HowTo: Install the Stable Version of Qubes-Whonix ™ 15
First time user?
Remove Old Versions
This is section
Remove Old Versions as above headline indicates.
To launch a dom0 terminal, click the Qubes App Launcher (blue/grey "Q") and then open the Terminal Emulator (Xfce Terminal).
Upgrade Qubes dom0. This step is mandatory. 
Adjust Whonix Version Number
Please report if this step was necessary or unnecessary for you!
Download Whonix ™ Templates and Configure sys-whonix and anon-whonix
qubesctl command  will:
- Download both Whonix-Gateway ™ and Whonix-Workstation ™ TemplateVMs.
In dom0, run.
sudo qubesctl state.sls qvm.anon-whonix
Optional Whonix ™ DVM Template VM
In dom0, run.
sudo qubesctl state.sls qvm.whonix-ws-dvm
Optional Updates over Tor
To force all TemplateVM updates over Tor,  use salt in dom0.
sudo qubesctl state.sls qvm.updates-via-whonix
To force dom0 updates over Tor, set Qubes' dom0 UpdateVM to
To revert this change, set Qubes' dom0 UpdateVM to
sys-firewall or another preferred VM. 
Optional: Enable AppArmor
If you are interested, click on Expand on the right.
The following steps should be completed in dom0 for both
whonix-ws-15 TemplateVMs.  After these settings have been applied to the Whonix templates, the
sys-whonix (ProxyVM) and
anon-whonix (AppVM) will inherit the AppArmor kernel settings.
It is unnecessary to recreate the
anon-whonix TemplateBasedVMs to benefit from the new kernel parameters. It is also important for users to verify AppArmor is active in the
anon-whonix VMs after making these changes.
Update and Launch Applications
Before starting applications in the Whonix-Workstation ™ AppVM, update both Whonix-Gateway ™ and Whonix-Workstation ™ TemplateVMs.
To launch an application like Tor Browser:
To learn about known bugs affecting this release, see here.
It is recommended to refer to these additional references:
In Qubes R4.0, after uninstalling old Whonix ™ templates and attempting reinstallation via:
[user@dom0 ~]$ sudo qubesctl state.sls qvm.anon-whonix
The result is.
'state.sls' is not available. DOM0 configuration failed, not continuing
Solution: Restarting after uninstalling old Whonix ™ versions.
This is because the name of the TemplateVMs changed from:
- This is required to make sure a recent version of Qubes repository definition files, Qubes salt, qubes-core-admin-addon-whonix [archive] as well as qubes-mgmt-salt-dom0-virtual-machines [archive] gets installed.
- add salt download progress indicator [archive]
If an error message appears stating that
qubesctldoes not exist or the command is not recognized, then it is necessary to enable the testing repository and install
sudo qubes-dom0-update --best --allowerasing --enablerepo=qubes-dom0-current-testing qubes-mgmt-salt-dom0-virtual-machines
Sometimes the Qubes Community Templates repository must also be enabled by editing Qubes dom0 repository definition files.
Please report if step this was necessary for you!
qubesctlstill does not work, try shutting down Qubes OS and rebooting the machine. Please report if this step was necessary for you!
- https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/blob/master/qvm/whonix-ws-15-dvm.sls [archive]
- In Qubes-R4 and above, RPC/qrexec UpdatesProxy is used to update TemplateVMs
- salt [archive]
- https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/blob/master/qvm/updates-via-whonix.sls [archive]
- https://groups.google.com/forum/?_escaped_fragment_=topic/qubes-users/_jI2uWPPMMA#!topic/qubes-users/_jI2uWPPMMA [archive]
Or manually set the torified UpdateVM in dom0 terminal.
qubes-prefs updatevm sys-whonix
To revert this change in dom0 terminal, run.
qubes-prefs updatevm sys-firewall
- While Debian enabled AppArmor by default since Debian buster, Fedora does not. This matters since Qubes, which is Fedora based, by default uses dom0, not VM kernel. Therefore this is still required even though Whonix 15 is Debian buster based.
- Since Qubes R3.0, TemplateBasedVMs inherit the kernelopts setting of their TemplateVM [archive].
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)