Upgrade from 0.10.0 to 0.11.0

Updating the Tails Workstations

We recommend that you update all Tails drives to version 3.11, which was released concurrently with SecureDrop 0.11.0 on December 11, 2018. Follow the Tails graphical prompts on your workstations to perform this upgrade.

On a subsequent boot of your SecureDrop Journalist and Admin Workstations, the SecureDrop Workstation Updater will alert you to workstation updates. Choose “Update Now” on each of the workstations:


Please note that this only updates the SecureDrop code on your Tails workstations. Tails upgrades must be performed separately.

If you don’t see a graphical updater, you may be running an older version of the SecureDrop code on your workstation (earlier than 0.7.0). You can update as follows:

cd ~/Persistent/securedrop
git fetch --tags
gpg --recv-key "2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77"
git tag -v 0.11.0

The output should include the following two lines:

gpg:                using RSA key 22245C81E3BAEB4138B36061310F561200F4AD77
gpg: Good signature from "SecureDrop Release Signing Key"

Please verify that each character of the fingerprint above matches what on the screen of your workstation. If it does, you can check out the new release:

git checkout 0.11.0


If you do see the warning “refname ‘0.11.0’ is ambiguous” in the output, we recommend that you contact us immediately at securedrop@freedom.press (GPG encrypted).

Finally, run the following commands:

./securedrop-admin setup
./securedrop-admin tailsconfig


If you haven’t already updated your workstations when SecureDrop 0.9.1 was released, you’ll need to update your workstations manually. Due to a bug in the graphical SecureDrop updater that was fixed in SecureDrop 0.9.1 (released on September 6, 2018), attempting an update of your SecureDrop workstation code on your Journalist or Admin Workstations using the graphical updater may fail with an error message: “WARNING: Signature verification failed.”

Should you encounter this message, follow the instructions in the Upgrade from 0.8.0 to 0.9.1 guide.

Troubleshooting Kernel Issues

If you have previously downgraded your kernel, as part of the the upgrade process to SecureDrop 0.11.0, the default Linux kernel will change to the latest released kernel (version 4.4.162).

We have tested this kernel extensively against recommended hardware and other common configurations. Please consult our kernel troubleshooting guide for instructions on how to compare the differences between kernel versions and how to roll back to an earlier version if necessary.


The 3.14.x series kernel will be removed as part of the upgrade to SecureDrop release 0.11.0. Your system will boot to the latest kernel by default (version 4.4.162). If you experience issues after the upgrade, please report kernel compatibility issues as soon as possible.

Getting Support

Should you require further support with your SecureDrop installation or upgrade, we are happy to help!