Qube Running Exclusively In RAM

Sec23 · November 23, 2021, 4:00am

I am a new Qubes user and I know this isnt necessary the forum for this question but there are a lot of knowledgeable people that could probably answer the question so I thought I would ask it here. Anyhow, so when you boot kali live boot from a USB the entire OS is run only from RAM like Tails. Well what I was wondering is if it is possible to boot kali live only from RAM in a VM like virtualbox? Lets just say the host OS is Ubuntu, then virtualbox is installed, then whonix is installed in the virtualbox. Then you use kali live iso to boot in virtualbox and adjust the settings to work with whonix. Is kali still completely loaded in the hosts RAM from the VM. If this is not correct and there is another way of accomplishing this that someone could explain I would be interested in hearing. Also is whonix completely loaded in RAM as well. If not then that would defeat the purpose of the security procedure correct if only kali was? Thanks

TheGardner · November 23, 2021, 1:13pm

Assume, this should be the easier way:

Copy the iso from your USB to an AppVM (for example: personal)
Create a qube (let’s call it kali-OS) with “Standalone VM” for VM type and let’s say 4096 mb of ram and after you see this qube in the qube manager, right click on it > Settings > Advanced > boot from CD-Rom > from qube: personal > file: location of the iso.file in personal

…Booting into RAM…

Sec23 · November 23, 2021, 7:45pm

Yes, I think I understand it now. However, does it work that way for Qubes as well? My question was not regarding Qubes, but from what I read in other posts in the forum, I think one of the devs said that VM’s were not made to completely boot from RAM. I dont know what they mean by that though, as far as details. Although, as far as Virtualbox it seems like that might work out.

ppc · November 24, 2021, 12:32am

virtualbox:

only almost, iirc in the vm folder there a file act like “swap” or “ramdisk”, also on the host

Traces of your Tails session are likely to be left on the local hard disk. For example, host operating systems usually use swapping (or paging ) which copies part of the RAM to the hard disk.

qubes

not same as virtualbox, qubes don’t have swap so log are only thing left

By itself, starting a VM in live mode is not amnesic.

let’s put log on aside

above, i don’t know if whonix having a way to deal with that

unman · November 24, 2021, 12:37pm

Currently, qubes dont boot from RAM.
It is possible to create a RAM disk and use it as backing store for
qubes - like this
This would provide some degree of forensic proection, and the scripts
there try to clean up logs. (Of course, having that script in itself
might raise some issues, like running Qubes or having Tor or veracrypt
installed.)

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.