Whonix-Host Operating System Live ISO, Whonix-Host Installer

From Whonix
Jump to navigation Jump to search

Whonix-Host will be a complete Operating System provided by Whonix developers. More developers still wanted! Not available for users yet. Users should install Whonix instead, it's available for most major operating systems. If you're looking for Live Mode, see Live Mode

  • Help wanted! : A Whonix-Host Operating System Live ISO and Whonix-Host Installer is currently in development. More developers are still wanted!
  • Not available for users yet : There is no ETA (estimated time of arrival) yet. Users should install Whonix instead.
  • Live Mode : Looking for Whonix Live Mode? It's already available, see Live Mode.
  • Name discussion : "Whonix-Host" might not be a good name and might be renamed in the future. You have an opinion? Participate in this forum discussion.

General Disclaimer[edit]

DO NOT USE THIS YET AS A USER!

There is no ETA (estimated time of arrival) yet.

Important warning: Whonix-Host is experimental software and still in early development. It is currently still lacking some core features, such as a working firewall on the Host, and is not yet ready for production, nor intended for end-users.

This wiki page is a preview for developers and curios readers only.

Whonix-Host Developers-Only Preview Version 15.0.1.2.7 Released!archive.org

Major missing features in the initial release include:

progress in 2024: Kicksecure ISO now available for testersarchive.org. (Whonix is based on Kicksecure.) It is based on Debian bookworm, dracut, compatible with BIOS, EFI booting and even Secure Boot compatible.

See also Dev/Project Host.

Help welcome!

What is Whonix-Host?[edit]

Whonix-Host is a complete Operating System provided by Whonix developers specifically designed to run Whonix virtual machines ("Whonix-Gateway" and "Whonix-Workstation").

Based on Kicksecure, Whonix-Host comes out-of-the-box with all Kicksecure security features and KVM hypervisor with ready-to-use pre-installed Whonix virtual machines.

By default, Whonix-Host runs from a USB flash drive as a Live ISO, as any modern Linux distribution does. This means that you can use and test the whole system, including Whonix-Gateway and Whonix-Workstation, without making any changes to your computer ("live" or "amnesic" mode).

Whonix-Host can also be installed from the USB flash drive onto an internal hard drive or onto an external drive such as another USB flash drive to be used as a permanent Operating System ("persistent" mode).

In other words:

  • Supported installation source medium: USB; DVD
  • Supported installation target devices: internal HDD; external HDD; USB; eSATA

Advantages[edit]

  • Whonix-Host ISO is available as a Live ISO. I.e. can boot Whonix-Host from Live DVD or Live USB.
  • Whonix-Host installed has a boot menu option to boot into persistent mode or live mode.
  • No clearnet traffic by default. (detailsarchive.org) (not implemented yet!)

Differences with Qubes-Whonix[edit]

Installation[edit]

Whonix-Host installation is very simple and boils down to only two steps:

1. Download the Whonix-Host ISO file and verify its integrity

2. Copy its content onto a USB flash drive

The instructions below detail the exact procedure to follow whether you are using Linux, Windows 10 or MacOS.

Recommended System Specifications[edit]

  • A 64 bit processor with virtualization capacities
  • Minimum 4GB of RAM
  • Minimum 4GB USB flash drive
  • Optional: another flash drive or HDD/SSD with minimum 10GB of free space if you intend to install Whonix-Host

Installation From Windows[edit]

To be completed

Installation From MacOS[edit]

To be completed

Installation From Linux[edit]

On Linux the easiest way to burn Whonix-Host on a USB flash drive is to use the 'dd' command-line utility.

1. Identify your USB flash drive you want to burn Whonix-Host onto by running 'fdisk -l' with sudo rights.

sudo fdisk -l On most modern Linux distributions it should show as a '/dev/sdx' as in the example below, where the targeted USB flash drive is identified as '/dev/sdb':

Disk /dev/sdb: 58.4 GiB, 62746787840 bytes, 122552320 sectors
Disk model: Redacted
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: Redacted

Device     Boot Start       End   Sectors  Size Id Type
/dev/sdb1        2048 122552319 122550272 58.4G 83 Linux

2. Copy the Whonix-Host ISO file onto the duly identified USB flash drive by using the 'dd' command-line utility. Proceed with extreme caution as this command will erase all data on the targeted drive! Please double or triple check to make sure you have selected the correct drive!

First, open a terminal in the directory in which you have downloaded the Whonix-Host ISO file, or just 'cd' into it:

cd ~/Downloads
ls
 Whonix-Host-Xfce-15.0.1.3.4.iso

Then copy the file onto the USB flash drive that you have identified in the previous step, which is '/dev/sdb' in the example below. Adapt the command to match your own USB flash drive letter! Do not copy-paste this command without making sure that you are copying onto the correct device!

dd if=Whonix-Host-Xfce-15.0.1.3.4.iso of=/dev/sdb status=progress

Wait until it finishes. It can take up to 20 to 30 minutes depending on your hardware and your USB flash drive speed. C

Booting From the USB Flash Drive[edit]

To use Whonix-Host, you must insert the USB flash drive that you have burnt in the previous step into your computer and boot from it.

Depending on your computer, you may be able to change its boot order (to make sure it will boot from the Whonix-Host USB flash drive and not its usual internal disk) by pressing a special key such as F12 or Enter. Please refer to your motherboard specific documentation for instructions on how to change the boot order. Once you have found the boot order option, just select the Whonix-Host USB flash drive and press Enter.

Figure: Whonix-Host Isolinux bootloader (BIOS mode)

Whonix-Host Isolinux bootloader (BIOS mode)

Figure: Whonix-Host GRUB bootloader (EFI mode)

Whonix-Host GRUB bootloader (EFI mode)

Whonix-Host is able to boot from both EFI and BIOS ("legacy") systems. When booting on an EFI system, you will be met by the 'Grub' bootloader, and by the 'Isolinux' bootloader if you are booting on BIOS mode. Note: as of version 15.0.1.3.4 you must boot in BIOS mode if you intend to install Whonix-Host on a persistent drive, as it currently does not support EFI install (still under development, see disclaimer above).

In either case you can safely press 'Enter' to boot the system into the Xfce Desktop environment, or press 'e' if you wish to modify the boot settings (advanced users).

Using Whonix-Host[edit]

To be completed

Whonix-Host Persistent Installation[edit]

Warning: Work in progress! Whonix-Host does not currently support installation in EFI mode. While the ISO file boots normally in EFI mode and the installation will succeed, your installed system will need manual adjustment in order to boot in EFI mode!

General Information[edit]

Whonix-Host can be installed on an internal drive or an external drive such as a USB device with the help of the Whonix-Host Calamares installer.

It is recommended before installation to connect only the device on which you intend to install Whonix-Host and to unplug all the other disks to avoid loss of data!

The installation is straightforward and only allows the user to customize the disk partitioning. The Whonix-Host Calamares installer does not provide the usual options of selecting a location and a timezone, changing the system language or creating a new user.

This is on purpose to ensure that Whonix-Host security and privacy features are well-preserved on the installed target.

Any change the user would like to perform can be done at his own risk after the installation if he wishes so.

Launching the Calamares installer[edit]

To do so, click on the 'Install Whonix-Host' icon on the Desktop. Click on the 'Next' button to start the configuration process.

Figure: Whonix-Host Calamares Installer - Welcome module

Whonix-Host Calamares Installer - Welcome module

Partitions[edit]

Choose the storage device where you want to install Whonix-Host. Please make sure you have selected the correct drive!

If you are installing on a fresh device (recommended), select 'Erase disk'. Otherwise you have the options to 'Replace a partition' or 'Manual partitioning' (advanced users).

Choose 'Encrypt the system' if you wish to encrypt your installation (recommended). Click on 'Next' once you are ready to proceed further.

Installation[edit]

Figure: Whonix-Host Calamares Installer - Partitions Module

Whonix-Host Calamares Installer - Partitions Module

The next module allows you review your installation settings and correct them if you wish so. Click on 'Next' to begin the installation. The installer will then proceed with the installation. It can take a while to complete depending on your hardware.

Figure: Whonix-Host Calamares Installer - Summary Module

Whonix-Host Calamares Installer - Summary Module

Once finished, you can choose to continue using the live system or reboot into your installed system. Do not forget to remove the USB device containing the Whonix-Host ISO before restarting your computer.

Figure: Whonix-Host Calamares Installer - Installation in Progress

Whonix-Host Calamares Installer - Installation in Progress

Figure: Whonix-Host Calamares Installer - Installation Complete

Whonix-Host Calamares Installer - Installation Complete

Post-installation[edit]

Whonix-Host can also be booted in live mode, which means that during a live session no changes will be written to the disk. If you wish to do so, select 'LIVE mode USER (For daily activities)...' at the GRUB screen and press enter.

Figure: Whonix-Host Installed - GRUB bootloader

Whonix-Host Installed - GRUB bootloader

The default login user is 'user' and the default password is 'changeme'. You are strongly advised to change the default password once you have logged in.

Comparison of different Whonix-Host Boot Modes[edit]

ISO Boot Persistent Boot Live Boot
data persistence
(read-write)
No Yes No
non-persistent
(read-only)
Yes No Yes
Usable without installation
Available before Installation of the Whonix-Host operating system
Yes No No
Only after installation
Available after Installation of the Whonix-Host operating system
No Yes Yes

See Also[edit]

Footnotes[edit]

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!