Actions

Tuning

From Whonix


Gear-192875640.jpg

Introduction[edit]

Everything absolutely optional.

At the top of the Tuning chapter are the easier tuning steps. The farther you go down, the more skill will be required.

Currently primarily documented for virtualizer VirtualBox. Contributions for other virtualizers happily considered.

Hardware-accelerated graphics[edit]

Tested.

Bad for security.

Enable hardware-accelerated graphics for Whonix-Workstation ™.

On the host:

  1. Power off the VM.
  2. VirtualBoxclick a VMSettingsDisplayGraphics ControllerAcceleration: enable Enable 3D AccelerationOK
  3. Restart the VM.

See also VirtualBox manual: Hardware-accelerated graphics [archive].

Forum discussion: VirtualBox 3D Acceleration [archive]

Increase Virtual Machine RAM[edit]

Tested.

If less important identifiers are not important to you, and this is most likely very unimportant, you could use VirtualBox settings and increase the RAM for your Virtual Machine(s). Whonix-Workstation ™ will profit most, if you run into low RAM. Also Whonix-Gateway ™ could profit if you are creating big numbers of circuits and keep Tor busy. You can check how much RAM is free using free -m in Terminal. Example:

  1. Shutdown VM.
  2. Assign more RAM: Virtual machineMenuSettingsAdjust Memory slider to 4096Hit: OK
  3. Restart VM.

See also Advice for Systems with Low RAM.

More CPU cores[edit]

Tested.

On systems with multi-core processors, if less important identifiers are not important to you, and this is most likely unimportant, you could increase the number of cores available to the Virtual Machine(s) in VirtualBox settings.

Do not use the maximum since that could lead to system instability! Always do not assign at least one CPU. For example, if you have 4 CPUs, assign maximum 3 CPUs to the VM. [1]

  1. Power off the VM.
  2. VirtualBoxclick a VMSettingsSystemProcessorReduce to 3OK
  3. Restart the VM.

Disable CPU Mitigations[edit]

Untested.

Bad for security.

Consider disabling the Spectre Meltdown mitigations. (related forum discussion [archive])

Doing this is required in the VM in which the user intents to disable CPU mitigations and on the host operating system if using Kicksecure or security-misc.

sudo rm /etc/default/grub.d/40_cpu_mitigations.cfg

sudo update-grub

Reboot required.

Nested paging and VPIDs[edit]

Untested.

You could increase performance by using large and/or VPIDs. It is unknown, if that may decrease security or stability. See VirtualBox manual: Nested paging and VPIDs [archive] for more information.

vboxmanage modifyvm Whonix-Workstation-XFCE --largepages on

vboxmanage modifyvm Whonix-Gateway-XFCE --largepages on

vboxmanage modifyvm Whonix-Workstation-XFCE --vtxvpid on

vboxmanage modifyvm Whonix-Gateway-XFCE --vtxvpid on

Memory ballooning, Page Fusion, Memory overcommitment[edit]

Untested.

Memory ballooning is bad for security, see this reference (it is written in context of KVM but the research also applies to any other virtualizer unless it has specific protection against that which would need to be stated somewhere).

Other settings for security?

See VirtualBox manual: Memory overcommitment [archive].

Undocumented Tuning Settings[edit]

Untested.

There are probably more tuning related settings. Undocumented at Whonix ™. Documented in VirtualBox manual but not bundled as a chapter "tuning".

View all settings.

vboxmanage showvminfo Whonix-Workstation-XFCE

Learn about all of these settings. Read VirtualBox manual [archive].

Optimized builds[edit]

Untested.

Since the concept behind Whonix ™ is not tied to anything, you could create your own implementation. Perhaps using Gentoo with optimized build flags for your system. See Whonix ™ Framework, UniStation and Hardened Gentoo TG.

PCI passthrough[edit]

Untested.

Might greatly improve graphics performance. Bad for security as VMs should not have direct access to physical hardware.

Essentially this feature allows to directly use physical PCI devices on the host by the guest even if host doesn't have drivers for this particular device. See VirtualBox Manual: PCI passthrough [archive].

See Also[edit]

Footnotes[edit]



text=Jobs in USA
Jobs in USA


Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki


Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Have you contributed to Whonix ™? If so, feel free to add your name and highlight what you did on the Whonix ™ authorship page.

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.