Whonix live mode / amnesia / amnesic / non-persistent / anti-forensics

@Algernon I tested ro-mode-init on Whonix (Buster) and it seems to prevent system starting a GUI. Feel free to fix at your own leisure. I’m just testing and reporting.

1 Like

Yes it would also not work for me when I just installed the package. It needs some hook to update the initramfs.
Current fix is to boot the disk rw and update the initramfs:
update-initramfs -uk all

After this and setting the disk to ro, it worked for me.



Apparently KVM has the option to discard guest memory on shutdown kinda like wipe-ram. I’ll enable it on Buster hosts where it will be supported by the libvirt version on there.

1 Like


Package live-config-systemd is causing an issue. live-config-getty-generator fails. Visible in systemd journal. Debug output:

sudo /lib/systemd/system-generators/live-config-getty-generator
+ set -e
+ . /lib/live/init-config.sh
/lib/systemd/system-generators/live-config-getty-generator: 15: .: Can't open /lib/live/init-config.sh

Installing live-config would fix this issue since it includes this file but it’s not an option since

grub-live boot with live-config package installed:

ls /var/lib/live/config/
hostname  lightdm  locales  login  policykit  sudo  tzdata  util-linux  xfce4-panel  xinit


sudo cat /etc/sudoers.d/live

Is live-config-systemd a required package? Can we just remove live-config-systemd from grub-live Depends: in debian/control?

1 Like

Does anything else break beyond this error message?

When I first played around with debian live systems around jessie or stretch afaik it did not work without it. It is also listed as requried package in case you use systemd: Debian -- Details of package live-config in buster
If in doubt try to build an image without it. Maybe some things changed since then.


It spams this error message in journal during upgrades. Besides that, I don’t see any breakage.

That package causes a lot issues, see my previous post please.

The solution would be to just not install the package and live with the error messages. It doesn’t seem to break anything, so …
Other options: add the missing script to grub-live or, somehow remove the sudoers file when adding the live config package.
iirc there was also an option to have live-config installed + not having passwordless sudo:
Either a kernel-commandline option which could be added to grub-live or changing /etc/live/config/noroot.conf. Needs testing though, it maybe just completely disables root access (could still be useful).


On top of that it also does a ton of other things as these status files indicate.

See apt-file list live-config to see all the scripts that are running.

We’d have to understand what that does.

Since live-config is no dependency of live-config-systemd (indicating the latter won’t break without the former) and it’s actually not breaking anything why not keep it as is?
The files under /var/lib/live/config/ come up as empty on the systems I have tested (can’t test with Whonix though).
I think they are related to the respective scripts under /lib/live/config and might get used if you use one of the live-config options.

1 Like

Because it spams errors to journal.

When looking at the files shipped by live-config-systemd in buster, I
don’t see it doing anything that would be required. Hence, candidate for

As said, iirc, when I first played around with live systems it was required, but maybe I did make use of some of the live-config options back then.
Looking at the files in the live-config-systemd package it does not seem to do anything useful in case of Whonix. So it is probably save to remove after a test build.

1 Like

Should shared folders of virtual machines be disabled in context of grub-live?

Depends on what you want. Persistence has always the risk that some malware makes use of it or may make you more fingerprintable (though probably not directly through the browser) but most user want to save data (I guess) …


Anti-Forensics Precautions


At the moment there is only one advantage of this configuration compared to running grub-live on the host – achieving selective amnesia for some virtual machines (VMs) while others remain persistent. This may not be necessary in the future if grub-live development continues to advance and it allows for selective exemption of host directories. This section is a work in progress and not exhaustive.

“This may not be necessary in the future if grub-live development continues to advance and it allows for selective exemption of host directories.”

I don’t think this is being worked at? Hence removed.

Split / simplified documentation.

1 Like

A post was split to a new topic: remove GNU/Linux string from boot grub menu