[Looking for contributor!] Whonix USB

Another way to run Whonix, which I find exciting, is having a bootable USB stick with a host OS, virtualbox/kvm, and whonix ready to start up (or autorunning!). We could provide an image file that users install onto a spare usb stick. Benefits might include: No download/install of virtualbox (and the virtual devices it puts on your everyday machine); No importing images; Only one download to gpg verify; Less worry about user accidentally polluting whonix with stuff from questionable windows host; Compartmentation of your whonix activities (just put in your pocket! Not tied to any computer); Portable; Easier to follow some aspects of the Pre-install advice (Computer Security Education - Whonix)

tempest has already written a guide about how to build an encrypted whonix usb stick manually (Whonix Forum). I expect his help to invaluable.


I imagine that it would be a UNetbootin compatible image (could those also be dd’ed?)

Using old usb sticks would mean a big performance hit. But don’t USB 3.0 sticks (and computers) solve this?

The USB needs to be encrypted. It would be beautiful if this were a simple and near-automatic process.
(If Truecrypt-for-windows “encrypt this OS while already running” feature ever comes to linux, Whonix itself would be encrypted and we wouldn’t need the host OS to be encrypted. This might be preferable to those who like to “hide in plain sight” with a “mostly unused, just-in-case linux distro” they were carrying in their pocket while crossing the border.)

Who knows what computer people will be running. The host OS needs to have driver support.

This will place an additional burden on whoever has to build the images.

Generally a much welcome idea.

I guess USB HDD’s are more suitable than USB sticks.

Other issues:

  • open question: dd would limit this to a hardcoded per-specific size, using bigger disks would require to mess with the image or partition table, so due to using dd and command line and this issue, this would be mostly a geek feature (still welcome), unless…
  • that would require a graphical encrypted USB installer tool, most likely would require a host operating system (windows, linux, …) specific implementation. [Tails solves this problem by requiring one to burn Tails to CD, boot the CD and then run the USB installer from CD. No idea what Whonix’s answer could be.]

While I appreciate his/her efforts, this won’t help develop this feature. Since the guide uses Debian installer, an automated tool to create encrypted USB would require to do this only with code (only by re-using command line tools). However, Tails developers have a USB installer that could be looked at.

UNetbootin is the most used windows/linux/mac tool to burn Linux isos to a usb. With that working, dd shouldn’t be required.

Many of the steps in tempests’ guide would be followed by whoever builds the image, no?

Also check the easy multiboot usb tool:

Once set up, you just copy paste the images.

Almost all kind of images are supported without need to update the tool, it is generic.

It supports persistence.

Easy to customize the menu, the background.

The best tool ever

A list of tested examples:

Ah. Sweet tool. I’ve used YUMI before, but this one is even more flexible. I’m going to play around it.

In any case, if we do get a whonix.iso, it should work transparently with either UBNetbootin, YUMI, or Easy2boot.

Ah right. These tools are a great way to try Qubes OS. And once we have a Qubes OS version of whonix going, a bootable Qubes + Whonix preinstalled image might be the premier way of using Whonix.