Not sure if this is appropriate for this thread so it can be moved to somewhere else if you want to @Patrick but it’s still only relevant for M1 now.
I can’t move files from the VM to the host because any directory that is created and then linked to the host will change its owner to root. I can only add files to the host through the terminal with root. I tried to change the ownership back to user with
sudo chown --recursive user:user directory
but the argument is not valid. It’s not ideal to only be able to share files with the host with root. Anyone knows how to avoid this?
Thanks for sharing this. When I do this the icon and title of the file appear on the host but when I click it nothing happens. It says that the files are 0 bytes. The same thing when I try to open the file in the workstation VM from within the shared directory. Haven’t had much time to look into it more, will try to find out something if I have more time.
Regarding the user experience as of now it is mostly fine except the screen tearing issue but that seems to be a UTM issue. There seems to also be a bug where sometimes randomly a keystroke of the letter p triggers the display settings instead of typing the letter p. Also the backspace key stops working randomly or just any typing in general. The only thing that helps for me is rebooting the VM. Not sure if this is a Whonix or UTM bug. It does not happen too often but can be annoying.
I have been using Whonix on my M1 Mac for some time now. The screen tearing issue has been fixed a while ago with an update for UTM. The user experience is very good for me so far, apart from some minor bugs (though I have not been doing that much else apart from web browsing). UTM is as user friendly if not more than VirtualBox.
I have rebuilt Whonix multiple times and the build commands for UTM from @GavinPacini work great. I don’t know if it is possible to build the images on any machine, but I think a lot of users will embrace it when there are ready to download UTM images like there is with VirtualBox. Maybe it is easy too to give Intel Mac users the option to use UTM instead of VirtualBox?
Hans, fellow noob here. I doped out these start-to-finish steps for UTM. You can build UTM from source on github or buy it from the app store. UTM is not my project, but it’s worth well worth the 10 bucks (esp for the source) so support your friendly developer! This is my very draft guide. Maybe there’s some easier or more secure ways to do this. If you find it helpful, and want to pay something forward, maybe you could provide feedback, fix up the formatting, and/or pass it on.
Building Whonix using UTM on macOS
Download “Debian 10.4 Xfce” VM in UTM https://mac.getutm.app/gallery/debian-10-4-minimal
Open the VM, change RAM to 4 GB and add an extra virtual drive w/at least 40 GB (/dev/vdb)
Inside Debian VM Terminal:
# start VM, within VM update to latest dist, restart:
sudo apt-get update
sudo apt-get dist-upgrade
sudo shutdown -r now
# add partition to extra drive, format
sudo /sbin/fdisk /dev/vdb
n # new parition
p # primary partition. use defaults for Partition number, First sector, Last sector
w # write partition and exit
sudo mkfs.ext4 /dev/vdb1
# mount drive, edit fstab to auto mount at restart
sudo mkdir /mnt/disk1
sudo mount /dev/vdb1 /mnt/disk1
sudo nano /etc/fstab # add following to end of /etc/fstab and save
/dev/vdb1 /mnt/disk1 ext4 defaults 0 0
# redirect tmp, home to disk1 for more build space
sudo mkdir /mnt/disk1/tmp
sudo chmod ugo+rwx /mnt/disk1/tmp
sudo rm -rf /tmp
sudo ln -s /mnt/disk1/tmp /tmp
sudo mkdir -p /mnt/disk1/home
sudo cp -rp /home/debian /mnt/disk1/home
sudo mv /home/debian /home/debian.orig
sudo ln -s /mnt/disk1/home/debian /home/debian
# build Whonix using instructions from
# https://www.whonix.org/wiki/MacOS
# https://www.whonix.org/wiki/Dev/Build_Documentation/15_full
sudo apt-get update
sudo apt-get install git time curl apt-cacher-ng lsb-release fakeroot dpkg-dev
sudo apt-get update && sudo apt-get install git
git clone --depth=1 --jobs=4 --recurse-submodules --shallow-submodules https://gitlab.com/whonix/Whonix.git
cd Whonix
# build Whonix UTM-compatible VMs using
sudo ./whonix_build --target utm --flavor whonix-workstation-xfce --build --arch arm64
sudo ./whonix_build --target utm --flavor whonix-gateway-xfce --build --arch arm64
# tar build images
tar -zcvSf whonix.workstation.tar.gz Whonix-Workstation-XFCE-15.0.1.7.3-XX-<git commit hash>.raw
tar -zcvSf whonix.gateway.tar.gz Whonix-Gateway-XFCE-15.0.1.7.3-XX-<git commit hash>.raw
# copy to macOS via a shared directory in UTM: shutdown VM, select mac dir w/last icon (folder w/ "i"), restart VM
# macOS directory will show up under network in file manager in debian
Inside MacOS Terminal
# untar on mac
tar -zxvSf whonix.workstation.tar.gz
tar -zxvSf whonix.gateway.tar.gz
You should now be able to launch the built Whonix VMs (gateway, workstation) in UTM
Inside Whonix VM Terminal:
# Post-installation Security Advice
# https://www.whonix.org/wiki/Post_Install_Advice
# change user/root passwords on both vms
sudo passwd root
sudo passwd user (orig: changeme)
# update
sudo apt-get update
sudo apt-get dist-upgrade
# install tor browser in workstation
# https://github.com/Whonix/tb-updater
# How to install tb-updater using apt-get
# 1. Download Whonix's Signing Key.
# Users can check Whonix Signing Key for better security.
# 2. Add Whonix's signing key.
# 3. Add Whonix's APT repository.
# 4. Update your package lists.
# 5. Install tor browser
wget https://www.whonix.org/patrick.asc
sudo apt-key --keyring /etc/apt/trusted.gpg.d/derivative.gpg add ~/patrick.asc
echo "deb https://deb.whonix.org buster main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list
sudo apt-get update
sudo apt-get install tb-updater tb-starter tb-default-browser
update-torbrowser
# Setup shared directory to copy to/from macOS
# https://forums.whonix.org/t/whonix-on-mac-m1-arm/11310/124
# Right click VM → Edit → Sharing → Enable Directory Sharing → Save
# Select the directory of the host on the main UTM screen
# In the VM:
sudo apt install spice-vdagent spice-webdavd
sudo apt-get install davfs2
# Make the directory in the VM to link with the one in the host and link them:
sudo mkdir /mnt/dav
sudo mount -t davfs -o noexec http://127.0.0.1:9843/ /mnt/dav
After the build finishes, just look for a couple of very large .raw files in whonix_binary in the home directory, the full file names will depend on the version of source you built. They should start with Whonix-Workstation-XFCE and Whonix-Gateway-XFCE the rest is whatever version and git hash you happened to build.
I have been using Whonix almost daily now on UTM and apart from some bugs it seems to be working good. OpenGL graphics acceleration support for Linux in UTM is currently in beta, so the experience should be even smoother soon.
Would it be possible to support UTM altogether to run Whonix on MacOS, both Apple Silicon and Intel? UTM is more secure than Virtualbox due to using qemu and the UTM app itself fully utilizes the MacOS sandbox. I have used the UTM build commands from @GavinPacini repeatedly and they work great on Apple Silicon.
I would be willing to write some documentation on how to install Whonix using the UTM build commands to make the documentation a bit simpler, and also some additional things (how to setup the Tor browser arm64 port, how to get the resolution right etc.) I could even build images myself and upload them for Apple Silicon. I don’t have an Intel Mac, but if someone else is willing to test if the build commands work on Intel then that would be great too.
I am not a developer so I can’t contribute any code. I could write some documentation when I have more time. If that is not sufficient someone of the Binary Image Maintainers will have to build the images. I would certainly be happy to test those.
need to download image or not?