[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Installing Whonix live mode in all distributed images?


#1

Thanks to @Algernon and others Whonix now has the incredibly useful feature of being able to boot in live mode.

The installation is extremely simple: just enter sudo apt-get install grub-live in the terminal and you are good to go!!

Given the incredible usefulness of this feature, its ease of installation and its low footprint (one package and a few MB of disk usage), I would suggest to add it in the default package list of Whonix images.

This way, booting in live mode would be available out of the box in all new images, without the need for the end user to install it.

I think many users are not even aware of this amazing feature, which is by the way one of the best selling points of Tails (“amnesic” system).


Whonix live mode
#2

Under consideration for Whonix 15 (Debian buster based).

cons:

  • most users won’t be reading https://www.whonix.org/wiki/Whonix_Live
  • step 1. Backup. will be missing but should be ok since this feature looks like has a low probably of ever breaking the boot sequence
  • could break the boot sequence after some kernel upgrade in future but probability should be very low
  • users will miss step To increase security, the VM disks can be set to read-only. Otherwise, malware running as root in the VM could theoretically mount the image read-write and gain persistence in this way.
  • we don’t have a live mode indicator systray yet so some users will sometimes confuse having booted into live vs persistent mode

pros:

  • advertises the feature better
  • usability enhancement

#4

#5

Could you kindly remind me why? As long as it boots into live mode it only writes into RAM, so what is not amnesic here? Am I missing something?


#6

https://whonix.org/wiki/Whonix_Live#Warning


#7

OK, so it mostly refers to the underlying host OS features (core dumps/swap), right? The same issues would affect a user that would run the Tails iso file in VBox, correct?


#8

That’s a general disclaimer, but on Linux it’s pretty darn perfect.


#10

#11

add grub-live
https://phabricator.whonix.org/T886