Menu
▾
▴
Re: [Whonix-devel] Whonix 64 bit custom builds; #FreeBSD Kernel based builds
|
From: adrelanos <adr...@ri...> - 2013-03-29 09:34:50
|
Vladimir Arseniev: > On 03/28/2013 03:24 PM, adrelanos wrote: > >> Vladimir Arseniev: >>> On 03/28/2013 12:15 AM, adr...@ri... wrote: >>> >>>> Since Whonix 0.6.1 (Developer Preview version), it's trivial to >>>> create 64 bit builds of Whonix. If you already know how to build >>>> Whonix from source code, only a very few steps are missing. >>>> >>>> Simply get into Whonix build-steps folder and open the >>>> 20_create-debian-img step. >>>> >>>> On Github: >>>> >>> [https://github.com/adrelanos/Whonix/blob/development/build-steps/20_create-debian-img](https://github.com/adrelanos/Whonix/blob/development/build-steps/20_create-debian-img) >>> >>> <snip> >>> >>> How hard would it be to create workstation VMs using LUKS (or dm-crypt)? >> >> Whonix-Workstation custom VM builds: >> - You're better off using full disk encryption on the host. > > Yes, I do that already (LVM on LUKS on RAID). > > But I have very many VMs, and like the idea of limiting my exposure > while the host is up, and I'm only using particular VMs. I do realize > that VM LUKS passphrases and who know what else may be cached on the > host, but it seems better than nothing. > > It would be more secure to have many dm-crypt partitions for VM storage, > and only mount the one(s) that I need. Maybe I could do that in LVM, > and still use LUKS for the host overall. Ok. >> Whonix-Workstation on hardware with physical isolation without VMs: >> - Installing Debain is as easy/hard as without Whonix. >> - Installing Whonix isn't that hard: >> https://sourceforge.net/p/whonix/wiki/PhysicalIsolation/#install-whonix-workstation-on-hardware-untested-not-recommend > > OK, I'll look at this. This might also solve your other question "How hard would it be to "add" (in some way) all Whonix workstation "stuff" to an existing Debian VM?". >> Doing for Whonix-Default/Download-Version: >> - Before thinking about it, it would require shipping a host operating >> system and a host operating system installer. The project isn't yet that >> far developed. >> - >> https://sourceforge.net/p/whonix/wiki/FAQ/#you-should-add-full-disk-encryption-to-whonix > > Yes, I gather that building installers is much harder than building VMs. > At some point, though, it would be cool to set up Whonix as real > installs on two physical machines. Of course. Still a lot work to do... > Another question occurs to me. How hard would it be to "add" (in some way) > all Whonix workstation "stuff" to an existing Debian VM? Not very hard. Same instructions as: https://sourceforge.net/p/whonix/wiki/PhysicalIsolation/#install-whonix-workstation-on-hardware-untested-not-recommend >>> I write that as someone who uses the Debian alternate installer for LUKS >>> setup. >> >> Yes, it's not as easy as using TrueCrypt FDE on Windows. > > Actually, RAID/LUKS/LVM with the Debian alternate installer is far, far > easier than TrueCrypt FDE on Windows ;) Well, that's open for debate. Does the Debian alternate installer encrypt swap by default? I find the Windows user interface of TrueCrypt much easier to grasp. |
