Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It would be nice if their bootloader "just" loaded the entire image into RAM and let the user continue booting and running without the USB drive attached. Optical drives are on their way out, USB drives with a trustworthy write switch are obscure (if they exist at all) and this seems quite secure. I'm using scare quotes because I don't know how difficult this is.


It's quite common, though typically done for performance reasons: http://en.wikipedia.org/wiki/List_of_Linux_distributions_tha...

I agree that this seems like the best compromise: Have the bootloader load the squashfs (or whatever) to RAM, and then unmount and prompt you to remove the media before executing the kernel. In order to compromise that, you'd have to corrupt the process which creates the flash drive originally; if that's been achieved then it's game over regardless.


and running without the USB drive attached

That's how the Debian boot image works by default. You actually have to jump through some hoops to enable persistence.

So unless tails actively tries to be stupid it should be safe to remove the drive after the squashfs has been loaded during boot.


Tip: Most laptops have an SD card reader and most full size SDs still have write switches.

Also as SystemRescueCD does a load to RAM so it's certainly doable :)


This is not safe! The SD card write switches rely on the host to respect the state of the switch[0]

[0] http://www.electronics-lab.com/blog/?p=2620


Wow; I had no idea. -Thank you for the warning :)


Write switches on SD cards are not hardware specific, the host can choose to ignore them, unfortunately.


Unfortunately, many/most laptops do not support booting from SD cards. If you were to store the main image on an SD card, you'd still need a cd/dvd/usb drive to load the bootloader.


>Tip: Most laptops have an SD card reader

Not all of them will boot for you though. Mine doesn't.


Most will, they just see it as a USB device. The BIOS won't list it unless it is populated.


Internally they're fairly common. You can probably take a normal USB drive and find the write protect pin on the datasheet.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: