Menu
▾
▴
Re: [Whonix-devel] Whonix 64 bit custom builds; #FreeBSD Kernel based builds
|
From: Vladimir A. <vla...@ap...> - 2013-03-28 21:12:42
|
On 03/28/2013 03:24 PM, adrelanos wrote: > Vladimir Arseniev: >> On 03/28/2013 12:15 AM, adr...@ri... wrote: >> >>> Since Whonix 0.6.1 (Developer Preview version), it's trivial to >>> create 64 bit builds of Whonix. If you already know how to build >>> Whonix from source code, only a very few steps are missing. >>> >>> Simply get into Whonix build-steps folder and open the >>> 20_create-debian-img step. >>> >>> On Github: >>> >> [https://github.com/adrelanos/Whonix/blob/development/build-steps/20_create-debian-img](https://github.com/adrelanos/Whonix/blob/development/build-steps/20_create-debian-img) >> >> <snip> >> >> How hard would it be to create workstation VMs using LUKS (or dm-crypt)? > > Whonix-Workstation custom VM builds: > - You're better off using full disk encryption on the host. Yes, I do that already (LVM on LUKS on RAID). But I have very many VMs, and like the idea of limiting my exposure while the host is up, and I'm only using particular VMs. I do realize that VM LUKS passphrases and who know what else may be cached on the host, but it seems better than nothing. It would be more secure to have many dm-crypt partitions for VM storage, and only mount the one(s) that I need. Maybe I could do that in LVM, and still use LUKS for the host overall. > Whonix-Workstation on hardware with physical isolation without VMs: > - Installing Debain is as easy/hard as without Whonix. > - Installing Whonix isn't that hard: > https://sourceforge.net/p/whonix/wiki/PhysicalIsolation/#install-whonix-workstation-on-hardware-untested-not-recommend OK, I'll look at this. > Doing for Whonix-Default/Download-Version: > - Before thinking about it, it would require shipping a host operating > system and a host operating system installer. The project isn't yet that > far developed. > - > https://sourceforge.net/p/whonix/wiki/FAQ/#you-should-add-full-disk-encryption-to-whonix Yes, I gather that building installers is much harder than building VMs. At some point, though, it would be cool to set up Whonix as real installs on two physical machines. Another question occurs to me. How hard would it be to "add" (in some way) all Whonix workstation "stuff" to an existing Debian VM? >> I write that as someone who uses the Debian alternate installer for LUKS >> setup. > > Yes, it's not as easy as using TrueCrypt FDE on Windows. Actually, RAID/LUKS/LVM with the Debian alternate installer is far, far easier than TrueCrypt FDE on Windows ;) <snip> |
