I am looking at Tails design document and trying to figure out what Tails does in order to implement amnesia / non-persistence / anti-forensics so these features can be implemented in grub-live (or where appropriate) too.
This is what I found:
- Debian live based
- Host system disks and partitions
Tails takes care not to use any filesystem that might exist on the host machine hard drive, unless explicitly told to do so by the user. The Debian Live persistence feature is disabled by passing
nopersistenceover the kernel command line to live-boot.
- Filesystems stored on removable devices
Removable drives auto-mounting is disabled in Tails 0.7 and newer.
4): wiperam
Host system RAM
In order to protect against memory recovery such as cold boot attack, most of the system RAM is overwritten when Tails is being shutdown or when the boot medium is physically removed. Also, memory allocated to processes is erased upon process termination.
(related: Is RAM Wipe possible inside Whonix? Cold Boot Attack Defense)
- swap
Host system swap
Tails takes care not to use any swap filesystem that might exist on the host machine hard drive. Most of this is done at build time: the
/sbin/swaponbinary is replaced by a fake no-op script, and live-boot’sswaponoption is not set.
Did I miss any Tails amnesia features?
Could anyone please double check Tails - Design: specification and implementation and/or research further on how Tails implements non-persistence?