Whonix for arm64 / Raspberry Pi (RPi)

Algernon · September 16, 2018, 8:58am

https://old.reddit.com/r/linux/comments/91cxbt/kde_is_the_fastest_desktop_in_1804/

Though you might want to look in the comments because some say the measurements were flawed.

github.com/QubesOS/qubes-issues

Get rid of KDE, use Xfce as the default Dom0 WM/DE

opened 02:58PM - 27 Jun 16 UTC

closed 08:13AM - 05 Aug 16 UTC

rootkovska

C: desktop-linux P: critical release notes ux C: desktop-linux-xfce4 r3.2-dom0-stable

We've long wanted to get rid of the KDE out of Dom0 (because it's been: 1. bloat…ed, 2. heavy on resources, 3. unstable, and last but not least: 4. ugly, see #84), yet we somehow always postponed it until later. More recently, we decided to try to get Gnome env as the default Qubes GUI (#1806). But the road to get Gnome working is still long and bumpy. Meanwhile, we have released Qubes 3.2-rc1 with upgraded KDE to 5.x which, for me at least, looks like a total disaster... A disaster that must be worked around ASAP, i.e. before the final 3.2 release, IMHO. And the best we could do, I think, is to switch to Xfce4, which today works really well, as I've had a chance to test over the last 2 days of extensive use. So, what's wrong with the latest KDE we got in Qubes 3.2? A few things: 1. It seems very unstable. I installed and tested on several machines with different GPUs (some very old ones!) and on every one I keep getting plasma/kwin crashes every few hours. This is just ridiculous. 2. KDE has a reputation for being heavy and slow, but this latest release seems to beat itself in this respect beyond any reasonable expectation. This is clearly visible on some HiDPI systems, where the number of pixels (more specifically: memory pages) to process causes our GUI daemons to draw very slowly. Admittedly there are some bottlenecks in our GUI protocol (specifically that the actual lists of PFNs are copied), but switching from KDE to Xfce4 visibly improved the graphics speed from totally-not-usable to somehow-slow. Apparently KDE (kwin) tries some composition magic that slows down the system. Perhaps there are humans who could understand the KDE's graphics settings dialog-box, but surely this is beyond my mental powers. 3. The KDE's infamous bloated UI got even more bloated. Specifically the new "Start Menu" distracts the user even more from the Qubes isolated domains concept. 4. While this is a very subjective opinion, the KDE is ugly, and it's getting uglier with each new release. Plus it completely doesn't match the mostly-gnome apps we have in AppVMs by default (and which we have because they are so much lighter than their KDE alternatives). Plus all the usual bugs with complex handling of appmemus (due to caching, etc.), see e.g. #890, #1628, #751. Now, all the above problems can be resolved with the latest Xfce4, which we already support well (incl. decoration plugins, and general customization/striping for Qubes). Looks like currently the only one features originally mentioned in #84 as the showstopper, is the lack of the expose-like effect. However, the new Xfce4 does have composition-based Alt-Tab poor-man's expose-like functionality, which should just be good enough for the purpose of securely identifying GUI decoration spoofing attacks (i.e. displaying e.g. a green-bordered password-prompting fake window within a red-bordered Web browser window). There are still a few, rather minor I think, issues with the Xfce4 that I will describe in the upcoming separate tickets. But these seem so minor, compared with the problems outlined above and pertinent to the KDE, that I suggest that we **promote the Xfce4 to the default GUI manager for Qubes 3.2**, starting with rc2, and **get rid of the KDE from the installer ISO** (still preserving, of course, this as an optional WM, next to others we also offer via our repos). I think that we should also give up on trying to get Gnome for Qubes 4.0 and just use Xfce4. FWIW, I now use Qubes 3.2-rc1 with Xfce4 on my primary laptop.

Patrick · November 9, 2018, 12:10pm

What’s next?

Should Whonix for arm64 / Raspberry Pi ( RPi ) be documented, announced as Whonix news, call for testers or something?

Algernon · November 9, 2018, 12:54pm

I’m fairly sure I submitted documentation for building and the general setup to the wiki. iirc to the physical isolation page but I can’t find it. Is there maybe some log with submitted content?

Patrick · November 9, 2018, 12:55pm

Algernon · November 9, 2018, 1:00pm

Are those the real changes or also the submissions? Afaik my changes still had to be approved by one of the wiki mods.

Patrick · November 9, 2018, 1:01pm

All changes are there. Approved or not. Even non-approved changes stay in the log unless explicitly deleted (didn’t happen).

Patrick · November 9, 2018, 1:02pm

Permission error - Whonix (just a subset of Login required - Whonix).

btw: Special pages - Whonix

Algernon · November 9, 2018, 2:07pm

I see, so I guess I have to add it again. I can’t access Permission error - Whonix due to lacking permissions.

Patrick · November 10, 2018, 1:16pm

Thanks for submitting the documentation!

Build Documentation: Physical Isolation

When using ( ) in titles it makes the resulting link look ugly (part .28RPI3.29).

Should we update Build Documentation: Physical Isolation?

Should we update Download Whonix ™ (FREE) - (https://www.whonix.org/wiki/Template:Supported_Platforms_Table)?

Algernon · November 11, 2018, 9:04pm

I can test the images from time to time. If it will be added to official downloads list I’d still add the “Advanced” and “Experimental” tag.
Also there would be easier ways for physical isolation on other system than the rpi i.e. by using the raw images and just burning those to disk as already described somewhere in this forum instead of going through a default debian installation + build from source.
I don’t know if it would be feasible to upload compressed raw images? They should work on most systems, however, there could be issues with ethernet or graphics drivers and uefi.

Patrick · November 12, 2018, 7:39am

Yes. I saw Netrunner for Odroid C1+ coming with a script to automatically resize the disk image at first boot.

Most likely yes.

We already have code to compress qcow2. https://github.com/Whonix/whonix-developer-meta-files/blob/master/release/prepare_release#L34
Perhaps same/similar code would also work to compress raw images.

Added.

Open to more changes throughout the website.

Algernon · November 12, 2018, 11:40am

imho it would also be a good idea to reduce the default image sizes to maybe 8-16 GB or to make dedicated raw images for physical isolation of this size. Otherwise you will always have to burn a 100GB image which takes a while. Also physical isolation is an edge case and I’m not sure if anyone ever reaches the 100GB limit even on a virtual gateway. With a smaller size it can fit on the average USB or SSD, you can always resize the disk image if you need more space. I can try to add a script for such an image to the build steps.

Patrick · November 12, 2018, 11:45am

Not for VirtualBox builds please because there it’s quite handy. VMs won’t use that much space but can grow until that amount of space. (Sparse images.)

For --target raw (we already have that), other defaults less than 100 GB are fine. (--target raw isn’t really used by anyone yet afaik.)

For --target root, other defaults less than 100 GB are fine as well.

Patrick · November 13, 2018, 11:23am

Patrick · November 15, 2018, 5:36am

Was merged.

Do we still require our grml-debootstrap fork?

Patrick · November 15, 2018, 6:27am

I’d like to get rid of our grml-debootstrap fork (or at very least close the delta with upstream) since they recently merged to enhancements.

github.com/grml/grml-debootstrap

Improve checks to make sure loop and dm-mod module are present

grml:master ← jkirk:jkirk/vmfile

opened 07:08PM - 24 Jul 18 UTC

jkirk

+15 -19

This fix was triggered because running --vmfile to create a virtual machine ima…ge file caused the following error: | device-mapper: reload ioctl on loop1p1p1 failed: Device or resource busy | create/reload failed on loop1p1p1 This was caused because kpartx was run twice. The first run was used to test if the Device-mapper was ready and the second run was actually add the partition mappings. This used to fail under some circumstances.

github.com/grml/grml-debootstrap

Improve cleanup of loop devices

grml:master ← jkirk:jkirk/kpartxworkaround

opened 04:07PM - 25 Jul 18 UTC

jkirk

+13 -1

kpartx (sometimes) does not cleanup the loop devices when deleting the partitio…n devmappings. This is a known bug, see [Debian Bug #891077.](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891077) This is change is a possible workaround for that issue. Now aborting a grml-debootstrap is possible without leaving unneded loop devices behind.

Patrick · November 15, 2018, 6:52am

https://github.com/Whonix/Whonix/pull/424

How is this different from zerofree?

https://github.com/Whonix/Whonix/blob/master/build-steps.d/2350_zerofree-raw

Do we need both?

Can or should both steps be merged?

Can 2550_shrink_raw use the same method to mount the raw image like 2350_zerofree-raw?

Is truncate --size=3500M "$binary_image_raw" required or does --vmsize 4G do the same? (Perhaps even vmsize 3500M already works?)

Could you please move the raw image compression to prepare_release? Reason:
Those who create the raw image for themselves only, don’t require compression?
Those who wish to redistribute images should prepare_release.

Could you make the raw compression code please similar to https://github.com/Whonix/whonix-developer-meta-files/blob/master/release/prepare_release#L70 so it will be deterministic?

Algernon · November 15, 2018, 7:43am

Zerofree overwrites free parts with zeros for better compression later on.
The 2550_shrink_raw script, however, shrinks the whole disk including the partition.
They could maybe be merged but then you have to create a raw backup image. The 2550_shrink_raw script currently does that though it is not strictly required. After merge you need to shrink and truncate the one of the images while converting the other image to qcow2 and vdi. Otherwise you would get a default disk size of ~ 4GB for the gateway VM.
2550_shrink_raw does not mount the disk.

If you would do a completely separate build of the images for physical isolation then this would certainly be an alternative. Result should be the same. I’m going to give it a try. With the 2550_shrink_raw script + the --phys switch you could build the images for physical isolation + the VM images in one step.

Yes.

Patrick · November 15, 2018, 10:16am

Another non-perfection not easy to perfect.

non-qubes-whonix-(gateway|workstation)-(cli|kde|xfce) is neither by name a VM specific or VM unspecific package. Due to majority Whonix use case it defaults to VM specific.

Not easy to perfect without a lot code duplication / more package maintenance.

For now non-qubes-vm-enhancements-cli gets installed by default even for physically isolated (RPi) builds since it’s a dependency of non-qubes-whonix-gateway-cli.

Maybe non-qubes-vm-enhancements-cli should become a weak recommended package? Similar to how build-steps.d/1700_install-packages handles virtualbox-guest-x11 / spice-vdagent? To keep it installed for users who already have it whonix-legacy/debian/whonix-legacy.preinst could use

apt-mark auto non-qubes-vm-enhancements-cli || true

Patrick · November 15, 2018, 10:22am

Thank you for still having “dual build” (or how would we coin it) i.e. KVM and VirtualBox images at the same time in mind. This was always hacky having spice-vdaagent in VirtualBox. The above described weak recommended package is hacky.

In future, KVM builds will be created, signed an uploaded by HulaHoop. No more dual builds by me. (Due to increases build workload - Qubes-Whonix, Whonix CLI, Whonix XFCE, hardened debian, custom workstation, what not.) Therefore we might no longer need the dual build support since that wasn’t a clean way to start with. (Otherwise using dual builds these raw images would have both, VirtualBox guest addition as well as spice-vdagent, even though neither is needed there - could cause issues in some point in future.)

Would you like to build, sign and upload these raw images?