Hey Sholenka, thanks a lot for being an alpha tester!
Your discoveries are correct. Tor doesnāt have an official arm64 build, at least to my knowledge. Iāve also been using Firefox for now. Regarding -drive "if=pflash,format=raw,file=./edk2-vars-work.fd,discard=on", youāre correct that itās better to leave it out actually. I have updated the guide here with that already.
Regarding poor scaling and resolution, this is fixed when we use UTM as a frontend, because it has a SPICE implementation (basically a newer VNC protocol supported by QEMU).
The last few weeks have been very busy in work, but Iāll hope to get the tutorial updated for UTM this coming week.
for the workstation. So you might have to take a look if that has to be updated as well.
Maybe the Tor project will have some interest in porting the browser to arm64 now that Whonix has been ported? Could also be that it depends on libraries that have not been ported yet though. Seems to me that a significant part of the privacy/anonimity benefits of Whonix are only profited from when using the Tor browser.
Maybe something like this (https://github.com/ptitSeb/box86) could be used until then to run it? I donāt know much about methods of browser fingerprinting though so maybe this would make you stand out a lot.
It seems like development for it is dead for about a year now and does not seem to be a priority. I might add a comment maybe pointing out that adaption of the arm platform has been very rapid in the last year and that people would really benefit from Tor browser on arm now on Linux so maybe someone will become interested in woking on it (it runs fine under Rosetta translation on M1 Macs and under emulation on Windows on Arm, but native would always be better as well). I donāt know the dynamics of the open source community though as I am very new to it.
I might also open issues for other Whonix bundled apps that are also not present, like Onionshare.
Even though the Bitcoin wallet is not included, it seems to have been ported: Download - Bitcoin
And there is a Thunderbird build available without update support for now, and if there is sufficient interest they will work on it further: Thunderbird:AArch64 - MozillaWiki
Also, would having Whonix on aarch64 make it more suitable for running Android apps?
Seems like an interesting option to offer if you want file sharing between the Workstation and the host. But for user friendliness and maybe security (donāt know how well Lima would be sandboxed on MacOS) UTM seems to be the best option in my opinion.
Also, hyper-v will gain support for Linux on arm soon (https://www.phoronix.com/scan.php?page=news_item&px=Linux-5.13-ARM64-Hyper-V-Guest) so Whonix would be available to Windows on Arm soon as well.
I opened an issue on the Gitlab in the hopes of them taking new interest in porting the Tor browser to Arm: https://gitlab.torproject.org/tpo/core/tor/-/issues/40398. Until the Tor browser has been ported the privacy benefit is quite limited.
Someone of the Tor project commented on my issue that there is currently no timeline for Arm support. There is an unofficial port though. I guess official support will come eventually when Arm will reach a much larger user base, but not now in the short term.
I think it would still be worth it to switch from Virtualbox to UTM on the Mac, since UTM is much better. It will support Intel Macs and M1 Macs. For M1, people could use either Whonix natively without the Tor browser or they could emulate x86 Whonix for Tor browser support. I think the performance hit by emulation will be manageable with the performance of the M1 chip.
TBB arm64 for Windows and Mac are in the pipeline though no plans for Linux in the immediate future.
There are however unofficial builds from someone in their community which are being regularly built with new releases. This could be an acceptable stop gap IMHO. If you agree we can ask for signed tarballs in case it isnāt so at the moment.
Would be a great idea to get the unofficial build on Whonix. I tried to build myself but did not succeed (I am a noob though). Major downside would probably fingerprinting though, as the userbase of TBB on Arm64 is would be extremely small. It sucks that they donāt work on a Linux port, because x86 TBB already runs good on M1 Macs and Windows on Arm, but Linux on Arm canāt run x86 apps.
I am hoping that most software on Linux will be ported to Arm when they get native Linux support on the M1 Macs: https://asahilinux.org/ . Since the Apple Silicon Macs have great hardware, performance and battery life and good price/quality ratio there might be a chance that it will become a popular Linux machine, and therefore make the Linux on Arm64 userbase much greater
Thanks Patrick! Iāve fixed that MR comment you had. So, should I open a PR on whonix-libvirt for now also and then we can revisit a dedicated UTM package if needed in the future?
I also just want to note that once these changes are in master, it will reduce about 80% of the current wiki content related to Apple Silicon.
If that makes sense, and is possible, for better usability do you think you could make that a unified UTM release? Similar to unified Whonix VirtualBox and Whonix KVM releases. Historically there where separate downloads for gateway and workstation. Two folders. Two VMs to import for the user. Later this was unified into the same folder.
Unified images would probably be created using the prepare_release script instead of a Whonix build step.
Also modification of prepare_release to add UTM support would be good. Does prepare_release look understandable, possibly to modify? I was wondering if I should split it into separate scripts for simplification.
Great work @GavinPacini. For the Workstation clipboard sharing should be disabled. Printer access should also be removed (IIUC this tag is for Apple print and not just the PrtScreen Key). Also system UUIDs should be stripped, leaving the emulator to generate whatever values it chooses.
For now, I think itās fine. Maybe it could be renamed to whonix-qemu or something? As thatās what all the files in there have in common. I do actually think a whole new package for two XML files (i.e. the UTM plist files) is overkill anyway.
Iāve never used it, does it have the same concept of a Gateway and Workstation? I can take a look at it a bit later, but for now Iāll prioritise getting the Mac UTM setup working well and updated on the relevant wikis.
Yes, as far as I can tell there is no way to currently package them together. I know itās not as simple as Virtualbox then, but for anyone using UTM thatās what they would be used to. I donāt think itās too bad.
It looks relatively fine. One question on it: is this run as part of the overall build script or something which is run manually when you want to package a new release?
Thanks for all the feedback as always!
Thank you! Hm, on my existing Intel Mac with Whonix clipboard sharing works. Maybe I enabled that afterwards? I know itās a possible leak, so I will default it to disabled for our repo then (will issue a PR for that). Will also do the other cleanups you mentioned, thanks for the review!
Clipboard sharing: Whonix VirtualBox has it (usability). Whonix KVM doesnāt have it (security). We had a lengthy forum discussion about it, I swear, but I cannot find it anymore. Maintainer specific call.
Itās separately wrong. (With same parameters as whonix_build.)
Cannot be run during whonix_build since it requires all VMs to be already build.
(Unless some assumption was added such as āif workstation was build, consider weāre done and start prepare_releaseā. Or if there was some whonix_build_multi script which existed before but just made the build process / script look more complex than it is.) Best design I could think off. Unless someone has a better idea how to structure things.
Right. I ever considered having the UTM files in Whonix/Whonix (same as build script) but that also seemed non-ideal.
OK.
Worth combining both folders into one archive (KVM uses .xz to support sparse images) in prepare_release script? (Similar to Whonix KVM.) Then also the usual download table could be shared among VBox, KVM, UTM.
