*qemu-guest-agent achieves successful clock syncing of a guest upon host system resume and does not attempt to constantly adjust the clock.
*kvmclock can only sync time during guest startup not during its lifetime:
*kvmclock used to sync time after suspend but no longer applies (this
explains my experiences before):
*qemu-guest agent is a solution but unsafe if used in untrusted guests, but is ok for Whonix-Gateway because its trusted:
hardened enough to run in hostile guest environments. It has to be enabled on the host by
adding a qemu-guest agent channel for it to work - without this it has
no effect and no security implications.
*using qemu-guest-agent is currently stalled because of permissions problems on Jessie. Apparmor workarounds not recommended, could be harmful to security:
*To have the same functionality for VirtualBox the resume hooks in Guest Additions will be used.
There is a Debian package:
We could add it as a weak dependency, below here:
Similar to this commit:
Using Tordate as a coarse clock setting mechanism for Whonix-Gateway for Tor to connect.
It's fingerprintable. (All info/link/quotes on that wiki page.)
(Could be tied directly to Tails or Whonix. Unrelated from local clock leaks.)