Dev/Virtualization Platform
From Whonix
< Dev
Contents
Introduction[edit]
Whonix ™ is available for:
In an ideal world, Whonix ™ would support all Virtualization Platforms. Theoretically it could be done using libvirt [archive]. Practically libvirt is out of question. libvirt-users Does libvirt abstract each and any vm specific command? [archive] Libvirt does not (yet) abstract some commands Whonix ™ depends on.
Other Virtualization Platforms[edit]
Introduction[edit]
In theory, Whonix ™ could run inside any virtualizer, because its build scripts are very modular and extensible. In reality, Whonix ™ has no man power to test other virtualizers. As soon as contributors join the project and maintain support for other virtualizers, support for them can most likely be easily added.
Support Plan[edit]
Whonix ™ would need a maintainer to support the other virtualization platform.
Important:
- Someone who runs those Test, LeakTests and tests from Protocol-Leak-Protection_and_Fingerprinting-Protection.
- Someone who otherwise looks around if everything is sane.
Ideal:
- Someone who creates, signs, uploads .ova images for the other virtualization platform (such as VMware, KVM, etc.).
Partially Finished Attempts[edit]
VirtualBox[edit]
Is VirtualBox an Insecure Choice?[edit]
Update:
Although VirtualBox is not an ideal choice, fortunately other platforms are supported:
For greater security, users with suitable hardware and sufficient skill are recommended to prefer Qubes-Whonix ™ (a bare-metal hypervisor) over Type 2 hypervisors like VirtualBox.
The primary reason Whonix ™ supports VirtualBox is because it is a familiar, cross-platform virtualizer which can attract more users to open source (free/Libre) software, Tor and Linux in general. By remaining highly accessible, Whonix:
- Increases the scope of potential growth in the user base.
- Attracts greater attention as a suitable anonymity-focused operation system.
- Increases the likelihood of additional human resources and monetary contributions.
- Allows novice users to easily test Whonix ™ and learn more about security and anonymity practices.
- Improves the relative security and anonymity of Tor / Tor Browser users by offering a virtualized solution.
Old statement:
If you would like to see the old statement, please press on expand on the right.
Whonix ™ in VirtualBox vs Tor / Tor Browser / Torified Applications on the Host[edit]
It is recognized that VirtualBox is not an ideal choice; see Dev/Virtualization Platform. However, there are different goals to bear in mind - Whonix ™ is primarily focused on protecting a user's IP address / location.
A common refrain of critics is that VirtualBox is "too weak". This is a theoretical concern and does not have any practical implications at present, since Whonix ™ in VirtualBox is actually more secure than running Tor, Tor Browser or torified applications on the host in many cases; see Whonix ™ Security in the Real World.
It must be remembered that there are no alternatives for a large segment of the population who do not have sufficiently powerful hardware to run Qubes-Whonix ™, or who are technically incapable of running KVM. In this case, it is safer for them to run Whonix ™ in VirtualBox, rather than continuing to utilize Tor on the host. For example, Whonix ™ helps to protect against future proxy bypass bugs [archive] or software which does not honor proxy settings [archive].
The strength of Whonix ™ and virtualization in general is adherence to the security by isolation principle. VirtualBox critics need to objectively consider how many exploits currently exist for VirtualBox and the track record of exploits. Admittedly, virtual machine exploits may become far more problematic in the future, but at present Whonix ™ is considered to provide more security out of the box running in VirtualBox, than not.
Platforms with Improved Security[edit]
Anybody seriously considering Whonix ™ for improved security should refer to the Documentation, particularly the Security Guide and Advanced Security Guide entries, as well as supported platforms other than VirtualBox. Whonix ™ is a poster child for the Isolating Proxy Concept [archive] and Security by Isolation [archive].
Many users still default to running Tor on their Windows or Linux host. Whonix ™ is immediately available to this cohort to substantially improve their real world security. Indeed, Whonix ™ is the only up-to-date OS designed to be run inside a VM and paired with Tor, which is actively maintained and developed. Other similar projects like JanusVM [archive] are seriously outdated and no longer actively maintained. [1]
Whonix ™ cannot serve all target audiences. Users seeking a higher security solution will prefer other supported platforms, like Qubes-Whonix ™. "Hardcore" users may prefer to build their own custom hardened solutions, while still profiting from Whonix ™ research and source code. Hardened solutions like the Hardened Gentoo Whonix-Gateway ™ are more difficult to use and therefore cannot be set as the default installation for Whonix ™.
VirtualBox missing features[edit]
Signatures (not important because we offer OpenPGP / gpg signatures):
- https://forums.whonix.org/t/appliance-is-not-signed/4230 [archive]
- https://forums.virtualbox.org/viewtopic.php?f=1&t=94327#p455421 [archive]
The following is non-ideal for verifiable builds, because we have to convert to vdi first:
- export VM using VDI instead of VMDK? [archive]: seems not possible.
- Mount VMDK on Debian jessie? [archive]: seems not possible.
The following is non-ideal, because we can not warn when host operating systems are being used we don't think are the right tool for hosting Whonix ™ VMs:
- Can a guest find out its host operating system? [archive]: seems not possible.
- VirtualBox uses VMDK version 3. This is non-ideal, because working with these images is difficult.
- Converting these images is difficult.
qemu-img version 1.6.1 (qemu-img convert "vmdk_file" -O RAW "vdi_file") fails with: qemu-img: 'image' uses a vmdk feature which is not supported by this qemu version: VMDK version 3, which is a known issue in qemu [archive].As per this [archive], QEMU version equal or bigger than 2.8 should be capable to work with VMDK version 3 disks. TODO: try- Therefore it is required to convert them with VBoxManage to .vdi first. (VBoxManage clonehd --format VDI "vmdk_file" "vdi_file")
Therefore the Free guestmount doesn't support mounting VMDK version 3 as well (because it internally uses qemu-img).(Still true?)It requires proprietary software to mount them, such as the proprietary nbdkit plugin vddk [archive]. We're not aware of a Free Software alternative yet.(Still true?)
- Converting these images is difficult.
When importing VMs these become VDI images nowadays with recent VirtualBox versions.
VirtualBox no longer in Debian main[edit]
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709899 [archive]
- http://lists.debian.org/debian-devel/2013/08/msg00057.html [archive]
- "Virtualbox ships a BIOS that requires Watcom to compile from real sources,precompiled copy they ship as well is free but is not the preferred form for modification." http://lists.debian.org/debian-devel/2013/08/msg00106.html [archive]
- https://www.virtualbox.org/ticket/12011 [archive]
- https://lists.torproject.org/pipermail/tor-talk/2013-September/029978.html [archive]
- This is unrelated to
VirtualBox Oracle VM VirtualBox Extension Pack, which is proprietary, and which was never in Debian.
Arguments for keeping VirtualBox Support[edit]
- KVM is not available to Windows users.
- Simplicity, as in: VirtualBox has a VM import GUI feature.
- Available to users not owning computer providing hardware virtualization. (KVM requires that. QEMU may or may not but is unsupported.)
- Due to Windows users and simplicity it leads to greater popularity, which in theory attracts more users, developers, auditors, payments, etc and is therefore good for the overall health of the project.
- Some Windows/VirtualBox users experimenting with their first Linux (Whonix ™) will one day become users who mainly use Linux as their host operating system.
- We have a Whonix ™ Windows Installer which installs VirtualBox Whonix ™ VirtualBox VMs because of these reasons.
Why Use KVM Over VirtualBox?[edit]
See Why Use KVM Over VirtualBox?
See Also[edit]
Misc[edit]
test sudoedit fix http://forums.whonix.org/t/use-sudoedit-in-whonix-documentation-and-whonix-software/7599/29 mount new HDD using Thunar https://forums.whonix.org/t/cannot-access-encrypted-usb-drive-with-thunar-in-whonix-15/8131 https://forums.whonix.org/t/cannot-use-pkexec/8129/15 lkrg feature request: sysctl to disable unloading screen freezes: sleep 5 && sudo rmmod p_lkrg require root to view logs whonixcheck split out logic when to run form actual check run after whonix setup wizard basic check at every boot connectivity check manual run census after silent connectivity check gui wrapper? kicksecure CLI DNS broken www.kicksecure.com merge open-link-confirmation xdg-open exo-open --launch WebBrowser sensible-browser x-www-browser gnome-www-browser xdg-mime query default text/html $BROWSER xdg-settings get default-web-browser /etc/skel/.config/xfce4/panel/launcher-7/15404746583.desktop with tb-default-browser Be careful if x-www-browser (/usr/bin/whichbrowser) is already running as your activities might get linked. Do you want to open x-www-browser (/usr/bin/whichbrowser)? Powered by Discourse, best viewed with JavaScript enabled welcome page
- ↑ In response to whether JanusVM was safe to use, Roger Dingledine of The Tor Project stated in 2011 [archive]: "No, not safe. Probably has been unsafe to use for years."