Whonix-Host Developers-Only Preview Version 15.0.1.2.7 Released!

Whonix-Host is based on:

• Debian
• Kicksecure
• XFCE
• KVM

Whonix-Host, comes with the hypervisor KVM and both Whonix VMs, Whonix-Gateway and Whonix-Workstation pre-installed by default.

Whonix ISO Live is a Live ISO which comes with a calamares based installer. The user can use Whonix-Gateway and Whonix-Workstation in Live Mode from ISO.

The user has also the option to install Whonix-Host on an internal hard drive or external drive such as a USB drive.

Once installed, what we call Whonix-Host Installed, the user can again choose to boot into persistent mode or into live mode in grub boot menu thanks to grub-live.

Documentation does not exist yet:
https://www.whonix.org/wiki/Whonix-Host

Stay tuned!

DO NOT USE THIS YET AS A USER!

Whonix-Host is unreleased. Not even available for testers. This version is a preview for developers only.

Major missing features the the initial release include:

• Whonix-Host EFI booting support
• Whonix Host Firewall for Whonix Host
• Whonix-Host Tor configuration and anon-connection-wizard (ACW)

See full task list for first release of Whonix-Host. Help welcome!

Whonix-Host DEVELOPERS-ONLY Preview Version available for download:

• https://download.whonix.org/ova/15.0.1.2.7/Whonix-Host-XFCE-15.0.1.2.7.iso
• https://download.whonix.org/ova/15.0.1.2.7/Whonix-Host-XFCE-15.0.1.2.7.iso.asc

The download link should not contain /ova/. I will fix this for the next upload.

Unrelated to Qubes.

Development discussion:
Whonix host operating system

I am not sure what’s the difference between this and QubesOS, apart from this uses KVM and QubesOS uses Xen…

• Whonix-Host ISO will be available as a Live ISO. I.e. can boot Whonix-Host from Live DVD or Live USB.
• Whonix-Host installed will have a boot menu option to boot into persistent mode or live mode.
• Qubes-Whonix Security Disadvantages - Help Wanted!
• Better hardware support. (Same as Debian.)
• Doesn’t involve Fedora.
• No clearnet traffic by default. (details)
  • No, that’s not possible with Qubes, see:
    • sys-net phones home to fedoraproject.org for captive portal detection (Ticket was closed but the issue wasn’t fixed.)
    • Qubes-Whonix-Gateway as ClockVM

This is a great idea.

Better hardware support. (Same as Debian.)

That really needs to be emphasized. I can’t install Qubes on half the machines I have tried to on.

Plus the Fedora thing is weird. In addition to mixing and matching with Debian, Qubes’ January 2020 release comes with a May 2019 version of Fedora (Fedora 30) that will hit end of life in just over a month.

Also I find KVM/Apparmor easier to understand than Xen/Selinux which is important so system maintenance mistakes are not made.

So again I think this is a good idea.

No clearnet traffic by default.

I think you should have a boot option or something that by default that allows this. Because I think few people will install an OS where clearnet is not possible in some straight forward way when needed.

The good news is I tried the iso and everything seems to be working as expected. I could not install on my machine wanting EFI, but that is a known issue. Everything I tried outside of known issues seemed to work.

When is it expected to be released?

No estimation available.

Is there a way a Raspberry Pi image could be built? If there is documentation how to attempt to build such a thing I am happy to be a beta tester.

Raspberry Pi’s seem optimal for something like this. You pop in one micro SD card when you want a machine with end-to-end Whonix protection and pop in a different when you want to go back to a clearnet OS. The Pis are also cheap and easy to replace if for any reason you think someone tampered with your hardware.

Does it have to be Whonix-Host or just Whonix-Gateway?

Whonix-Host RPi theory:

• There was never an implementation of Whonix-Workstation RPi.
• Only Whonix-Gateway RPi.
• Whonix-Workstation RPi: there are no Tor Browser builds for arm64 / RPi.
• At the moment the build script does not support that. So for now, no.
• Maybe in future hardware producers or any contributors get interested to invest in / work on that. Maybe a fully functional and well working Whonix-Host Intel / amd64 would help with that too.

Latest Whonix-Gateway RPi status:
Whonix for arm64 / Raspberry Pi ( RPi )

I highly doubt a Raspberry would be a suitable platform right now for a system that needs at least 4GB RAM (recommended would be 8GB) and a powerful enough processor to run the two Whonix VMs?..

recommended would be 8GB

Ask and ye shall receive: https://www.raspberrypi.org/blog/8gb-raspberry-pi-4-on-sale-now-at-75/

Though too bad the Tor Browser still does not have a raspberry pi option.

Wow!

Can’t you build it from source?