Whonix-Host Operating System (OS) ISO

That has potential to generate a bad reputation.

For sure.

Implementing a host user clearnet is simple. (Similar to Whonix-Gateway user clearnet.) White listing VM traffic is a lot harder.

There’s a lot more todo.



Not all has to be done but essentials seems to be EFI boot support, SecureBoot support, Anon Connection Wizard host support, an installer ISO that works for both EFI and non-EFI booting (⚓ T979 co-install grub-efi-amd64 and grub-pc by default on Whonix-Host ISO).

maybe not? since whonix host will be using kvm, all that traffic should be owned by user “libvirt-qemu.” it’s not as perfect as filtering by vm name. but, it’s a start and narrows traffic down a little bit.

or, here’s another idea, what about filtering by source ip? for example, the whonix gateway in the kvm version has the local ip address on the host of could this not effectively serve as a “virtual machine name” in implementation?

1 Like

3 posts were merged into an existing topic: Whonix’s Host naming

Having a hybrid ISO for USB / DVD that supports BIOS legacy boot, EFI boot and SecureBoot is a difficult task.

Hence I am now investigating porting Kicksecure / Whonix’s build script (derivative-maker) to Debian’s live-build which can do all of the above.

1 Like

live-boot create “normal”, non-live fully persistent raw disk images?

1 Like

A post was split to a new topic: port Whonix to Fedora as base operating system

For our dracut based Live ISO there was this dracut usability bug which made the ISO unbootable.

This long standing development blocker might now be fixed:

1 Like

documentation on grub-mkrescue:

Major progress has been made. A script that can convert a raw image to an ISO image has been developed.



Huge news :tada: :clap: :tada:

The problem is now that Secure Boot is unsupported. This is because the ISO doesn’t integrate with shim.

And installing shim inside a Debian bootable ISO is undocumented and difficult for me.

grub feature request written just now:
grub-rescue ISO Secure Boot / shim support

That feature request could take a long time if it ever materializes.

It will be possible without that feature request being implemented too but then additional options have to be passed to grub-rescue (or mkisofs) or other tools have to be used (manual use of grub-mkimage). The code / options to do this can probably be extracted from Debian’s live-build but that’s something that I wanted to avoid because that is very difficult for me.

Debian Live:

cat /etc/fstab
overlay / overlay rw 0 0
tmpfs /tmp tmpfs nosuid,nodev 0 0

purism calamares configuration: