Archive ⋙ Tutorials
Leave yourself a backdoor out: how to make a Tails drive
last updated: 8-6-2019
What one might not glean from reading the official documentation, however, is that Tails is not just useful for activists in high-risk areas (and other situations where one might need to obfuscate their network traffic). It's also been an invaluable tool for me for data recovery, like when my external hard drive's partition table corrupted early last year and it refused to mount on either Windows or Mint. Tails was able to mount the drive just fine and copy most of the files to somewhere safer, although by that time, a significant amount of files had already corrupted.
The last time I made a tutorial about installing Tails itself, it was back when Tails required you to either use a Debian-based distro with the Tails Installer program or to flash a transitional Tails stick and then use that to make a separate, full-featured Tails. As such, a previous version of this tutorial involved making a live USB of Lubuntu in order to use the Tails Installer. Ever since then, the developers have moved to a simpler installation process that works agnostic of what operating system was used to create the Tails stick, which will drastically shorten the length of this version of the tutorial.
You can either do a direct download, or torrent the USB image if your network policy allows that. Torrents are usually faster, and it automatically verifies that the file wasn't altered in transit.
If you are using Windows or (heaven forbid) a Mac, use the torrent option. Linux users can get away with using PGP keys instead if they wish.
The point of doing this is to make sure that the file now on your hard drive is the same one on the Tails servers. Verifying the file's integrity allows you to be reasonably sure that the file was not intercepted in transit by a malicious actor and replaced with a bugged version of Tails, and that the file is not corrupt, which can be a real hassle to diagnose later down the line when things mysteriously stop working.
If you torrented the file, skip this step.
Download and import the signing key:
wget https://tails.boum.org/tails-signing.key && gpg --import < tails-signing.key
sudo apt install debian-keyring -y
gpg --keyring=/usr/share/keyrings/debian-keyring.gpg --export email@example.com | gpg --import
gpg --keyid-format 0xlong --check-sigs A490D0F4D311A4153E2BB7CADBB802B258ACD84F | grep Stefano
If the below line shows up afterwards, you have the correct key:
sig! 0x9C31503C6D866396 2015-02-03 Stefano Zacchiroli firstname.lastname@example.org
Now we'll download the image signature:
Replace the "3.15" with the version of Tails you're verifying.
Place the signature file and the USB image in the same directory and verify:
TZ=UTC gpg --no-options --keyid-format long --verify tails-amd64-3.15.img.sig tails-amd64-3.15.img
If you see "Good signature" in the output, you're good to go!
Download and install Etcher. Follow the onscreen instructions, using the USB image you downloaded in step 1.
Please note that Tails requires a flash drive of at least eight gigabytes in order to function properly.
Shutdown and reboot the computer. If it boots into Tails, congratulations! If it doesn't, however, you'll have to edit the BIOS settings in order to enable booting from USB devices.