[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

Securely erasing free disk space and enabling trim inside whonix workstation

Support
#1

I ran photorec file recovery software inside whonix workstation and I was suprised with the amount of files it could retrieve.

Wanted to counter this by installing scrub and running it with scrub -p fillzero -X dump and scrub -p dod -X dump to no avail. I could still retrieve roughly the same amount of files then when I first ran photorec before ‘scrubbing’ it.

Now I think it’s because it’s an ssd drive but I never knew that scrubbing on an ssd drive didn’t have any effect at all, is this normal?

This leads me to believe that my only option to securely erase files in the free space of the ssd drive is to trim it. Only problem is I need to enable trim inside whonix workstation.

I have read the following article which states that there are certain prerequisites for enabling trim inside virtualbox. Such as the use of the VDI disk format. Unfortunately the default disk format of whonix is .vmdk.

Is there a way to enable trim inside whonix workstation so it can securely erase the free space on the disk?

#2

Good day,

Usually, the same which would apply to a Debian based VM applies to Whonix in this case.

Have a nice day,

Ego

1 Like
#3

https://www.whonix.org/wiki/Warning#Whonix_is_not_amnesic

https://www.whonix.org/wiki/FAQ#Is_there_a_substitute_for_Whonix.27s_lack_of_an_Amnesic_feature_.2F_Live_CD.2FDVD.3F_Forensics.3F

#4

@Usernamer

Interesting. Though I don’t know thedetails about VBox’s storage implementation, we know that non emulated storage has dangerous consequences in KVM:

We also know that wear leveling techniques are mostly rubbish that won’t securely destroy sensitive data:

Linux disables TRIM for encrypted installs by default because of several security consequences (reminder to add this on wiki)

“WARNING: There are several security consequences, please read at least http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html before you enable it.”

As to whether data on the encrypted host (on SSD) can leak into a virtual disk or vice versa - I don’t know. This is a good question and if you stick around and run some tests we can answer this.

The virtual disk should be able to control the low level view of blocks available to the guest.

I ran photorec file recovery software inside whonix workstation and I was suprised with the amount of files it could retrieve.

  • Is this true for a fresh image?
  • What files can you recover? host files you deleted? guest files you deleted?
  • Do you get the same results when rolling back to a clean snapshot?

What host are you using? If you are on Linux is it encrypted? Are you willing to test on a Linux system?

1 Like
#5

I know, but my problem is about the vmdk disk file format in which whonix is released.

#6

I understand this, I have also encrypted the host but I am curious about trim in Whonix on a ssd drive specifically. As far as I have discovered the only thing that’s not making this possible is because the disk is released in .vmdk format and not in .vdi.

Can I build the whonix release in .vdi? How did you automate the installation of all the whonix features? Shell scripts? It would be nice to have the complete whonix build process automated and easily editable with packer and ansible. I could help with this, it’s a nice way to learn about all the individual whonix features and give back at the same time.

Besides this I guess for now the only way to securely delete the data inside whonix is to start fresh. Snapshots is a good idea for this.

#7

I am using the virtualbox version but did not know this, thanks.

Yeah I have found out, it’s pretty bad. Good that I have tested this myself, now I know for sure.

That’s true, but you can manually enable it. I’m not concerned about the security consequences because I think it will be still hard to break the encryption even with a smaller surface to inspect.

I will have to find out, I’ll report back.

20gb of system files so I didn’t look at everything. But I did discover my own deleted btc wallets with private/public keys out of coincidence because of the sheer size of the dataset. This was surprising, I want to find out if I can restore the wallet with the info in the file. I use electrum.

I don’t think I discovered host files, but I don’t know, haven’t looked into it that much.

I’ll also have to test and report back.

#8

Using the Whonix build script, yes.

For redistributable / downloadable images this will not be possible due to VirtualBox limitations. ( https://www.whonix.org/wiki/Dev/Virtualization_Platform#VirtualBox )

During Whonix build, first a vdi is created. That you could use. Later, when an ova (for redistribution purposes only) is created, unfortunately (!!!) VirtualBox creates an ova that includes a vmdk. And that is really awful. However, the ova format is much more practical for redistribution purposes.

For downloaded builds, it is possible (but not convenient) to convert the vmdk to vdi before starting to use Whonix.

Overview of the build process is in this very chapter:
https://www.whonix.org/wiki/Dev/Source_Code_Intro#Introduction

Already is.

That seems like quite some work.

Please have a look how it is done currently. The Whonix build script can build VirtualBox, KVM and physical isolation builds. Also cli-only builds. Very configurable. Can also add custom scripts and whatnot. If you like to discuss this, please open a new thread in the Whonix development sub forum. Then let’s if you see any benefits of modifying this. Some stuff such as TravisCI automated builds would be desirable and help would be appreciated!

https://www.whonix.org/wiki/Dev/Build_Documentation

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]