Higher security level as Secure Boot.
Talking about VMs only in this concept.
We could boot from a virtual, read-only (write protected) boot medium such as another virtual HDD or ISO. Such a boot medium which runs a minimal linux distribution which then compares against checksums from Debian repository on the main boot drive:
- The MBR (master boot record)
- The VBR (volume boot record)
- [A] the booloader
- [B] the partition table
- [C] the kernel
- [D] the initrd
- [E] all files shipped by all packages
There are tools that can help with checking all files on the hard drive such as debsums . However, while debsums is more popular, it is unsuitable. [2]
A tool such as debcheckroot might be more suitable for this task.
During development of Verifiable Builds experiences were made with verification of MBR, VBR, bootloader, partition table, kernel and initrd. Source code was created to analyze such files. [3]
Extraneous files would be reported, with option to delete them, to move them to quarantaine and/or to view them.
Initrd is by Debian default, auto generated on the local system. Hence, there is nothing to compare with from Debian repository. However, after verification of everything (all files from all packages) it would be secure to chroot into the verified system and to re-generate the initrd. Then to compare both versions. This might not be required if initrd can be extracted and compared against files on the root disk.
That boot medium (such as IOS) could be shipped on Whonix Host through a deb package /usr/share/verified-boot/check.iso .
Disadvantage of this concept might be that it might be slower than dm-verity. On the other hand the advantage of this concept is that this does not require a OEM image. Also it might be more secure since it does not verify against an OEM image but would verify the individual files. Another advantage is that users are free to install any package and not limited by a readonly root image. Users do not have to wait for the vendor to update the OEM image.