Whonix-Host Developers-Only Preview Version 15.0.1.2.7 Released!

Patrick · January 13, 2021, 12:39pm

Whonix-Host is based on:

Debian
Kicksecure
XFCE
KVM

Whonix-Host, comes with the hypervisor KVM and both Whonix VMs, Whonix-Gateway and Whonix-Workstation pre-installed by default.

Whonix ISO Live is a Live ISO which comes with a calamares based installer. The user can use Whonix-Gateway and Whonix-Workstation in Live Mode from ISO.

The user has also the option to install Whonix-Host on an internal hard drive or external drive such as a USB drive.

Once installed, what we call Whonix-Host Installed, the user can again choose to boot into persistent mode or into live mode in grub boot menu thanks to grub-live.

Documentation does not exist yet:

Stay tuned!

DO NOT USE THIS YET AS A USER!

Whonix-Host is unreleased. Not even available for testers. This version is a preview for developers only.

Major missing features the the initial release include:

See full task list for first release of Whonix-Host. Help welcome!

~~Whonix-Host DEVELOPERS-ONLY Preview Version available for download:~~

https://download.whonix.org/ova/15.0.1.2.7/Whonix-Host-XFCE-15.0.1.2.7.iso

https://download.whonix.org/ova/15.0.1.2.7/Whonix-Host-XFCE-15.0.1.2.7.iso.asc

~~The download link should not contain /ova/. I will fix this for the next upload.~~

Unrelated to Qubes.

Development discussion:
Whonix host operating system

yoshidako · April 18, 2020, 1:35pm

I am not sure what’s the difference between this and QubesOS, apart from this uses KVM and QubesOS uses Xen…

Patrick · April 18, 2020, 3:03pm

Whonix-Host ISO will be available as a Live ISO. I.e. can boot Whonix-Host from Live DVD or Live USB.
Whonix-Host installed will have a boot menu option to boot into persistent mode or live mode.
Qubes-Whonix Security Disadvantages - Help Wanted!
Better hardware support. (Same as Debian.)
Doesn’t involve Fedora.
No clearnet traffic by default. (details)
- No, that’s not possible with Qubes, see:
  - sys-net phones home to fedoraproject.org for captive portal detection (Ticket was closed but the issue wasn’t fixed.)
  - Qubes-Whonix-Gateway as ClockVM

jsmidt · April 25, 2020, 10:12pm

This is a great idea.

Better hardware support. (Same as Debian.)

That really needs to be emphasized. I can’t install Qubes on half the machines I have tried to on.

Plus the Fedora thing is weird. In addition to mixing and matching with Debian, Qubes’ January 2020 release comes with a May 2019 version of Fedora (Fedora 30) that will hit end of life in just over a month.

Also I find KVM/Apparmor easier to understand than Xen/Selinux which is important so system maintenance mistakes are not made.

So again I think this is a good idea.

No clearnet traffic by default.

I think you should have a boot option or something that by default that allows this. Because I think few people will install an OS where clearnet is not possible in some straight forward way when needed.

Patrick · April 26, 2020, 10:33am

jsmidt · April 30, 2020, 2:30pm

The good news is I tried the iso and everything seems to be working as expected. I could not install on my machine wanting EFI, but that is a known issue. Everything I tried outside of known issues seemed to work.

USO · May 3, 2020, 7:49pm

When is it expected to be released?

Patrick_mobile · May 4, 2020, 8:26am

No estimation available.

jsmidt · May 16, 2020, 4:01pm

Is there a way a Raspberry Pi image could be built? If there is documentation how to attempt to build such a thing I am happy to be a beta tester.

Raspberry Pi’s seem optimal for something like this. You pop in one micro SD card when you want a machine with end-to-end Whonix protection and pop in a different when you want to go back to a clearnet OS. The Pis are also cheap and easy to replace if for any reason you think someone tampered with your hardware.

Patrick · May 16, 2020, 4:22pm

Does it have to be Whonix-Host or just Whonix-Gateway?

Whonix-Host RPi theory:

There was never an implementation of Whonix-Workstation RPi.
Only Whonix-Gateway RPi.
Whonix-Workstation RPi: there are no Tor Browser builds for arm64 / RPi.
At the moment the build script does not support that. So for now, no.
Maybe in future hardware producers or any contributors get interested to invest in / work on that. Maybe a fully functional and well working Whonix-Host Intel / amd64 would help with that too.

Latest Whonix-Gateway RPi status:
Whonix for arm64 / Raspberry Pi ( RPi )

onion_knight · May 16, 2020, 6:31pm

I highly doubt a Raspberry would be a suitable platform right now for a system that needs at least 4GB RAM (recommended would be 8GB) and a powerful enough processor to run the two Whonix VMs?..

jsmidt · May 28, 2020, 11:07am

recommended would be 8GB

Ask and ye shall receive: https://www.raspberrypi.org/blog/8gb-raspberry-pi-4-on-sale-now-at-75/

Though too bad the Tor Browser still does not have a raspberry pi option.

onion_knight · May 29, 2020, 12:58pm

Wow!

Can’t you build it from source?