That is already documented here:
This link has been notorious for not working for me. I checked out the GitHub for it though. All it says is what I have already said. Iâm asking if whinox is still usable in particular qubes-whinox with it install, I donât see any feedback on what exactly it breaks and if itâs worth it even with its security benefits to have it install, all I have seen is bug fixes from users.
Itâs testers-only.
Good afternoon.
I would like to hide the kernel version and CPU model from applications using security-misc. When I activate âsudo systemctl enable hide-hardware-info.serviceâ and after further reboot, the system turns on, but other than mouse movements, I canât do anything else with it. It does not react to anything, even to the commands ctrl+alt+delete and ctrl+alt+f1-12, the exception - the button to shut down the virtual machine.
Experimentally found that if you add user to group sysfs through the command âsudo addgroup user sysfsâ - the system is fully operational and even hidden CPU characteristics from applications. But the kernel version information still escapes to the public, strangely enough.
How can I make the kernel information to be hidden at least from third party applications? I should point out right away that I am far from IT and how linux operating system works.
I tried running the systemd service as a sysfs group by creating a drop-in directory, but it didnât work. Probably because I did it wrong. I created the directory âsystemd.dâ in the folder âetcâ and added files called âsysfs.confâ and â50_user.confâ with the contents of â[Service]
SupplementaryGroups=sysfsâ, it had no effect. Also in the /etc/systemd/ directory I added all the same content to the âsystem.confâ and âuser.confâ files, and the result was the same. Adding new files âsysfs.confâ and â50_user.confâ to this same directory also failed.
I should add that these problems equally apply to whonix 16.0.3.7 on kvm and version 16.0.4.2 on virtualbox.
In turn, security-misc, installed on a clean debian 11.3.0 xfce image on kvm showed full functionality from the first time without any tinkering.
working fine (tested in qubes) except it all add additional boot delay
This needs some documentation how to test this:
https://www.kicksecure.com/wiki/Security-misc#Testing
CPUID is now documented on a dedicated wiki page.
The wiki page
also mentions âCannot hide CPUID.â
Now documented.
I was able to fake CPUID on VirtualBox using vboxmanage. Then I found https://phabricator.whonix.org/T408
Anyway, for the record:
set vm=âWhonix-Gateway-XFCEâ
vboxmanage modifyvm %vm% --paravirtprovider none
vboxmanage modifyvm %vm% --cpuidremoveall
vboxmanage modifyvm %vm% --cpu-profile âIntel Core i7-5600Uâ
Breaks flatpak.
flatpak run org.chromium.Chromium
bwrap: Canât find source path /sys/block: Permission denied
I donât see a lot spoofing there. It might make you stand out more unless you could come up with a way to spoof more information.
Never mind âcat /proc/cpuinfo
â for now. See: /proc/cpuinfo versus cpuid (written just now).
Instead, try using cpuid
(which gets the information directly from the CPU):
cpuid usage
Then compare using CPUID Spoofing Testing (written just now).
I donât see a lot spoofing there. It might make you stand out more unless you could come up with a way to spoof more information.
I can certainly do some more spoofing, like reporting a Pentium D. But itâs pointless, you donât need CPUID to detect some features.
You mean that all CPU spoofing attempts are currently futile? Iâd agree.
In Vbox will cause dysfunctional of xfce Restart and Shut Down buttons (user will need to CLI commands to achieve the same missed GUI buttons effect).
breaks flatpak:
Fixed: