Page MenuHomePhabricator

installing Whonix-Host without installer (calamares)
Open, NormalPublic

Description

Do we want to support the use case of writing Whonix-Host images to disks with no use of any installer (calamares) required?


  • to internal disk: do we want to support this initially?
  • to USB disk: easier, since users can use their existing operating system to do that. Host operating specific.

This is related to resize disk image at first boot of Whonix Host (T907) and encrypt Whonix-Host disk after first boot (T906). I.e. after writing a Whonix disk image to (USB) disk it would:

  • boot
  • no run of installer required
  • use maximum available disk size (T907)
  • ready to use out of the box
  • encrypt disk (T906)

see also on

  • live iso
  • live USB
  • BIOS
  • UEFI
  • BIOS + UEFI

https://willhaley.com/blog/custom-debian-live-environment/


Related:
instructions how to burn Whonix-Host ISO image to DVD or USB (T969)

Details

Impact
High

Event Timeline

Patrick triaged this task as Normal priority.Apr 23 2019, 2:38 PM
Patrick created this task.
Patrick updated the task description. (Show Details)Apr 23 2019, 3:45 PM
Patrick updated the task description. (Show Details)Thu, Mar 12, 9:39 AM
Patrick updated the task description. (Show Details)
Patrick added subscribers: Onion_Knight, onion_knight2.

No disk encryption?

Patrick added a comment.EditedThu, Mar 12, 2:45 PM

No disk encryption?

Good point I hadn't considered yet for this installation method.

Creating an encrypted base image containing Debian is hard. There's no tool yet that can do that I am aware of. Possible in theory, though

grml-debootstrap feature request: encrypted VM images support

If that was possible then cryptsetup-reencrypt could be used to add full disk encryption after first boot.

Since disk encryption is probably not feasible, we probably don't want to go for installing Whonix-Host without installer (calamares)?

I'll split this ticket.

  • 1 easier ticket about instructions how to get the iso on USB or DVD -> T969,
  • and a separate one for installing Whonix-Host without installer (calamares) (this very ticket)
Patrick renamed this task from instructions how to copy Whonix Host image to disk to installing Whonix-Host without installer (calamares).Thu, Mar 12, 2:46 PM
Patrick updated the task description. (Show Details)

It is possible to automatize grml-debootstrap with full-disk encryption. Nothing too hard. I could hack together a semi-working bash script after a couple of hours of online documentation.

Even easier to automatically create an encrypted partition and rsync Whonix-Host into it, and then modify some paramaters inside the encrypted partition to make it bootable.

But then, why even bother? Calamares does it just as well, and is much more powerful, elegant and modular.

It is possible to automatize grml-debootstrap with full-disk encryption. Nothing too hard. I could hack together a semi-working bash script after a couple of hours of online documentation.

That would be super cool!

Even easier to automatically create an encrypted partition and rsync Whonix-Host into it, and then modify some paramaters inside the encrypted partition to make it bootable.

This is very host operating system specific. Writing an iso to a device is an easier process since much more popular.

But then, why even bother? Calamares does it just as well, and is much more powerful, elegant and modular.

Great question! Could be useful for:

  • An easy, fast was to get a fully persistent installation of Whonix-Host on USB (or any external disk).
    • Otherwise one would have to burn Whonix-Host to DVD, boot DVD, install to USB.
    • Or in absence of an DVD drive, write the ISO to an Whonix-Host installer USB device, boot that Whonix-Host installer USB device, and then install to yet another USB device.
  • Unattended installation. Fully automated, no user input required, no graphical user interface requested for installation.
  • Server support.
    • Think future Kicksecure installations perhaps useful for Tor relays and public web servers.
    • Didn't think about Whonix-Host installation on dedicated servers yet. Maybe that could then happen too.
  • Vendors could sell pre-installed (persistent) Whonix-Host USB devices with zero installer/setup by user needed.
    • Just write the iso to USB and done.
  • Selling hardware with Whonix-Host pre-installed would also be easier since the process of installing the Whonix-Host image would be super simple.

(Calamares) installer seems more useful to completely replace the installed operating system and install Whonix-Host on internal disk.