Whonix Linux Installer for VirtualBox
Donate
Whonix can be easily installed using Whonix Linux Installer. Select your Linux distribution to get started.
This page is fully functional without JavaScript, but enabling JavaScript significantly enhances the user experience.
Debian, Fedora and Derivatives
GUI
- Whonix with Xfce graphical user interface (GUI).
- This version of Whonix is designed to run inside VirtualBox.
- Beginner-friendly and easy to use.
- It is the right choice for most users.
Please follow these steps to install Whonix.
1 Whonix Linux Installer
TLS
1. Download.
curl --tlsv1.3 --output whonix-xfce-installer-cli --url https://www.whonix.org/dist-installer-cli
Optional: Digital signature verification.
- Digital signatures are a tool enhancing download security. They are commonly used across the internet and nothing special to worry about.
- Optional, not required: Digital signatures are optional and not mandatory for using Whonix, but an extra security measure for advanced users. If you've never used them before, it might be overwhelming to look into them at this stage. Just ignore them for now.
- Learn more: Curious? If you are interested in becoming more familiar with advanced computer security concepts, you can learn more about digital signatures here digital software signatures.
Choose either Option A), Option B) or Option C).
Option A) Install the installer from the from the Kicksecure APT repository
By installing from the Kicksecure APT repository, no additional verification of the installer is required because APT automatically does that.
1. Add the Kicksecure APT repository.
See 
Kicksecure Packages for Debian Hosts
.
2. Install package usability-misc.
Because it contains the Whonix Linux Installer.
Install package(s) usability-misc following these instructions
1 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: In Template.
2
Update the package lists and upgrade the system
.
sudo apt update && sudo apt full-upgrade
3 Install the usability-misc package(s).
Using apt command line
--no-install-recommends option
is in most cases optional.
sudo apt install --no-install-recommends usability-misc
4 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: Shut down Template and restart App Qubes based on it as per
Qubes Template Modification
.
5 Done.
The procedure of installing package(s) usability-misc is complete.
3. Run the Whonix Linux Installer.
whonix-xfce-installer-cli
4. Done.
Option B) Verify the Installer
The Linux Installer is signed by Whonix developer Patrick Schleizer using OpenPGP and signify.
Do you already how to perform digital software verification using an OpenPGP and/or signify key?
- Yes: Acquire the Signing Key and the signatures straight away and proceed.
- No: Consider the following instructions: Undocumented. Unspecific to Whonix.
signify:
signify-openbsd -Vp keyname.pub -m dist-installer-cli
Option C) Manual Installation without the Installer
1. There is no need to use the Whonix Linux Installer.
The user is not forced to use the Whonix Linux Installer.
2. Manually install Whonix for VirtualBox.
Use the manual Whonix for VirtualBox instructions instead of the Whonix Linux Installer.
3. Done
2. Run the installer.
bash ./whonix-xfce-installer-cli
onion
1. System Tor Setup.
Downloading via an onion service requires a functional system Tor. This aspect is not specific to Whonix and is undocumented.
2. Download.
torsocks curl --output whonix-xfce-installer-cli --url http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/dist-installer-cli
3. Run the installer.
bash ./whonix-xfce-installer-cli --onion
2 Start Whonix
Starting Whonix is simple:
- Start VirtualBox.
- Double-click the Whonix-Gateway™ and Whonix-Workstation™.
CLI
- Whonix with command line interface (CLI).
- This version of Whonix is designed to run inside VirtualBox.
- Whonix with CLI is a version suited for advanced users -- those who want Whonix without a graphical user interface (GUI). Everyone else should install the user-friendly Whonix VirtualBox with GUI Xfce.
TLS
1. Download.
curl --tlsv1.3 --output whonix-cli-installer-cli --url https://www.whonix.org/dist-installer-cli
Optional: Digital signature verification.
- Digital signatures are a tool enhancing download security. They are commonly used across the internet and nothing special to worry about.
- Optional, not required: Digital signatures are optional and not mandatory for using Whonix, but an extra security measure for advanced users. If you've never used them before, it might be overwhelming to look into them at this stage. Just ignore them for now.
- Learn more: Curious? If you are interested in becoming more familiar with advanced computer security concepts, you can learn more about digital signatures here digital software signatures.
Choose either Option A), Option B) or Option C).
Option A) Install the installer from the from the Kicksecure APT repository
By installing from the Kicksecure APT repository, no additional verification of the installer is required because APT automatically does that.
1. Add the Kicksecure APT repository.
See
Kicksecure Packages for Debian Hosts
.
2. Install package usability-misc.
Because it contains the Whonix Linux Installer.
Install package(s) usability-misc following these instructions
1 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: In Template.
2
Update the package lists and upgrade the system
.
sudo apt update && sudo apt full-upgrade
3 Install the usability-misc package(s).
Using apt command line
--no-install-recommends option
is in most cases optional.
sudo apt install --no-install-recommends usability-misc
4 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: Shut down Template and restart App Qubes based on it as per
Qubes Template Modification
.
5 Done.
The procedure of installing package(s) usability-misc is complete.
3. Run the Whonix Linux Installer.
whonix-cli-installer-cli
4. Done.
Option B) Verify the Installer
The Linux Installer is signed by Whonix developer Patrick Schleizer using OpenPGP and signify.
Do you already how to perform digital software verification using an OpenPGP and/or signify key?
- Yes: Acquire the Signing Key and the signatures straight away and proceed.
- No: Consider the following instructions: Undocumented. Unspecific to Whonix.
signify:
signify-openbsd -Vp keyname.pub -m dist-installer-cli
Option C) Manual Installation without the Installer
1. There is no need to use the Whonix Linux Installer.
The user is not forced to use the Whonix Linux Installer.
2. Manually install Whonix for VirtualBox.
Use the manual Whonix for VirtualBox instructions instead of the Whonix Linux Installer.
3. Done
2. Run the installer.
bash ./whonix-cli-installer-cli
onion
1. System Tor Setup.
Downloading via an onion service requires a functional system Tor. This aspect is not specific to Whonix and is undocumented.
2. Download.
torsocks curl --output whonix-cli-installer-cli --url http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/dist-installer-cli
3. Run the installer.
bash ./whonix-cli-installer-cli --onion
Additional information about the Whonix Linux Installer.
Whonix Linux Installer
The Whonix Linux Installer streamlines the process of setting up Whonix on VirtualBox. While the earlier method required users to follow instructions on the Whonix for VirtualBox wiki page, this installer makes the entire process more intuitive. Here's an in-depth look at what it does:
- Script Name Verification: The installer checks for valid script names, such as
dist-installer-cli,
virtualbox-installer
, whonix-cli-installer-cli,whonix-xfce-installer-cli. - Command-Line Parsing: It parses any command-line options provided.
- System Requirements Check: The installer assesses if the system meets prerequisites like adequate disk space, RAM, and virtualization support. Users are informed if any of these criteria aren't met.
- Package Installation: Necessary packages for the script's operation, like
signify,curl,rsync, andvboxmanage(for VirtualBox users) are installed using the distribution's package manager (APT or DNF). - Repository Settings:
- Debian and Derivatives:
- For
bullseye(oldstable): Enables the Debianbackportsandfasttrackrepositories. - For
bookworm(stable): Same as above. - For
trixie(testing): Enables the Debianunstablerepository and configures APT pinning to prefer packages fromtestingoverunstableso only VirtualBox gets installed fromunstableand no other dependency packages are unnecessarily pulled fromunstable. - For
sid(unstable): Installs from Debianunstablerepository.
- For
- Ubuntu: Installs from the Ubuntu repository. [1]
- Fedora and Derivatives: Enables the
virtualbox.org(Oracle) repository. - Updates: The preferred repository for VirtualBox installation may vary in the future based on availability. Updated installers might fetch VirtualBox from the Debian
fasttrackrepository,virtualbox.org(Oracle) repository, or the Kicksecure™ repository. (Whonix development discussion: VirtualBox Integration and Upgrades
)
- Debian and Derivatives:
- Version Querying: If no version is specified via command line, the Whonix version number is fetched using the API. (Only if installing Whonix.) (Not for
virtualbox-installer. [2]) - Virtual Machine Handling:
- For previously imported VMs, users are prompted to boot the virtual system(s). (Not for
virtualbox-installer. [2].) - For previously downloaded VM files, authenticity and integrity checks are run. (Not for
virtualbox-installer. [2].) - For first-time users, the installer downloads the required files, conducts authenticity and integrity checks, imports the system(s), and then attempts to start the Virtual Machine(s). (Not for
virtualbox-installer. [2].)
- For previously imported VMs, users are prompted to boot the virtual system(s). (Not for
- Inform user if VMs are already running and abort installation. (Not for
virtualbox-installer. [2].)
Additional Features:
- Download Resumption: Utilizes
rsyncinternally to enable download resumption capabilities. - Integrity Checking: Offers a streamlined integrity verification process, facilitated by
rsync. - Download from Oracle Repository: When using
--oracle-repocommand line option, downloads VirtualBox from Oracle repository. This is the default for Fedora-based distributions. It's optional for Debian-based ones (including Ubuntu) but may be set by developers in the future if the Debian repository discontinues the VirtualBox package. Might at times provide a newer VirtualBox version. - Onion Support: Allows for downloads from onion sources with the
--onioncommand line option whenever possible. (For example Oracle does not provide an onion repository.) - Default Download Directory: Files are saved in the
~/dist-installer-cli-downloadfolder. - Logging Mechanics: For transparency, every command executed is logged in the download directory, accompanied by the specific script version used at the time.
- Transparent System Modifications: The installer’s operations are evident to the user. All persistent system alterations, especially those executed with administrative ("root") privileges, are prominently detailed in the installer's output.
- Documentation: Comprehensive details can be found in the
dist-installer-climan page. - Checks: Nested Virtualization, secure boot enabled check.
Developer Information:
- Source Code:
/usr/bin/dist-installer-cli, Continuous Integration Testing .github/workflows/builds.yml - Development Wiki Page: Dev/Linux Installer
- Development Discussion: forums discussion
- Security: The
dist-installer-cliscript is not intended for curl bash piping. However, for a comprehensive discussion on security concerns related to this topic, see here.
Questions and Answers
| Question | Answer |
|---|---|
| Do I have to use the new Whonix Linux Installer? | No. You can still manually install VirtualBox and import Whonix by following the instructions on the Whonix for VirtualBox wiki page. |
| Is the manual method for VirtualBox installation going to be deprecated? | There's no such plan as of now. The manual method remains crucial as it offers compatibility with certain Linux distributions not supported by the Whonix Linux Installer. |
| Can I use Whonix-Gateway™ CLI in conjunction with Whonix-Workstation™ Xfce? | Absolutely, find out more here.
|
| Why should I prefer VirtualBox over KVM? | For insights, visit Here. |
| Why choose VirtualBox instead of Qubes? | The reasons are elaborated here. |
| Where can I find the main FAQ? | Check out the Whonix FAQ. |
Kicksecure
- For users that are already using Kicksecure as their host operating system, installation of Whonix for VirtualBox is even simpler.
- No need to manually download or verify the installer Whonix Linux Installer on Kicksecure hosts.
- Whonix Linux Installer for VirtualBox is installed by default in Kicksecure.
Simply run one of the following commands.
For Whonix with Xfce (recommended):
- whonix-xfce-installer-cli
- whonix-xfce-installer-cli --onion
For Whonix with CLI (for advanced users only):
- whonix-cli-installer-cli
- whonix-cli-installer-cli --onion
- See tab 'Debian, Fedora and Derivatives'.
Ubuntu
- Minimum required version: Only Ubuntu Jammy (22.04) (LTS) has been tested.
- Lower versions will not work. Please release upgrade your Ubuntu version first.
- Higher stable Ubuntu versions will probably work.
- See tab 'Debian, Fedora and Derivatives'.
Other Linux Distributions
- The Whonix Linux Installer for VirtualBox is only supported for Debian, Fedora and their derivatives (such as Ubuntu, CentOS, RedHat or Kicksecure).
- See to learn more and get started with Whonix.
- Are you a developer? If your host operating system is unsupported, contributions to add support for Other Linux distributions are welcome.
The most watertight privacy operating system in the world.
At
Whonix we value freedom and trust, supporting Open Source and Freedom Software
2012-
2024 ENCRYPTED SUPPORT LP
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!
- ↑
Might sound complicated but it's actually quite simple in case of Ubuntu. Install from the usual, "normal", official
packages.ubuntu.com. From the usualsuite. For example, if using suitejammy, it installs fromjammy. This is because Ubuntu is packaging VirtualBox for their usual stable suites. Debian doesn't. That's why Ubuntu does not require any special repository. (Debian required backportsandfasttrackrepositories at time of writing.) - ↑ 2.0 2.1 2.2 2.3 2.4
Because that is not required if only installing VirtualBox using
virtualbox-installer.)