No login screen when starting VM


I am quite new to Linux and VM’s in general so there is a thing I don’t get:

When starting the Whonix gateway or workstation from the host, there is no login screen, the VM’s boot straight into the operating system. I can right-click and click “Lock screen” to bring the login screen with username/password, but not when booting.

I read other threads on this forum and people said it’s supposed to be this way and there is no point in adding a login screen for a VM, and that you should password protect your host instead your VM’s.

I don’t understand why. Could someone please explain it in some detail?

You should be using Full Disk Encryption ( FDE ) on the Host OS. Whonix is not designed as a multi-user system so a vm-login would not have any practical security benefit. If someone gained access to your Host OS while it was running then compromising your Host would be trivial. Once your host was compromised it would be very easy to do the same to your guest vm even with a password protected login screen.

The other option is encrypting your guest images. It is however “mostly theoretic at this point”.