{{Header}} {{Title|title= Whonix-Host Operating System Live ISO, Whonix-Host Installer }} {{#seo: |description=Upcoming Host Operating System - In Development - Help wanted! - Please contribute! |image=Cd-rom-icon.png }} [[File:Cd-rom-icon.png|thumb]] {{Intro| Whonix-Host will be a '''complete Operating System''' provided by {{project_name_long}} developers. '''More developers still wanted!''' Not available for users yet. Users should [[Download|install Whonix]] instead, it's available for most major operating systems. If you're looking for '''Live Mode''', see [[Live Mode]] }} {{#widget:Icon_Bullet_List|fontSize=18px |item=fa-solid fa-person-digging cs-yellow,Help wanted! : A Whonix-Host Operating System Live ISO and Whonix-Host Installer is currently in development. More developers are still wanted! |item=fa-solid fa-times cs-red,Not available for users yet : There is no ETA (estimated time of arrival) yet. Users should install Whonix instead. |item=fa-solid fa-question,Live Mode : Looking for Whonix Live Mode? It's already available, see Live Mode. |item=fa-regular fa-message cs-green,Name discussion : "Whonix-Host" might not be a good name and might be renamed in the future. You have an opinion? Participate in this forum discussion. }} = General Disclaimer = DO NOT USE THIS YET AS A USER! There is no ETA (estimated time of arrival) yet. '''''Important warning: Whonix-Host is experimental software and still in early development. It is currently still lacking some core features, such as a working firewall on the Host, and is not yet ready for production, nor intended for end-users. ''''' '''This wiki page is a preview for developers and curios readers only.''' [https://forums.whonix.org/t/whonix-host-developers-only-preview-version-15-0-1-2-7-released/9360 Whonix-Host Developers-Only Preview Version 15.0.1.2.7 Released!] Major missing features in the initial release include: * [https://forums.whonix.org/t/whonix-host-firewall-for-whonix-host/18498 Whonix Host Firewall for Whonix Host] * [https://forums.whonix.org/t/whonix-host-tor-configuration-and-anon-connection-wizard-acw-ipv6-disable-ipv4-forward-disable/18452 Whonix-Host Tor configuration and anon-connection-wizard (ACW)] progress in 2024: [https://www.kicksecure.com/wiki/ISO Kicksecure ISO now available for testers]. (Whonix is based on Kicksecure.) It is based on Debian {{Stable project version based on Debian codename}}, dracut, compatible with BIOS, EFI booting and even Secure Boot compatible. See also [[Dev/Project Host]]. Help welcome! = What is Whonix-Host? = Whonix-Host is a complete Operating System provided by {{project_name_short}} developers specifically designed to run Whonix virtual machines ("Whonix-Gateway" and "Whonix-Workstation"). Based on [[Kicksecure]], Whonix-Host comes out-of-the-box with all {{kicksecure}} security features and KVM hypervisor with ready-to-use pre-installed Whonix virtual machines. By default, Whonix-Host runs from a USB flash drive as a Live ISO, as any modern Linux distribution does. This means that you can use and test the whole system, including Whonix-Gateway and Whonix-Workstation, without making any changes to your computer ("live" or "amnesic" mode). Whonix-Host can also be installed from the USB flash drive onto an internal hard drive or onto an external drive such as another USB flash drive to be used as a permanent Operating System ("persistent" mode). In other words: * Supported installation source medium: USB; DVD * Supported installation target devices: internal HDD; external HDD; USB; eSATA = Advantages = * Whonix-Host ISO is available as a Live ISO. I.e. can boot Whonix-Host from Live DVD or Live USB. * Whonix-Host installed has a boot menu option to boot into persistent mode or live mode. * No clearnet traffic by default. ([https://forums.whonix.org/t/should-whonix-host-be-fully-torified-by-default/7404/16 details]) (not implemented yet!) = Differences with Qubes-Whonix = * Not having some of [https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581 Qubes-Whonix security disadvantages]. * Better hardware support. (Same as Debian.) * Does not involve Fedora on dom0 host. * No, not having any clearnet traffic by default in Qubes is not easily possible, see: ** [https://github.com/QubesOS/qubes-issues/issues/1814 sys-net phones home to fedoraproject.org for captive portal detection] (Ticket was closed but the issue was not fixed.) ** [https://phabricator.whonix.org/T387 Qubes-Whonix-Gateway as ClockVM] = Installation = Whonix-Host installation is very simple and boils down to only two steps: 1. Download the Whonix-Host ISO file and verify its integrity 2. Copy its content onto a USB flash drive The instructions below detail the exact procedure to follow whether you are using Linux, Windows 10 or MacOS. == Recommended System Specifications == *A 64 bit processor with virtualization capacities *Minimum 4GB of RAM *Minimum 4GB USB flash drive *Optional: another flash drive or HDD/SSD with minimum 10GB of free space if you intend to install Whonix-Host == Installation From Windows == To be completed == Installation From MacOS == To be completed == Installation From Linux == On Linux the easiest way to burn Whonix-Host on a USB flash drive is to use the 'dd' command-line utility. {{Box|text= '''1.''' Identify your USB flash drive you want to burn Whonix-Host onto by running 'fdisk -l' with sudo rights. {{CodeSelect|code= sudo fdisk -l }} On most modern Linux distributions it should show as a '/dev/sdx' as in the example below, where the targeted USB flash drive is identified as '/dev/sdb':
Disk /dev/sdb: 58.4 GiB, 62746787840 bytes, 122552320 sectors
Disk model: Redacted
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: Redacted

Device     Boot Start       End   Sectors  Size Id Type
/dev/sdb1        2048 122552319 122550272 58.4G 83 Linux
'''2.''' Copy the Whonix-Host ISO file onto the duly identified USB flash drive by using the 'dd' command-line utility. Proceed with extreme caution as this command will erase all data on the targeted drive! Please double or triple check to make sure you have selected the correct drive! First, open a terminal in the directory in which you have downloaded the Whonix-Host ISO file, or just 'cd' into it:
cd ~/Downloads
ls
 Whonix-Host-Xfce-15.0.1.3.4.iso
Then copy the file onto the USB flash drive that you have identified in the previous step, which is '/dev/sdb' in the example below. Adapt the command to match your own USB flash drive letter! Do not copy-paste this command without making sure that you are copying onto the correct device!
dd if=Whonix-Host-Xfce-15.0.1.3.4.iso of=/dev/sdb status=progress
Wait until it finishes. It can take up to 20 to 30 minutes depending on your hardware and your USB flash drive speed. C }} == Booting From the USB Flash Drive == To use Whonix-Host, you must insert the USB flash drive that you have burnt in the previous step into your computer and boot from it. Depending on your computer, you may be able to change its boot order (to make sure it will boot from the Whonix-Host USB flash drive and not its usual internal disk) by pressing a special key such as F12 or Enter. Please refer to your motherboard specific documentation for instructions on how to change the boot order. Once you have found the boot order option, just select the Whonix-Host USB flash drive and press Enter. '''Figure:''' ''Whonix-Host Isolinux bootloader (BIOS mode)'' [[File:Whonix-Host Isolinux bootloader.png|Whonix-Host Isolinux bootloader (BIOS mode)|500px]] '''Figure:''' ''Whonix-Host GRUB bootloader (EFI mode)'' [[File:Whonix-Host GRUB bootloader (EFI mode).png|Whonix-Host GRUB bootloader (EFI mode)|500px]] Whonix-Host is able to boot from both EFI and BIOS ("legacy") systems. When booting on an EFI system, you will be met by the 'Grub' bootloader, and by the 'Isolinux' bootloader if you are booting on BIOS mode. Note: as of version 15.0.1.3.4 you must boot in BIOS mode if you intend to install Whonix-Host on a persistent drive, as it currently does not support EFI install (still under development, see disclaimer above). In either case you can safely press 'Enter' to boot the system into the Xfce Desktop environment, or press 'e' if you wish to modify the boot settings (advanced users). == Using Whonix-Host == To be completed == Whonix-Host Persistent Installation == '''''Warning: Work in progress! Whonix-Host does not currently support installation in EFI mode. While the ISO file boots normally in EFI mode and the installation will succeed, your installed system will need manual adjustment in order to boot in EFI mode!''''' ==== General Information ==== Whonix-Host can be installed on an internal drive or an external drive such as a USB device with the help of the Whonix-Host Calamares installer. ''It is recommended before installation to connect only the device on which you intend to install Whonix-Host and to unplug all the other disks to avoid loss of data!'' The installation is straightforward and only allows the user to customize the disk partitioning. The Whonix-Host Calamares installer does not provide the usual options of selecting a location and a timezone, changing the system language or creating a new user. This is on purpose to ensure that Whonix-Host security and privacy features are well-preserved on the installed target. Any change the user would like to perform can be done at his own risk after the installation if he wishes so. ==== Launching the Calamares installer ==== To do so, click on the 'Install Whonix-Host' icon on the Desktop. Click on the 'Next' button to start the configuration process. '''Figure:''' ''Whonix-Host Calamares Installer - Welcome module'' [[File:Whonix-Host Calamares Installer - Greeter.png|Whonix-Host Calamares Installer - Welcome module|500px]] ==== Partitions ==== Choose the storage device where you want to install Whonix-Host. ''Please make sure you have selected the correct drive!'' If you are installing on a fresh device (recommended), select 'Erase disk'. Otherwise you have the options to 'Replace a partition' or 'Manual partitioning' (advanced users). Choose 'Encrypt the system' if you wish to encrypt your installation (recommended). Click on 'Next' once you are ready to proceed further. ==== Installation ==== '''Figure:''' ''Whonix-Host Calamares Installer - Partitions Module'' [[File:Whonix-Host Calamares Installer - Partitions Module.png|Whonix-Host Calamares Installer - Partitions Module|500px]] The next module allows you review your installation settings and correct them if you wish so. Click on 'Next' to begin the installation. The installer will then proceed with the installation. It can take a while to complete depending on your hardware. '''Figure:''' ''Whonix-Host Calamares Installer - Summary Module'' [[File:Whonix-Host Calamares Installer - Summary Module.png|Whonix-Host Calamares Installer - Summary Module|500px]] Once finished, you can choose to continue using the live system or reboot into your installed system. Do not forget to remove the USB device containing the Whonix-Host ISO before restarting your computer. '''Figure:''' ''Whonix-Host Calamares Installer - Installation in Progress'' [[File:Whonix-Host Calamares Installer - Installation in Progress.png|Whonix-Host Calamares Installer - Installation in Progress|500px]] '''Figure:''' ''Whonix-Host Calamares Installer - Installation Complete'' [[File:Whonix-Host Calamares Installer - Installation Complete.png|Whonix-Host Calamares Installer - Installation Complete|500px]] ==== Post-installation ==== Whonix-Host can also be booted in live mode, which means that during a live session no changes will be written to the disk. If you wish to do so, select 'LIVE mode USER (For daily activities)...' at the GRUB screen and press enter. '''Figure:''' ''Whonix-Host Installed - GRUB bootloader'' [[File:Whonix-Host Installed - GRUB booatloader.png|Whonix-Host Installed - GRUB bootloader|500px]] The default login user is 'user' and the default password is 'changeme'. You are strongly advised to change the default password once you have logged in. = Comparison of different Whonix-Host Boot Modes = {| class="wikitable" | ! '''ISO Boot''' ! '''Persistent Boot''' ! '''Live Boot''' |- ! data persistence
(read-write) | {{No}} | {{Yes}} | {{No}} |- ! non-persistent
(read-only) | {{Yes}} | {{No}} | {{Yes}} |- ! Usable without installation
Available before Installation of the Whonix-Host operating system | {{Yes}} | {{No}} | {{No}} |- ! Only after installation
Available after Installation of the Whonix-Host operating system | {{No}} | {{Yes}} | {{Yes}} |- |} = See Also = * [[Host Operating System Selection]] * [[Essential_Host_Security|Essential Host Security]] * {{kicksecure_wiki |wikipage=Advanced_Host_Security |text=Advanced Host Security }} * = Footnotes = {{reflist|close=1}} {{Footer}} [[Category:Documentation]]