Whonix-Host Operating System Live ISO, Whonix-Host Installer
DO NOT USE THIS YET AS A USER!
Important warning: Whonix-Host is experimental software and still in early development. It is currently still lacking some core features, such as persistent installation in EFI mode or a working firewall on the Host, and is not yet ready for production, nor intended for end-users.
This version is a preview for developers only.
Please see Whonix-Host Developers-Only Preview Version 220.127.116.11.7 Released! [archive] for more information on Whonix-Host development state.
Major missing features in the initial release include:
- Whonix-Host EFI booting support [archive]
- Whonix Host Firewall for Whonix Host [archive]
- Whonix-Host Tor configuration and anon-connection-wizard (ACW) [archive]
See also Dev/Whonix-Host.
Please report back any bugs you may encounter. Help welcome!
What is Whonix-Host?
Whonix-Host is a complete Operating System provided by Whonix developers specifically designed to run Whonix virtual machines ("Whonix-Gateway" and "Whonix-Workstation").
Based on Kicksecure, Whonix-Host comes out-of-the-box with all Kicksecure security features and KVM hypervisor with ready-to-use pre-installed Whonix virtual machines.
By default, Whonix-Host runs from a USB flash drive as a Live ISO, as any modern Linux distribution does. This means that you can use and test the whole system, including Whonix-Gateway and Whonix-Workstation, without making any changes to your computer ("live" or "amnesic" mode).
Whonix-Host can also be installed from the USB flash drive on an internal hard drive or external drive such as another USB flash drive to be used as a permanent Operating System ("persistent" mode).
- Whonix-Host ISO is available as a Live ISO. I.e. can boot Whonix-Host from Live DVD or Live USB.
- Whonix-Host installed has a boot menu option to boot into persistent mode or live mode.
- No clearnet traffic by default. (details [archive]) (not implemented yet!)
Differences with Qubes-Whonix
- Not having some of Qubes-Whonix security disadvantages [archive].
- Better hardware support. (Same as Debian.)
- Does not involve Fedora on dom0 host.
- No, not having any clearnet traffic by default in Qubes is not easily possible, see:
- sys-net phones home to fedoraproject.org for captive portal detection [archive] (Ticket was closed but the issue was not fixed.)
- Qubes-Whonix-Gateway as ClockVM [archive]
Whonix-Host installation is very simple and boils down to only two steps:
1. Download the Whonix-Host ISO file and verify its integrity
2. Copy its content onto a USB flash drive
The instructions below detail the exact procedure to follow whether you are using Linux, Windows 10 or MacOS.
Recommended System Specifications
- A 64 bit processor with virtualization capacities
- Minimum 4GB of RAM
- Minimum 4GB USB flash drive
- Optional: another flash drive or HDD/SDD with minimum 10GB of free space if you intend to install Whonix-Host
Download and verify ISO integrity
To be completed
Installation From Windows
To be completed
Installation From MacOS
To be completed
Installation From Linux
On Linux the easiest way to burn Whonix-Host on a USB flash drive is to use the 'dd' command-line utility.
Booting From the USB Flash Drive
To use Whonix-Host, you must insert the USB flash drive that you have burnt in the previous step into your computer and boot from it.
Depending on your computer, you may be able to change its boot order (to make sure it will boot from the Whonix-Host USB flash drive and not its usual internal disk) by pressing a special key such as F12 or Enter. Please refer to your motherboard specific documentation for instructions on how to change the boot order. Once you have found the boot order option, just select the Whonix-Host USB flash drive and press Enter.
Whonix-Host is able to boot from both EFI and BIOS ("legacy") systems. When booting on an EFI system, you will be met by the 'Grub' bootloader, and by the 'Isolinux' bootloader if you are booting on BIOS mode. Note: as of version 18.104.22.168.4 you must boot in BIOS mode if you intend to install Whonix-Host on a persistent drive, as it currently does not support EFI install (still under development, see disclaimer above).
In either case you can safely press 'Enter' to boot the system into the XFCE Desktop environment, or press 'e' if you wish to modify the boot settings (advanced users).
To be completed
Whonix-Host Persistent Installation
Warning: Work in progress! Whonix-Host does not currently support installation in EFI mode. While the ISO file boots normally in EFI mode and the installation will succeed, your installed system will need manual adjustment in order to boot in EFI mode!
Whonix-Host can be installed on an internal drive or an external drive such as a USB device with the help of the Whonix-Host Calamares installer.
It is recommended before installation to connect only the device on which you intend to install Whonix-Host and to unplug all the other disks to avoid loss of data!
The installation is straightforward and only allows the user to customize the disk partitioning. The Whonix-Host Calamares installer does not provide the usual options of selecting a location and a timezone, changing the system language or creating a new user.
This is on purpose to ensure that Whonix-Host security and privacy features are well-preserved on the installed target.
Any change the user would like to perform can be done at his own risk after the installation if he wishes so.
Launching the Calamares installer
To do so, click on the 'Install Whonix-Host' icon on the Desktop. Click on the 'Next' button to start the configuration process.
Choose the storage device where you want to install Whonix-Host. Please make sure you have selected the correct drive!
If you are installing on a fresh device (recommended), select 'Erase disk'. Otherwise you have the options to 'Replace a partition' or 'Manual partitioning' (advanced users).
Choose 'Encrypt the system' if you wish to encrypt your installation (recommended). Click on 'Next' once you are ready to proceed further.
The next module allows you review your installation settings and correct them if you wish so. Click on 'Next' to begin the installation. The installer will then proceed with the installation. It can take a while to complete depending on your hardware.
Once finished, you can choose to continue using the live system or reboot into your installed system. Do not forget to remove the USB device containing the Whonix-Host ISO before restarting your computer.
Whonix-Host can also be booted in live mode, which means that during a live session no changes will be written to the disk. If you wish to do so, select 'LIVE mode USER (For daily activities)...' at the GRUB screen and press enter.
The default login user is 'user' and the default password is 'changeme'. You are strongly advised to change the default password once you have logged in.
|Whonix-Host in ISO mode||Whonix-Host Persistent Mode||Whonix-Host Live Mode|
|Before Whonix-Host Installation||Yes||No||No|
|After Whonix-Host Installation||No||Yes||Yes|
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)