[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Whonix host operating system

I’ll post the working script I use tomorrow so you can have a better understanding and even test it if you like to do so.

2 Likes

incron for automating shared folder permissions on the fly?

BTW thanks for your enthusiasm and awesome contributions. You’ve made a lot of our visions for Whonix become a reality.

Maybe a selective outbound firewall to allow approved (Torrified applications in this case) access:

Here is the bash script I use.

Just tested it with latest Whonix 15 (after converting the .qcow2 file to a .raw file). Works fine, at least with BIOS mode. UEFI mode boots but does not reach graphical target with KVM, probably needs some more testing (I didn’t test the iso file with VirtualBox).

All the code comes originally from

https://willhaley.com/blog/custom-debian-live-environment/

I just put all together after trying out different combinations.

I am not a developer, so feel free to review the code and adapt/correct it. Needs optimizing.

1 Like

Step one: I am mostly interested having our upcoming Whonix host operating system raw (?) image being bootable on both, BIOS and UEFI. As fully persistent (if not using grub-live option in grub boot menu). (i.e. not live-boot based.) Ideally, a single hybrid image, if sane and doable.

Step two: If it could be at the same time a hybrid image that can be burned on DVD, all the better. ISO / DVD support would be step two.

Finally, probably not doable: one image for all use cases HDD persistent, HDD live, DVD live. (DVD-RW persistent realistic?)

Could you please add copyright/license?

from Tails-Whonix: It's doable, here's how. Can we offer it as a variant like Qubes-Whonix?

Yes, a good name for Whonix Host is needed as Whonix Host alone isn’t very descriptive / not sounding very exciting.

Whonix Live (https://www.whonix.org/wiki/Whonix_Live) isn’t very popular yet since Whonix 15 hasn’t been released as stable yet. Nothing written in stone yet. So we could “hijack” our own name, move https://www.whonix.org/wiki/Whonix_Live to elsewhere and then use Whonix Live for the Whonix Host.

What I don’t like about Whonix Live is that it sounds too limited too.

  • It’s not only Live.
  • The great thing is, we can combine the best of both worlds. Boot into persistent mode, upgrade everything and on demand reboot into Live mode.
  • It’s also based on hardened debian (rename required) which comes with many enhanced default security enhancement such as jitterentropy-rng installed by default.

Whonix Host name suggestions welcome.

1 Like

Correction: mostly non-networked. For updates you would of course need to enable networking on the host temporarily.

Thanks for the script. Do you know if the isos work with secure boot enabled?

HDD persistent + live is doable. But not at the same time with an iso file for DVDs. You can burn the iso to an USB stick but it will not be writable in the first place. There is the persistent feature for live tools but for system updates it is imho not really usable. Also, at least from reading the /r/tails, it seems to break occassionaly and people loose their data.
Maybe one could create some kind of installer iso which installs Whonix on the disk and otherwise acts as live CD.

2 Likes

No, didn’t test. Not sure what do you mean actually, secure boot in the motherboard BIOS/UEFI settings?

Waw, that would be great idea! Like any modern Linux installer (Ubuntu for instance), but with all Whonix features out of the box, and the installer for persistent use! 100% behind this idea. Is it realistic to do? I don’t know :slight_smile: But I think we are pretty close, all tools are available, and documented.

1 Like

Yes it should be some option in the BIOS/UEFI.
For secure boot see here:


https://tails.boum.org/blueprint/UEFI_Secure_boot/

I carefully say yes. We would need an iso with all the files + a customized debian installer.

1 Like

A raw (or similar) image to be dd'd (or similar) to the disk would of course be an inferior solution to an installer. I’ve only considered the downloadabe image solution since it looks kinda easier to create. Perhaps we’ll get such an image “almost effortless” anyhow and it would still be useful for some people?

For the installer I see two choices, maybe.


A) Debian-Installer: for sure worse usability than Ubiquity. I find it confusing, and not great to always answer a few questions, wait, answer a few questions, wait and so forth.

https://wiki.debian.org/DebianInstaller


B) Ubiquity Installer: much more modern, nice. It is in use by, and I like the style of elementary os / linux mint / ubuntu style installer DVDs. Those can be booted as Live ISO to play around and have a much improved installer. It first asks all questions, then installs. No waiting, stop, asking and continuing as Debian-Installer frontend.

This is a page for tracking how DebianInstaller is being used by third parties in custom images and other distributions.

Not in Debian. but perhaps we can make it work anyhow?

https://wiki.ubuntu.com/Ubiquity

Lots of Ports, perhaps any is better than original?


(CLI version might be unsupported by Ubiquity but these users could be redirected to “install plain Debian followed by our Whonix host meta package”. I am not sure anymore Ubiquity based installer DVD’s also come with CLI mode, they might indeed.)

I would call the following reasonable speculation of mine (unchecked yet in actual reality):

Any installer probably expects (a set of or at least one) meta package. So if we had a meta package Whonix host, that would help the installer. We’ll need such a meta package either way.

To have fewer special cases in the Whonix source code, i.e. to not have

  • A) some packages, and plus on top
  • B) have some extra files(qcow2 images) / scripts (copy qcow2 images)

I had the idea to put the qcow2 files into a deb package (in this post: [Help Welcome] KVM Development - staying the course) Would that be sane/good?

From a design perspective I think we might also get
sudo apt-get install whonix-host-kvm-xfce [1]
(to be run on Debian hosts, in theory)
(almost) effortless.
(Whether we want to / whether it is sane to support the sudo apt-get install whonix-host-kvm-xfce way of installation is a separate question.)
This would look to be like a clean, solid design.


[1] not sure in which order the name, getting a lot: host vs VM, kvm vs virtualbox, xfce vs cli

1 Like

What about Calamares? I have been following it for some time and they seem to be big on making a modern usable installer.
It is also included in Debian:

https://packages.debian.org/buster/calamares

https://calamares.io/

1 Like

Haven’t tested calamares but watched a kde neon and netrunner installation video. Looks similar to Ubiquity. So could be a very good alternative to Debian Installer, too.

Just to sum-up (tell me if I’m wrong), what we want to achieve is a bootable (BIOS/UEFI, maybe secure boot?) ISO file containing a “Whonix Host” (temporary name), basically a hardened debian OS running as live CD.

This Whonix Host would come with Qemu/KVM/virt-manager preinstalled with latest Gateway and Workstation qcow2 images, also preinstalled and preconfigured. So a user could just download the ISO file and run everything from a USB/DVD device. Right?

Then, on top of that, this same ISO file would contain an Installer program that would allow to install the whole Whonix system (Whonix Host+Gateaway/Workstation VMs) onto a physical drive, in the same spirit as modern Linuxes do, for instance Ubuntu. Still right?

Some months ago, while playing around with VMs and ISO files (see bash script script), I ended up with something similar, minus the installer option, the ISO file’s size being around 5GB, but I am sure that there is room for optimization and more compression. 4GB ISO files, while big, are not that uncommon, see for example the Qubes ISO installer…

As for the install process, I was wondering whether it would be feasible to just run a few scripts interactively asking the user to chose the hard drive on which to install the OS, ask for a LUKS password, and then just dd the ISO content into the encrypted hard drive, while taking care of the required adjustments in the process?

That would be much easier and faster that downloading everything again from debian/whonix repositories IMHO.

1 Like

Just to sum-up (tell me if I’m wrong), what we want to achieve is a bootable (BIOS/UEFI,

Yes.

(UEFI: really nice bonus but not super important for first iteration.)

maybe secure boot?)

(secure boot: really nice bonus but not super important for first iteration.)

ISO file containing a “Whonix Host” (temporary name), basically a hardened debian OS running as live CD.

Yes.

Running as live DVD: bonus
Main feature: installer

This Whonix Host would come with Qemu/KVM/virt-manager preinstalled with latest Gateway and Workstation qcow2 images, also preinstalled and preconfigured.

Yes.

So a user could just download the ISO file and run everything from a USB/DVD device. Right?

Ideally yes.

Then, on top of that, this same ISO file would contain an Installer program that would allow to install the whole Whonix system (Whonix Host+Gateaway/Workstation VMs) onto a physical drive, in the same spirit as modern Linuxes do, for instance Ubuntu. Still right?

Yes.

As for the install process, I was wondering whether it would be feasible to just run a few scripts interactively asking the user to chose the hard drive on which to install the OS, ask for a LUKS password,

Basically reinventing an installer.
Choosing the right install device without a GUI is difficult for users
While such an implementation would be non-ideal, it still would be better than nothing.

and then just dd the ISO content into the encrypted hard drive, while taking care of the required adjustments in the process?

If dd works for this… Yes.
Alternatively: it’s also conceivable to have a local apt repository on the ISO image and installing the system whonix_build script / physical isolation alike. I.e. using mmdebstrap (similar debootstrap) and apt-get to install a meta package.

That would be much easier and faster that downloading everything again from debian/whonix repositories IMHO.

External network connections, downloads are ideally avoided for other reasons too: avoiding non-torified connections / blocked connections / security issues / simplicity.

2 Likes

I don’t know which host OS you did choose and how you set it up, but a minimal iso of just a debian host with say, xfce, virt-manager and some goodies should be max 1GB compressed. Plus the VM files it should be maybe 3 GB for a complete live cd. For mksquashfs there is the “-comp xz” option which offers way better compression than the default one.

The average debian installer DVD is mostly a big apt-repo.
I don’t think having a live CD where you could boot the VMs from and having an installer at the same time would be possible.
For the live-cd you would need to have the VM images unpacked i.e. not in a deb format.
The only thing which could work is having the whole system already setup in the iso and then copying everything over. I don’t know if the mentioned installers could do that.
There once was a package called remastersys which would image an existing Debian system and convert it to an iso. iirc it also had the option to install this again to a harddrive. The original project does not exist anymore but there is a fork which is maintained.

2 Likes

remastersys style may not fit for redistribution to the public. Already booted systems contain random seeds, logs and a ton of other auto generated files. Maybe a good tool for users to run themselves though.

1 Like

No problem, not a priority.

Yes, so we’d need them as deb plus at the same time unpacked. Space issues.
(For installed systems the unpacking of debs / set up of VM import could be done with a first boot script rather than during boot - if that gives us useful development options.)
(qcow2 shipped by deb packages is just a thought, a vehicle to simplify development.)

I guess not. These more pretty GUI installers are “only” frontends. The backend still is Debian Installer.

I used debian stretch as host, but yes as I said it should go below that.

Might give it a try again once I have some spare time…

1 Like

Sure, my intention was to use the remasterys “installer” not the build scripts for the iso. So you could maybe have both a usable live system and some kind of installer at the same time.
The host would still be created via the Whonix scripts, so no problems with logs etc.

2 Likes