Hello,
I want to have live mode on the host for Whonix KVM, so Using Debian 10.10. I’ve installed grub-live for that purpose, which worked all fine and I got the new entry in the bootloader. But when I run the livecheck.sh I get the following output:
user@debian:~/Downloads$ sudo sh livecheck.sh
[sudo] password for user: /usr/share/icons/Adwaita/16x16/status/dialog-warning.png
Live
Live mode is enabled but it is still possible to write to the disk. Please power off the machine and set the disk to read-only, if possible. See: Live Mode for Kicksecure ™ - Kicksecure or click on the icon for more information.
x-www-browser Live Mode for Kicksecure ™ - Kicksecure
x-www-browser Live Mode for Kicksecure ™ - Kicksecure
How can I make the drive read-only for live-mode on Host?
thanks in advance.
I’ve not even been able to get the KVM images to start when using host-live mode. Did you morph Debian 10.10 into KickSecure or just leave it as default Debian?
Thanks for the answers and sorry for the late reply.
I found some drives which are RO-lockable. Also found SD Card to be a possible solution.
But I have just learned that the switch on SD Cards just sets one of the pins to a certain state which the card reading device can choose to ignore, like my usb card reader does.
Assuming a card reader which respects the lock: Is this possibly a security threat that an attacker could deactivate this safeguard somehow and place harmful data onto the drive?