Error when using whonix linux installer

Support
1

I am trying to install whonix using http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Linux .

i got to the point where it was showing me a screen about configuring secure boot. I tried pressing enter and hitting keys to progress, but all it did was throw a bunch of symbols on my screen like ^B and ^A, whether I hit the error keys or enter or whatever.

I figured I needed to start over, so I closed the terminal and re-opened it.

Now it does not work. I get the following terminal output.

bash ./whonix-xfce-installer-cli 
whonix-xfce-installer-cli: [NOTICE]: Command executing: $ sudo -- echo test
test
whonix-xfce-installer-cli: [NOTICE]: Saving user log to: '/home/user/dist-installer-cli-download/logs/7/user.log'
whonix-xfce-installer-cli: [NOTICE]: Saving debug log to: '/home/user/dist-installer-cli-download/logs/7/debug.log'
whonix-xfce-installer-cli: [NOTICE]: Installer: 'Whonix Xfce for VirtualBox Installer'
whonix-xfce-installer-cli: [NOTICE]: If you wish to cancel installation, press Ctrl+C.
whonix-xfce-installer-cli: [NOTICE]: The license will be shown in 5 seconds.
whonix-xfce-installer-cli: [NOTICE]: (Use '-n' or '--non-interactive' for non-interactive mode.)
whonix-xfce-installer-cli: [NOTICE]: License Check: 'success' - User has accepted the license.
whonix-xfce-installer-cli: [NOTICE]: Architecture detected: 'x86_64'
whonix-xfce-installer-cli: [NOTICE]: System detected: 'Linux'
whonix-xfce-installer-cli: [NOTICE]: Distribution/Derivative name detected: 'Linux Mint 21.3' / '(No derivative detected.)'
whonix-xfce-installer-cli: [NOTICE]: Distribution/Derivative version detected: '21.3' / '(No derivative detected.)'
whonix-xfce-installer-cli: [NOTICE]: Package Installation: installation of hypervisor-required packages... Please wait, as this could take a while...
whonix-xfce-installer-cli: [ERROR]: Installer aborted due to an error.
whonix-xfce-installer-cli: [ERROR]: No need to panic. Nothing is broken. Just some rare condition has been hit.
whonix-xfce-installer-cli: [ERROR]: A solution likely exists for this issue.
whonix-xfce-installer-cli: [ERROR]: If the issue does not recur on retry, it can be safely ignored as transient.
whonix-xfce-installer-cli: [ERROR]: Consult Whonix News and the User Help Forum for assistance.
whonix-xfce-installer-cli: [ERROR]: Please report this bug if it has not been already.
whonix-xfce-installer-cli: [ERROR]: An error occurred at line: '1907'
whonix-xfce-installer-cli: [ERROR]: Please include the user log and the debug log in your bug report.
whonix-xfce-installer-cli: [ERROR]: (For file locations where to find these logs, see above.)
whonix-xfce-installer-cli: [ERROR]: Installer exited with code: '2'
whonix-xfce-installer-cli: [NOTICE]: Executed script, function, command executed: './whonix-xfce-installer-cli' 'install_package_debian_common' 'dpkg_audit_output="$(dpkg --audit 2>&1)"'
whonix-xfce-installer-cli: [ERROR]: Installer aborted due to an error.
whonix-xfce-installer-cli: [ERROR]: No need to panic. Nothing is broken. Just some rare condition has been hit.
whonix-xfce-installer-cli: [ERROR]: A solution likely exists for this issue.
whonix-xfce-installer-cli: [ERROR]: If the issue does not recur on retry, it can be safely ignored as transient.
whonix-xfce-installer-cli: [ERROR]: Consult Whonix News and the User Help Forum for assistance.
whonix-xfce-installer-cli: [ERROR]: Please report this bug if it has not been already.
whonix-xfce-installer-cli: [ERROR]: An error occurred at line: '1907'
whonix-xfce-installer-cli: [NOTICE]: Executed script, function, command executed: './whonix-xfce-installer-cli' 'handle_exit' 'dpkg_audit_output="$(dpkg --audit 2>&1)"'
whonix-xfce-installer-cli: [ERROR]: Signal received: 'PIPE'
whonix-xfce-installer-cli: [ERROR]: Installer exited with code: '141'

Please help.

2

Nevermind, I was able to fix the issue.

If anyone in the future needs help, I recommend the following procedure to fix it.

  1. Turn off the computer, if necessary via holding the power button down.
  2. Turn on the computer.
  3. open a terminal at the maximum possible size
  4. run sudo dpkg --configure -a
  5. choose a password
  6. uninstall all virtualbox packages on your machine
  7. with the terminal at MAX size, run bash ./whonix-xfce-installer-cli
  8. set a password
  9. restart the computer
  10. the screen will have multiple options depending on your manufacturer. choose the one that says something about entering a mok key or something
  11. press continue or whatever until it asks for a password
  12. set the password that you chose in step 7, then continue
  13. log in and run bash ./whonix-xfce-installer-cli , continuing the script to completion.

QUESTION: is the password that I chose temporary and used only to sign the virtualbox kernel module for this one instance? Or could a local attacker who knows the password use it to modify my secure boot however they want? If the latter is true, can I change this password or delete this password, now that I have signed the virtualbox kernel module using the password?

Please help answer this question.

3

This is unspecific to Whonix.

Can be resolved as per:

The related essential command Whonix Linux Installer runs is:

sudo apt install virtualbox-qt

It is the same as if you did run this command manually.

This is not only unspecific to Whonix but even unspecific to VirtualBox.

The same would be applicable, the same mokutil process would happen if you used Debian (or any other modern Linux distribution with a recent DKMS version) and installed a kernel module.

Questions about security are moot. See:

4

I am confused. The link that you post says that secure boot’s security practices are moot. But one of your developers, madaidan, writes that secure boot / verified boot is important, although it is very hard to implement it on linux distributions. See section 21.4 on Linux Hardening Guide | Madaidan's Insecurities .

Without verified boot, all of the precautions mentioned above could be bypassed with ease once physical access is gained. Contrary to common assumptions, verified boot is not just important for physical security — it prevents the persistence of any tampering with your system, be it from a physical attacker or a malicious application that has managed to hook itself into the operating system. For example, if a remote attacker has managed to exploit the system and gain high privileges, verified boot would revert their changes upon reboot and ensure that they cannot persist. The most common verified boot implementation is UEFI Secure Boot… In general, it’s hard to achieve a respectable verified boot implementation on traditional Linux.

5

madaidan used to be a contributor. Was last active on github in 2022. Not “my developer”.

There isn’t any disagreement on that topic.

Same wiki link updated again to address the confusion.

6

Perfect, thank you.