Running Tails in a VM inside Parrot 3.11


#1

This is a continuation of my previous post in “Anonymous Mode Will Not Restart” (Anonymous Mode Will Not Restart).

Being able to successively start, stop and restart Anonymous Mode (anonsurf) is necessary in order to cloak and later recloak the Tails distro running in a VM inside a Live, Encrypted-Persistence installation of Parrot. Tails cannot hide your MAC address when running inside a VM. Only Parrot can do this when anonsurf start is confirmed to be active by the command anonsurf status, which must be executed in the root terminal when using a normal user account.

Therefore, when setting up encrypted persistence, make two volumes on a separate USB drive;2 one for your settings and one for your data.3 That way, if you have to delete and restore your settings partition, your data is secure. For how to set up, delete, and then restore_2_ the persistent settings volume on the separate encrypted USB, see, e.g., cyberdog’s post, “This is my EASY GUIDE to making a persistent encrypted usb drive,” in the old community forum @ https://oldforums.parrotsec.org/viewtopic.php?id=1004

Upon bootup in encrypted persistence mode, the Parrot OS will ask you to unlock both persistence volumes with their respective passphrases. Don’t be alarmed that your data volume will be exposed upon system startup. It will show as being locked when selecting “Places” from the upper panel menu in the GUI.


1 I prefer Parrot Home i386 ver. 3.11 for travel, as this will Live install on any Parrot-.iso-compatible host computer’s architecture, whether it be amd64 or i386. As you know, an amd64 OS will not install on i386 architecture.

2 Use a separate USB drive for your encrypted persistence volumes.

Otherwise, when you use Etcher to flash a new, hash-verified .iso image onto your OS USB drive if your encrypted persistence volumes are setup on the same USB, you will lose them. (I never upgrade to a new distro through the terminal. Rather, I download the new .iso file, verify its hash signatures, and flash it to the OS USB with Etcher (see https://docs.parrotsec.org/doku.php#live-mode).

You can repeatedly flash your OS USB with minimal disruption to the settings stored in the corresponding volume in your **separate** encrypted persistence USB, **provided that** the image you're flashing is the identical .iso used when setting up your encrypted persistence settings volume.

**Setting Up the Virtual Machine:** Be generous with the size of the settings volume in order to avoid running out of drive space when doing lots of complex operations.  This space limitation, as well as that of your system RAM will determine how easily large data sets are manipulated and transferred.  If you're going to run the Tails distro in a virtual machine within Parrot (download Virt-Manager through Parrot's Synaptic Package Manager found in the System-Administration drop-down menu), be sure to first update any pre-3.11 versions of Parrot.  During VM setup, set the VM memory allocation to at least 2048 MB (see Tails' instructions and security precautions (https://tails.boum.org/doc/advanced_topics/virtualization/virt-manager/index.en.html)).  On my 8GB machine I set it at 3584 MB, which roughly distributes system RAM evenly.  Once you learn how much memory your VM needs for your uses, you can adjust its RAM allocation in 512 MG blocks above the minimum 2048 MB threshold, accordingly.  

Whether flashing a new .iso image, or reflashing the original one, you’re booting up with a “virgin” OS. Any data/media corruption in your old OS that might escape “cleansing” during a full upgrade through the terminal is wiped away.

3 Separate encrypted volume setup for data only:
To create an additional persistence volume, follow the directions in cyberdog’s post referenced above, but eliminate the following terminal commands:

mkdir -p /mnt/my_usb
mount /dev/mapper/my_usb /mnt/my_usb
echo "/ union" > /mnt/my_usb/persistence.conf
umount /dev/mapper/my_usb

This will prevent any communication issues between the OS and your encrypted persistent settings volume. Also, label the data volume another name rather than “persistence”, e.g., “data” or MyFiles", etc. That way it will be less confusing trying to distinguish your two encrypted volumes in the file manager.

Note: If you bootup in Live encrypted persistence mode while using a freshly reflashed .iso image on your OS USB, you may see some error messages about not being able to execute mkdir , etc. Have no worries, again, with the caveat that you reflashed with the identical .iso image you used when setting up your persistent settings volume.


Can Parrot replace Tails?
VM software on Parrot OS
virtual machines
Live USB with Persistence
Parrot 4.0 development discussions
Live USB with Persistence