Whonix ™ for macOS: Download and Installation
Donate
Whonix ™ for Apple macOS inside VirtualBox (Intel Macs only, for Apple Silicon support please read section M1 below).
Please follow these steps to install Whonix ™ Xfce.
1 Install VirtualBox
Recommended VirtualBox version: latest
Download VirtualBox
by clicking on 'OS X hosts' and when prompted decide to either open or save the Apple disk image file (e.g. VirtualBox-...-OSX.dmg). After it mounts, install it by double-clicking on the blue VirtualBox logo.
2 Download Whonix ™ Xfce for macOS
Optional: Verify the Whonix ™ Images cryptographically.
Version: 16.0.9.0
Verify the Whonix ™ Images
Digital signatures can increase security but this requires knowledge. Learn more about digital software signature verification.
Verify images using this Signing Key
How to verify the Whonix ™ Images : Whonix ™ virtual machine images are cryptographically signed by Whonix ™ developer Patrick Schleizer using OpenPGP and signify.
Do you already how to perform digital software verification using an OpenPGP and/or signify key?
- Yes: Acquire the Whonix ™ Signing Key and the Whonix ™ signatures straight away and proceed.
- No: Consider the following instructions:
3 Import Whonix ™ into VirtualBox
For Whonix ™ VirtualBox import instructions, please press on expand on the right.
Start VirtualBox
Click on File then choose Import Appliance...
Navigate and select the Whonix ™ image and press next
Do NOT change anything! Just click on Import
Then press Agree
Wait until Whonix-Gateway.ova has been imported
Repeat the import step for Whonix-Workstation.ova
Miscellaneous
Video Tutorials are also available.
If you still need help, please check the Support page.
After the Whonix ™ .ova files are imported they can be removed. VirtualBox will make a new directory with the live virtual machines Whonix-Gateway.vbox and Whonix-Workstation.vbox, and they are contained in directories of the same name. By default this is /Users/(yourusername)/VirtualBox VMs
4 Start Whonix
Starting Whonix ™ is simple. Start VirtualBox, and then double-click on Whonix-Gateway ™ and Whonix-Workstation ™.
Start both Whonix-Gateway ™ and Whonix-Workstation ™
First time user?
default username: user
default password: changeme
Warning:
- If you do not know what metadata or a man-in-the-middle attack is.
- If you think nobody can eavesdrop on your communications because you are using Tor.
- If you have no idea how Whonix ™ works.
Then read the Design and Goals, Whonix ™ and Tor Limitations and Tips on Remaining Anonymous pages to decide whether Whonix ™ is the right tool for you based on its limitations.
Miscellaneous macOS Advice
If the same VMs will be used on multiple systems like Boot Camp or even two different physical machines, then they can be moved to a shared or external hard drive:
- Copy the VirtualBox VMs folder mentioned earlier to the new location.
- Select the VMs you moved and then click remove.
- When prompted, select "Delete files".
- Re-add the VMs from their new location by selecting
Machine=>Add, then navigating to the new folder.
exFAT is the easiest format for cross platform file sharing with Windows and Linux. exFAT is an option built into Apple's "Disk Utility.app" when initializing or reformatting a storage device. Select exFAT from the drop down menu that appears when you click "Erase". The default option is HFS+ on 10.13 "High Sierra" and earlier and APFS on 10.14 "Mojave".
Note that with its POSIX kernel and BSD roots, many issues that arise on macOS hosts can be addressed using strategies similar to other Unix-like OSes.
Virtualization on non-Apple Hardware
Virtualization on osx86 aka "Hackintosh" machines with unmodified "vanilla" kernels works well, but some additional BIOS/UEFI settings need to be confirmed to ensure system stability. As of November 2018 Intel VT-d is not recommended, although some systems may function if it is enabled. Later BIOS revisions from American Megatrends Inc. (AMI) seem to have improved support compared to earlier releases.
AMD-Vi is not supported, since kernel modifications violating Apple Inc.'s End User License Agreement (EULA) are required to run macOS on platforms other than Intel. It is also recommended to disable the Integrated Graphics Processing Unit (IGPU) if PCIe graphics are in use, as well as disabling any SuperIO/Serial Port options if listed in BIOS. If virtualization problems related to unsupported architectures or features are encountered, please first consult appropriate community forums and wikis available on the Internet.
Running Whonix ™ on Apple Silicon
Warning: This is for testers-only!
At time of writing, running Whonix ™ on Apple Silicon is still for advanced users only!
| About this For Whonix ™ on Apple Silicon Chapter This wiki page is maintained by a contributor. | |
|---|---|
| Support Status | Unmaintained. Development stalled. |
| Difficulty | hard |
| Contributor | Past: Gavin Pacini / Current: none
|
| Support | Whonix ™ on Mac M1 (ARM)
|
First things first
- Right now, you need to build Whonix ™ using the build script to get it running on Apple Silicon.
- This can be improved in the future. If you want to help, please visit this forum thread.
- Please understand that this is only for advanced users for now!
1. Environment Setup
- download UTM and install
and follow these instructions to install your own Debian arm64 based VM
- Download Debian bullseye netinstall disc image
- open UTM
- click "Create a new virtual machine"
- click "Virtualize"
- click "Linux"
- click "browse" and select the downloaded netinstall image iso file
- and then click "Next"
- on the "Hardware" screen just leave the defaults (4 GB RAM, 4 cores). GPU acceleration is not recommended at this time as it crashes randomly.
- and then click "Next"
- on "Storage" click "Next"
- click "Browse". Choose the directory that you want the built Whonix images to end up in.
- and then click "Next"
- verify settings on the "Summary" page and then click "Save"
- start the new VM and install linux by following the instructions on screen.
- once installation is finished boot into VM again.
- open a terminal and run
sudo apt install spice-vdagent spice-webdavd dosfstools - change VM hostname to
host
Double click the Bullseye utm file to import it.
2. Initial Build
Follow the build documentation here and be sure to set build parameters:
--arch arm64and--target utmwhen running the build script as part of the Dev/Build_Documentation/VM#VM_Creation step.--tb openwill result intb-updater(update-torbrowser) (Tor Browser Downloader by Whonix ™ developers) attempting to download Tor Browser during the build process but fail open (continue the build without error) should the download fail. Previously Tor Browser download would fail. This might be fixed by now. but that is OK as far as the build process is concerned.
Build commands should Look similar to:
~/derivative-maker/derivative-maker --flavor whonix-gateway-xfce --target utm --arch arm64 --build --tb open
~/derivative-maker/derivative-maker --flavor whonix-workstation-xfce --target utm --arch arm64 --build --tb open
Provided you have built correctly, you will now have two .tar.gz files in the ~/whonix_binary (they will look something like Whonix-<flavour>-XFCE-16.0.9.0.utm.tar.gz), one for the Workstation and one for the Gateway.
- move the .tar.gz files into the shared folder, so they are transferred to your Mac.
3. Import utm files
- unzip the tar.gz files
- double click each utm file to import it
NOTE: The utm files are completely configured and use special networking. They will work as-is, but feel free to tweak memory, or other settings.
See Also
At
Whonix we believe in freedom and trust. That's why we fully support Open Source and Freedom Software.
Whonix ™ is supported by Evolution Host DDoS Protected VPS.
ENCRYPTED SUPPORT LP,
2023