Removing passwordless-root can arguably improve VM security, but doing so will cause some issues with sdwdate:
- Sdwdate log cant be viewed
- Newly created GW Appvm sdwdate wont start automatically
root@host:~# sdwdate-log-viewer
+ set -e
+ true 'INFO /usr/bin/sdwdate-log-viewer: START'
+ /bin/journalctl --boot --output cat -n 10000 -f _SYSTEMD_UNIT=qubes-sync-time.service + _SYSTEMD_UNIT=qubes-sync-time.timer + _SYSTEMD_UNIT=timesanitycheck.service + _SYSTEMD_UNIT=bootclockrandomization.service + _SYSTEMD_UNIT=sdwdate.service + _SYSTEMD_UNIT=whonix-firewall.service + SYSLOG_IDENTIFIER=suspend-pre + SYSLOG_IDENTIFIER=suspend-post + SYSLOG_IDENTIFIER=anondate + _AUDIT_TYPE_NAME=SECCOMP
2023-07-26 16:34:49 - /usr/bin/whonix-gateway-firewall - OK: Loading Whonix firewall...
2023-07-26 16:34:49 - /usr/bin/whonix-gateway-firewall - OK: Skipping firewall mode detection since already set to 'full'.
2023-07-26 16:34:49 - /usr/bin/whonix-gateway-firewall - OK: (Full torified network access allowed.)
Within minimum time 'Mon Jun 12 00:00:00 UTC 2023' and expiration timestamp 'Tue May 17 10:00:00 UTC 2033', ok.
2023-07-26 16:34:50 - /usr/bin/whonix-gateway-firewall - OK: Whonix firewall loaded.
Boot Clock Randomization
https://www.kicksecure.com/wiki/Boot_Clock_Randomization
- 147 570260621
Changed time from Wed Jul 26 04:34:50 PM UTC 2023 (1690389290.374085070)
to Wed Jul 26 04:32:23 PM UTC 2023 (1690389143.577910703).
2023-07-26 16:32:25 - sdwdate - INFO - sdwdate (Secure Distributed Web Date) started. PID: 993
2023-07-26 16:32:25 - sdwdate - INFO - sdwdate (Secure Distributed Web Date) started. PID: 993
2023-07-26 16:32:26 - sdwdate - INFO - Tor socks host: 127.0.0.1 Tor socks port: 9108
2023-07-26 16:32:26 - sdwdate - INFO - Running sdwdate main loop. iteration: 1
2023-07-26 16:32:26 - sdwdate - INFO - PREPARATION: running onion-time-pre-script...
2023-07-26 16:32:26 - sdwdate - INFO -
__ ### START: ### /usr/libexec/helper-scripts/onion-time-pre-script
__ Status: First run after boot. (Creating file '/run/sdwdate/onion-time-script-after-boot'.)
__ Static Time Sanity Check: Within minimum time 'Mon Jun 12 00:00:00 UTC 2023' and expiration timestamp 'Tue May 17 10:00:00 UTC 2033', ok.
__ Tor enabled check: Tor is disabled. Please enable Tor using Anon Connection Wizard or setup-dist. Start Menu -> System -> Anon Connection Wizard or in Terminal: sudo setup-dist
__ ### END: ### Exiting with exit_code '1' indicating 'wait, show error icon and retry.'.
2023-07-26 16:32:26 - sdwdate - INFO - PREPARATION RESULT: onion-time-pre-script detected a known permanent (until the user fixes it) error status. Consider running systemcheck for more information.
2023-07-26 16:32:26 - sdwdate - INFO -
2023-07-26 16:32:27 - sdwdate - INFO - PREPARATION: running onion-time-pre-script...
2023-07-26 16:32:27 - sdwdate - INFO -
__ ### START: ### /usr/libexec/helper-scripts/onion-time-pre-script
__ Status: Subsequent run after boot.
__ Static Time Sanity Check: Within minimum time 'Mon Jun 12 00:00:00 UTC 2023' and expiration timestamp 'Tue May 17 10:00:00 UTC 2033', ok.
__ Tor enabled check: Tor is disabled. Please enable Tor using Anon Connection Wizard or setup-dist. Start Menu -> System -> Anon Connection Wizard or in Terminal: sudo setup-dist
__ ### END: ### Exiting with exit_code '1' indicating 'wait, show error icon and retry.'.
2023-07-26 16:32:27 - sdwdate - INFO - PREPARATION RESULT: onion-time-pre-script detected a known permanent (until the user fixes it) error status. Consider running systemcheck for more information.
2023-07-26 16:32:27 - sdwdate - INFO -