Use whonix on USB without any HDDs

Yes, Whonix ™ can be used on USB.

  1. Select a suitable host operating system,
  2. install it on USB,
  3. install a supported virtualizer,
  4. finally install Whonix ™.

If you are interested in installation of Whonix ™ on USB, see Whonix ™ on USB.

This section on top was edited by Patrick. Original post below. (Removed numbering.)

How to install:

Install Virtualbox

Run Virtualbox and create a new Virtual Machine of linux\Debian type. Do not create any virtualdisks. In the properties of the Machine in the USB section add the USB you want to use for installation and attach also the Debian installation iso image in the Storage section.

Run the machine and installation will start. Install Debian to the USB the same way you install it to HDD. At the end of installation you will be asked if you want to write GRUB to the MBR. Agree to write it to the MBR. After that you will be asked to reboot. You may reboot and then shutdown the newly installed Debian.

Now you may boot your computer from that USB because Debian allows it unlike most other OSes. To do it you should put USB as the primary boot device in BIOS or press a special button at PC start to get to the boot devices selection menu.

After Debian is fully loaded, now you may install Virtualbox to it and import Whonix images into it.

Done. But keep in mind that you will need at least 32 GB USB-stick to implement this guide.

With whonix on USB, you do not leave any traces on your HDDs. Also you may throw the USB out of the window or sink it in the toilet or destroy it in a microwave oven if you have enough time. It will make you feel more secure. The price is slower speed.

Thanks for sharing! Why don’t you just dump the Debian installer ISO to some small usb (or CD), boot it and install to the 32GB stick? Your whole installation procedure seems to be rather complicated to me.

Also, to complement your setup: I would recommend using FDE (Full Disk Encryption). For some extra security, you may install the /boot partition to some second usb stick and Grub2 into its MBR. This protects against Pwning Past Whole Disk Encryption | twopointfouristan

Also (if using FDE), this: Whonix Forum may be interesting for you!

Yes, you can install Debian to a USB from a Debian DVD in a regular way by booting your PC from that DVD.
The advantage of installation in Virtualbox is that a person who has never installed Linux may switch to a browser and seek some installation advice online. The disadvantage is that installation of Virtualbox to the HDD and creating a Debian machine is likely to leave some traces on the HDD which may let the enemies know that you have installed Debian to somewhere if your PC is grabbed.
To avoid the last threat you should find the ways to avoid leaving any traces of Virtualbox installation on your HDD. Maybe, you can find portable Virtualbox and run it in a sandboxing software or find a live DVD with Virtualbox in it.
Alternatively, save or print Debian installation guides and install Debian to a USB from DVD by following those guides.

Also keep in mind that if you ever save whonix images on the HDD you must later wipe them using special software instead of deleting them. It will hide the fact that whonix images have ever existed on your HDD.

I understand where you’re coming from. Still, I consider the described installation procedure as “breaking a butterfly on a wheel”. From my very own perspective, installing Debian - the usual way - basically is a piece of cake compared to the knowledge required to follow this very tutorial (especially if you consider newbies as a target group here). Anyways, obviously we disagree here.

In case someone reading this thread needs to know how to deploy the Debian installer ISO to USB: Plug in the USB, open a Terminal, type “dmesg | grep sd” (without the quotes) and look for disk devices attached to your PC. They’ll be called /dev/sda, /dev/sdb, /dev/sdc, /dev/sdd, etc. Now, find the right one (BE VERY CAREFUL HERE, the next command is going to destroy ALL DATA on the target disk) and type the following command:

# dd if=/path/to/debian.iso of=/dev/sdX

whereas /dev/sdX is to be substituted with /dev/sda, /dev/sdb, /dev/sdc, /dev/sdd, etc. depending on the device that represents the USB on your particular PC. Let the command do its thing and then boot from the USB.

With Windows, you may - instead of dd - use Win32 Disk Imager download |

btw, anonuser, if you’re concerned about leaving no traces on the preparation PC, you also need to consider cleaning the udev registry. udev remembers every device that was once plugged into your PC. that is to say, a forensics specialist is able to prove to you that a particular USB device was once connected to the PC under investigation, e.g. the USB stick they’re going to find in the bushes next to your window :wink: Windows and Mac operating systems most likely have similar “memories”.

Hhit! I knew nothing about udev! Thanks! How do i clean udev?

Cannot provide instructions here spontaneously. Also, the udev/hal implementation is different across distributions you may use. I haven’t followed this most recently. I can just tell you for sure that Linux “remembers” devices once plugged into the system and I bet that Win + Mac aren’t much different here. Research is required here on your part. Sharing whatever information you may be able to research would be appreciated.