Jump to: navigation, search

Template:VM Settings Security Common

Qubes-Whonix users, can skip this.

For Non-Qubes-Whonix, click on expand on the right.

If you downloaded and imported the Whonix-Custom-Workstation template, this section can be skipped. [1]

If you manually created a VirtualBox VM, click on expand on the right.

Find out the VM name you are using.

vboxmanage list vms

Apply these settings. [2]

VBoxManage modifyvm "yourvmname" --synthcpu on
VBoxManage modifyvm "yourvmname" --acpi on
VBoxManage modifyvm "yourvmname" --ioapic on
VBoxManage modifyvm "yourvmname" --rtcuseutc on
VBoxManage setextradata "yourvmname" "VBoxInternal/Devices/VMMDev/0/Config/GetHostTimeDisabled" "1"

Disable clipboard sharing. Only matters if guest additions are installed which is recommended against. Just in case.

VBoxManage modifyvm "yourvmname" --clipboard disabled

Disable Drag'n'Drop support. Only matters if guest additions are installed which is recommended against. Just in case.

VBoxManage modifyvm "yourvmname" --draganddrop disabled

It would be prudent if you verify, that we haven't forgot any settings on this wiki page compared to settings we are using in Whonix source code. If you are interested, click on Expand on the right.

In Whonix source code look into build-steps.d/2500_create-vbox-vm for the functions general_setup, workstation_specific. Apply any missing settings from build-steps.d/2500_create-vbox-vm. You can and should drop the "sudo -u $USERNAME".

The following settings are not required (because recommended earlier or done by the gui creation process):

  • --name
  • storagectl
  • storageattach
  • --memory
  • --pae
  • --intnet1
  • --cableconnected
  • --macaddress1
  • --audiocontroller
  • --audio
  • --rtcuseutc
  1. Because the Whonix-Custom-Workstation template already comes with these settings by default.
  2. If you want to know what these settings are good for, see build-steps.d/2500_create-vbox-vm in Whonix source code folder.