.     You should get something like this:
  111.  
  112.     dd if=/home/user/tails-amd64-3.12.img of=/dev/sdb bs=16M oflag=direct status=progress
  113.  
  114.     If no error message is returned, Tails is being copied on the USB stick. The copy takes some time, generally a few minutes.
  115.  
  116.     If you get a Permission denied error, try adding sudo at the beginning of the command:
  117.  
  118.     sudo dd if=tails.img of=device bs=16M oflag=direct status=progress
  119.  
  120.     The installation is complete after the command prompt reappears.
  121.  
  122. Tails USB stick
  123.  
  124. Congratulations, you have installed Tails on your USB stick!
  125.  
  126. You will now restart your computer on this USB stick. It can be a bit complicated, so good luck! But it might not work on your Mac model, so good luck!
  127.  
  128. In the next step, you will shut down the computer. To be able to follow the rest of the instructions afterwards, we recommend you either:
  129.  
  130.     Open this page on your smartphone, tablet, or another computer (recommended).
  131.  
  132.     Print the rest of the instructions on paper.
  133.  
  134.     Take note of the URL of this page to be able to come back later:
  135.  
  136.     https://tails.boum.org/install/clone?back=1 https://tails.boum.org/install/win/usb?back=1 https://tails.boum.org/install/mac/usb?back=1 https://tails.boum.org/install/mac/clone?back=1 https://tails.boum.org/install/expert/usb?back=1 https://tails.boum.org/install/linux/usb?back=1 https://tails.boum.org/upgrade/clone?back=1 https://tails.boum.org/upgrade/tails?back=1 https://tails.boum.org/upgrade/win?back=1 https://tails.boum.org/upgrade/mac?back=1 https://tails.boum.org/upgrade/linux?back=1
  137.  
  138. USB stick plugged on the left Computer restarted on USB stick Computer restarted on USB stick on the left USB stick unplugged on the right and computer restarted on USB stick on the left
  139. Make the computer start on the USB stick
  140.  
  141.     Click on the button.
  142.  
  143.     Press and hold the Shift key while you choose Power ▸ Restart.
  144.  
  145.     In the Choose an option screen, choose Use a device.
  146.  
  147.     In the Use a device screen, choose Boot Menu.
  148.  
  149.     Windows shuts down, the computer restarts, and a Boot Menu appears.
  150.  
  151.     Plug in your Tails USB stick shortly after choosing Boot Menu and while Windows is shutting down.
  152.  
  153.     In the future, we We recommend that you only plug your Tails USB stick while Windows is shutting down. Otherwise, a virus in Windows could infect your Tails USB stick and break its security.
  154.  
  155.     Such an attack is possible in theory but very unlikely in practice. We don't know of any virus capable of infecting Tails. See our warning on plugging Tails in untrusted systems.
  156.  
  157.    The Boot Menu is a list of possible devices to start from. The following screenshot is an example of a Boot Menu:
  158.  
  159.    In the Boot Menu, select your USB stick and press Enter.
  160.  
  161.    If the computer starts on Tails, the Boot Loader appears and Tails starts automatically after 4 seconds.
  162.  
  163.    Black screen ('GNU GRUB') with Tails logo and 2 options: 'Tails' and 'Tails (Troubleshooting Mode)'.
  164.  
  165.    Starting the computer using a Boot Menu key can be faster than starting the computer on Windows first and then on Tails. We recommend you learn how to start Tails using the Boot Menu key if you use Tails regularly.
  166.  
  167. Most computers do not start on the Tails USB stick automatically but you can press a Boot Menu key to display a list of possible devices to start from.
  168.  
  169. The following screenshot is an example of a Boot Menu:
  170.  
  171. This animation summarizes how to use the Boot Menu key to start on the USB stick:
  172.  
  173. The following instructions explain in detail how to use the Boot Menu key to start on the USB stick:
  174.  
  175.    Shut down the computer while leaving the USB stick plugged in.
  176.  
  177.    Shut down the computer and plug in the Tails USB stick.
  178.  
  179.    Shut down the computer.
  180.  
  181.    Plug in the other Tails USB stick that you want to install upgrade from.
  182.  
  183.    Unplug your Tails USB stick while leaving the intermediary USB stick plugged in.
  184.  
  185.    Identify the possible Boot Menu keys for the computer depending on the computer manufacturer in the following list:
  186.     Manufacturer    Key
  187.     Acer    Esc, F12, F9
  188.     Asus    Esc, F8
  189.     Clevo   F7
  190.     Dell    F12
  191.     Fujitsu F12, Esc
  192.     HP  F9, Esc
  193.     Lenovo  F12, Novo, F8, F10
  194.     Samsung Esc, F12, F2
  195.     Sony    F11, Esc, F10
  196.     Toshiba F12
  197.     others…   F12, Esc
  198.  
  199.    On many computers, a message is displayed very briefly when switching on that also explains how to get to the Boot Menu or edit the BIOS settings.
  200.  
  201.    Switch on the computer and immediately press several times the first possible Boot Menu key identified in step 2.
  202.  
  203.    If the computer starts on another operating system or returns an error message, shut down the computer again and repeat step 3 for all the possible Boot Menu keys identified in step 2.
  204.  
  205.    If a Boot Menu with a list of devices appears, select your USB stick and press Enter.
  206.  
  207.    If the Boot Menu key that works on your computer is a different one than the first in the list, please let us know so we can improve the list. You can write to sajolida@pimienta.org (private email).
  208.  
  209.    If the computer starts on Tails, the Boot Loader appears and Tails starts automatically after 4 seconds.
  210.  
  211.    Black screen ('GNU GRUB') with Tails logo and 2 options: 'Tails' and 'Tails (Troubleshooting Mode)'.
  212.  
  213.    Shut down the computer while leaving the USB stick plugged in.
  214.  
  215.    Plug in the other Tails USB stick that you want to install from.
  216.  
  217.    Switch on the computer and immediately press-and-hold the Option key (Alt key) until a list of possible startup disks appears.
  218.  
  219.    'Option' or 'alt' key in the bottom left of Mac keyboard
  220.  
  221.    Choose the USB stick and press Enter. The USB stick appears as an external hard disk and might be labeled EFI Boot or Windows like in the following screenshot:
  222.  
  223.    Screen with the logo of an internal hard disk labeled 'Macintosh HD' and an external hard disk labelled 'Windows' (selected)
  224.  
  225.    If the USB stick does not appear in the list of possible startup disks:
  226.        Make sure that you have verified your download of Tails.
  227.        Try installing again on the same USB stick.
  228.        Try installing on a different USB stick.
  229.        Try using the same USB stick to start on a different computer.
  230.        If the same USB stick works on a different computer, please report the problem to our help desk.
  231.  
  232.    If your Mac displays the following error:
  233.  
  234.    Security settings do not allow this Mac to use an external startup disk.
  235.  
  236.    Then you have to change the settings of the Startup Security Utility of your Mac to authorize starting from Tails.
  237.  
  238.    To open Startup Security Utility:
  239.  
  240.        Turn on your Mac, then press and hold Command(⌘)+R immediately after you see the Apple logo. Your Mac starts up from macOS Recovery.
  241.  
  242.        When you see the macOS Utilities window, choose Utilities ▸ Startup Security Utility from the menu bar.
  243.  
  244.        When you are asked to authenticate, click Enter macOS Password, then choose an administrator account and enter its password.
  245.  
  246.    Startup Security Utility
  247.  
  248.    In the Startup Security Utility:
  249.  
  250.        Choose No Security in the Secure Boot section.
  251.  
  252.        Choose Allow booting from external media in the External Boot.
  253.  
  254.    To still protect your Mac from starting on untrusted external media, you can set a firmware password, available on macOS Mountain Lion or later. A firmware password prevents users who do not have the password from starting up from any media other than the designated startup disk.
  255.  
  256.    If you forget your firmware password you will require an in-person service appointment with an Apple Store or Apple Authorized Service Provider.
  257.  
  258.    Read more on Apple Support about:
  259.        Startup Security Utility
  260.        Secure Boot
  261.        How to set a firmware password on your Mac
  262.  
  263.    If the computer starts on Tails, the Boot Loader appears and Tails starts automatically after 4 seconds.
  264.  
  265.    Black screen ('GNU GRUB') with Tails logo and 2 options: 'Tails' and 'Tails (Troubleshooting Mode)'.
  266.  
  267.    If your computer displays the Boot Loader but then fails to start on the USB stick, it might currently be impossible to start Tails on your Mac model.
  268.  
  269.    Please report the problem to our help desk.
  270.  
  271. Welcome Screen
  272.  
  273.    One to two minutes after the Boot Loader, the Welcome Screen appears.
  274.  
  275.    Welcome to Tails!
  276.  
  277.    In the Welcome Screen, select your language and keyboard layout in the Language & Region section. Click Start Tails.
  278.  
  279.    After 15–30 seconds, the Tails desktop appears.
  280.  
  281.    Tails desktop
  282.  
  283. Test your Wi-Fi
  284.  
  285. Problems with Wi-Fi are unfortunately quite common in Tails and Linux in general. To test if your Wi-Fi interface works in Tails:
  286.  
  287.    Open the system menu in the top-right corner:
  288.  
  289.    Choose Wi-Fi Not Connected and then Select Network.
  290.  
  291.    After establishing a connection to a network:
  292.  
  293.        If you can already access the Internet, Tor is automatically started.
  294.  
  295.        If you need to log in to a captive portal before being granted access to the Internet, see our documentation about logging in to captive portals.
  296.  
  297. If your Wi-Fi interface is not working, either:
  298.  
  299.    There is no Wi-Fi option in the system menu:
  300.  
  301.    The interface is disabled when starting Tails or when plugging in your USB Wi-Fi adapter:
  302.  
  303.    Notification about network card being disabled
  304.  
  305.    In this case, you can disable MAC spoofing to get your Wi-Fi interface to work in Tails. Disabling MAC spoofing has security implications, so read carefully our documentation about MAC spoofing before doing so.
  306.  
  307. To connect to the Internet, you can try to:
  308.  
  309.    Use an Ethernet cable instead of Wi-Fi if possible. Wired interfaces work much more reliably than Wi-Fi in Tails.
  310.  
  311.    Share the Wi-Fi or mobile data connection of your phone using a USB cable. Sharing a connection this way is called USB tethering.
  312.  
  313.    See instructions for:
  314.  
  315.        Android
  316.  
  317.        iPhones or iPads
  318.        Only sharing mobile data works on iPhones and iPads; sharing Wi-Fi does not work. For mobile data sharing to work, you need to disable MAC address spoofing in the Welcome Screen.
  319.  
  320.    Tails cannot hide the information that identifies your phone on the network. If you connect your phone to:
  321.  
  322.        A Wi-Fi network, then the network will know the MAC address of your phone. This has security implications that are discussed in our documentation on MAC address spoofing. Some phones have a feature to hide the real MAC address of the phone.
  323.  
  324.        A mobile data network, then the network will be able to know the identifier of your SIM card (IMSI) and also the serial number of your phone (IMEI).
  325.  
  326.    Buy a USB Wi-Fi adapter that works in Tails:
  327.     Vendor  Model   Size    Speed   Price   Buy offline Buy online
  328.     Edimax  EW-7811Un   Nano    150 Mbit/s  $10 No  Amazon
  329.     Panda Wireless  Ultra   Nano    150 Mbit/s  $12 No  Amazon
  330.     Panda Wireless  PAU05   Small   300 Mbit/s  $14 No  Amazon
  331.  
  332.    If you find another USB Wi-Fi adapter that works in Tails, please let us know. You can write to sajolida@pimienta.org (private email).
  333.  
  334. You can optionally create an encrypted Persistent Storage in the remaining free space on your new Tails USB stick to store any of the following:
  335.  
  336.    Personal files
  337.    Some settings
  338.    Additional software
  339.    Encryption keys
  340.  
  341. The data in the Persistent Storage:
  342.  
  343.    Remains available across separate working sessions.
  344.    Is encrypted using a passphrase of your choice.
  345.  
  346. The Persistent Storage is not hidden. An attacker in possession of your USB stick can know that there is a Persistent Storage on it. Take into consideration that you can be forced or tricked to give out its passphrase.
  347.  
  348. It is possible to unlock the Persistent Storage from other operating systems. But, doing so might compromise the security provided by Tails.
  349.  
  350. For example, image thumbnails might be created and saved by the other operating system. Or, the contents of files might be indexed by the other operating system.
  351.  
  352. Other operating systems should probably not be trusted to handle sensitive information or leave no trace.
  353. Create the Persistent Storage
  354.  
  355.    Choose .
  356.  
  357.    Specify a passphrase of your choice in both the Passphrase and Verify Passphrase text boxes.
  358.  
  359.    We recommend choosing a long passphrase made of five to seven random words. Learn more.
  360.  
  361.    Click on the Create button.
  362.  
  363.    Wait for the creation to finish.
  364.  
  365.    The list of features of the Persistent Storage appears. Each feature corresponds to a set of files or settings that can be saved in the Persistent Storage.
  366.  
  367.    We recommend you to only turn on the Personal Data feature for the time being. You can turn on more features later on according to your needs.
  368.  
  369.    Click Save.
  370.  
  371. Restart and unlock the Persistent Storage
  372.  
  373.    Shut down the computer and restart on your new Tails USB stick.
  374.  
  375.    In the Welcome Screen:
  376.  
  377.    Welcome to Tails!
  378.  
  379.        Select your language and keyboard layout in the Language & Region section.
  380.  
  381.        In the Encrypted Persistent Storage section, enter your passphrase and click Unlock to unlock the Persistent Storage for the current working session.
  382.  
  383.        Click Start Tails.
  384.  
  385.    After 15–30 seconds, the Tails desktop appears.
  386.  
  387.    You can now save your personal files and working documents in the Persistent folder. To open the Persistent folder choose .
  388.  
  389. Tails USB stick with Persistent Storage
  390.  
  391. You now have a complete Tails, congrats!
  392. Final recommendations
  393.  
  394. Tails does not protect you from everything! Have a look at our warnings.
  395.  
  396. If you face any problem, use the Report an error launcher on the Tails desktop or visit our support pages.
  397.  
  398. We hope you enjoy using Tails :)
  399.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement