Looks much better! (Although still untested by me but I trust you test and this will work. I would upload package containing this and then let users install it since the code is easily reviewed to be non-malicious so this can be opened up for wide testing.)
Remaining nitpicks:
set -x’ if some debug (grub) kernel boot parameter is set
when if [ "$read_write" = "error" ]; then matches we should still output output "Proceeding persistent boot."?
in live_boot before the exit 0 please add output "Proceeding live boot."?
Please use shellcheck. It has some false positives but adding the double quotes for the variables should be applied.
persistent / love mode indicator systray - graphical indication on the desktop that system is running in live mode vs persistent mode https://phabricator.whonix.org/T819
i am looking forward to playing with grub live mode. this may allow me to remove all the “immutible” configuration steps from the guide i work on. excellent work everyone.
Regarding https://github.com/Whonix/anon-meta-packages/pull/7…
Meta package whonix-gateway-rpi… Nice. Why reference a lot of these packages individually such as console-setup? Can’t that be mostly meta packages for the most part?
I guess sdwdate-gui should not be a dependency of anon-shared-packages-dependencies. That can be considered a bug. Let’s move it to anon-shared-packages-recommended? Does that help?
I mean, if we have bugs there, I much rather do the short-term more effort proper bug fix way.
ro-mode-init method must be combined with read-only Method, otherwise:
it will always boot into persistent mode.
Too many combinations. Not all combinations are safe. Murphy’s law dictates that something will go wrong.
I guess the user only knows what platform they are using VirtualBox vs KVM and then likes to see one coherent block of instructions that has a safe result.
Maybe I am just confused by “For this option the VM disk needs to be set to read-only, otherwise it will always boot into persistent mode.” because you mean both read-only Method and Immutable Disk Method satisfy “needs to be set to read-only”?
Imho, the recommended way would be to use read-only disks combined with ro-mode-init. This would be most secure and would set up live mode automatically. The problem is when a user forgets to set the disks to read only, in this case it would automatically boot into persistent mode. The other options, however, also require some kind of user interaction.
Live Mode for Kicksecure ™ - Kicksecure made great progress! However, it shouldn’t list alternative methods actual steps. In my experience this mostly confuses users.
Also Follow the procedures above depending on your hypervisor is hard to follow for users including myself. Usability is about reducing complexity and mental workload. “Consciousness is a low RAM environment.”
I consider all of above details. After my today’s edits Live Mode for Kicksecure ™ - Kicksecure is now ready for wider publication since instruction are non-ambiguous, straight forward.
Thanks, also to the other editors like @torjunkie and @0brand. It is always a difference when someone else who did not already test the setup dozens of times and where everything seems to be logic and straightforward, takes a look. I’m going to add the respective instructions to the two other wiki pages. Where can I read more about wiki templates?
Minor fix. Also has to be changed for VM Live Mode: Alternative ro-mode-init Configuration but I only see it once in the editor? Template?
Also " The procedure of installing … now complete." → " The procedure of installing … is now complete."
No ReadOnly is the correct syntax. Using the other version won’t set the image to ro and virtualbox will complain and not boot.
When I first tested the stuff I also used “0” because it seemed to be logical, however, it also does not work. Using “nothing” is the correct syntax and works as expected.
Regarding the systray I can maybe take a look at it again. On KDE this was buggy, maybe things changed for XFCE, this could also include an indicator if the disk is set to ro.
@anon81913862
That’s certainly true. Regarding anti-forensics there is probably not much that can beat Tails. Though, one should always apply FDE on the host or you could also configure the host to be a live system too, as long as you use something Debian based. imho that comes close to what Tails calls amnesia, minus that it will be somewhat harder to hide the fact that you use an encrypted OS. I’m a bit biased of course