The user support answer would be:
Good enough for now. Might be fixed in Whonix 13. Don’t hold your breath for it.
Since you seem to be interested in the technical backgrounds, this will be the development discussion answer:
I keep it in the same topic, since otherwise this does not get attention anyhow, and I wouldn’t know who else would look into Whonix VirtualBox development.
Your Whonix KVM [real KVM on LInux, I suppose] results seems fine.
The terminology now gets difficult since VirtualBox 5 now also supports KVM as paravirtualization provider. ( [unsupported] VirtualBox now supports KVM and Hyper-V as paravirtualization providers)
Your Whonix VirtualBox results are not ideal development wise yet. The problem now is, that systemd-detect-virt detects kvm, even though you are running in VirtualBox.
I am wondering why you are the only one reporting this. Did you change System, Acceleration, Paravirtualization interface?
FYI, it’s related to:
-
Chapter 8. VBoxManage read this one very parameter description
--paravirtprovider none|default|legacy|minimal|hyperv|kvm
- read this one very chapter Chapter 10. Technical Background
If you set it to Paravirtualization interface to legacy
, that whonixcheck error should varnish. Also the output of cat /sys/devices/system/clocksource/clocksource0/available_clocksource
should change then.
I wonder what the optimal paravirtualization for Whonix 13 will be.
-
default
is problematic, since as in your case, it does autodetection, then used VirtualBox KVM -
none
explicitly turns off exposing any paravirtualization interface sounds good security wise but could be really slow. Please test and leave feedback. -
minimal
sounds like a worthwhile alternative ifnone
is too slow. But what technology isminimal
actually using? VirtualBox legacy or kvm? However, documentation says, it lets the VM read the APIC frequency. To be researched how bad this would be. -
legacy
is good enough for now. That’s like VirtualBox 4.x. But since they now call it legacy, that code will rot, and probably should be avoided in long run. -
kvm
(VirtualBox) is problematic, since it provides unwanted pvclock kvm-clock. (Which allows a clock correlation attacks once VM is compromised. -
Does not seem like pvclocks can be configured in VirtualBox. (With linux libvirt kvm it’s possible.)
-
However, this presupposes that users did read and apply Advanced Security Guide - Whonix beforehand, which probably few do.
-
Therefore probably not a big issues.
-
hyperv
The microsoft thingy. No idea about that one. May or may not be great for Linux guests (Whonix).
Each virtualization platform should be reviewed for performance, security, pvclock interfaces and hardware identifiers readable by the vm ( Protocol Leak and Fingerprinting Protection ).
Not sure you noticed the new Download table yet:
The point is, it introduces a security column. For your information: