Whonix on Mac M1 (ARM) - User Support (still unsupported at time of writing)

I have Whonix running with UTM with the build commands of @GavinPacini. I just used the UTM build commands, unpacked the tar files and opened the .utm files. Didn’t touch any other files. Copy and paste with the host works out of the box. A couple of issues I notice rightaway:

  • Moving windows has terrible graphics issues. This sometimes is resolved by making the VM another fullscreen window. Videos also don’t play smoothly.

  • When entering mission control and back out of it when the VM is another fullscreen window, two black bars occur above and under the desktop

  • The Whonix desktop takes up more horizontal space than the “borders” of the VM for some reason. As a result, when I try to make a window fullscreen in the VM it goes beyond the right side of the VM screen.

1 Like

I have the graphics issues less when using Whonix on non-UTM QEMU. Could it be due to UTM not having the patch for accelerated graphics like normal QEMU has after installing these packages linked in the Whonix wiki for M1? GitHub - knazarov/homebrew-qemu-virgl: A homebrew tap for qemu with support for 3d accelerated guests

1 Like

Firstly, I haven’t forgotten about some items on my side. I still want to

  1. Update the wiki
  2. Work on the release script so we can have automatic UTM builds
  3. Test and integrate Tor ARM builds.

Busy with the day job right now. Hopefully calms down soon and I can contribute some more. :slight_smile:

@Sholenka, I’ve noticed this too, sporadically. It could be caused by a few things:

  1. Sometimes the rendering occurs on the efficiency cores of the M1. Option to only use performance cores when automatically determining core count · Issue #2557 · utmapp/UTM · GitHub
  2. Something related to SPICE / the video device being used. Graphics artifacts on Apple Silicon host (high screen tearing and mouse disappearing) · Issue #2569 · utmapp/UTM · GitHub
  3. Or the fact that 3D acceleration is missing because UTM is not using the patches available (although I think this is not going to really affect drawing normal windows). GitHub - knazarov/homebrew-qemu-virgl: A homebrew tap for qemu with support for 3d accelerated guests

Possibly even a mix of the above. Once I again have some more time, this is something else I want to tackle. Seeing as UTM already has those open GitHub issues, maybe someone else will solve it before me. But, I wanted to link them so you can follow the progress.

For your issue on Whonix taking up “more space” than the UTM window, if you run xrandr --output Virtual-1 --auto in the terminal once your UTM window is in an appropriate size, it should rescale correctly (sometimes you need to run this command a few times). It’s a known bug in XFCE: add support for xrandr hotplug_mode_update property / SPICE resize support (#142) · Issues · Xfce / xfce4-settings · GitLab

There are also some other workarounds proposed here: linux kvm - No Auto Resize with SPICE and virt-manager - Super User

I’ll probably incorporate something into the build and also make sure people know about these current limitations once I update the wiki. At least they are here in the forum for now.

2 Likes

Thanks. Hope that things will get sorted out. UTM makes the user experience quite a bit better. In case you want to add it to the wiki later, I found how to set up a shared directory between a VM and the host.

  • Right click VM → Edit → Sharing → Enable Directory Sharing → Save

  • Select the directory of the host on the main UTM screen

In the VM:

sudo apt install spice-vdagent spice-webdavd

sudo apt-get install davfs2

Make the directory in the VM to link with the one in the host and link them:

sudo mkdir /mnt/dav

sudo mount -t davfs -o noexec http://127.0.0.1:9843/ /mnt/dav

More on how to share a custom folder / directory on MacOS: Set up file sharing on Mac – Apple Support (UK)

edit: I’m only managing to get files from the host to VM this way, not from VM to host

2 Likes

Not sure if this is appropriate for this thread so it can be moved to somewhere else if you want to @Patrick but it’s still only relevant for M1 now.

I can’t move files from the VM to the host because any directory that is created and then linked to the host will change its owner to root. I can only add files to the host through the terminal with root. I tried to change the ownership back to user with

sudo chown --recursive user:user directory

but the argument is not valid. It’s not ideal to only be able to share files with the host with root. Anyone knows how to avoid this?

1 Like
  • Same for any use of the mount command in Linux. Unspecific to Whonix, even Debian.
  • mount command has a owner parameter.
  • -o options
  • uid=
  • gid=
  • Look up mount(8) — mount — Debian buster — Debian Manpages for owner, group and terms mentioned above in this post.
  • mount -o uid=$(id -u user)

Someone work on this one please:

1 Like

Thanks for sharing this. When I do this the icon and title of the file appear on the host but when I click it nothing happens. It says that the files are 0 bytes. The same thing when I try to open the file in the workstation VM from within the shared directory. Haven’t had much time to look into it more, will try to find out something if I have more time.

Regarding the user experience as of now it is mostly fine except the screen tearing issue but that seems to be a UTM issue. There seems to also be a bug where sometimes randomly a keystroke of the letter p triggers the display settings instead of typing the letter p. Also the backspace key stops working randomly or just any typing in general. The only thing that helps for me is rebooting the VM. Not sure if this is a Whonix or UTM bug. It does not happen too often but can be annoying.

The only thing that is Whonix specific is kloak.

Try disabling.

1 Like

Is there any update on further work on this?

I have been using Whonix on my M1 Mac for some time now. The screen tearing issue has been fixed a while ago with an update for UTM. The user experience is very good for me so far, apart from some minor bugs (though I have not been doing that much else apart from web browsing). UTM is as user friendly if not more than VirtualBox.

I have rebuilt Whonix multiple times and the build commands for UTM from @GavinPacini work great. I don’t know if it is possible to build the images on any machine, but I think a lot of users will embrace it when there are ready to download UTM images like there is with VirtualBox. Maybe it is easy too to give Intel Mac users the option to use UTM instead of VirtualBox?

2 Likes

Thank you for your work. But it is very hard to understand for noobs like me.
Guys, can you describe step-by-step manual?

1. Environment Setup it is DONE.
2. Initial Build don’t understand :frowning: need to download image or not?

I can pay for help.

Hans, fellow noob here. I doped out these start-to-finish steps for UTM. You can build UTM from source on github or buy it from the app store. UTM is not my project, but it’s worth well worth the 10 bucks (esp for the source) so support your friendly developer! This is my very draft guide. Maybe there’s some easier or more secure ways to do this. If you find it helpful, and want to pay something forward, maybe you could provide feedback, fix up the formatting, and/or pass it on.

Building Whonix using UTM on macOS

Download “Debian 10.4 Xfce” VM in UTM
https://mac.getutm.app/gallery/debian-10-4-minimal

Open the VM, change RAM to 4 GB and add an extra virtual drive w/at least 40 GB (/dev/vdb)

Inside Debian VM Terminal:

# start VM, within VM update to latest dist, restart:

 sudo apt-get update
 sudo apt-get dist-upgrade
 sudo shutdown -r now


# add partition to extra drive, format

sudo /sbin/fdisk /dev/vdb
	n # new parition
	p # primary partition. use defaults for Partition number, First sector, Last sector
	w # write partition and exit

sudo mkfs.ext4 /dev/vdb1


# mount drive, edit fstab to auto mount at restart

sudo mkdir /mnt/disk1
sudo mount /dev/vdb1 /mnt/disk1
sudo nano /etc/fstab # add following to end of /etc/fstab and save

    /dev/vdb1               /mnt/disk1           ext4    defaults	0	0


# redirect tmp, home to disk1 for more build space

sudo mkdir /mnt/disk1/tmp
sudo chmod ugo+rwx /mnt/disk1/tmp
sudo rm -rf /tmp
sudo ln -s /mnt/disk1/tmp /tmp
sudo mkdir -p /mnt/disk1/home
sudo cp -rp /home/debian /mnt/disk1/home
sudo mv /home/debian /home/debian.orig
sudo ln -s /mnt/disk1/home/debian /home/debian


# build Whonix using instructions from
# https://www.whonix.org/wiki/MacOS 
# https://www.whonix.org/wiki/Dev/Build_Documentation/15_full

sudo apt-get update
sudo apt-get install git time curl apt-cacher-ng lsb-release fakeroot dpkg-dev
sudo apt-get update && sudo apt-get install git
git clone --depth=1 --jobs=4 --recurse-submodules --shallow-submodules https://gitlab.com/whonix/Whonix.git
cd Whonix


# build Whonix UTM-compatible VMs using

sudo ./whonix_build --target utm --flavor whonix-workstation-xfce --build --arch arm64
sudo ./whonix_build --target utm --flavor whonix-gateway-xfce --build --arch arm64


# tar build images

tar -zcvSf whonix.workstation.tar.gz Whonix-Workstation-XFCE-15.0.1.7.3-XX-<git commit hash>.raw
tar -zcvSf whonix.gateway.tar.gz Whonix-Gateway-XFCE-15.0.1.7.3-XX-<git commit hash>.raw

# copy to macOS via a shared directory in UTM: shutdown VM, select mac dir w/last icon (folder w/ "i"), restart VM
# macOS directory will show up under network in file manager in debian

Inside MacOS Terminal

# untar on mac

tar -zxvSf whonix.workstation.tar.gz
tar -zxvSf whonix.gateway.tar.gz

You should now be able to launch the built Whonix VMs (gateway, workstation) in UTM

Inside Whonix VM Terminal:

# Post-installation Security Advice
# https://www.whonix.org/wiki/Post_Install_Advice

# change user/root passwords on both vms

sudo passwd root 
sudo passwd user (orig: changeme)

# update

sudo apt-get update
sudo apt-get dist-upgrade


# install tor browser in workstation
# https://github.com/Whonix/tb-updater

# How to install tb-updater using apt-get

# 1. Download Whonix's Signing Key.
# 	 Users can check Whonix Signing Key for better security.
# 2. Add Whonix's signing key.
# 3. Add Whonix's APT repository.
# 4. Update your package lists.
# 5. Install tor browser

wget https://www.whonix.org/patrick.asc
sudo apt-key --keyring /etc/apt/trusted.gpg.d/derivative.gpg add ~/patrick.asc
echo "deb https://deb.whonix.org buster main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list
sudo apt-get update
sudo apt-get install tb-updater tb-starter tb-default-browser
update-torbrowser

# Setup shared directory to copy to/from macOS
# https://forums.whonix.org/t/whonix-on-mac-m1-arm/11310/124
# Right click VM → Edit → Sharing → Enable Directory Sharing → Save
# Select the directory of the host on the main UTM screen
# In the VM:

sudo apt install spice-vdagent spice-webdavd
sudo apt-get install davfs2

# Make the directory in the VM to link with the one in the host and link them:

sudo mkdir /mnt/dav
sudo mount -t davfs -o noexec http://127.0.0.1:9843/ /mnt/dav
1 Like

Thank you very much for your help.
Now I have difficulties in this moment:

Where I may see actual git commit hash?

15.0.1.9.3-stable(?) is it or what?

After the build finishes, just look for a couple of very large .raw files in whonix_binary in the home directory, the full file names will depend on the version of source you built. They should start with Whonix-Workstation-XFCE and Whonix-Gateway-XFCE the rest is whatever version and git hash you happened to build.

1 Like

As I understood I need to install SPICE WebDav for sharing directory?

i.postimg.cc/NfdpVbMr/111111.png

Who can help me via TeamViewer? I can pay for your help.

I also have not been able to get the file sharing between the VM’s working, but you can use magic wormhole: Brian Warner - Magic Wormhole- Simple Secure File Transfer - PyCon 2016.mp4 - YouTube . It is built into Whonix and you can install it on the host.

On the side of the host, use Tor according to the documentation

1 Like

New project that lets one run x86 apps on Linux on arm64: GitHub - ptitSeb/box64: Box64 - Linux Userspace x86_64 Emulator with a twist, targeted at ARM64 Linux devices

1 Like

it is like UTM?

I have been using Whonix almost daily now on UTM and apart from some bugs it seems to be working good. OpenGL graphics acceleration support for Linux in UTM is currently in beta, so the experience should be even smoother soon.

Would it be possible to support UTM altogether to run Whonix on MacOS, both Apple Silicon and Intel? UTM is more secure than Virtualbox due to using qemu and the UTM app itself fully utilizes the MacOS sandbox. I have used the UTM build commands from @GavinPacini repeatedly and they work great on Apple Silicon.

I would be willing to write some documentation on how to install Whonix using the UTM build commands to make the documentation a bit simpler, and also some additional things (how to setup the Tor browser arm64 port, how to get the resolution right etc.) I could even build images myself and upload them for Apple Silicon. I don’t have an Intel Mac, but if someone else is willing to test if the build commands work on Intel then that would be great too.

@Hans No, it is just an emulator to run apps

2 Likes

It is a great idea! I can donate for this. We need a super easy manual step-by-step.