Whonix on Mac M1 (ARM) - User Support (still unsupported at time of writing)

Not sure if this is appropriate for this thread so it can be moved to somewhere else if you want to @Patrick but it’s still only relevant for M1 now.

I can’t move files from the VM to the host because any directory that is created and then linked to the host will change its owner to root. I can only add files to the host through the terminal with root. I tried to change the ownership back to user with

sudo chown --recursive user:user directory

but the argument is not valid. It’s not ideal to only be able to share files with the host with root. Anyone knows how to avoid this?

1 Like
  • Same for any use of the mount command in Linux. Unspecific to Whonix, even Debian.
  • mount command has a owner parameter.
  • -o options
  • uid=
  • gid=
  • Look up mount(8) — mount — Debian buster — Debian Manpages for owner, group and terms mentioned above in this post.
  • mount -o uid=$(id -u user)

Someone work on this one please:

1 Like

Thanks for sharing this. When I do this the icon and title of the file appear on the host but when I click it nothing happens. It says that the files are 0 bytes. The same thing when I try to open the file in the workstation VM from within the shared directory. Haven’t had much time to look into it more, will try to find out something if I have more time.

Regarding the user experience as of now it is mostly fine except the screen tearing issue but that seems to be a UTM issue. There seems to also be a bug where sometimes randomly a keystroke of the letter p triggers the display settings instead of typing the letter p. Also the backspace key stops working randomly or just any typing in general. The only thing that helps for me is rebooting the VM. Not sure if this is a Whonix or UTM bug. It does not happen too often but can be annoying.

The only thing that is Whonix specific is kloak.

Try disabling.

1 Like

Is there any update on further work on this?

I have been using Whonix on my M1 Mac for some time now. The screen tearing issue has been fixed a while ago with an update for UTM. The user experience is very good for me so far, apart from some minor bugs (though I have not been doing that much else apart from web browsing). UTM is as user friendly if not more than VirtualBox.

I have rebuilt Whonix multiple times and the build commands for UTM from @GavinPacini work great. I don’t know if it is possible to build the images on any machine, but I think a lot of users will embrace it when there are ready to download UTM images like there is with VirtualBox. Maybe it is easy too to give Intel Mac users the option to use UTM instead of VirtualBox?


Thank you for your work. But it is very hard to understand for noobs like me.
Guys, can you describe step-by-step manual?

1. Environment Setup it is DONE.
2. Initial Build don’t understand :frowning: need to download image or not?

I can pay for help.

Hans, fellow noob here. I doped out these start-to-finish steps for UTM. You can build UTM from source on github or buy it from the app store. UTM is not my project, but it’s worth well worth the 10 bucks (esp for the source) so support your friendly developer! This is my very draft guide. Maybe there’s some easier or more secure ways to do this. If you find it helpful, and want to pay something forward, maybe you could provide feedback, fix up the formatting, and/or pass it on.

Building Whonix using UTM on macOS

Download “Debian 10.4 Xfce” VM in UTM

Open the VM, change RAM to 4 GB and add an extra virtual drive w/at least 40 GB (/dev/vdb)

Inside Debian VM Terminal:

# start VM, within VM update to latest dist, restart:

 sudo apt-get update
 sudo apt-get dist-upgrade
 sudo shutdown -r now

# add partition to extra drive, format

sudo /sbin/fdisk /dev/vdb
	n # new parition
	p # primary partition. use defaults for Partition number, First sector, Last sector
	w # write partition and exit

sudo mkfs.ext4 /dev/vdb1

# mount drive, edit fstab to auto mount at restart

sudo mkdir /mnt/disk1
sudo mount /dev/vdb1 /mnt/disk1
sudo nano /etc/fstab # add following to end of /etc/fstab and save

    /dev/vdb1               /mnt/disk1           ext4    defaults	0	0

# redirect tmp, home to disk1 for more build space

sudo mkdir /mnt/disk1/tmp
sudo chmod ugo+rwx /mnt/disk1/tmp
sudo rm -rf /tmp
sudo ln -s /mnt/disk1/tmp /tmp
sudo mkdir -p /mnt/disk1/home
sudo cp -rp /home/debian /mnt/disk1/home
sudo mv /home/debian /home/debian.orig
sudo ln -s /mnt/disk1/home/debian /home/debian

# build Whonix using instructions from
# https://www.whonix.org/wiki/MacOS 
# https://www.whonix.org/wiki/Dev/Build_Documentation/15_full

sudo apt-get update
sudo apt-get install git time curl apt-cacher-ng lsb-release fakeroot dpkg-dev
sudo apt-get update && sudo apt-get install git
git clone --depth=1 --jobs=4 --recurse-submodules --shallow-submodules https://gitlab.com/whonix/Whonix.git
cd Whonix

# build Whonix UTM-compatible VMs using

sudo ./whonix_build --target utm --flavor whonix-workstation-xfce --build --arch arm64
sudo ./whonix_build --target utm --flavor whonix-gateway-xfce --build --arch arm64

# tar build images

tar -zcvSf whonix.workstation.tar.gz Whonix-Workstation-XFCE-<git commit hash>.raw
tar -zcvSf whonix.gateway.tar.gz Whonix-Gateway-XFCE-<git commit hash>.raw

# copy to macOS via a shared directory in UTM: shutdown VM, select mac dir w/last icon (folder w/ "i"), restart VM
# macOS directory will show up under network in file manager in debian

Inside MacOS Terminal

# untar on mac

tar -zxvSf whonix.workstation.tar.gz
tar -zxvSf whonix.gateway.tar.gz

You should now be able to launch the built Whonix VMs (gateway, workstation) in UTM

Inside Whonix VM Terminal:

# Post-installation Security Advice
# https://www.whonix.org/wiki/Post_Install_Advice

# change user/root passwords on both vms

sudo passwd root 
sudo passwd user (orig: changeme)

# update

sudo apt-get update
sudo apt-get dist-upgrade

# install tor browser in workstation
# https://github.com/Whonix/tb-updater

# How to install tb-updater using apt-get

# 1. Download Whonix's Signing Key.
# 	 Users can check Whonix Signing Key for better security.
# 2. Add Whonix's signing key.
# 3. Add Whonix's APT repository.
# 4. Update your package lists.
# 5. Install tor browser

wget https://www.whonix.org/patrick.asc
sudo apt-key --keyring /etc/apt/trusted.gpg.d/derivative.gpg add ~/patrick.asc
echo "deb https://deb.whonix.org buster main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list
sudo apt-get update
sudo apt-get install tb-updater tb-starter tb-default-browser

# Setup shared directory to copy to/from macOS
# https://forums.whonix.org/t/whonix-on-mac-m1-arm/11310/124
# Right click VM → Edit → Sharing → Enable Directory Sharing → Save
# Select the directory of the host on the main UTM screen
# In the VM:

sudo apt install spice-vdagent spice-webdavd
sudo apt-get install davfs2

# Make the directory in the VM to link with the one in the host and link them:

sudo mkdir /mnt/dav
sudo mount -t davfs -o noexec /mnt/dav
1 Like

Thank you very much for your help.
Now I have difficulties in this moment:

Where I may see actual git commit hash? is it or what?

After the build finishes, just look for a couple of very large .raw files in whonix_binary in the home directory, the full file names will depend on the version of source you built. They should start with Whonix-Workstation-XFCE and Whonix-Gateway-XFCE the rest is whatever version and git hash you happened to build.

1 Like

As I understood I need to install SPICE WebDav for sharing directory?


Who can help me via TeamViewer? I can pay for your help.

I also have not been able to get the file sharing between the VM’s working, but you can use magic wormhole: Brian Warner - Magic Wormhole- Simple Secure File Transfer - PyCon 2016.mp4 - YouTube . It is built into Whonix and you can install it on the host.

On the side of the host, use Tor according to the documentation

1 Like

New project that lets one run x86 apps on Linux on arm64: GitHub - ptitSeb/box64: Box64 - Linux Userspace x86_64 Emulator with a twist, targeted at ARM64 Linux devices

1 Like

it is like UTM?

I have been using Whonix almost daily now on UTM and apart from some bugs it seems to be working good. OpenGL graphics acceleration support for Linux in UTM is currently in beta, so the experience should be even smoother soon.

Would it be possible to support UTM altogether to run Whonix on MacOS, both Apple Silicon and Intel? UTM is more secure than Virtualbox due to using qemu and the UTM app itself fully utilizes the MacOS sandbox. I have used the UTM build commands from @GavinPacini repeatedly and they work great on Apple Silicon.

I would be willing to write some documentation on how to install Whonix using the UTM build commands to make the documentation a bit simpler, and also some additional things (how to setup the Tor browser arm64 port, how to get the resolution right etc.) I could even build images myself and upload them for Apple Silicon. I don’t have an Intel Mac, but if someone else is willing to test if the build commands work on Intel then that would be great too.

@Hans No, it is just an emulator to run apps


It is a great idea! I can donate for this. We need a super easy manual step-by-step.

Please upload the image! Just bought UTM but having a hard time figuring out how to do this. I am also willing to contribute to this development!

Also, is there any reason why this requires 40gb of space? I want to make a portable Whonix VM.

1 Like

Please contribute to documentation and source code first:
(Written just now.)
Manual Builds vs Build Script Builds

Binary builds policy isn’t developed yet. Written just now:
Whonix ™ Binary Images Policy

1 Like

Now that Whonix 16 is out, what instructions can I follow to either, download pre-built images (preferred), or build the images for UTM?

1 Like

I am not a developer so I can’t contribute any code. I could write some documentation when I have more time. If that is not sufficient someone of the Binary Image Maintainers will have to build the images. I would certainly be happy to test those.