Whonix Live

About this Whonix Live Page
Support Status testing
Difficulty medium
Maintainer Algernon
Support Support


Starting with Whonix 14, users can optionally run Whonix as a live system. Booting into live mode will make all writes go to RAM instead of the hard disk. Everything that is created / changed / downloaded in the VM during that session will not persist after shutdown. This also holds true for malicious changes made by malware, so long as it did not break out of the virtual machine.

There are two live mode options available, grub-live and ro-mode-init.

  • grub-live will create a new boot menu entry which the user has to select manually but it is the more failsafe and hence the recommended option.
  • With ro-mode-init the boot menu will stay the same and the system will automatically boot into live mode when it detects a read-only disk otherwise it boots normally into persistent mode.

Live-mode Configuration[edit]

Create a snapshot of your VM.

Alternatively backup the /boot folder.

sudo cp -a /boot /boot.back

Update the package lists.

sudo apt-get update

Upgrade the system.

sudo apt-get dist-upgrade

Option 1[edit]

Install the grub-live package.

sudo apt-get install grub-live

Following reboot, a second boot entry called "Whonix Live-mode" will be visible. Simply press Enter to boot the live system and use it as normal.

To increase security, the VM disks can be set to read-only. Otherwise, malware running as root in the VM could theoretically mount the image read-write and gain persistence in this way.

Option 2[edit]

Install the ro-mode-init package.

sudo apt-get install ro-mode-init

For this option the VM disk needs to be set to read-only, otherwise it will always boot into persistent mode.

Live-mode on KVM[edit]

For KVM, the hard disk can be set to read-only in the virt-manager GUI before booting into live mode. To boot into normal mode again, simply revert this change.

Live-mode on VirtualBox[edit]

Option 1[edit]

The easiest way to set a VirtualBox VM to read-only is to use:

Note: replace vmname with the actual name of the VM!

VBoxManage setextradata vmname "VBoxInternal/Devices/lsilogicsas/0/LUN#0/AttachedDriver/Config/Readonly" 1

to revert the change use:

VBoxManage setextradata vmname "VBoxInternal/Devices/lsilogicsas/0/LUN#0/AttachedDriver/Config/Readonly"

Note that this option is not the official way for setting VM's to read-only in VirtualBox. In contrast to the second option it works similar to the read-only option for KVM and won't create a snapshot.

Option 2[edit]

First read the footnote below. [6]

This option will only work with the grub-live package!

To make a disk on VirtualBox immutable / read-only, follow these steps:

  1. In the VirtualBox main window, navigate to: File -> Virtual Media Manager.
  2. Select the disk to write protect and release it.
  3. Click on Modify -> set it to Immutable.
  4. In the VirtualBox main window, navigate to the settings of the VM.
  5. Under storage, select the top controller and add the existing hard disk there.

The user can now boot the VM and select Live-mode.

To revert these changes:

  1. Navigate to: File -> Virtual Media Manager.
  2. Select the disk. It will now have a snapshot (~12.5 MB) attached to it.
  3. Release the snapshot and delete it.
  4. Click on Modify and set the hard disk to normal.
  5. In the VirtualBox main window, navigate to the settings of the VM.
  6. Under storage, select the top controller and add the existing hard disk there.

Live-mode on Qubes[edit]

grub-live is currently unsupported on Qubes, but may be available in the future. Refer to the following forum discussion for further information.

In Qubes R4, Qubes DisposableVMs are a suitable alternative, as well as the Qubes Live USB.


An inconsistent filesystem will likely result in errors during live-boot. Inconsistencies for instance can happen when you just kill the VM instead of doing a normal shutdown in persistent mode. Therefore, make sure it is consistent and run fsck in persistent mode. Debian automatically does this during boot. VMs running in live mode can be killed without problems.

In case of non-fsck related errors using ro-mode-init (like dropping to an initramfs shell) add the following to the kernel command line/GRUB menu for easier debugging:

debug=1 break=init-premount


In the future, running Whonix from a Live CD or DVD might be supported. Check this wiki entry at a later date.

To learn more about live mode, refer to the Live-mode forum discussion.


  6. VirtualBox implements hard disk write protection differently. If an immutable virtual machine is booted, VirtualBox will always create a snapshot where data is written. After shutting down and booting the VM again (a soft reboot is inadequate) the old snapshot will be deleted and a new one created. The consequence is that data will not persist in the VM, even if Live-mode is not selected. However, since the data is written to the hard disk of the host (instead of memory), it is easily recovered. Therefore, it is necessary to select Live-mode to be safe. A snapshot file is still created, but it will not store any altered content from the VM.

https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)