Corresponding ticket: #15292


A number of the problems we've identified with the installation process will be fixed by generating, distributing and installing Tails as a disk image that, once copied bit-by-bit to a USB stick, produces a final Tails (GPT, UEFI-bootable, ready to get a persistent volume).

The plan

The list of tasks is being worked on in fundraising.git. It should be converted into subtasks of #15292 at some point.

Specific problems


live-build can generate hdd images. Alternatively, we can post-process our ISO image to create a USB-bootable disk image.

Open questions:

Growing system partition during boot

Corresponding ticket: #15319

The plan is to do this in a partitioning script in the initramfs. There are different stages in the initramfs, which are explained in the (pretty useful) man page for initramfs-tools.

The initramfs in Tails is customized by live-boot, which is poorly documented.

Some notes about the initramfs/live-boot process

This is how the scripts in /scripts/live-realpremount are executed:

initramfs-tools calls mountroot ()
/scripts/live line 12 in mountroot () line 124 in Live () line 85 in setup_unionfs ()

This is how /dev/sda1 is mounted: line 72 in Live ()` line 268 in find_livefs ()` line 128 in check_dev ()

/dev/sda1 is mounted before the scripts in /scripts/live-realpremount are executed.

The last stage executed before /dev/sda1 is mounted is init-premount.


Useful kernel command-line parameters:

  • debug: Prints every command executed during initramfs to /run/initramfs/initramfs.debug
  • break=premount: Drops into a shell before executing the init-premount stage


XXX: impact on mirrors' storage space?


Common bits

  • Self-installable executable download:
    • We need to investigate if we can Cross-compile a 3rd party dd GUI tool such as Etcher and distribute it from our website.
    • Ask Etcher about self installable bundle.

from Windows


See below "from macOS".


  • homepage
  • CLI mode: in progress but not on priority list of the developer
  • Complicated UX
    • too many options
    • need to download supplementary files for syslinux version
    • not clear which partition scheme to use even though it selects one automatically
    • user has to manually choose to install our ISOhybrided image either using ISO or DD mode.
  • License: GnuGPL
  • #10984: Boots (tested in legacy mode)
    • When burnt in "DD" mode, the checksums match!
  • Recommended by Ubuntu for Windows

Win32 Disk Imager


  • Homepage:
  • License: GPL
  • Tested version: 1.0 from 2017-03-07
  • Work on: Windows 7+
  • UI is quite simple.
  • Requires proper installing, clicking on the .exe is not enough (unlike UUI).
  • Doesn't have a filter for ISO images in its file chooser (but I could choose to see all files and select an ISO image).
  • Takes 30 minutes to do the copy.
  • Checksum of the resulting USB stick matches the checksum of the ISO image.

from macOS


  • Tested version: 1.3.1 from 2018-01-23
  • homepage
  • Windows, macOS, Linux (deb & rpm)
  • no official Debian images
  • CLI mode: Etcher CLI is experimental, it's a different executable than the GUI one, so we can suppose that it can't be run to launch the GUI with the right options.
  • License: Apache
  • #11348: images created with Etcher boot (in legacy mode at least) and checksums match
  • It is recommended by Ubuntu for macOS
  • Requires macOS 10.9 (Mavericks) or newer (which means a Mac from ~2007-2009 or newer)
  • Takes 5 minutes to do the copy.
  • Has both a portable and installable version for Windows

macOS Disk Utility

  • Tested version: Mac OS X Lion
  • I get an error ("invalid source") when I try to either:
    • Copy a Tails 3.5 ISO image onto a USB stick.
    • Restore the disk image of a full USB stick installed using @dd@.
    • Restart the disk image of the system partition of a USB stick installed using @dd@.

from Linux

  • GNOME Disks has a Restore Disk Image feature that basically does dd with a nice progress bar.
  • Investigate if we can get Etcher into Debian, which would allow all users to follow the same process.


This approach does not make full, manual upgrades any simpler. For the ideas we have to fix that other problem, see #15281.