For Mac M1, M2, ...

About this For Whonix on Apple Silicon Chapter Contributor maintained wiki page.
Support Status	Unmaintained. Development stalled.
Difficulty	hard
Contributor	Past: Gavin Pacini / Current: none
Support	Whonix on Mac M1 (ARM)

First things first

• Right now, you need to build Whonix using the build script to get it running on Apple Silicon.
• This can be improved in the future. If you want to help, please visit this forum thread.
• Please understand that this is only for advanced users for now!

1. Environment Setup

• download UTM and install

and follow these instructions to install your own Debian arm64 based VM

• Debian bookworm netinstall disc image
• open UTM
• click "Create a new virtual machine"
• click "Virtualize"
• click "Linux"
• click "browse" and select the downloaded netinstall image iso file
• and then click "Next"
• on the "Hardware" screen just leave the defaults (4 GB RAM, 4 cores). GPU acceleration is not recommended at this time as it crashes randomly.
• and then click "Next"
• on "Storage" click "Next"
• click "Browse". Choose the directory that you want the built Whonix images to end up in.
• and then click "Next"
• verify settings on the "Summary" page and then click "Save"
• start the new VM and install linux by following the instructions on screen.
• once installation is finished boot into VM again.
• open a terminal and run sudo apt install spice-vdagent spice-webdavd dosfstools
• change VM hostname to host

Double click the utm file to import it.

2. Initial Build

Follow the build documentation here and be sure to set build parameters:

• --arch arm64 and --target utm when running the build script as part of the Dev/Build_Documentation/VM#VM_Creation step.
• --tb open will result in tb-updater (update-torbrowser) (Tor Browser Downloader by Whonix developers) attempting to download Tor Browser during the build process but fail open (continue the build without error) should the download fail. Previously Tor Browser download would fail. This might be fixed by now. but that is OK as far as the build process is concerned.
• --repo true will result in Project-APT-Repository being enabled.
• --vmsize defines the size of the virtual hard drive.
  • --vmsize 15G will create 15 GB disk size for the gateway.
  • --vmsize 25G will create 25 GB disk size for the workstation.
  • These numbers are arbitrarily chosen and not yet optimized. Feel free to use higher disk sizes. Lower disk sizes are ok too. In worst case, the build will fail or the disk will full up.
  • It is possible to increase the virtual hard disk size later.

Build commands should Look similar to:

• ~/derivative-maker/derivative-maker --flavor whonix-gateway-xfce --target utm --arch arm64 --tb open --repo true --vmsize 15G
• ~/derivative-maker/derivative-maker --flavor whonix-workstation-xfce --target utm --arch arm64 --tb open --repo true --vmsize 25G

Provided you have built correctly, you will now have two .tar.gz files in the ~/derivative-binary (they will look something like Whonix-<flavour>-Xfce-17.0.4.5.utm.tar.gz), one for the Workstation and one for the Gateway.

• move the .tar.gz files into the shared folder, so they are transferred to your Mac.

3. Import utm files

• unzip the tar.gz files
• double click each utm file to import it

NOTE: The utm files are completely configured and use special networking. They will work as-is, but feel free to tweak memory, or other settings.

Virtualization on osx86 aka "Hackintosh" machines with unmodified "vanilla" kernels works well, but some additional BIOS/UEFI settings need to be confirmed to ensure system stability. As of November 2018 Intel VT-d is not recommended, although some systems may function if it is enabled. Later BIOS revisions from American Megatrends Inc. (AMI) seem to have improved support compared to earlier releases.

AMD-Vi is not supported, since kernel modifications violating Apple Inc.'s End User License Agreement (EULA) are required to run macOS on platforms other than Intel. It is also recommended to disable the Integrated Graphics Processing Unit (IGPU) if PCIe graphics are in use, as well as disabling any SuperIO/Serial Port options if listed in BIOS. If virtualization problems related to unsupported architectures or features are encountered, please first consult appropriate community forums and wikis available on the Internet.