Enable Export Device Provisioning on the Workstation (VeraCrypt)

freedomofpress / securedrop-workstation

Qubes-based SecureDrop Journalist Workstation environment for submission handling

GNU Affero General Public License v3.0

138 stars 43 forks source link

Enable Export Device Provisioning on the Workstation (VeraCrypt) #1050

Open deeplow opened 4 months ago

deeplow commented 4 months ago

[x] I have searched for duplicates or related issues

Description

At the moment export devices have to be provisioned outside of the workstation. Ideally the user can do so from sd-devices.

How will this impact SecureDrop/SecureDrop Workstation users?

Improved SecureDrop usability since users don't have to figure out how to install VeraCrypt.

How would this affect the SecureDrop Workstation threat model?

We are adding another program to the templates (if we are doing that). Veracrypt is not available on the repos, which adds complexity. Some of these risks may be mitigated by installing this on boot on a disposable qube.

User Stories

As a journalist, I don't want to have to use system to provision drives so that I save time and I don't have to figure out how to install yet another piece of software.

zenmonkeykstop commented 4 months ago

Initial questions from discussion elsewhere related to possibly mirroring and installing veracrypt in an SDW VM:

The Veracrypt code is dual-licensed as Apache 2.0 and Truecrypt 3.0 (a non-open-source license) - can we mirror and distribute the VeraCrypt deb without running into licensing issues?
should we review the deb's install scripts and behaviour to ensure it plays nice with Qubes and doesn't do anything surprising given elevated privileges at install?

legoktm commented 4 months ago

I'm not sure if anyone has before, but we could also look into tcplay, which is already packaged in Debian and doesn't have the same licensing issues.

zenmonkeykstop commented 4 months ago

I'm not sure if anyone has before, but we could also look into tcplay, which is already packaged in Debian and doesn't have the same licensing issues.

It looks like it's not actively maintained and CLI-only though. Other questions notwithstanding, Veracrypt is has a relatively recent version and a GUI.

deeplow commented 4 months ago

If we manage to deal with the licensing issues and agree with getting VeraCrypt in, I'd like to propose the solution of provisioning the USB under the hood our recommended defaults, requiring only the user to enter the passphrase.