[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

whonix on mac with arm (m1)

Hi,
will Whonix support mac with ARM (m1)?

No such plans at this time.

Even Mac Intel support is currently more of a lucky coincidence.

Should VirtualBox introduce a feature to run “amd64” (which includes Intel and AMD) on Mac ARM, then as a side effect that would make Whonix VirtualBox work on Mac ARM too.

Should this ever change, it would be documented here:

Thank you for the answer. Would wait for VirtualBox running on ARM.

I’m trying to get Whonix Workstation and Gateway running using the QEMU patches with the new Mac Virtualization.framework. More details on this here: https://gist.github.com/niw/e4313b9c14e968764a52375da41b4278 and also already pulled into this app https:// github. com/utmapp/UTM

As a first step, I’m just getting a Debian ARM QEMU VM working so I can build Whonix for ARM. Based on these instructions: https://www.whonix.org/wiki/Dev/Build_Documentation/Physical_Isolation#How_To_Install_Whonix-Gateway_.E2.84.A2_on_the_Raspberry_Pi_3_B_.28RPI3.29

Would anyone want to help on this? Would be good to have some people to throw ideas around.

P.S: Sorry for the malformed links, I am not allowed to post links.

As an update, I’ve built an ARM .qcow2 file for Whonix-Gateway, using this command:

sudo ./whonix_build --target qcow2 --flavor whonix-gateway-xfce --build --arch arm64 --kernel linux-image-arm64 --headers linux-headers-arm64

from inside a Debian VM.

Then, I’ve tried to run this with QEMU (at least trying to get it to boot, not worrying about network really right now):

qemu-system-aarch64 -L /Applications/UTM.app/Contents/Resources/qemu -S -qmp tcp:127.0.0.1:4444,server,nowait -vga none -spice port=5930,addr=127.0.0.1,disable-ticketing,image-compression=off,playback-compression=off,streaming-video=off -device virtio-ramfb -cpu cortex-a72 -smp cpus=8,sockets=1,cores=8,threads=1 -machine virt,highmem=off -accel hvf -accel tcg,tb-size=768 -bios /Applications/UTM.app/Contents/Resources/qemu/edk2-aarch64-code.fd -m 3072 -name "Whonix Gateway" -device qemu-xhci -device usb-tablet -device usb-mouse -device usb-kbd -device virtio-blk-pci,drive=drive0,bootindex=0 -drive "if=none,media=disk,id=drive0,file=/Users/gavinpacini/Library/Containers/com.utmapp.UTM/Data/Documents/Whonix Gateway.utm/Images/Whonix-Gateway-XFCE-15.0.1.5.4.qcow2,cache=writethrough" -device rtl8139,mac=XX:XX:XX:XX:XX:XX,netdev=net0 -netdev user,id=net0 -device virtio-serial -device virtserialport,chardev=vdagent,name=com.redhat.spice.0 -chardev spicevmc,id=vdagent,debug=0,name=vdagent -uuid XXXXXXXX-2837-4F4E-9999-902A56B0C5D1 -rtc base=localtime

But, I cannot get it to boot past the BIOS in QEMU at all. Any ideas? Note, I’m using UTM because it comes with the patched binaries for QEMU on Apple Silicon. It runs normal Debian fine (as I used it for building Whonix).

Try start a Debian VM first using qemu-system-aarch64 before you try Whonix? Related to https://www.whonix.org/wiki/Free_Support_Principle

Try to build a Debian VM image first using grml-deboostrap, which Whonix build script is internally using.

Perhaps easier if based on KVM?

There is some libvirt command that can translate (Whonix) KVM xml files into QEMU parameters.

virsh domxml-to-native qemu-argv /path/to/file.xml

For motivation, proof of similar working concept:

  • Kicksecure works on ppc64el (I got a test machine using distro moprhing).
  • Community is running Whonix on POWER9, Raptor Talos II.

Related:

  • Read about qemu-debootstrap inside that script.
  • Using qemu-debootstrap might be required.
  • grub boot loader won’t work on arm64 as far as I know. arm64 probably requires a different boot loader. Previous work on Whonix for arm64 / Raspberry Pi ( RPi ) only helps to a degree. Because booting RPi seems different than booting arm64. (i.e. "normal arm64. Non-RPi arm64.)

Therefore an important prerequisite exercise would be to make grml-debootstrap create a bootable Debian arm64 VM image.
(non-Whonix!)

Thanks for the replies Patrick!

Lots of good places to start, will do so. Note, I am running Debian 10.4 arm64 fine on QEMU on the M1 Mac for now, but it was a prebuilt .qcow2 file. I like the idea of getting my own Debian arm64 image built and running, I’ll start there.

All the links are great resources, thanks again. Will revert as I make progress.

1 Like

I’m thinking of getting a Mac, but I noticed that support for Whonix (and I guess VMs in general) is limited or nonexistent. There was a thread [1] posted almost a month ago on Whonix support on M1 Macs. I’m not very savvy on virtual machines so I’m not too sure what possible progress has been made, but it looks like some people were working on getting Whonix to work on M1 Macs. Could anyone sum up where the progress is with that? And are there any alternatives I could use temporarily for using a secure and more anonymous VM on Mac?

(P.S it looks like there are some concerns about VirtualBox regarding security and freedom [2] so I think I’d prefer to use an alternative such as QEMU if possible)

[1] https:// forums.whonix .org/t/whonix-on-mac-with-arm-m1/11310
[2] https:// www.whonix .org/wiki/KVM#Why_Use_KVM_Over_VirtualBox.3F

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]