Whonix live mode / amnesia / amnesic / non-persistent / anti-forensics

persistent / love mode indicator systray - graphical indication on the desktop that system is running in live mode vs persistent mode
https://phabricator.whonix.org/T819

i am looking forward to playing with grub live mode. this may allow me to remove all the “immutible” configuration steps from the guide i work on. excellent work everyone.

Regarding https://github.com/Whonix/anon-meta-packages/pull/7
Meta package whonix-gateway-rpi… Nice. Why reference a lot of these packages individually such as console-setup? Can’t that be mostly meta packages for the most part?

I guess sdwdate-gui should not be a dependency of anon-shared-packages-dependencies. That can be considered a bug. Let’s move it to anon-shared-packages-recommended? Does that help?

I mean, if we have bugs there, I much rather do the short-term more effort proper bug fix way.

Live Mode for Kicksecure is too confusing. First users can pick:

Then for VirtualBox users can pick:

ro-mode-init method must be combined with read-only Method, otherwise:

it will always boot into persistent mode.

Too many combinations. Not all combinations are safe. Murphy’s law dictates that something will go wrong.

I guess the user only knows what platform they are using VirtualBox vs KVM and then likes to see one coherent block of instructions that has a safe result.

Maybe I am just confused by “For this option the VM disk needs to be set to read-only, otherwise it will always boot into persistent mode.” because you mean both read-only Method and Immutable Disk Method satisfy “needs to be set to read-only”?

Imho, the recommended way would be to use read-only disks combined with ro-mode-init. This would be most secure and would set up live mode automatically. The problem is when a user forgets to set the disks to read only, in this case it would automatically boot into persistent mode. The other options, however, also require some kind of user interaction.

2 Likes

Live Mode for Kicksecure ™ - Kicksecure made great progress! However, it shouldn’t list alternative methods actual steps. In my experience this mostly confuses users.

Also Follow the procedures above depending on your hypervisor is hard to follow for users including myself. Usability is about reducing complexity and mental workload. “Consciousness is a low RAM environment.”

Therefore split now:

That allowed to replace the mouthful

Recommended VirtualBox Configuration with a more standarized, easier VirtualBox.

Could you please make the following instructions standalone, i.e. not having these require to apply steps from * Live Mode for Kicksecure ™ - Kicksecure?

Perhaps by putting the shared bits of instructions into wiki templates?

Added advantage, if we had wiki templates we could even add this to Whonix ™ for Windows, macOS, Linux inside VirtualBox and/or Whonix ™ for KVM or so.

I consider all of above details. After my today’s edits Live Mode for Kicksecure ™ - Kicksecure is now ready for wider publication since instruction are non-ambiguous, straight forward.

Thanks, also to the other editors like @torjunkie and @0brand. It is always a difference when someone else who did not already test the setup dozens of times and where everything seems to be logic and straightforward, takes a look. I’m going to add the respective instructions to the two other wiki pages. Where can I read more about wiki templates?

3 Likes

A post was split to a new topic: How to use Wiki Templates?


Should this change VM Live Mode: Difference between revisions - Whonix be approved?

1 Like

Minor fix. Also has to be changed for VM Live Mode: Alternative ro-mode-init Configuration but I only see it once in the editor? Template?
Also " The procedure of installing … now complete." → " The procedure of installing … is now complete."

1 Like

I suppose

VBoxManage setextradata vmname “VBoxInternal/Devices/lsilogicsas/0/LUN#0/AttachedDriver/Config/Readonly” 1

Is correct.

ReadOnly

Not required.

(Otherwise please make the edit.)

I was also wondering about…

VBoxManage setextradata vmname “VBoxInternal/Devices/lsilogicsas/0/LUN#0/AttachedDriver/Config/Readonly”

Would it work adding a 0 at the end? Like…

VBoxManage setextradata vmname “VBoxInternal/Devices/lsilogicsas/0/LUN#0/AttachedDriver/Config/Readonly” 0

That would look a bit more consistent in the wiki.


At the bottom of that page you can see Templates used on this page:.

In this case:

Fixed.

No ReadOnly is the correct syntax. Using the other version won’t set the image to ro and virtualbox will complain and not boot.

When I first tested the stuff I also used “0” because it seemed to be logical, however, it also does not work. Using “nothing” is the correct syntax and works as expected.

Thx.

1 Like

I just wanted to thank you for this amazing feature! Works perfectly, and installing is very easy!
Thanks again for all the good work!

2 Likes

Regarding the systray I can maybe take a look at it again. On KDE this was buggy, maybe things changed for XFCE, this could also include an indicator if the disk is set to ro.

@anon81913862
That’s certainly true. Regarding anti-forensics there is probably not much that can beat Tails. Though, one should always apply FDE on the host or you could also configure the host to be a live system too, as long as you use something Debian based. imho that comes close to what Tails calls amnesia, minus that it will be somewhat harder to hide the fact that you use an encrypted OS. I’m a bit biased of course :wink:

1 Like

At a first glance it looks like it is easy to implement with xfce4-genmon-plugin.



Any whishlist for the icons? Otherwise I’ll leave it that way and maybe just remove the text next to the icon, it’s either too small or takes away lots of space. genmon runs a small script in the background and checks if live mode is enabled and if the disk is set to read-only.

2 Likes

A desktop environment agnostic solution would be more ideal but this one also looks great!

What would be the right package to add the code? (GUI vs CLI) Any dependencies?

Looks cool as is atm. I like that sdwdate-gui was enabled by default without any config declaration needed.

I like the green arrow and Live.

How often is the script run?


Live mode is enabled.

Sounds good.

Live mode is enabled but it is still possible to write to the disk. Please power off the machine to set the disk to read-only.

Sounds good, however can we add a link? Reason: I’d rather show users the link upfront so they don’t post this message or a sceenshot of it then asking for support.

You are using persistent mode.

Technically correct. Perhaps we can keep that. However, can we explain this a bit better? Someone who never heard about it will be lost at hello. “What does that mean?” Maybe something like…

You are using persistent mode. In other words, you are NOT using live mode. All disk changes will be preserved after reboot. If you would like to use live mode, see link.

I don’t like my own wording very much but that’s the rough idea what to communicate.

I’d add it to the xfce4-desktop-config since it sits in the panel anyways. It has a few dependencies but I think most of them are already in a default XFCE installation.

Can be adjusted. I guess setting the time to once a day/week/year would be sufficient, so it does not run every few seconds but only once during boot.

I don’t think a link will work, you can add the “link” to the description when you hover over it but users would need to manually type it into the browser bar. A link would also only make sense on the workstation where the browser is installed.
However, the plugin supports some actions on clicking either the text or the icon.
https://goodies.xfce.org/projects/panel-plugins/xfce4-genmon-plugin
So on the workstation you could open the browser and direct it to the right wiki page. I’m not sure how feasible it would be to use offline documentation