Actions

VM Live Mode: Alternative ro-mode-init Configuration

From Whonix

< VM Live Mode



About this VM Live Mode/ro-mode-init Page
Support Status testing
Difficulty medium
Contributor Algernon [archive]
Support Support
Alternativeremode123123.jpg

Introduction[edit]

As an alternative [1] in Whonix ™ VirtualBox or Whonix ™ KVM, it is also possible to automatically detect if the disk is set to read-only and enable live mode automatically using the ro-mode-init package.

ro-mode-init is currently less tested than grub-live (Host Live Mode / VM Live Mode).

Preliminary Steps[edit]

1. Backup.

  • Option 1: Create a snapshot of your VM; or
  • Option 2: Alternatively backup the /boot folder.

sudo cp -a /boot /boot.back

2. Install ro-mode-init.

Install ro-mode-init.

1. Update the package lists. 

sudo apt update

2. Upgrade the system. 

sudo apt full-upgrade

3. Install the ro-mode-init package.

Using apt command line parameter --no-install-recommends is in most cases optional. 

sudo apt install --no-install-recommends ro-mode-init

4. Done.

The procedure of installing ro-mode-init is complete.

3. Upate initial ramdisk. [2] 

sudo update-initramfs -u

4. Set the VM disk to read-only.

The read-only VM setting is necessary (see below), otherwise the VM disk will always boot into persistent mode.

Read-only VM Setting[edit]

VirtualBox[edit]

Read-only disk on VirtualBox[edit]

To boot into live mode, apply the following steps.

Set the VirtualBox virtual harddrive to read-only.

  1. Power off the machine.
  2. On the command line run.

Use the following syntax. 

VBoxManage setextradata vmname "VBoxInternal/Devices/lsilogicsas/0/LUN#0/AttachedDriver/Config/ReadOnly" 1

Replace vmname with the name of the actual VM name.

Whonix-Gateway ™ XFCE example: 

VBoxManage setextradata Whonix-Gateway-XFCE "VBoxInternal/Devices/lsilogicsas/0/LUN#0/AttachedDriver/Config/ReadOnly" 1

Whonix-Workstation ™ XFCE example: 

VBoxManage setextradata Whonix-Workstation-XFCE "VBoxInternal/Devices/lsilogicsas/0/LUN#0/AttachedDriver/Config/ReadOnly" 1

Read-write disk on VirtualBox[edit]

To boot into read-write mode again, simply revert this change.

  1. Power off the machine.
  2. From the command line run.

Use the syntax below. 

VBoxManage setextradata vmname "VBoxInternal/Devices/lsilogicsas/0/LUN#0/AttachedDriver/Config/ReadOnly"

Replace vmname with the name of the actual VM name.

KVM[edit]

Read-only disk on KVM[edit]

To boot into live mode, apply the following steps:

  1. Power off the machine.
  2. Set the hard disk to read-only in the virt-manager GUI.
  3. Power on the machine and select to boot into live mode.

Read-write disk on KVM[edit]

To boot into normal mode again, simply revert this change:

  1. Power off the machine.
  2. Set the hard disk to read-write in the virt-manager GUI.
  3. Power on the machine and boot into read-write mode.

Live Mode Indicator Systray[edit]

https://github.com/Whonix/whonix-xfce-desktop-config/blob/master/usr/share/livecheck/livecheck.sh [archive]

Debugging[edit]

An inconsistent filesystem will likely result in errors during booting in live mode. For instance, inconsistencies can arise when the VM is killed instead of performing a normal shutdown in persistent mode. Therefore to ensure it is consistent, run fsck in persistent mode. Debian automatically does this during boot. VMs running in live mode can be killed without problems.

In the case of non-fsck related errors using ro-mode-init (like dropping to an initramfs shell), add the following to the kernel command line/GRUB menu for easier debugging: 

debug=1 break=init-premount

Footnotes[edit]

  1. To the default method documented on VM Live Mode.
  2. Required for now but not forever.
Fosshost is sponsors Kicksecure ™ stage server 100px
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: Discourse logo.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contribute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=VM Live Mode/ro-mode-init&body=../VM_Live_Mode/ro-mode-init link=https://reddit.com/submit?url=../VM_Live_Mode/ro-mode-init&title=VM Live Mode/ro-mode-init link=https://news.ycombinator.com/submitlink?u=../VM_Live_Mode/ro-mode-init&t=VM Live Mode/ro-mode-init link=https://mastodon.technology/share?message=VM Live Mode/ro-mode-init%20../VM_Live_Mode/ro-mode-init&t=VM Live Mode/ro-mode-init

Want to get involved with Whonix ™? Check out our Contribute page.

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

Retrieved from "https://www.whonix.org/w/index.php?title=VM_Live_Mode/ro-mode-init&oldid=65735"
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.
More information