Tails (The Amnesic Incognito Live System) is a Debian-based Linux distro. Its primary features are preserving privacy and anonymity by forcing network traffic through Tor by default and leaving no digital footprint on the machine by running only in-memory and erasing the memory on shutdown.
Tails does not PXE boot nicely since it seems to lack the network drivers after unpacking initrd2.img. Upon further investigation, the initrd2.img image has the network module (in my case, e1000) but isn't being loaded because it is blacklisted in the file
/etc/modprobe.d/all-net-blacklist.conf. Removing this file from the initrd image fixes this issue.
My best guess is that this is done intentionally so that there no network traffic can be made until the Tails system starts. However, since I am trying to get a PXE version of Tails working on my network, I'll walk through the steps needed to make Tails boot via PXE properly below.
You will need to copy the
initrd2.img file to another system that has the dracut binaries. In this example, I will be using my Fedora 25 server.
## Copy the Tails initrd to /tmp # cp /live/initrd2.img /tmp ## Make a directory to extract the files # mkdir -p /tmp/new_initrd # cd /tmp/new_initrd # /usr/lib/dracut/skipcpio /tmp/initrd2.img | xzcat | cpio -idmv ## Remove the /etc/modprobe.d/all-net-blacklist.conf file # rm /tmp/new_initrd/etc/modprobe.d/all-net-blacklist.conf ## Recreate the initrd2.img file # find . | cpio --quiet -c -o | xz -9 --format=lzma > /tmp/new_initrd2.img
For the sake of completeness, here is the PXE boot menu entry for tails:
label Tails 2.11 menu label Tails 2.11 kernel /images/Tails-2.11/live/vmlinuz2 append initrd=/images/Tails-2.11/live/initrd2.img nfsroot=$IP:/tftpboot/images/Tails-2.11/ netboot=nfs boot=live config apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails kaslr slab_nomerge slub_debug=FZ mce=0 vsyscall=none
It seems like another person had the same issue: