What will be the optimal paravirtualization setting for Whonix?
- none explicitly turns off exposing any paravirtualization interface sounds good security wise but could be really slow. Please test and leave feedback.
- minimal sounds like a worthwhile alternative if `none` is too slow. But what technology is `minimal` actually using? VirtualBox legacy or kvm? However, documentation says, it lets the VM read the APIC frequency. To be researched how bad this would be.
- legacy is good enough for now. That’s like VirtualBox 4.x. But since they now call it legacy, that code will rot, and probably should be avoided in long run.
- kvm (VirtualBox) is problematic, since it provides unwanted pvclock kvm-clock. (Which allows a clock correlation attacks once VM is compromised.
- default is problematic, since in some cases, it does autodetection, then used VirtualBox KVM.
- hyperv The microsoft thingy. No idea about that one. May or may not be great for Linux guests (Whonix).
Each virtualization platform should be reviewed for performance, security, pvclock interfaces and hardware identifiers readable by the vm.
Please try various settings. Most interesting for now are none and minimal. Post the following in the forum discussion thread on this topic.
- Host OS name: Debian, Windows 10, Gentoo, etc.
- Host OS architecture: 64 or 32 Bit
- Whonix Version – only 11, or better.
- VirtualBox Version used – only VirtualBox, or better
- VirtualBox Acceleration Mode Used
- Notable Observations – errors, warnings. slowness, failures, etc.
- Does watching online videos such as youtube still work?
- Does watching videos in VLC still work?
- Open a console window. Post the output of. cat /sys/devices/system/clocksource/clocksource0/current_clocksource
- And the output of. cat /sys/devices/system/clocksource/clocksource0/available_clocksource
- Any other ‘things’ you deem important.
This is related to:
- https://www.virtualbox.org/manual/ch08.html read this one very parameter description `–paravirtprovider none|default|legacy|minimal|hyperv|kvm`
- read this one very chapter https://www.virtualbox.org/manual/ch10.html#gimproviders