This modifies the workflow in a couple key areas to use the new option in the Tails Installer that can copy an existing drive's Persistent Storage during a cloning operation.
It's worth noting that I elected not to use this tool for the backup procedures, instead preferring the current rsync based approach. This is because the current process allows for multiple workstation backups onto a single drive, which the Tails Installer tool does not allow. For that same reason, I have left the previous steps in place regarding the use of securedrop-admin backup and restore.
The second commit here changes the workflow for making a remote Secure Viewing Station. It does eliminate the use the "primary" USB drive, opting instead to clone the current SVS entirely (from an airgapped system). With this being a change in procedure with security implications, it may not be one we feel comfortable making; if not, I'm happy to remove that commit.
I will also note that I captured screenshots of the new Tails Installer, but did not feel it added to the documentation, so I elected to leave them out. If we believe it's worth including them, I can do so relatively easily.
Status
Ready for review
Description of Changes
This modifies the workflow in a couple key areas to use the new option in the Tails Installer that can copy an existing drive's Persistent Storage during a cloning operation.
It's worth noting that I elected not to use this tool for the backup procedures, instead preferring the current rsync based approach. This is because the current process allows for multiple workstation backups onto a single drive, which the Tails Installer tool does not allow. For that same reason, I have left the previous steps in place regarding the use of
securedrop-admin backupandrestore.The second commit here changes the workflow for making a remote Secure Viewing Station. It does eliminate the use the "primary" USB drive, opting instead to clone the current SVS entirely (from an airgapped system). With this being a change in procedure with security implications, it may not be one we feel comfortable making; if not, I'm happy to remove that commit.
I will also note that I captured screenshots of the new Tails Installer, but did not feel it added to the documentation, so I elected to leave them out. If we believe it's worth including them, I can do so relatively easily.
Testing
Checklist (Optional)
make docs-lint) passed locallymake docs-linkcheck) passedmake docs) docs at http://localhost:8000