path: root/wiki/src/blueprint/protect_against_external_bus_memory_forensics.mdwn
diff options
Diffstat (limited to 'wiki/src/blueprint/protect_against_external_bus_memory_forensics.mdwn')
1 files changed, 26 insertions, 0 deletions
diff --git a/wiki/src/blueprint/protect_against_external_bus_memory_forensics.mdwn b/wiki/src/blueprint/protect_against_external_bus_memory_forensics.mdwn
new file mode 100644
index 0000000..bb0403c
--- /dev/null
+++ b/wiki/src/blueprint/protect_against_external_bus_memory_forensics.mdwn
@@ -0,0 +1,26 @@
+[[!toc levels=2]]
+It should not be that easy, for an attacker with physical access, to
+retrieve Tails memory. (Note that this will especially be the case for
+a [[Tails server|todo/server_edition]] instance left unattended.
+## other implementation ideas
+* If a firewire card was inserted into the slot and the bus is active,
+ pop up a dialog and ask "hey, you want to use firewire/etc.?"
+* disable these buses by default, allow opt-in through tails-greeter
+ to enable
+* ask that users assert they want to use this or that bus, and make
+ the assertion bind to a single device, rather than all devices
+ blindly
+* de-activate PCMCIA and ExpressCard on systems that don't have any
+ PCMCIA or ExpressCard devices after running for 5 minutes. This is
+ going to byte some users, but probably only the first time.
+[[!tag release/3.0]]