Platform-specific Desktop Tips

From Whonix
Jump to navigation Jump to search

Whonix Platform-specific Desktop Tips and Tricks, RAM Adjusted Desktop Starter, Virtual Console, Full-Screen

All Platforms[edit]

Disable Terminal Emulator Banner[edit]

The following greeting banner appears when a terminal shell bash prompt is opened.

Welcome to Whonix!

https://www.whonix.orgarchive.org

Whonix Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP Whonix is Freedom Software, and you are welcome to redistribute it under certain conditions; type "whonix-license" <enter> for details. Whonix is a compilation of software packages, each under its own copyright and license. The exact license terms for each program are described in the individual files in /usr/share/doc/*/copyright.

Whonix GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law; for details type "whonix-disclaimer" <enter>.

Whonix is a derivative of Debian GNU/Linux and based on Tor.

Whonix is produced independently from the Tor (r) anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

Type: "whonix" <enter> for help. uwt INFO: Stream isolation for some applications enabled. uwt / torsocks will be automatically prepended to some commands. What is that? See:

uwt INFO: https://www.whonix.org/wiki/Stream_Isolation/Easyarchive.org

To disable the banner, follow these steps.

1. Open a terminal.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Workstation App Qube (commonly named anon-whonix)Xfce Terminal

If you are using a graphical Whonix with Xfce, run.

Start MenuXfce Terminal

2. Run the following command.

cp /etc/skel/.bashrc.whonix-orig ~/.bashrc

The process is now complete.

See also: Disable Virtual Console Banner.

Shut Down Whonix[edit]

To shut down Whonix, open a terminal and run.

sudo poweroff

Alternatively, use the menu option:

Virtual Consoles[edit]

On the Host[edit]

Virtual consolesarchive.org is a feature inherited from Debian GNU/Linux which is unfamiliar to many users. The following keyboard shortcuts activate the Debian (not Whonix) feature:

  • Text console: Press Alt + Crtl + F1
    • Additional text consoles: Press Alt + Crtl + F2 or F3 and so on. Try these in case F1 is not functional.
  • Graphical console: Press Alt + Crtl + F7

Virtual Machines[edit]

Table: Virtual Console Activation

Platform Steps
KVM The desired virtual console key shortcut can be selected under the Send Key option in a VM's graphical window.
Qubes dom0 Qubes dom0 inherited the same feature (Alt + Crtl + F1...).
Qubes VMs In order to access VMs in dom0, run: [1] sudo xl console vm-name. Replace "vm-name" with the name of the actual VM, for example.

sudo xl console sys-whonix

See also add Qubes host key to allow switching virtual console (ctrl + alt + F1) or SysRq for HVMarchive.org.

VirtualBox The VirtualBox default is Right Ctrl + F2. [2]
  • Text console: Press Right Ctrl + F2 (F1, F2, F3, F4...) for one or more text consoles.
  • Graphical console: Press Host Key + F7 for a graphical console inside VirtualBox.

Due to technical limitations, an easier to understand presentation like Whonix username login: or something similar cannot be shown. [3]

  1. Enter your username (this is most likely user) and press <enter>.
  2. Enter your password and press <enter>.

Whonix default admin password is: No password required. (Passwordless login.)

  • Default username: user
  • Default password: No password required. (Passwordless login.) [4]

[edit]

In the Whonix case, the virtual console will show host login:. This can be confusing and has nothing to do with the actual host that Whonix is running on. The string host is retrieved from file /etc/hostname which for privacy reasons is set to host in Whonix. Therefore do not enter your host (the system Whonix is running on) username or host password.

Due to technical limitations, an easier to understand presentation like Whonix username login: or something similar cannot be shown. [5]

Login Instructions[edit]

  1. Note the Banner Explanation.
  2. Enter your username (this is most likely user) and press <enter>.
  3. Enter your password and press <enter>.

Whonix default admin password is: No password required. (Passwordless login.)

  • Default username: user
  • Default password: No password required. (Passwordless login.) [6]

Disable Virtual Console Banner[edit]

This process is similar to Disable Terminal Emulator Banner.

1. Open a virtual console.

2. Run the following command to restore the original bashrc (untested). [7]

cp /etc/skel/.bashrc.whonix-orig ~/.bashrc

[8]

3. Done.

The procedure is complete.

Non-Qubes-Whonix[edit]

Disable Autologin[edit]

Not very useful inside VMs, see also Login Screen.

This requires configuration of both GDM (old versions) and LightDM (newer versions) of Whonix.

1. Open file /etc/gdm3/daemon.conf.dist in an editor with root rights.

Non-Qubes-Whonix

This box uses sudoedit for better security.

sudoedit /etc/gdm3/daemon.conf.dist

Qubes-Whonix

NOTES:

  • When using Qubes-Whonix, this needs to be done inside the Template.

sudoedit /etc/gdm3/daemon.conf.dist

  • After applying this change, shutdown the Template.
  • All App Qubes based on the Template need to be restarted if they were already running.
  • This is a general procedure required for Qubes and unspecific to Qubes-Whonix.

Others and Alternatives

  • This is just an example. Other tools could achieve the same goal.
  • If this example does not work for you or if you are not using Whonix, please refer to this link.

sudoedit /etc/gdm3/daemon.conf.dist

2. Search for the following. 

AutomaticLoginEnable=true
AutomaticLogin=user

3. Modify.

Out-comment, add a hash symbol ("#") in front of the two lines. Or replace the content, copy/paste the following which does the same.

#AutomaticLoginEnable=true #AutomaticLogin=user

4. Save.

5. Disable LightDM autologin.

sudo rm /etc/lightdm/lightdm.conf.d/30_autologin.conf

sudo rm /etc/lightdm/lightdm.conf.d/40_autologin.conf

7. Reboot.

7. Done.

Autologin should be disabled after reboot.

RAM Adjusted Desktop Starter[edit]

RAM Adjusted Desktop Starter will not start the desktop environment. The terminal-based Whonix-Gateway can be used instead.

When booting up, a prompt will appear offering to prevent Xfce from starting. Users can also manually press Ctrl + C for the same effect.

By default, Whonix-Gateway VMs are configured with 1280 MB virtual RAM. This can be reduced on systems with low available resources.

  • If total RAM is more than 512 MB, the default desktop environment (Xfce) is started.
  • If total RAM is less than 512 MB (for example, the minimum 256 MB RAM requirement), Xfce is not started.

Users with low RAM resources should find this convenient because Whonix-Gateway RAM can be reduced to 256 MB and still function.

Further, if something needs configuring or checking, 512 MB RAM can be assigned to automatically boot into the graphical Xfce desktop. Additional settings are available in folder /etc/rads.d to configure this feature: additional RAM can be added (but still not choosing to boot into a desktop environment), different display managers can be used and so on. See file /etc/rads.d/30_default.conf for configuration examples.

For more information, see RAM Adjusted Desktop Starter.

Disable Graphical Desktop Environment[edit]

TODO

Use Full-screen Mode[edit]

It is recommended to work in full-screen; this feature is also inherited from VirtualBox. To activate and deactivate full-screen mode, press the VirtualBox Host Key + F. The current Host Key is visible in the bottom right corner of VirtualBox. The VirtualBox default is Right Ctrl + F.

Host key can be changed using VirtualBoxGlobal SettingsInputHost Key.

Full-screen mode leads to the Whonix (and Debian) default resolution and color depth of 1920x1080x24. Having a common value for these identifiers reduces the fingerprinting risk to the user. Full-screen mode also helps to prevent users from accidentally launching applications on the host (such as a clearnet browser), instead of within Whonix.

Xfce Scaling[edit]

A number of displays found in high-end laptops and desktops have High Dots Per Inch (HiDPI), providing a high resolution in a relatively small format. High-resolution mode can cause problems with certain software and the following adjustments may be necessary to improve HiDPI presentation in Xfce. [9]

Table: Xfce Scaling Options

Configuration Description
Fonts Change the DPI (dots per inch) parameter as follows: [9]
  • Settings ManagerAppearanceFontsDPIIncrease

For example, it is reported that a value of 180 or 192 seems to work well on Retina screens, but trial and error may be necessary to get a more precise number for the relevant display.

gtk2 Menus and Buttons Follow these steps to change the default icon sizes of gtk2 menus, buttons and so on: [9]
  • Settings ManagerSettings EditorxsettingsGtkIconSizes → in row Value → add the following line.

gtk-large-toolbar=96,96:gtk-small-toolbar=64,64:gtk-menu=64,64:gtk-dialog=96,96:gtk-button=64,64:gtk-dnd=64,64 Note that the "gtk-dnd" parameter is for the icons during drag'n'drop, while the others are self-evident based on their name. Any value supported by the icon theme can be used.

System Tray Icon Size Follow these steps to enlarge icons in the system tray: [9]
  1. Right-click on system tray: aim for empty space / top pixels / bottom pixels, so the the icons are not activated themselves.
  2. PropertiesSet "Maximum icon size" to 32, 48 or 64.
Task Bar Size To change the size of the task bar:
  • Right-click on empty space in task barPanelPanel PreferencesRow Size (Pixels)move slider
Window Manager Style Xfwm has two hidpi themes: Default-hdpi and Default-xhdpi. Change the theme as follows: [9]
  • Settings ManagerWindow ManagerStyleThemeDefault-hdpi or Default-xhdpi

Default Home Folder Configuration Files Reset[edit]

Before following these instructions to wipe the whole Xfce settings folder and restore defaults, it is recommended to backup existing Xfce settings.

1. Open a virtual console.

2. Logout from and stop Xfce by halting Whonix default login manager gdm3.

sudo systemctl stop gdm3

3. Delete folder ~/.config/xfce4.

rm -r ~/.config/xfce4

4. Delete the first-boot-skel.done file.

sudo rm /var/cache/anon-base-files/first-boot-skel.done

5. Re-add Whonix Xfce configuration files.

sudo /usr/libexec/helper-scripts/first-boot-skel

6. Restart lightdm to restart Xfce.

sudo systemctl restart gdm3

7. Done.

The process has been completed.

Qubes-Whonix[edit]

Avoid VM Full Screen Mode[edit]

It is unrecommended to allow Qubes-Whonix or other VMs to completely "own" the full screenarchive.org. Overriding Qubes' GUI virtualization daemon restrictions means the colored decorations drawn by each VM window will not be visible. In this case, a malicious application might not actually release the full screen (while it appears normal), or the full desktop may be emulated so users are tricked into entering sensitive information inside false "trusted" domains. [10]

See Also[edit]

Footnotes[edit]

  1. This is not a real virtual console, but using login.
  2. Inside VirtualBox, the Alt + Ctrl keys are already registered by the host operating system. Host key can be changed using VirtualBoxGlobal SettingsInputHost Key.
  3. The login program unfortunately does not provide this option.
  4. Kicksecure logo Rationale for Change from Default Password changeme to Empty Default Password Onion Version
  5. The login program unfortunately does not provide this option.
  6. Kicksecure logo Rationale for Change from Default Password changeme to Empty Default Password Onion Version
  7. Please leave feedback if this step works correctly.
  8. Run the following command. sudo unlink /etc/motd
  9. 9.0 9.1 9.2 9.3 9.4 https://wiki.archlinux.org/title/HiDPI#Xfcearchive.org
  10. https://www.qubes-os.org/doc/full-screen-mode/archive.org
Your support makes
all the difference!

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!

Retrieved from "https://www.whonix.org/w/index.php?title=Desktop&oldid=102555"