Comparison between grub-live and Tails
Tails is its own operating system, whereas grub-live is a package enabling Live Mode on different Linux distributions. The following table will show the advantages and disadvantages of grub-live in regard to Tails. It should be noted, however, that while Tails is optimized for Live mode, grub-live is vastly more compatible with other systems.
'''Table:''' ''Comparison of grub-live and Tails''
{| class="wikitable" style="text-align: center; background-color: #fff"|- style="background-color: #f9f9f9"
! style="height: 35px"| '''Aspect'''
! '''grub-live on the host''' <ref>Meaning, <code>grub-live</code> outside of a virtual machine. For <code>grub-live</code> in a VM, see [[Live Mode]].</ref> /<br />'''grub-default-live on the host'''
! '''Tails USB / DVD, with persistent USB'''
! '''Tails read-only medium and other devices with write capability unplugged''' <ref>Assuming Tails on a DVD which can only be written to once, not DVD-RW.</ref> <ref>Or using Tails USB with a physical, active, and effective (non-circumventable by software) write protection switch enabled.</ref>
! Common <ref>As in a substantial user group willing and able to do this.</ref> mode of operation
| {{No}} <ref>This would be a prudent approach, but search engines indicate that no or very few users run this configuration.</ref>! Amnesic / protects against disk modifications <ref>Excluding malware compromise.</ref>
! Protects against malware persistence on hard drive after malware compromise
| {{No}} <ref name=targeted_persistent_malware>Once targeted malware is active, it can circumvent read-only settings, mount the hard drive, and add malware which becomes active after the next boot.</ref>| {{No}} <ref name=targeted_persistent_malware />| {{No}} <ref name=targeted_persistent_malware />| {{Yes}} <ref name=targeted_persistent_malware />! Protects against [[Malware_and_Firmware_Trojans#Firmware_Trojans|firmware trojans]] after malware compromise
| {{No}} <ref name=targeted_persistent_malware>Once targeted malware is active, it can circumvent read-only settings, mount the hard drive, and add malware which becomes active after the next boot.</ref>| {{No}} <ref name=targeted_persistent_malware />| {{No}} <ref name=targeted_persistent_malware />| {{No}} <ref name=targeted_persistent_malware />! Avoid writing to arbitrary (non-boot) host disks
| {{Yes}} <ref name=tails-avoid-host-disk-usage>Quote https://tails.boum.org/contribute/design/
Tails takes care not to use any filesystem that might exist on the host machine's hard drive, unless explicitly told to do so by the user. The Debian Live persistence feature is disabled by passing <code>nopersistence</code> over the kernel command line to live-boot.
| {{Yes}} <ref name=tails-avoid-host-disk-usage />| {{Yes}} <ref name=tails-avoid-host-disk-usage />! Disables removable drives auto-mounting
| {{Yes}} <ref name=tails-disables-removable-drives-auto-mounting>Quote https://tails.boum.org/contribute/design/#index39h3
Removable drives auto-mounting is disabled in Tails 0.7 and newer.
https://gitlab.tails.boum.org/tails/tails/-/blob/master/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults</blockquote></ref> <ref>
https://gitlab.tails.boum.org/tails/tails/-/blob/master/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults contains a configuration for GNOME only. This is reasonable in the Tails context since its default desktop is GNOME and others are unsupported.
| {{Yes}} <ref name=tails-disables-removable-drives-auto-mounting />| {{Yes}} <ref name=tails-disables-removable-drives-auto-mounting />! Disabled virtual machine shared folders
Considered a feature or bug?
| {{No}}, but see [[ram-wipe]]. <ref>* https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix/5596
* https://github.com/QubesOS/qubes-issues/issues/1562
Then a meta package <code>amnesia</code> could depend on both <code>grub-live</code> and <code>wiperam</code> to simplify live boot for users.
| Yes, but with limitations. <ref name=tails_wipe_ram>https://tails.boum.org/contribute/design/memory_erasure/</ref>
| Yes, but with limitations. <ref name=tails_wipe_ram />
| Yes, but with limitations. <ref name=tails_wipe_ram />
! Wipe video RAM on shutdown
https://github.com/QubesOS/qubes-issues/issues/1563
| {{No}} <ref name=tails-wipe-video-ram>https://gitlab.tails.boum.org/tails/tails/-/issues/5356</ref>| {{No}} <ref name=tails-wipe-video-ram />| {{No}} <ref name=tails-wipe-video-ram />! Emergency shutdown on USB removal
! Live Mode Usability <ref>The user being aware of currently running in live mode vs persistent mode.</ref>
| style="background-color: {{Yellow}}"| Average <ref>Without Live Mode Indicator (see below), it is not obvious to the user if they booted into persistent or live mode. This might lead to a mistake where live boot is not selected from the grub boot menu (persistent mode is instead set), but the user believes otherwise.
| style="background-color: {{Green}}"| Good <ref name=tails-amnesia-usability>Consistently good because amnesia has always been a core Tails feature. It is obvious to the user that nothing persists except folders that have selective persistence enabled.</ref>| style="background-color: {{Green}}"| Good <ref name=tails-amnesia-usability />| style="background-color: {{Green}}"| Good <ref name=tails-amnesia-usability />| style="background-color: {{Yellow}}"| For Xfce only. <ref>https://github.com/{{project_name_short}}/desktop-config-dist| style="background-color: {{Green}}"| Unneeded| style="background-color: {{Green}}"| Unneeded| style="background-color: {{Green}}"| Unneeded! Unified Amnesic + Anonymous User Experience
| {{No}} <ref>{{project_name_short}} is primarily run inside virtualizers. <code>grub-live</code> is an extra configuration step on the user's host.</ref>! Easy standard ("everyday") upgrades <ref name=using-apt>Using standard package managers such as <code>apt</code>.</ref>! [[Release Upgrade|Release upgrades]] <ref>Such as from Debian <code>stretch</code> to Debian <code>buster</code>.</ref> possible anytime <ref name=using-apt />
| {{No}} <ref name=tails-release-upgrade>Release upgrade of Tails from, let's say, Debian <code>stretch</code> to Debian <code>buster</code>, is a non-trivial development effort. See also: https://tails.boum.org/doc/upgrade/</ref>| {{No}} <ref name=tails-release-upgrade />| {{No}} <ref name=tails-release-upgrade />* grub-live: <span style="background:{{Red}}">No</span> <ref name=grub-live-persistent-default>Persistent boot is the default option in grub boot menu.</ref>* grub-default-live: <span style="background:{{Green}}">Yes</span>! Persistent boot by default
* grub-live: <span style="background:{{Green}}">Yes</span> <ref name=grub-live-persistent-default>Persistent boot is the default option in grub boot menu.</ref>* grub-default-live: <span style="background:{{Red}}">No</span>! Full disk encryption compatibility
! Encrypted persistence supported
| {{Yes}} <ref name=tails-encrypted-persistence>https://tails.net/doc/persistent_storage/index.en.html</ref>| {{Yes}} <ref name=tails-encrypted-persistence />| {{Yes}} <ref name=tails-encrypted-persistence />
or create an account