Supported Host Operating Systems[edit]

Any operating system that can run a supported virtualizer can run Whonix ™, including Windows, macOS, BSD, and Linux. Most users get started by installing VirtualBox on their current operating system and importing the Whonix ™ images. Advanced users may wish to boot a host operating system (usually a Unix variant) dedicated solely to running the Whonix ™ virtual machines.

For the best possible security, users can choose to run Whonix ™ virtual machines on the Qubes platform (Qubes-Whonix ™). Qubes is a Xen-based hypervisor (virtualizer) that runs on the bare metal of the hardware instead of within a host operating system. ^[1]

Supported Platforms[edit]

Non-Qubes-Whonix System Requirements[edit]

Table: Non-Qubes-Whonix System Requirements

Category	Description
Minimum	1 GB free RAM - with Whonix-Gateway ™ lowered to 256 MB. ^[5] 10 GB free hard drive space.
Recommended	Additional hard drive space when installing applications into the Whonix-Workstation ™. A CPU with AMD-V ^[archive] or Intel VT-x ^[archive].
For Best Performance	A solid state drive (SSD). Additional RAM to dedicate to the Whonix-Workstation ™ when multitasking.
Additional Notes	Whonix-Workstation ™ can be run with 256 MB RAM when not using a desktop environment. ^[5] For low memory and console-only configurations, see Ram Adjusted Desktop Starter. Users that experience the PAE or "VERR_SSM_FIELD_NOT_CONSECUTIVE" error; please read here.

Qubes-Whonix ™ System Requirements[edit]

"Qubes can be installed on systems which do not meet the recommended requirements. Such systems will still offer significant security improvements over traditional operating systems, since things like GUI isolation and kernel protection do not require special hardware." ^[6]

Minimum (Qubes 4.X)[edit]

4 GB RAM.
32 GB disk space.
A 64-bit Intel or AMD processor - x86_64 aka x64 aka AMD64. ^[7]
- Intel VT-x with EPT ^[archive] or AMD-V with RVI ^[archive]. ^[8]
- Intel VT-d ^[archive] or AMD-Vi ^[archive] (aka AMD IOMMU) - required for effective isolation of network VMs and PCI passthrough ^[archive].

Recommended[edit]

A fast SSD - strongly recommended.
Intel IGP - strongly preferred.
- Nvidia GPUs may require significant troubleshooting.
- ATI GPUs have not been formally tested, but see the Hardware Compatibility List ^[archive].
TPM with proper BIOS support - required for Anti Evil Maid ^[archive].
16 GB+ RAM minimum. 32 GB+ for power users. ^[9]
A non-USB keyboard or multiple USB controllers to enable creation of a USB VM ^[archive]. ^[10]
Interrupt remapping - this helps resist potential (hypothetical) attacks coming from compromised driver domains like sys-net or sys-usb. ^[11]

Before purchasing any hardware specifically for Qubes, always check the hardware compatibility list (HCL) ^[archive] first for suitable models. Without referring to the HCL, there is no guarantee that a computer supporting the above specifications will successfully install Qubes.

Joanna Rutkowska, Qubes founder and former project leader ^[archive], stated in early-2018: ^[12]

BTW, our laptop of choice for Qubes 4.0 is Carbon X1 gen5. This is what most of the core team uses now, so we try to make sure it runs Qubes 4.0 smoothly. But keep in mind this is not an _officially_ supported model, i.e. we don't guarantee anything™, use at your own risk™

Also note the fairly priced Insurgo PrivacyBeast X230 ^[archive] is the first custom, refurbished laptop to exceed all Qubes hardware certification requirements. ^[13] For detailed specifications and pricing, see: Insurgo PrivacyBeast X230 Laptop - QubesOS Certified & preinstalled - Single Order ^[archive].

Footnotes[edit]

↑ This is more secure because an attacker must subvert the hypervisor, which is far more difficult than exploiting a host operating system.
↑ Custom-Workstation: Self-made builds can be run on any real or virtual hardware, so long as they are behind a Whonix-Gateway ™. Tor Browser binaries are only available for a limited number of platforms (Windows, Linux, BSD and MacOS).
↑ Unsupported: QEMU
↑ Unsupported: VMware
↑ ^5.0 ^5.1 The virtual machine can work with as low as 256 MB RAM, but resource intensive operations like kernel package upgrades that rebuild the initrd might leave the virtual machine in a frozen state. It might run with 196 MB RAM or even less. Experimentation with RAM lower than 256 MB is up to the user; please share your results.
↑ https://www.qubes-os.org/doc/system-requirements/ ^[archive]
↑ Qubes system requirements are directly sourced from https://www.qubes-os.org/doc/system-requirements/ ^[archive]
↑ This is required for running HVM domains ^[archive], such as Windows-based AppVMs.
↑ Users report problems in creating DisposableVMs and running multiple VMs in parallel with only 4 GB RAM. 8 GB RAM is nearly exhausted with Qubes-Whonix ™ VMs running in parallel with the sys-net, sys-firewall and sys-usb AppVMs.
↑ To prevent malicious compromise of dom0 via USB mice, keyboards or other USB devices.
↑ https://github.com/QubesOS/qubes-issues/issues/3208 ^[archive]
↑ https://twitter.com/rootkovska/status/959743157041811456 ^[archive]
↑
This includes:
- Binary-blob-free Coreboot initialization, including native graphic initialization.
- Heads provides an Anti-evil Maid (AEM) firmware solution and protects against malicious interdiction.
- Intel ME is neutered and unnecessary modules involved in main CPU initialization have been deleted.
- Ships with Qubes OS pre-installed (with full-disk encryption), with the final disk encryption key being regenerated when first powered on by the buyer.

Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.

Follow:

Donate:

Share: Twitter | Facebook

Want to help create awesome, up-to-date screenshots for the Whonix wiki? Help is most welcome!

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee ^[archive] of the Open Invention Network ^[archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian ^[archive]. Debian is a registered trademark ^[archive] owned by Software in the Public Interest, Inc ^[archive].

Whonix ™ is produced independently from the Tor® ^[archive] anonymity software and carries no guarantee from The Tor Project ^[archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.

[1] This is more secure because an attacker must subvert the hypervisor, which is far more difficult than exploiting a host operating system.

[2] Custom-Workstation: Self-made builds can be run on any real or virtual hardware, so long as they are behind a Whonix-Gateway ™. Tor Browser binaries are only available for a limited number of platforms (Windows, Linux, BSD and MacOS).

[3] Unsupported: QEMU

[4] Unsupported: VMware

[minimum_ram-5] 5.0 ^5.1 The virtual machine can work with as low as 256 MB RAM, but resource intensive operations like kernel package upgrades that rebuild the initrd might leave the virtual machine in a frozen state. It might run with 196 MB RAM or even less. Experimentation with RAM lower than 256 MB is up to the user; please share your results.

[6] ttps://www.qubes-os.org/doc/system-requirements/ ^[archive]

[7] Qubes system requirements are directly sourced from https://www.qubes-os.org/doc/system-requirements/ ^[archive]

[8] This is required for running HVM domains ^[archive], such as Windows-based AppVMs.

[9] Users report problems in creating DisposableVMs and running multiple VMs in parallel with only 4 GB RAM. 8 GB RAM is nearly exhausted with Qubes-Whonix ™ VMs running in parallel with the sys-net, sys-firewall and sys-usb AppVMs.

[10] To prevent malicious compromise of dom0 via USB mice, keyboards or other USB devices.

[11] ttps://github.com/QubesOS/qubes-issues/issues/3208 ^[archive]

[12] ttps://twitter.com/rootkovska/status/959743157041811456 ^[archive]

[13] This includes:
Binary-blob-free Coreboot initialization, including native graphic initialization.

Heads provides an Anti-evil Maid (AEM) firmware solution and protects against malicious interdiction.

Intel ME is neutered and unnecessary modules involved in main CPU initialization have been deleted.

Ships with Qubes OS pre-installed (with full-disk encryption), with the final disk encryption key being regenerated when first powered on by the buyer.

[14] Binary-blob-free Coreboot initialization, including native graphic initialization.

[15] Heads provides an Anti-evil Maid (AEM) firmware solution and protects against malicious interdiction.

[16] Intel ME is neutered and unnecessary modules involved in main CPU initialization have been deleted.

[17] Ships with Qubes OS pre-installed (with full-disk encryption), with the final disk encryption key being regenerated when first powered on by the buyer.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

System Requirements

From Whonix

(Redirected from Requirements)

Contents