This ticket was written at a time when there was only grub-live. I.e. install Whonix on hardware (or Debian + grub live). Boot in live mode. Test if that works. If yes, take an hdd image. Boot again into live mode. Then take another hdd image. Compare these hdd images. Do they 100% match or are there differences? Differences: something wrong. No differences: that would be nice.

Mar 22 2020, 5:19 PM · Whonix 15, Whonix, Whonix-Host

Patrick updated the task description for T942: Whonix Host Firewall for Whonix Host.

Mar 22 2020, 5:15 PM · Whonix 15, security, Whonix-Host, Whonix

onion_knight2 added a comment to T910: anti-forensics / amnesia testing of Whonix-Host in Live mode.

Do you mean: starting an installed version in live-mode (not tested, not supported yes) or starting a Whonix-Host iso file?

Mar 22 2020, 5:07 PM · Whonix 15, Whonix, Whonix-Host

onion_knight2 added a comment to T969: instructions how to burn Whonix-Host ISO image to DVD or USB.

Sub pages or sub chapters of 1 wiki page?

Mar 22 2020, 5:02 PM · Whonix 15, Whonix-Host, Whonix

Patrick changed the status of T929: Whonix XFCE Wallpaper / Background Image from Open to testing-in-next-build-required.

https://forums.whonix.org/t/whonix-host-calamares-branding-suggestion/7772/31

Mar 22 2020, 11:52 AM · Whonix 15, Whonix-Host, whonix-xfce-desktop-config, Whonix

Patrick closed T950: set kernel.printk sysctl to prevent kernel info leaks as Invalid.

Thanks!

Mar 22 2020, 11:48 AM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix

Mar 21 2020

madaidan added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

This issue is fixed now due to the quiet boot parameter. kernel.printk=3 3 3 3 isn't needed anymore.

Mar 21 2020, 5:55 PM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix

Patrick triaged T974: Whonix Images Quick Rebuild as Normal priority.

Mar 21 2020, 11:00 AM · Whonix-Host, Whonix, Whonix 15

Patrick renamed T942: Whonix Host Firewall for Whonix Host from polish Whonix Host Firewall for Whonix Host to Whonix Host Firewall for Whonix Host.

Mar 21 2020, 10:44 AM · Whonix 15, security, Whonix-Host, Whonix

Patrick closed T908: copy Whonix VM images to Whonix-Host and set up during build as Invalid.

We actually ended up using Whonix KVM and placing images to:

Mar 21 2020, 10:44 AM · Whonix 15, build, VirtualBox, Whonix-Host, Whonix

Patrick updated the task description for T908: copy Whonix VM images to Whonix-Host and set up during build.

Mar 21 2020, 10:42 AM · Whonix 15, build, VirtualBox, Whonix-Host, Whonix

Patrick updated subscribers of T908: copy Whonix VM images to Whonix-Host and set up during build.

Mar 21 2020, 10:42 AM · Whonix 15, build, VirtualBox, Whonix-Host, Whonix

Patrick added a project to T904: Whonix-Host Swap Considerations - Swap Partition vs Swap File vs No Swap By default: Whonix 15.

Mar 21 2020, 10:39 AM · Whonix 16, Whonix-Host, Whonix

Patrick added a project to T908: copy Whonix VM images to Whonix-Host and set up during build: Whonix 15.

Mar 21 2020, 10:39 AM · Whonix 15, build, VirtualBox, Whonix-Host, Whonix

Patrick added a project to T910: anti-forensics / amnesia testing of Whonix-Host in Live mode: Whonix 15.

Mar 21 2020, 10:39 AM · Whonix 15, Whonix, Whonix-Host

Patrick added a project to T928: install xfce4-power-manager on Whonix Host and Kicksecure Host: Whonix 15.

Mar 21 2020, 10:39 AM · Whonix 15, whonix-libvirt, live-mode, Whonix-Host, Whonix

Patrick edited projects for T929: Whonix XFCE Wallpaper / Background Image, added: Whonix 15; removed Whonix 16.

Mar 21 2020, 10:39 AM · Whonix 15, Whonix-Host, whonix-xfce-desktop-config, Whonix

Patrick added a project to T942: Whonix Host Firewall for Whonix Host: Whonix 15.

Mar 21 2020, 10:39 AM · Whonix 15, security, Whonix-Host, Whonix

Patrick added a project to T969: instructions how to burn Whonix-Host ISO image to DVD or USB: Whonix 15.

Mar 21 2020, 10:33 AM · Whonix 15, Whonix-Host, Whonix

Patrick updated the task description for T958: Write VirtualBox Screen Resolution Bug Report.

Mar 21 2020, 10:31 AM · C Code, upstream, bug, Whonix 15, Whonix, VirtualBox

Patrick changed the status of T970: Whonix-Host hash, gpg, signify, torrent, signature creation script from Open to testing-in-next-build-required.

Mar 21 2020, 10:30 AM · Whonix 15, Whonix-Host, Whonix

Mar 17 2020

onion_knight2 added a comment to T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.

Do you know how to run calamares hook scripts? I think I saw this before but I can't find it anymore. Or we have to invent our own mini calamares module similar to how package calamares-settings-debian invented new calamares modules?

Mar 17 2020, 1:25 PM · Whonix 15, Whonix-Host, whonix-libvirt, Whonix, live-mode

Patrick added a comment to T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.

In T914#19541, @onion_knight2 wrote:

I don't know. Not implemented yet. Currently installed (persistent) Whonix-Host does not have live-boot option.

Mar 17 2020, 12:19 PM · Whonix 15, Whonix-Host, whonix-libvirt, Whonix, live-mode

Patrick added a project to T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on: Whonix 15.

Mar 17 2020, 12:14 PM · Whonix 15, Whonix-Host, whonix-libvirt, Whonix, live-mode

Patrick triaged T970: Whonix-Host hash, gpg, signify, torrent, signature creation script as Normal priority.

Mar 17 2020, 11:18 AM · Whonix 15, Whonix-Host, Whonix

Mar 7 2020

Patrick changed the status of T965: install gvfs by default / fix access LUKS encrypted USB drive with Thunar from Open to Review.

Will come in Whonix 15.0.0.9.4 and above.

Mar 7 2020, 12:17 PM · Whonix 15, bug, Whonix

Patrick updated the task description for T958: Write VirtualBox Screen Resolution Bug Report.

Mar 7 2020, 12:46 AM · C Code, upstream, bug, Whonix 15, Whonix, VirtualBox

Mar 6 2020

Patrick updated subscribers of T965: install gvfs by default / fix access LUKS encrypted USB drive with Thunar.

Mar 6 2020, 4:36 PM · Whonix 15, bug, Whonix

Patrick renamed T965: install gvfs by default / fix access LUKS encrypted USB drive with Thunar from fix access LUKS encrypted USB drive with Thunar to install gvfs by default / fix access LUKS encrypted USB drive with Thunar.

Mar 6 2020, 4:35 PM · Whonix 15, bug, Whonix

Mar 4 2020

Patrick updated the task description for T960: hardened kernel Debian packaging and APT integration - hkapt.

Mar 4 2020, 11:25 AM · hardened-kernel, Whonix

Feb 29 2020

Patrick closed T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time as Resolved.

Works well in Non-Qubes-Whonix. Solution was this one:

Feb 29 2020, 7:26 AM · whonix-base-files, live-mode, Whonix 15, Whonix

Patrick triaged T966: fix pkexec as Normal priority.

Feb 29 2020, 7:06 AM · bug, Whonix 15, Whonix

Feb 24 2020

Patrick triaged T965: install gvfs by default / fix access LUKS encrypted USB drive with Thunar as Normal priority.

Feb 24 2020, 6:19 AM · Whonix 15, bug, Whonix

Feb 16 2020

Patrick closed T925: whonixcheck false positive in check_journal as Resolved.

Feb 16 2020, 9:08 AM · Whonix 15, whonixcheck, Whonix

Patrick triaged T925: whonixcheck false positive in check_journal as Normal priority.

Feb 16 2020, 9:07 AM · Whonix 15, whonixcheck, Whonix

Feb 14 2020

Patrick triaged T962: create new release of Whonix Windows Installer as Normal priority.

Feb 14 2020, 8:00 AM · Whonix 16, VirtualBox, Whonix

Patrick triaged T961: fix USB auto mounting bug / document as Normal priority.

Feb 14 2020, 6:12 AM · research, bug, Whonix, Whonix 15

Feb 13 2020

Patrick renamed T960: hardened kernel Debian packaging and APT integration - hkapt from hardened kernel Debian packaging and APT integration to hardened kernel Debian packaging and APT integration - hkapt.

Feb 13 2020, 7:30 PM · hardened-kernel, Whonix

Patrick triaged T960: hardened kernel Debian packaging and APT integration - hkapt as Normal priority.

Feb 13 2020, 7:19 PM · hardened-kernel, Whonix

Feb 12 2020

Patrick triaged T958: Write VirtualBox Screen Resolution Bug Report as Normal priority.

Feb 12 2020, 2:54 PM · C Code, upstream, bug, Whonix 15, Whonix, VirtualBox

Patrick triaged T957: slow shutdown bug as Normal priority.

Feb 12 2020, 1:51 PM · bug, Whonix 15, Whonix

Patrick triaged T955: review hardened kernel config as Normal priority.

Feb 12 2020, 8:15 AM · hardened-kernel, Whonix

Jan 15 2020

Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

In T950#19249, @Patrick wrote:

The loader of tirdad is currently using dmesg.

Jan 15 2020, 11:11 AM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix

Jan 1 2020

Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

The loader of tirdad is currently using dmesg.

Jan 1 2020, 11:31 AM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix

Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

In T950#19231, @madaidan wrote:

quiet

Jan 1 2020, 11:05 AM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix

Dec 26 2019

Patrick edited projects for T953: extrepo - safely adding repos, added: Whonix 15; removed Restricted Project.

Dec 26 2019, 3:06 PM · Whonix 15, Whonix

Dec 25 2019

Patrick updated the task description for T950: set kernel.printk sysctl to prevent kernel info leaks.

Dec 25 2019, 9:39 AM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix

Patrick updated the task description for T950: set kernel.printk sysctl to prevent kernel info leaks.

Dec 25 2019, 9:38 AM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix

Dec 24 2019

madaidan added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

This just prevents writing to /dev/kmsg. It doesn't stop kernel logs being displayed during boot.

Dec 24 2019, 6:09 PM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix

Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

Still wondering if initramfs modification this can be avoided... Still wondering if kernel.printk can be set through a kernel parameter. Looking again at https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/kernel-parameters.txt...

Dec 24 2019, 5:24 PM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix

Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

Sounds good.

Dec 24 2019, 4:54 PM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix

madaidan added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

https://github.com/Whonix/security-misc/pull/51

Dec 24 2019, 4:34 PM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix

madaidan added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

We can use a sysctl.d drop-in and an initramfs hook in security-misc so non-initramfs users will still be mostly protected.

Dec 24 2019, 4:10 PM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix

Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

I guess because a sysctl.d drop-in config file is easy and catches most.
initramfs hook covers only initramfs users. Not dracut. But
security-misc initramfs hook sounds good enough. dracut support can
come later, if ever. Please implement.

Dec 24 2019, 3:47 PM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix

madaidan added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

Why not use an initramfs hook in security-misc? Not everyone will have security-misc and apparmor-profile-everything installed. Users with just security-misc installed will still have some kernel logs shown during early boot.

Dec 24 2019, 3:39 PM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix

Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

Yes. Probably both. initramfs for apparmor-profile-everything users and
/etc/sysctl.d/ security-misc.

Dec 24 2019, 11:02 AM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix

Dec 23 2019

madaidan added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

Should this be set in the initramfs?

Dec 23 2019, 8:08 PM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix

Patrick triaged T950: set kernel.printk sysctl to prevent kernel info leaks as Normal priority.

Dec 23 2019, 1:19 PM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix

Patrick triaged T947: Qubes-Whonix eth1 static networking as Normal priority.

Dec 23 2019, 1:03 PM · Whonix

Patrick triaged T946: test sdwdate apparmor profile and remove complain mode as Normal priority.

Dec 23 2019, 1:01 PM · sdwdate, Whonix, Whonix 15

Dec 5 2019

Patrick updated the task description for T771: install magic-wormhole by default / Implementing an Onionshare alternative.

Dec 5 2019, 5:57 AM · Whonix 14, Whonix, Whonix 15

Aug 16 2019

Patrick updated the task description for T911: xfce theming.

Aug 16 2019, 2:22 PM · whonix-xfce-desktop-config, Whonix, Whonix 15

Jul 22 2019

HulaHoop closed T769: Add LUKS container GUI or CLI utility by default as Resolved.

Jul 22 2019, 1:04 AM · Whonix 15, Debian version 10 codename Buster

HulaHoop added a comment to T769: Add LUKS container GUI or CLI utility by default.

Yes Zulucrypt included and functional on KVM 15. However fixes for both zulucrypt and tomb haven't made it into Buster from what I've tested. Zulucrypt has a tomb plugin to open Tomb files too.

Jul 22 2019, 1:03 AM · Whonix 15, Debian version 10 codename Buster

Jul 15 2019

marmarek added a comment to T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.

In T913#18744, @Patrick wrote:

Do you see any issues with "create home directory on first login" in Qubes?

Jul 15 2019, 11:07 PM · whonix-base-files, live-mode, Whonix 15, Whonix

Patrick added a comment to T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.

In T913#18743, @marmarek wrote:

Can you give some more context here?

Jul 15 2019, 10:42 PM · whonix-base-files, live-mode, Whonix 15, Whonix

marmarek added a comment to T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.

Can you give some more context here? Is it the problem that user is created too early (before /etc/skel is fully populated)? Or is it a problem that it's created at all? Should there be a difference between Qubes and non-Qubes case?

Jul 15 2019, 9:58 PM · whonix-base-files, live-mode, Whonix 15, Whonix

Patrick updated the task description for T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.

Jul 15 2019, 4:23 PM · whonix-base-files, live-mode, Whonix 15, Whonix