Whonix live mode / amnesia / amnesic / non-persistent / anti-forensics

• boot=live Needed
• plainroot No sure neither. I found almost no valuable info. Maybe supports disk encryption (?)
  Whonix live mode / amnesia / amnesic / non-persistent / anti-forensics - #45 by Algernon
• union=overlay Yes to keep it, probably redundant, but you never know when the default changes
• ip=frommedia Yes, " Seems required to not write /etc/network/interfaces , ok."
• noeject Yes, let’s keep it, maybe better for quick shutdown.
• nopersistence, Seems we could remove this one. Maybe persistence (like Tails) could be a nice feature in the future for Whonix-Host

Btw I have just noticed that default Whonix-Host ISO (Isolinux, didn’t check on GRUB yet) does not have these kernel parameters. Is this on purpose? Or should we harmonize it and have the same exact parameters for VMs and Whonix-Host live-mode?

Edit by Patrick:
added bullet points for easier readability

Not on purpose. I guess that happened because these boot options are only set when booting for example Whonix-Workstation VM into Live Mode. Therefore overlooked.

Yes, that would be good.

Kernel command line persistent mode changes from ⚓ T950 set kernel.printk sysctl to prevent kernel info leaks were not added yet. But not sure we should add them yet. It’s not time to lower verbosity for Whonix-Host boot yet.
Perhaps rather the opposite. Add more verbosity?

Btw installing package debug-misc on Whonix-Host ISO wouldn’t increase debugging because current implementation ignores that raw image’s /boot/grub/grub.cfg (which is created from /etc/default/grub.d, i.e. /etc/default/grub.d is ignored) (for now hardcoded).

Could use a script to sanity check if kernel boot parameters are sync (no differences for Whonix-Host ISO) but not easy.

Why are kernel boot paramaters (such as spectre_v2=on spec_store_bypass_disable=on tsx=off …) defined in both files:

• grub.cfg
• isolinux.cfg

is one redundant?

Could you please create tickets (separate forum topics) for anything that isn’t easy to resolve? [Don’t worry the forum tags too much. I can do these later.]

One is for GRUB (when booting in EFI), the other is for Isolinux (when booting in BIOS).

Any idea how to debug this?

How now set Read-only Mode for VM?

This manual no longer work /wiki/VM_Live_Mode/Read_Only_Mode_Hard_Drive

It is also impossible to start VM with live mode on host. There is an error VERR_DISK_FULL

Not whonix issue:

“I thought it was the VirtualBox’s vdi hard disk drive that was full, but it was much easier. Just a “df -h” and I realized that my host disk was full!”

cc @Patrick maybe we can add this to:

Anyone can use the live mod with the recent changes to AHCI? I can’t.

With VB 6.1.18 everything worked great. But wit VB 6.1.2 and with AHCI I can’t start a whonix VB in a live mode with live mode on host.

My disk has enough free space. When I used VB 6.1.18 with LisLogic SAS live mode on the host worked well and I was able to start whonix VB with a live mode on the host. But now when live mode is on on the host I got this error - VERR_DISK_FULL
Also now is impossible to switch AHCI VB to read only.

Never mind VB issued version 6.1.22 with fixed LsiLogic SAS problem.

Thanks for reporting the bug, Though im getting different error message:(Debian host)

and debian didnt yet upgraded vbox in sid yet to .22:

https://packages.debian.org/search?suite=default&section=all&arch=any&searchon=names&keywords=virtualbox

As noticed in above forum thread, /boot isn’t write protected. Any idea how /boot could also be covered?

grub-live ported to dracut would be great!

Debian feature request
Boot existing Host Operating System or VM into Live Mode (grub-live)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991276

replacing initramfs-tools with dracut

grub-live dracut support has been implemented.

A post was merged into an existing topic: replacing initramfs-tools with dracut

When this becomes available will it be used in very much the same way one would use tails? Burn onto usb or dvdr then use it as an OS like tails?