Whonix KVM / Kicksecure 15.0.0.8.7 Released! - A Qunatum Leap Forward

Testers Wanted!

Download the 15.0.0.8.7 release of Whonix KVM:

Download Kicksecure KVM:


Alternatively, in-place release upgrade is possible upgrade using Whonix testers repository.


Highlights


This release would not have been possible without the numerous supporters of Whonix!


Please Donate!


Please Contribute!


Notable Changes


Full difference of all changes

diff too large for github to show, therefore split into two:


About Whonix

Whonix is being used by Edward Snowden, journalists such as Micah Lee, used by the Freedom of the Press Foundation and Qubes OS. It has a 7 years history of keeping its users safe from real world attacks. [1]

The split architecture of Whonix relies on leveraging virtualization technology as a sandbox for vulnerable user applications on endpoints. This is a widely known weakness exploited by entities that want to circumvent cryptography and system integrity. Our Linux distribution come with a wide selection of data protection tools and hardened applications for document/image publishing and communications. We are the first to deploy tirdad, which addresses the long known problem of CPU activity affecting TCP traffic properties in visible ways on the network and vanguards, an enhancement for Tor produced by the developers of Tor, which protects against guard discovery and related traffic analysis attacks. Live Mode was recently added. We deliver the first ever solutions for user behavior masking privacy protections such as Kloak. Kloak prevents websites from recognizing who the typist is by altering keystroke timing signatures that are unique to everyone.

In the future we plan to deploy a hardened Linux kernel with the minimal amount of modules needed to get the job done, an apparmor profile for the whole system, as well as LKRG, the Linux Kernel Runtime Guard, which kills whole classes of kernel exploits.


[1]

4 Likes

Tested , worked smoothly!

1 Like

Standard upgrade (includes kernel upgrade) functional?

Separately, can you upgrade as per

too?

LKRG installation on gateway also does not freeze VM?

tirdad might not survive kernel upgrade unfortunately due to DKMS issues?

If lucky, kvm is unaffected by low RAM vs kernel module DKMS build issue that VirtualBox version is affected by.

1 Like

Unfortunately I had obliterated my 7.1 install. I never test in-place upgrades. @nurmagoz can you please test an in-place upgrade with apt on Whonix GW and report if LKRG successfully compiles and runs?

1 Like

I meant could you please take this very version 15.0.0.8.7 and test in-place upgrades, kernel upgrade and LKRG on gateway?

1 Like

Sure. What commands should I run?

1 Like

sudo apt update
sudo apt install lkrg
sudo apt dist-upgrade
sudo reboot

and then this:

whonixcheck --verbose
1 Like

Doesn’t work.

The instructions should install the headers first, but that’s not what’s wrong here.

Update:

sudo dkms status shows recompiled modules for lkrg, tirdad as installed, but lsmod indicates they never load. Same outcome with more RAM so this is not the problem.

1 Like

KVM Kicksecure has no internet access for me. There is no problem with KVM Whonix on the same box, or other VMs also using the default network adapter. I have restarted the physical computer, deleted the qcow2 image, and placed the newly extracted one in again. However, it still does not ping or update.

When doing updates, it tries to use Tor. Both tor.service and tor@default.service are running successfully in systemd somehow, but there is still no access to the internet. How would I begin to troubleshoot it?

It’s not DNS, because pinging 8.8.8.8 also does not work.

1 Like

Please check the status of the default network under VMM -> edit -> connection details -> virtual networks.

It should be active and set to autostart on boot. Odds are it is not on your machine.

1 Like

It is there and set to auto start. I remember defining ‘default’ when I set up Whonix, in addition to Whonix-External and Whonix-Internal networks.

virsh -c qemu:///system net-autostart default
virsh -c qemu:///system net-start default

I know it works, because other VMs have used ‘default’ with internet access (just tested Ubuntu). I’m not sure what the issue could be.

1 Like

Btw these are installed by default in Whonix / Kicksecure.

Yes, that’s not a low RAM issue.

Indeed. Created DKMS kernel modules (LKRG and tirdad) fail to properly recompile on kernel upgrade for it.

1 Like

It seems to need the corresponding kernel version’s headers. You’ve seen and reported the problem with bpo2 kernel pulling in bpo3 headers.

1 Like

HulaHoop via Whonix Forum:

It seems to need the corresponding kernel version’s headers.

Stable kernel image and headers are installed by default form Debian
buster repository.

You’ve seen and reported the problem with bpo2 kernel pulling in bpo3 headers.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951315 is only a
problem in context of Linux Kernel i.e. using
Debian kernel from buster-backports.

1 Like

2 posts were split to a new topic: Kicksecure Network Configuration