As per Whonix Live KVM instructions - https://www.whonix.org/wiki/Whonix_Live#KVM_2 - even the grub-live package says:
To increase security, the VM disks can be set to read-only.
grub-live is compatible with virtualizer read-only setting, even recommended.
Does this solve your concern?
This is really good. Could be done using systemd unit file.
Not sure too.
whonix-libvirt package also seems wrong since not tied to Whonix only (also hardened debian). Since there is the grub-live and grub-default-live package, it would have to be duplicated or yet another grub-live-shared package would have to be invented. On the other hand, setting disk to read only in virtualizer settings is not generic for any VM but Whonix KVM VMs only so maybe whonix-libvirt is a good place?
Oh now I see… didn’t know that. Yes it solves my question.
The grub-live host package would be absoutely ideal. It’s a conditional command that makes sense there.
Unless you plan on making Whonix Desktop support other virtualizers, it doesn’t matter if it’s not generic. It fits within the context of a Linux host and hypervisor IMO.
onion_knight via Whonix Forum:
Regarding branding, actually very easy, all files live in
Just need to modify the .png files and the config file accordingly:
Created https://phabricator.whonix.org/T919 for it.
@Patrick Hello, sorry I haven’t contributed much lately, a bit busy period. I will have more time in July. Many thanks for all your feedback, I’ll get back to it when I have some more spare time available.