Existing Ports of and Porting Whonix ™ to other Architectures
Architecture specific packages in Whonix ™. "Special packages". Software maintained by third parties. Compiled software. Kernel modules. Shared objects. Tips on porting Whonix ™ to other platforms. "amd64" means Intel and AMD. Porting Simplicity.
Existing Ports of Whonix ™[edit]
- Whonix ™ reported
to be running on POWER9 (OpenPOWER
), Raptor
Talos II
using distro-morphing.
- Inoffical Whonix ™ Docker port. Not reviwed by Whonix ™ developers.
- Some other Whonix ™ on github. Docker ports of on github.
Incomplete Ports of Whonix ™[edit]
- Whonix for
arm64
/ Raspberry Pi ( RPi )(wiki) (broken, unsupported)
- Whonix on
Mac
M1
(ARM
) based: project status / forum discussion
Existing Ports of Kicksecure ™[edit]
ppc64el
Kicksecure ™ functional, created using distro-morphing on a test server for Whonix ™ developer Patrick.- Distro-morphing should generate viable images for KVM on
arm64
.
Packages[edit]
NOTE[edit]
Porting Simplicity[edit]
To simplify ports to other architectures, all of the following packages are optional dependencies. These packages have very useful functionality however to simplify bootstrapping a port of Whonix ™ for a quick motivational milestone to reach of Whonix ™ building and booting, all architecture specific packages are optional dependencies by design in Whonix ™.
Therefore porters do not need to worry about any of the following packages during original porting work.
Most of Whonix ™ packages and all essential packages are architecture independent.
To simplify ports, Whonix ™ repository at time of writing supports the following architectures. [1]
amd64 arm64 armel armhf hurd-i386 hurd-amd64 i386 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc ppc64 ppc64el s390x sparc source
This might be useful for distro-morphing.
Distro-morphing might be the easiest way to create a proof of concept port of Whonix ™. Following the spirit of Self Support First Policy, first experimenting with Debian (which Whonix ™ is based on) first might be helpful.
A production quality, redistributable port of Whonix ™ however should be created using Whonix ™ build script instead of distro-morphing.
Related: porting Whonix ™ to other virtualizers
bindp[edit]
- maintained by third party: yes
- compiled: yes
- compiled when: at package installation time / at Whonix ™ build time
- language: C
- no upstream version number
- documentation: none
- upstream: https://github.com/yongboy/bindp
- package source code: https://github.com/Kicksecure/bindp
- kernel module: no
lkrg[edit]
- maintained by third party: yes
- compiled: yes
- compiled when: at package installation time / at Whonix ™ build time (if it was pre-installed)
- language: C
- version number by upstream: yes
- upstream architecture support:
amd64
only - documentation: Linux Kernel Runtime Guard (LKRG)
- upstream: https://lkrg.org/
- Debian package source code: https://github.com/Kicksecure/lkrg
- kernel module: yes
- LKRG Development Discussion
kloak[edit]
- maintained by third party: yes
- compiled: yes
- compiled when: during package build process / at Whonix ™ build time
- version number by upstream: yes
- architecture support: ?
- documentation: kloak
- upstream: https://github.com/vmonaco/kloak
- Debian package source code: https://github.com/Whonix/kloak
- kernel module: no
- Kloak Forum Discussion
corridor[edit]
- maintained by third party: yes
- compiled: no
- language: sh
- version number by upstream: yes
- upstream architecture support: any
- documentation: Corridor
- upstream: https://github.com/rustybird/corridor
- Debian package source code: https://github.com/Whonix/corridor
- kernel module: no
- corridor Development Discussion
Hardened Malloc[edit]
Hardened Memory Allocator
- maintained by third party: yes
- compiled: yes
- language: C
- compiled when: at package build time / at Whonix ™ build time (if it was pre-installed)
- version number by upstream: yes
- upstream architecture support:
amd64
only - documentation: Hardened Malloc
- upstream: https://github.com/GrapheneOS/hardened_malloc
- Debian package source code: https://github.com/Kicksecure/hardened_malloc
- kernel module: no
- Hardened Malloc Development Discussion
arm64
issue: ticket says closed but is still an issue as per this comment https://github.com/GrapheneOS/hardened_malloc/issues/149#issuecomment-1010526647
monero-gui[edit]
- maintained by third party: yes
- compiled: yes
- compiled when: when upstream compiles it, the monero-gui package contains binaries aqquired from upstream (digital software signature verification is being performed during the packaging process)
- version number by upstream: yes
- upstream architecture support:
amd64
only (?) - documentation: Monero
- upstream: https://github.com/monero-project/monero-gui
- Debian package source code: https://gitlab.com/Kicksecure/monero-gui
- kernel module: no
tb-updater[edit]
- maintained by third party: no
- compiled: no
- contains binaries: no, because it is a downloader script
- language: bash
- version number by upstream: no
- architecture support:
i386
andamd64
- For the Linux platform The Tor Project is only providing
i386
andamd64
downloads. See https://dist.torproject.org/torbrowser/.
- For the Linux platform The Tor Project is only providing
arm64
-> https://forums.whonix.org/t/arm64-tor-browser/11806
- Debian package source code: https://github.com/Kicksecure/tb-updater
- kernel module: no
tirdad[edit]
- maintained by third party: yes
- compiled: yes
- compiled when: at package installation time / at Whonix ™ build time
- version number by upstream: upstream does not (yet) provide version numbers
- architecture support:
amd64
only - documentation: TODO
- upstream: https://github.com/0xsirus/tirdad
- Debian package source code: https://github.com/Kicksecure/tirdad
- kernel module: yes
- tirdad Development Discussion
binaries-freedom[edit]
- Currently not in use.
tor[edit]
- Architectures
amd64
,i386
andarm64
are using thedeb.torproject.org
tor
package. A newer version. The latest stable version provided by The Tor Project for the stable release of Debian. Why? See Dev/Tor and https://forums.whonix.org/t/tor-package-urgently-needs-update-to-v0-4-6-8-due-to-tor-browser-11-stable-fingerprintability/12762
.
- Architectures other than
amd64
,i386
andarm64
are using thepackages.debian.org
tor
package. An older version. The frozen stable version provided by Debian for Debian stable. This has a disadvantage: https://forums.whonix.org/t/tor-package-urgently-needs-update-to-v0-4-6-8-due-to-tor-browser-11-stable-fingerprintability/12762
- package maintained by third party: yes
- compiled during package build process: no
- contains binaries: yes
- version number by upstream: yes
Check Tor SocksPort Reachability[edit]
On Whonix-Workstation ™. Test.
{{Curl_Plain}} 10.152.152.10:9100 ; echo $?
Should show.
<html> <head> <title>Tor is not an HTTP Proxy</title> </head> <body> <h1>Tor is not an HTTP Proxy</h1> <p> It appears you have configured your web browser to use Tor as an HTTP proxy. This is not correct: Tor is a SOCKS proxy, not an HTTP proxy. Please configure your client accordingly. </p> <p> See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information. <!-- Plus this comment, to make the body response more than 512 bytes, so IE will be willing to display it. Comment comment comment comment comment comment comment comment comment comment comment comment.-→ </p> </body> </html> 0
Otherwise, it would be a grave error (Tor SocksPort not reachable).
Check CPFP Reachability[edit]
On Whonix-Workstation ™. Test.
{{Curl_Plain}} 10.152.152.10:9052
Should show.
510 Prohibited command "GET / HTTP/1.1" 510 Prohibited command "User-Agent: curl/7.26.0" 510 Prohibited command "Host: 10.152.152.10:9052" 510 Prohibited command "Accept: */*" 510 Unrecognized command ""
Otherwise, it would be a grave error (CPFP not reachable).
Forum Discussion[edit]
https://forums.whonix.org/t/architecture-specific-compiled-third-party-special-packages-porting-whonix/8562
RPM[edit]
These are some random notes about porting Whonix ™ update debs to rpm.
What would have to be done:
- create rpm package
- Find a replacement for config-package-dev, a package which allows third party packages (Whonix ™) to own files which are owned by other packages. Such as /etc/tor/torrc is owned by tor, but anon-gw-anonymizer-config includes its own config file.
- add init scripts (currently done by debhelper)
- add man pages (currently done by debhelper and ronn, see debian/rules)
- minor: replacement for dh_apparmor
Footnotes[edit]

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 10 year success story and maybe DONATE!