ClockVM and Whonix

Registeron · February 22, 2022, 12:22am

The ClockVM setting in the global settings tells Dom0 which qube to take the time from to tell it each other qube, okay.
But Whonix VMs are all UTC anyway. Does ClockVM affect Whonix Vms in any way at all?

I am currently a Whonix-only user and I want to lead all internet traffic over Tor (and reduce my fingerprint). Should I actually leave ClockVM on sys-net then or go for (none)? Does it make a difference in regards to privacy?

luja · February 22, 2022, 8:13am

I would not use clockVM at all.

You have hwclock, the xtal controlled clock of your
computer sits in the “southbridge” and the clock jitter is low. So for the uptime of a desktop you would not see clock drift here.

So the suggested approach is to get the correct clock using ntp and then issue hwclock --systohc
So your cmos clock which sits in the southbridge
gets updated. This is enough and if you have 2 weeks uptime, look at the drift file of ntp and you will know for your hw clock.

Small story on RTC:
The Dallas Battery+Xtal in a yellow cap clocks used in Sun (RIP) workstations that time were very stable.
Most PC cmos clicks are less stable as your mainboard manufacturer uses the cheapest 2^15 Hz Xtals they could get. So get a low drift xtal and do a small soldering step to replace it, read the chipset manual to see the capacitance they want in their reference circuit and you can assume that the lazy designer used just these capacitors without further research. Get a sample of a premium xtal made for this capacitance and you have less drift, if it really of concern.
/RTC tuning

** Setting the time once is enough for a desktop
The perfect time to set your RTC would be the boot up phase.
“Unfortunately” there is no network in dom0,
so you just need a means to control the cmos clock from a trusted instance and to let the instance know the actual time.
**

GPS time:
What you can do for sure is the following:
Get NMEA text from a gps receiver which has a fix.
Then use /dev/ttyS0 or the like to read the gps at 4800,n,8,1 iirc.
So there is no trace of you asking for the time using NTP.
GPS is receive only, and there are many used and new gps modules out there.
Also there are “gps mice” which unfortunately use usb to include a ftdi style usb serial interface to the actual gps receiver. But you want evil usb to be in a HVM with your USB controllers.

Older gps mice have real rs232, also garmin gps receivers which have been used to do geocaching in former times can be hooked up to serial to get the nmea and to extract position and time.

You can use gpsd and ntp on dom0 with your gps

Another approach would be to boot into a small linux that just uses ntp over tor (if it is possible because of high jitter in the network, tor is the opposite of realtime ) or some vpn.
And then sets your hwclock using
hwclock --systohw

But the gps receiver using a serial interface approach is much nicer as there are no traces as it is a receiver only.

LPC:
BTW many boards have a “TPM connector” this is intel LPC (low pincount bus) a castrated ISA bus running at 33MHz iirc.
Do you should buy their fancy tpm addon board to connect to the TPM pinheader or you can use it as a “hackerport”.
There are and have been “superio” bridges to LPC so you can connect a real 16550 style rs232 using lpc.
Also there is at least one open source LPC fpga core, to allow you some isa style memory mapped IO as has been done with the original ISA soundblaster board and many fancy scientific ISA cards of the 1990s…

Or use a Dell T7500, which also has a real serial and a parallel port.
Oh, I love this machine… 196G RAM, 12cores and all the legacy stuff can be used…
But ISA is missing. The idiots should have included a pci to isa bridge as is was done in the i440BX chipset.
I need to look for LPC by the way. If there is no LPC connector, and also no footprint for the pcb designers to help with board bring-up, you can hw mod an LPC connector to many boards:

LPC could be hacked with mainboards that use a “firmware hub” iirc, a special flash made by intel to be connected to their fancy LPC.
So de-soldering the FirmwareHub (bios chip) and replacing it with a pcb that contains a connector to interface to a small ribbon cable that in turn has a LPC connection (TPM plug) could help here.
You can also do the stunt by desoldering your tpm if it uses LPC.
Dont forget to connect your Firmware hub and the tpm you desoldered to LPC.

Then you can make a LPC legacy interface.

BTW, if you are interested in such we could develop it, an LPC to legacy board and some fixtures to get it connected. (I was mainboard designer some time ago.)
But for me alone it would be nice but I don’t want to spend the time.

Cheers

luja

Registeron · February 22, 2022, 11:21pm

Thank you really much for your efforts, unfortunately I don’t understand a single thing. I’m not that tech-savvy and actually just wanted to know if I should leave ClockVM on sys-net or set it to (none) or maybe sys-whonix, just to increase my privacy, if it matters at all.
I respect your enthusiam after all.

enmus · February 22, 2022, 11:29pm

Registeron · February 22, 2022, 11:31pm

Thanks, so does it matter at all if I only use Whonix (which should have UTC by default)?

luja · February 23, 2022, 6:47am

If you use ntp with a good ntp source, the time jitter is smaller than icmp echo.
So what would you see if you try to measure the traffic of different VMs?

A lot of computers is set to correct time as most plastic routers collect ntp from ntp.nist.gov, and your computer asks your plastic router by default.

The packets have more jitter than the hwclock which is used to sync sysclock.

Sysclock was hopefully adjusted at least at boot time to compensate for longterm drift of its xtal oscillator, which drifts more or less depending on the quality of your xtal.

So the 2^15 Hz Xtal is important for your RTC
And the 25MHz Xtal for your ethernet phy.
Both schould have low drift.

luja · February 23, 2022, 6:58am

Executive summary:

You do not need NTP, or a “clock vm”

Joking:
Maybe you need an LED blinkenlights VM with at least 16GB of RAM, 4CPU cores and some fancy home build pci device attached to the blinkenlights HVM.
/Joking

Every PC since the IBM-AT has a CMOS based realtime clock.
These clocks use the same time piece as your 4dollar wrist watch: the cheapest sourceable 2^15 Hz tuning fork type quarz crystal.

So how often you adjust your watch? Once a day if you are pedantic.
Same with your PC: the clock is a piece of hardware and it just drifts from reference time by changes of temperature, moisture! (You could drip stearine of an old candle on the circuit with the xtal using a small lighter to keep moisture deviations out and to stabilize the temperature a bit) moon phase, and the delays of the train schedule.

So as all the VMs sit in the same computer they have access to the same hw time piece, the build in Real Time Clock of your PC.
In the good old times it was an extra chip and owners of an IBM XT reeded to buy an ISA card with a RTC (saw vintage advertizements for it)

**You do not neet a NTP-VM!
Just adjust the RTC somehow after boot. To do this you can use ntp.
If you use whonix or not does not help as your plastic router asks some ntp server, maybe the server of the manufacturer, so they know the IPs of their routers beeing online at a time…

Just ask your plastic router and use sys-net for ntp in most cases, as your smart freezer, microwave and your latest fancy internet of shit gadget will ask your plastic routers time, as these gadgets miss the shitty 2^15 Hz Xtal. A lot of gadgets without xtals buy the manufacturer the next Aston-Martin…

Suggestion is to use GPS time as there are no traces, same as you are listening to FM Radio with head phones. The NSA can not know which station you tuned in.