[A-17]

I've been using a similar configuration for a few months now and everything is working fine, that's why I'm sharing it here.

Install Kicksecure from Debian (minimalist installation)

Prerequisites
- Debian installed.
- User account 'user' exists. 

$ su
# apt update
# apt full-upgrade
# apt install --no-install-recommends sudo adduser
# /usr/sbin/addgroup --system console
# /usr/sbin/adduser user console
# /usr/sbin/adduser user sudo
# /sbin/reboot

$ sudo apt install --no-install-recommends curl
$ sudo curl --tlsv1.3 --output /usr/share/keyrings/derivative.asc --url https://www.kicksecure.com/keys/derivative.asc
$ sudo apt install apt-transport-tor
$ echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list
$ sudo apt install --no-install-recommends kicksecure-xfce-host --onion
$ whonix-installer-cli --onion
$ whonix-installer-xfce --onion
# /sbin/reboot

Choice between whonix-installer-cli or whonix-installer-xfce, upgrade-nonroot, install KVM, deploy and take snapshot of each VMs.

From this point on, there are too many needs and possibilities to cover everyone's threat models, so the rest is up to you.

Reboot Host.

From now, you can boot from Live mode USER on Host and Guest VM. So we combine the benefits of Whonix with those of Tails, without compromise.

It is recommended to use Live mode as a standard for sensitive data use cases. Live mode is also a useful tool for better privacy on the hard drive, but it is also recommended regularly boot into persistent mode (for example once per day) for installation of updates.

Tested on Thinkpad T420:
- Debian 11.10
- Debian 12.6

[Girly]

If only people with skill would use a setup like that