[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Whonix host operating system

No, didn’t test. Not sure what do you mean actually, secure boot in the motherboard BIOS/UEFI settings?

Waw, that would be great idea! Like any modern Linux installer (Ubuntu for instance), but with all Whonix features out of the box, and the installer for persistent use! 100% behind this idea. Is it realistic to do? I don’t know :slight_smile: But I think we are pretty close, all tools are available, and documented.

1 Like

Yes it should be some option in the BIOS/UEFI.
For secure boot see here:


https://tails.boum.org/blueprint/UEFI_Secure_boot/

I carefully say yes. We would need an iso with all the files + a customized debian installer.

1 Like

A raw (or similar) image to be dd'd (or similar) to the disk would of course be an inferior solution to an installer. I’ve only considered the downloadabe image solution since it looks kinda easier to create. Perhaps we’ll get such an image “almost effortless” anyhow and it would still be useful for some people?

For the installer I see two choices, maybe.


A) Debian-Installer: for sure worse usability than Ubiquity. I find it confusing, and not great to always answer a few questions, wait, answer a few questions, wait and so forth.

https://wiki.debian.org/DebianInstaller


B) Ubiquity Installer: much more modern, nice. It is in use by, and I like the style of elementary os / linux mint / ubuntu style installer DVDs. Those can be booted as Live ISO to play around and have a much improved installer. It first asks all questions, then installs. No waiting, stop, asking and continuing as Debian-Installer frontend.

This is a page for tracking how DebianInstaller is being used by third parties in custom images and other distributions.

Not in Debian. but perhaps we can make it work anyhow?

https://wiki.ubuntu.com/Ubiquity

Lots of Ports, perhaps any is better than original?


(CLI version might be unsupported by Ubiquity but these users could be redirected to “install plain Debian followed by our Whonix host meta package”. I am not sure anymore Ubiquity based installer DVD’s also come with CLI mode, they might indeed.)

I would call the following reasonable speculation of mine (unchecked yet in actual reality):

Any installer probably expects (a set of or at least one) meta package. So if we had a meta package Whonix host, that would help the installer. We’ll need such a meta package either way.

To have fewer special cases in the Whonix source code, i.e. to not have

  • A) some packages, and plus on top
  • B) have some extra files(qcow2 images) / scripts (copy qcow2 images)

I had the idea to put the qcow2 files into a deb package (in this post: [Help Welcome] KVM Development - staying the course) Would that be sane/good?

From a design perspective I think we might also get
sudo apt-get install whonix-host-kvm-xfce [1]
(to be run on Debian hosts, in theory)
(almost) effortless.
(Whether we want to / whether it is sane to support the sudo apt-get install whonix-host-kvm-xfce way of installation is a separate question.)
This would look to be like a clean, solid design.


[1] not sure in which order the name, getting a lot: host vs VM, kvm vs virtualbox, xfce vs cli

1 Like

What about Calamares? I have been following it for some time and they seem to be big on making a modern usable installer.
It is also included in Debian:

https://packages.debian.org/buster/calamares

https://calamares.io/

1 Like

Haven’t tested calamares but watched a kde neon and netrunner installation video. Looks similar to Ubiquity. So could be a very good alternative to Debian Installer, too.

Just to sum-up (tell me if I’m wrong), what we want to achieve is a bootable (BIOS/UEFI, maybe secure boot?) ISO file containing a “Whonix Host” (temporary name), basically a hardened debian OS running as live CD.

This Whonix Host would come with Qemu/KVM/virt-manager preinstalled with latest Gateway and Workstation qcow2 images, also preinstalled and preconfigured. So a user could just download the ISO file and run everything from a USB/DVD device. Right?

Then, on top of that, this same ISO file would contain an Installer program that would allow to install the whole Whonix system (Whonix Host+Gateaway/Workstation VMs) onto a physical drive, in the same spirit as modern Linuxes do, for instance Ubuntu. Still right?

Some months ago, while playing around with VMs and ISO files (see bash script script), I ended up with something similar, minus the installer option, the ISO file’s size being around 5GB, but I am sure that there is room for optimization and more compression. 4GB ISO files, while big, are not that uncommon, see for example the Qubes ISO installer…

As for the install process, I was wondering whether it would be feasible to just run a few scripts interactively asking the user to chose the hard drive on which to install the OS, ask for a LUKS password, and then just dd the ISO content into the encrypted hard drive, while taking care of the required adjustments in the process?

That would be much easier and faster that downloading everything again from debian/whonix repositories IMHO.

1 Like

Just to sum-up (tell me if I’m wrong), what we want to achieve is a bootable (BIOS/UEFI,

Yes.

(UEFI: really nice bonus but not super important for first iteration.)

maybe secure boot?)

(secure boot: really nice bonus but not super important for first iteration.)

ISO file containing a “Whonix Host” (temporary name), basically a hardened debian OS running as live CD.

Yes.

Running as live DVD: bonus
Main feature: installer

This Whonix Host would come with Qemu/KVM/virt-manager preinstalled with latest Gateway and Workstation qcow2 images, also preinstalled and preconfigured.

Yes.

So a user could just download the ISO file and run everything from a USB/DVD device. Right?

Ideally yes.

Then, on top of that, this same ISO file would contain an Installer program that would allow to install the whole Whonix system (Whonix Host+Gateaway/Workstation VMs) onto a physical drive, in the same spirit as modern Linuxes do, for instance Ubuntu. Still right?

Yes.

As for the install process, I was wondering whether it would be feasible to just run a few scripts interactively asking the user to chose the hard drive on which to install the OS, ask for a LUKS password,

Basically reinventing an installer.
Choosing the right install device without a GUI is difficult for users
While such an implementation would be non-ideal, it still would be better than nothing.

and then just dd the ISO content into the encrypted hard drive, while taking care of the required adjustments in the process?

If dd works for this… Yes.
Alternatively: it’s also conceivable to have a local apt repository on the ISO image and installing the system whonix_build script / physical isolation alike. I.e. using mmdebstrap (similar debootstrap) and apt-get to install a meta package.

That would be much easier and faster that downloading everything again from debian/whonix repositories IMHO.

External network connections, downloads are ideally avoided for other reasons too: avoiding non-torified connections / blocked connections / security issues / simplicity.

2 Likes

I don’t know which host OS you did choose and how you set it up, but a minimal iso of just a debian host with say, xfce, virt-manager and some goodies should be max 1GB compressed. Plus the VM files it should be maybe 3 GB for a complete live cd. For mksquashfs there is the “-comp xz” option which offers way better compression than the default one.

The average debian installer DVD is mostly a big apt-repo.
I don’t think having a live CD where you could boot the VMs from and having an installer at the same time would be possible.
For the live-cd you would need to have the VM images unpacked i.e. not in a deb format.
The only thing which could work is having the whole system already setup in the iso and then copying everything over. I don’t know if the mentioned installers could do that.
There once was a package called remastersys which would image an existing Debian system and convert it to an iso. iirc it also had the option to install this again to a harddrive. The original project does not exist anymore but there is a fork which is maintained.

2 Likes

remastersys style may not fit for redistribution to the public. Already booted systems contain random seeds, logs and a ton of other auto generated files. Maybe a good tool for users to run themselves though.

1 Like

No problem, not a priority.

Yes, so we’d need them as deb plus at the same time unpacked. Space issues.
(For installed systems the unpacking of debs / set up of VM import could be done with a first boot script rather than during boot - if that gives us useful development options.)
(qcow2 shipped by deb packages is just a thought, a vehicle to simplify development.)

I guess not. These more pretty GUI installers are “only” frontends. The backend still is Debian Installer.

I used debian stretch as host, but yes as I said it should go below that.

Might give it a try again once I have some spare time…

1 Like

Sure, my intention was to use the remasterys “installer” not the build scripts for the iso. So you could maybe have both a usable live system and some kind of installer at the same time.
The host would still be created via the Whonix scripts, so no problems with logs etc.

2 Likes

Suggestion for a new name:

"Whonix Desktop"

Because I think it’s important that we keep the already well-known Whonix name + it conveys the idea of a full Desktop (i.e., physical) environment while keeping it simple.

What do you think?

Doesn’t sound very exciting. Similar to Whonix Host. More reasons here: Whonix host operating system

1 Like

@HulaHoop, Re:

Continuing that in this thread, we could also differentiate further between the Whonix VM’s XFCE and the host OS XFCE by not having Whisker Menu on host. So between that, a differing background image, and a contrasting enough theme, it’ll both be different enough and the host XFCE will practically look like a skin of modern GNOME.


@Patrick For ongoing discussion of developing an amnesic host OS (not the VM OS), is this the ideal thread (and not ‘Whonix live mode / amnesia / amnesic / non-persistent / anti-forensics’)?

Guest OS amnesia I suppose is a thing (and it’s interesting even though I don’t have a common need for it myself), but as I hope we’re all aware by now, amnesia doesn’t translate to anti-forensics if the host OS has copious data about your VirtualBox inside it, or a swap partition, etc.

So when we’re discussing our effort to make an anti-forensic Whonix, I assume this ‘host’ thread is the one to discuss it in?

1 Like

I wanted to report on the progress I did with the bootable live Whonix iso project.

1. Bootable live Debian 10 BIOS/UEFI ISO with Whonix KVM

In short, it works fine! I have now a 2.8GB iso file which can be burnt on a USB disk and will boot from BIOS or UEFI to a full live debian 10 desktop with KVM-virt-manager.

In details
I first created a standard XFCE4 debian 10 vm with grml-debootstrap with the required kvm/qemu/virt-manager packages + Whonix qcow2 files. I did not use the Whonix hardened-debian build, and thus my “Whonix-Host” has nothing Whonix-specific, but I don’t see any reason why it wouldn’t work with the hardened-debian version.

I did not manage to configure the Whonix VMs in chroot, so I had to boot the host VM and configure them by hand. Very unclean, but I am sure there should be documented information on how to do this in a clean, scripted way. This master host VM is in no way optimized as it is, and its size may even be further reduced as I didn’t take time to careful review the packages I put into it (although it was quite a minimal build).

Important notice: I had to copy the qcow2 files into the master host VM with qemu-img convert -O qcow2 command (which shrinks the VMs to their “real” size) instead of cp --sparse=always command , otherwise the live-system would be unable to start them, complaining about “no space left on the device”. Maybe when they are not shrunk, the live-system “thinks” that they are 100GB big and is unable to allocate enough space?

When the master host vm was up and running, I made a bootable BIOS/UEFI ISO file out of it with the bash script that I posted above.

Everything works fine now. I had much less success with the second, installer part of the project.

2. “Whonix-Desktop” installer
This is still very early stage to me. I did everything “by hand” in KVM to just try things out.

I attached a 20GB virtual disk that I divided into two partitions: first a 500M boot partition, and then I encrypted the rest (LVM on LUKS, basically following the Arch wiki instructions).

After that, I mounted the encrypted partition to /mnt, the first partition to /mnt/boot and proceeded to rsync the live’system on the encrypted partition with:

rsync -aAXv --exclude={"/dev/","/proc/","/sys/","/tmp/","/run/","/mnt/","/media/*","/lost+found","/var/log/","/lib/live","/usr/lib/live","/var/tmp"} * /mnt/

After that, things started to get complicated. Of course, to be bootable, a lot of adjustments need to be made to the new system, such as installing grub, installing the kernel, changing the disks UUID, making sure the kernel will load the required modules to deal with encryption, rebuilding the initframs (update-initramfs -u didn’t work in the live environment).

I did try some adjustments, but haven’t got to the point of having a bootable encrypted disk as of now. Didn’t spend to much time on it either, but again I am sure all of this pretty much documented and should be even able to be scripted somehow.

Sum-up

Part 1: bootable live Whonix Desktop

  • Mostly done, proof of concept works
  • Need to try with a hardened-whonix build
  • Need to script all the build in an automatic way
  • Need to decide what exact package would ship in the Whonix Desktop (probably need some non-free firmware to make it work with most hardware, wifi support, etc.)

Part 2: installer

  • As of now, I have no working solution
  • The “DD” way seems the fastest - but needs careful tailoring
  • Ideally, the final installer should be some kind of simplified GUI, maybe test with Calamares?
  • All in all, shouldn’t be to difficult to achieve with the right level of skills and time, nothing that hasn’t be done before
3 Likes

A different background image on the host and different theme to differentiate between Whonix host and Whonix VMs is a good idea. Not convinced yet that Whisker Menu has to be gone on the host though.

Not sure. First the host operating system needs to become reality before implementing amnesia.

A lot discussion on amnesia happened since this very post:
Whonix live mode / amnesia / amnesic / non-persistent / anti-forensics

As per above analysis appears to be done for now and development tasks are created.

Awesome!

Indeed.

Possibly some daemon required running? @HulaHoop
If you share any error messages, perhaps we can suggest what commands to run to sort them out.

Perhaps it is this one
https://www.whonix.org/wiki/KVM#Unable_to_connect_to_libvirt.

Unable to connect to libvirt.

Obviously the advice to users to manually reboot then won’t be great for a build. Perhaps systemctl start libvirtd at the start and systemctl stop libvirtd before existing the chroot would do?

This this is has likelihood of controversy, possibility to distract this thread, I created a separate thread to redirect that discussion.

Never tested by me but looks very promising! :slight_smile:

@Patrick

Thanks for your feedback.
I will try to rebuild a host with the hardened-debian as a base for the master host. Building as of now on debian buster with

sudo ./whonix_build --flavor hardened-debian-xfce --target qcow2 --build

Correct? Anything specific to take into account while building it?

I’ll share the error messages once I reach this stage again with the hardened-debian VM.

OK

1 Like