{{Header}}
{{Title|
title=Live Mode for {{project_name_long}}
}}
{{#seo:
|description=Read-only mode. Make all writes go to non-persistent memory (RAM) instead of the hard disk.
|image=Grub-live_mode_indicator_in_kicksecure.shortened.png
}}
{{live}}
[[File:Live-mode-promo.jpg|thumb|Live Mode boot option selectable in boot menu. ([[Live_Mode#Starting_Live_Mode|more screenshots]])]]
{{intro|
'''{{project_name_short}} can be booted in Live Mode''' - a privacy-focused mode where nothing is saved after shutdown, making it ideal for handling sensitive data. This feature is available for both {{project_name_short}} as the host OS and {{project_name_short}} as the guest OS.
}}

= Introduction and Definitions =

A '''live mode''' offers to use an {{os}} without leaving any traces. If the system is started in live mode, all software can be used as normal, files can be saved, tasks can be accomplished, but after the session all data is lost and gone. This is especially important for use cases where sensitive temporary data is involved.

{{project_name_short}} live mode can be used if {{project_name_short}} is a '''guest OS or a host OS''' itself. A '''host {{os}}''' is your main system, like the one you normally boot your computer into. A '''guest OS''' runs inside a virtual machine, like an app inside a window. {{project_name_short}} can be booted into live mode in both cases. We will use '''''HOST''''' on this page if {{project_name_short}} is a host OS and we will use '''''VM GUEST''''' if {{project_name_short}} is a guest OS inside a virtual machine.

Live mode is accomplished by use of either,

* '''A)''' '''[[ISO]] Live Mode''' (<u>see [[USB Installation]]</u>); '''<u>or</u>'''
* '''B)''' '''[https://github.com/{{project_name_short}}/grub-live <code>grub-live</code> package]''' (<u>this wiki page</u>), a package that is developed and maintained by the developers of Kicksecure and Whonix. grub-live can also be used by other Linux distributions because it is Freedom Software.

'''NOTE''': This is unfortunately not available in {{q_project_name_long}}, but available in all other {{project_name_short}} variants.

= What data will be forgotten? =

Booting into live mode will ensure all disk writes to the virtual hard drive are forgotten after shutdown because all writes go to volatile memory (RAM) instead of the hard disk. In other words, after shutdown everything that happened during a previous boot session is erased - like it never happened. This includes:

* everything that is created / changed / downloaded
* any websites visited, files downloaded or documents created
* any other modifications of the virtual hard drive or activity history
* This also holds true for malicious changes made by [[Malware and Firmware Trojans|malware]]. For {{project_name_short}} as '''''VM GUEST''''' also read our chapter [[#Helpful_tips_against_attack_vectors]] regarding malware.

= Getting Started =

== Preparation ==

'''Applicability:''' These instructions are <u>only needed if you plan to use live mode</u>. If you usually use persistent mode (the default option), you can skip this section.

The very first time you start {{project_name_gateway_long}}, make sure to boot it '''in persistent mode''' (this option is simply called "{{project_name_short}}"). Do **not** use live mode on first boot. This helps [[Tor]] set up properly by setting up so called "Entry Guards."

After that first setup, you can choose to use live mode whenever you want if you prefer that nothing gets saved (this is sometimes called "non-persistence" or "amnesia").

== Starting Live Mode ==
<div class="fontsize19">1. Platform-Specific Notice</div>

* [[{{non_q_project_name_short}}|{{non_q_project_name_short}}]]: No special steps required.
* [[{{q_project_name_short}}|{{q_project_name_short}}]]: Live mode is unavailable. <ref>
Qubes issue: [https://github.com/QubesOS/qubes-issues/issues/4982 implement live boot by porting grub-live to Qubes - amnesia / non-persistent boot / anti-forensics]
</ref>

<div class="fontsize19">2. Boot your computer ('''''HOST''''') or start the {{project_name_short}} VM ('''''VM GUEST''''')</div>

If your {{project_name_short}} virtual machine ('''''VM GUEST''''') is already running, shut it down first. Then start it again to access the boot menu. If you're using {{project_name_short}} as your main system ('''''HOST'''''), just restart your computer.

<div class="fontsize19">3. Look at the Boot Menu</div>

When the GRUB boot menu appears (see more on the [[grub|GRUB bootloader here]]), wait until you see the menu options. You'll see a list of choices. The currently selected option is marked by an asterisk symbol [[File:asterisk_symbol.png|20px]] and shown in white text on a blue background.

<u>Note:</u> Boot option names have been renamed since version <code>17.3.9.2</code>.

'''Figure:''' ''<code>Persistent</code> Mode Boot''

[[File:Grub-persistent_mode_indicator_in_kicksecure.cleaned.png|Persistent Mode Boot|800px]]

<u>Note:</u> Boot option names have been renamed since version <code>17.3.9.2</code>.

The boot menu will show something like:

* [[File:asterisk_symbol.png|20px]] <code>{{project_name_short}} GNU/Linux</code>
* <code>Advanced options for {{project_name_short}} GNU/Linux</code>
* <code>LIVE mode USER (For daily activities.) GNU/Linux ...</code>

'''What does the asterisk mean?''' It marks the option that is currently selected.

'''Can I select more than one?''' No — you can only choose one option at a time.

<div class="fontsize19">4. Choose Live Mode</div>

Use the keyboard arrow keys (up ↑ and down ↓) to move to the option labeled: '''LIVE mode USER (For daily activities.)'''.

'''Figure:''' ''Live Mode Boot (<code>non-persistent</code>)''

[[File:Grub-live mode indicator in kicksecure.cleaned.png|Live Mode Boot|800px]]

<div class="fontsize19">5. Press ENTER</div>

Once live mode is selected, press the Enter key.

<div class="fontsize19">6. Done</div>

{{project_name_short}} will now start in live mode — where no data is saved after shutdown.

= Functionality Test of Live mode =

If you want to independently verify if live mode is working, follow these steps.

'''1.''' Run live mode (see [[#Starting Live Mode]]).

'''2.''' Create a new file in your <code>/home/user</code> directory.

Could be any file such as for example a small text file.

'''3.''' Reboot your machine ('''''HOST'''''). Or restart (via virtualizer) or reboot your {{project_name_short}} VM (both '''''VM GUEST''''').

'''4.''' After then reboot is complete check if you can find that file. If it's gone then live mode is functional.

'''5.''' Done.

The live mode functionality test has been completed.

= '''''HOST''''' specifics ({{project_name_short}} as host OS) =

== Best practices ==

It is recommended to use Live mode as a standard for sensitive data use cases. Live mode is also a useful tool for better privacy on the hard drive, as well as experimental changes like testing software.

But it is also recommended '''regularly boot into persistent mode''' (for example once per day) for installation of [[Update|updates]].

== Live mode undefeated, even by persistent malware ==

For some users persistent malware is a concern. A persistent malware compromise after reboot however would require [[Malware and Firmware Trojans#Targeted_Malware_vs_Off-The-Shelf_Malware|targeted malware]] which gains super user ([[root]]) access to re-mount the disk for write access. But re-mounting the disk for write access is not yet a default feature available to off-the-shelf malware; no such reports have come to our attention.

== Boot standard - live mode or persistent mode ==

There are two choices:

* <code>grub-live</code> ([[grub-live|grub-live instructions here]]): Boots into persistent mode by default. The grub boot menu has an option to boot into live mode.
* <code>grub-default-live</code> ([[grub-live#grub-default-live|grub-default-live instructions here]]): Boots into live mode by default. The grub boot menu has an option to boot into persistent mode.

== {{project_name_short}} live mode vs Tails comparison ==

{{project_name_short}} live mode is based on the [[grub-live]] package which is developed and maintained by the team behind Kicksecure and Whonix. The grub-live package is not only available for Whonix and Kicksecure, but also for many other Linux distributions. To compare Tails and {{project_name_short}} live mode, see [[grub-live#comparison_between_grub-live_and_Tails]].

= '''''VM GUEST''''' specifics (Virtual Machine VM) =

== VM Live mode and RAM ==

{{mbox
| type    = notice
| image   = [[File:Ambox_notice.png|40px|alt=Info]]
| text    = '''Tip:''' Since live mode makes each write go to RAM, increasing the memory assigned to the VM will improve performance; for example, if large files are regularly downloaded.
}}

== Anti-Forensics ==

VM Live Mode is NOT an anti-forensics feature! This is due to the limitations of the virtual machine. For anti-forensics check out Live Mode as '''''HOST''''', described above.

== Helpful tips against attack vectors ==

To keep your live mode unaffected even by malware memorize these instructions and follow them regularly.

'''Table:''' ''VM Live Mode Warnings''

{| class="wikitable"
|-
! scope="col"| '''Domain'''
! scope="col"| '''Recommendations'''
|-
! scope="row"| Forensics
| By itself, starting a VM in live mode is not amnesic. Many users are unaware that activities performed inside the VM [[Warning#live|might be stored on the host mass storage device (hard drive, HDD, SSD)]] in locations that are hard to review (for the majority). Extra steps must be performed on the host operating system to minimize these traces -- see [[Anti-Forensics Precautions]], or better, use Live Mode as '''''HOST'''''.
|-
! scope="row"| Malware
| To prevent malware from remounting the hard drive as read-write it is strongly recommended to use [[read-only|read-only hard drive mode]]. This raises the bar as malware would need to break out of the VM to gain persistence, because there might be data leaks if
* [[read-only|read-only hard drive mode]] is <u>not</u> configured and malware remounted the disk as read-write or broke out of the VM; or
* [[read-only|read-only hard drive mode]] is configured and malware broke out of the VM. <ref>There are two live mode options available, [https://github.com/{{project_name_short}}/grub-live <code>grub-live</code>] and [https://github.com/{{project_name_short}}/ro-mode-init <code>ro-mode-init</code>].

* <code>grub-live</code>: a new boot menu entry is created which must be selected manually, but it is a better failsafe and hence the recommended option.
* <code>ro-mode-init</code>: the boot menu stays the same and the system automatically boots into live mode when it detects a read-only disk, otherwise it boots normally into persistent mode. The advantage of using this approach is that malware running in a VM cannot silently change settings to leave persistent traces.
** [[VM_Live_Mode/ro-mode-init|ro-mode-init documentation]]
** https://forums.whonix.org/t/whonix-live-mode-amnesia-amnesic-non-persistent-anti-forensics/3894/145
</ref>
|-
! scope="row"| Other Precautions
|
* <u>{{project_name_short}}</u>: It is recommended to regularly boot into persistent mode for installation of [[Update|updates]]. <br />
* <u>{{project_name_short}}</u>: If live mode is used with {{project_name_short}}, regularly booting into persistent mode is important to keep Tor's normal [[Tor_Entry_Guards|guard]] rotation schedule. <br />
* <u>KVM</u>: Hard shutdowns of a VM can prevent loading of the filesystem with a read-only marked drive on next boot. Do not use 'Force Off/Reset' on KVM to avoid this possibility.
|}

== VM Live Mode vs VM Snapshots ==

Readers of this chapter should already be familiar with {{project_name_short}} live mode, as described in the other chapters on this page, as well as the concept of VM snapshots.

Starting with a clean [[Virtualization_Platform_Security#VM_Snapshots|VM snapshot]] and later reverting to that snapshot should be even safer than using VM live mode. This is because snapshots are enforced from outside the VM, by the virtualizer. Therefore, snapshots are more secure.

It is also worth noting that running VM live mode uses more RAM than is allocated to the guest, since the OS runs entirely in memory. This means that, in some cases, it is more likely for VM live mode to experience [https://en.wikipedia.org/wiki/Thrashing_(computer_science) disk thrashing], where the VM uses up all the allocated memory and becomes significantly slower. The snapshot approach does not have this issue with RAM.

It is difficult to imagine a case currently where the combination of VM live mode with reverting to a clean snapshot would be even safer. Perhaps in the case of a virtualizer bug with snapshots and/or user error forgetting to revert to a snapshot.

For even greater security, the user could consider Live Mode '''''HOST''''' or even host disk snapshots, such as [[Raw Disk Backup]], although this would unfortunately be more cumbersome and time-intensive.

== Troubleshooting ==
For known issues, see [[Grub-live#Live_Check_Systray_Issues|Live Check Indicator Systray Issues]].

== Host Live Mode in Combination with VM Live Mode ==
If the host operating system is booted in live mode, that includes everything that is running on the host. This means it also includes any VMs running on the host.

Therefore it is unnecessary to run VMs in live mode if the host is already running in live mode. The VMs will report that they are not running in live mode but they don't know any better and have no way to know by design.

The user could perform a [[#Functionality Test of Live mode|Functionality Test of Live mode]] to verify this.

= See Also =
{{live}}
{{grub-live}}

= Forum Discussion about live mode =

See: [https://forums.whonix.org/t/whonix-live-mode-amnesia-amnesic-non-persistent-anti-forensics/3894/123 Whonix live mode / amnesia / amnesic / non-persistent / anti-forensics]

= Footnotes =
{{reflist|close=1}}
[[Category:Documentation]]
{{Footer}}