Qubes Logo

Whonix Logo

Qubes-Whonix ™ is the seamless combination of Qubes OS and Whonix ™ for advanced security and anonymity.

Overview[edit]

In this configuration Whonix ™ runs on top of Qubes inside virtual machines (VMs), just like any other OS on the same platform (Fedora, Debian, Arch Linux and so on).

The Qubes bare-metal hypervisor is based on Xen and Fedora. Via hardware support like VT-x and VT-d Qubes has successfully implemented a comprehensive yet strict security-by-isolation architecture. Hardware controllers and multiple user domains (qubes) are isolated using separate VMs that are explicitly assigned different levels of trust, yet the desktop experience is user-friendly and well-integrated.

Whonix ™ is based on Debian and Tor. The design provides a two-VM, split security architecture: an isolated Whonix-Gateway ™ (ProxyVM; sys-whonix) for complete routing of traffic over Tor; and Whonix-Workstation ™ (App Qube; anon-whonix) for all desktop applications, which serves as a tailored OS environment for Tor-based privacy/anonymity.

To use Qubes-Whonix ™, Qubes must first be installed as a hypervisor on the physical host computer, followed by installation of the two separate Whonix ™ Templates -- whonix-gw-16 and whonix-ws-16 -- on top of Qubes. From this point, the Whonix ™ Templates can be used for customization and creation of multiple Whonix-Gateway ™ ProxyVMs and Whonix-Workstation ™ AppVMs, enabling enhanced compartmentalization of user activities for better privacy. ^[1]

For a more in-depth consideration of Qubes-Whonix ™ advantages, see: Why use Qubes over other Virtualizers?

Qubes-Whonix Security Disadvantages - Help Wanted!

Figure: Qubes OS Design ^[2]

Guides[edit]

Common Tasks[edit]

For major Template and AppVM operations, refer to the following guides:

Qubes-Whonix ™ Tor Connectivity and sdwdate Troubleshooting

Security and Anonymity[edit]

For improved security and anonymity after installing Qubes-Whonix ™, refer to the following guides:

Advanced[edit]

Qubes Persistence[edit]

Qubes (non-)persistence is a Qubes default and unspecific to Whonix ™.

Table: Qubes R4 Inheritance and Persistence

	Inheritance ^[3]	Persistence ^[4]
Template ^[5] ^[6]	n/a	Everything
App Qubes ^[7]	`/etc/skel/` to `/home/`	`/rw/` (includes `/home/` and `bind-dirs`)
Disposable Template ^[8] ^[9]	`/etc/skel/` to `/home/`	`/rw/` (includes `/home/`, `/usr/local` and `bind-dirs`)
Disposable ^[10] ^[11]	`/rw/` (includes `/home/`, `/usr/local` and `bind-dirs`)	Nothing

Qubes Template Modifications[edit]

If a Qubes template has been modified, to make changes in App Qubes based on that Template take effect, it is required to shutdown the Template and restart the App Qubes based on that Template. This is a Qubes default and unspecific to Whonix ™.

Support[edit]

Before seeking personal support, please first search for the issue and a possible, documented solution. In many cases the issue can be solved by inspecting the phabricator issues tracker, reading Whonix ™ guides/documentation, conducting web searches, and examining past support requests.

If a search yields no results, support requests should be directed to the most appropriate forum:

Qubes:
Qubes-Whonix ™-specific: Whonix ™ Qubes Forum
Whonix ™, Debian and Tor: Whonix ™ Support

Table of Contents[edit]

Footnotes[edit]

↑ The only limitation on the number of possible VMs is available disk space.
↑ https://www.qubes-os.org/intro/
↑ Upon creation.
↑ Following shutdown.
↑ https://www.qubes-os.org/doc/templates/
↑ The former name was Template.
↑ The former name was AppVM or TemplateBasedVM.
↑ https://github.com/QubesOS/qubes-issues/issues/4175
↑ Former names included DisposableVM Template, DVM Template, and DVM.
↑ https://www.qubes-os.org/doc/glossary/#disposable
↑ Former names included DisposableVM and DispVM.
↑ The former discourse forum was discontinued on 1 July, 2021.

Whonix ™ The most watertight privacy operating system in the world.

Donate

FREE · PLUS · PREMIUM Support

At Whonix we believe in freedom and trust. That's why we fully support Open Source and Freedom Software. Learn more.

Whonix ™ is supported by Evolution Host DDoS Protected VPS.

Whonix ™ is the most watertight privacy operating system in the world.

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole. By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service , Privacy Policy , Cookie Policy , E-Sign Consent , DMCA , Imprint Whonix

ENCRYPTED SUPPORT LP, 2022

Hardened by Kicksecure ™

[1] The only limitation on the number of possible VMs is available disk space.

[2] ttps://www.qubes-os.org/intro/

[3] Upon creation.

[4] Following shutdown.

[5] ttps://www.qubes-os.org/doc/templates/

[6] The former name was Template.

[7] The former name was AppVM or TemplateBasedVM.

[8] ttps://github.com/QubesOS/qubes-issues/issues/4175

[9] Former names included DisposableVM Template, DVM Template, and DVM.

[10] ttps://www.qubes-os.org/doc/glossary/#disposable

[11] Former names included DisposableVM and DispVM.

[12] The former discourse forum was discontinued on 1 July, 2021.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]