The virtualization platform is an essential component of a secure Whonix system. A vulnerable virtualizer may provide opportunities for attackers to perform a breakout from a virtual machine in order to undo the security by isolation features that Whonix provides. The decision to install an alternative virtualizer should not be taken lightly.
There are two methods that can be used to install VirtualBox and these are recommended over downloading, verifying, and installing binaries manually. The two repositories below are maintained by different teams, Debian and Virtualbox.org, respectively.
Install VirtualBox from Debian Backports
This is the recommend choice. Documented on page VirtualBox.
Install from Oracle Repository
Warning: This is a foreign source.
Add oracle apt sources list.
stretch to the current name of your stable distribution.)
sudo su -c "echo -e 'deb http://download.virtualbox.org/virtualbox/debian stretch contrib' > /etc/apt/sources.list.d/oracle.list"
Add Oracle's signing key to apt-get keyring.
sudo apt-key --keyring /etc/apt/trusted.gpg.d/whonix.gpg adv --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys B9F8D658297AF3EFC18D5CDFA2F683C52980AECF
Update the package lists.
sudo apt-get update
sudo apt-get install virtualbox-5.2 linux-headers-$(uname -r)
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.