Jump to: navigation, search

Template:VM Settings Security Common

Qubes-Whonix users can skip this.

For Non-Qubes-Whonix, click on Expand on the right.

If the Whonix-Custom-Workstation template was downloaded and imported, this section can be skipped. [1]

If a VirtualBox VM was manually created, click on Expand on the right.

Find out the name of the VM you are using.

vboxmanage list vms

Apply these settings. [2]

VBoxManage modifyvm "yourvmname" --synthcpu on
VBoxManage modifyvm "yourvmname" --acpi on
VBoxManage modifyvm "yourvmname" --ioapic on
VBoxManage modifyvm "yourvmname" --rtcuseutc on
VBoxManage setextradata "yourvmname" "VBoxInternal/Devices/VMMDev/0/Config/GetHostTimeDisabled" "1"

Disable clipboard sharing. [3]

VBoxManage modifyvm "yourvmname" --clipboard disabled

Disable Drag'n'Drop support. [4]

VBoxManage modifyvm "yourvmname" --draganddrop disabled

Assistance is welcome in verifying that the settings on this wiki page match those we are using in Whonix source code. This ensures that no settings have been forgotten. If interested, click on Expand on the right.

In Whonix source code, examine build-steps.d/2500_create-vbox-vm for the functions general_setup and workstation_specific. Apply any missing settings from build-steps.d/2500_create-vbox-vm. It is also sensible to drop the "sudo -u $USERNAME" setting.

The following settings are not required. They are either recommended earlier on, or done by the gui creation process:

  • --name
  • storagectl
  • storageattach
  • --memory
  • --pae
  • --intnet1
  • --cableconnected
  • --macaddress1
  • --audiocontroller
  • --audio
  • --rtcuseutc
  1. The Whonix-Custom-Workstation template already comes with these settings by default.
  2. For further reading on why these settings are beneficial, see build-steps.d/2500_create-vbox-vm in the Whonix source code folder.
  3. This is a precautionary measure.
  4. This is a precautionary measure.