I've implemented physical isolation of networking (VPN plus Tor) and workspace, using two Raspberry Pi 2 Model B v1.1 ARM-based microcomputers.[0] Missing packages in Raspbian wheezy prevent building Whonix on the Pi, and so I've replicated basic design features. The gateway Pi connects to the Tor network through a VPN service, and then reaches the Internet through Tor. Firewall rules allow outgoing connections on WAN (eth0) only to the VPN servers, Raspbian wheezy repository servers and NTP timeservers. No DNS servers are reachable via WAN (eth0) and so all needed IPs are provided locally. Firewall rules allow outgoing connections on the VPN tunnel interface (tun0) only by the Tor client process. The Tor Browser and other apps on the workspace Pi can reach the Internet only through the Tor client process on the gateway Pi. Both gateway and workspace employ full-disk encryption, using standard Linux dm-crypt/LUKS plus LVM2. The LUKS volume on the gateway Pi can only be unlocked via SSH (dropbear) from the workspace Pi. That protects VPN credentials and any Tor hidden-service keys while the gateway Pi is shutdown. Next steps will include adding apps to the workspace, and hardening. I'm looking at EMF shielding both networking Pi and workspace Pi, and embedding the boards in Arctic Alumina.[1] The gateway Pi will have no exposed USB or HDMI ports, just power and the two ethernet ports. And of course, I'll test for leaks, both networking and EMF side-channel.[2] Firmware flashing is another vulnerability that needs to be addressed. I'd appreciate feedback, criticism and suggestions. [0] http://lwcl5doqq2uzjmom.onion/Raspian-wheezy-VPN-Tor-Gateway-Workspace-r0.ht.... [1] http://www.amazon.com/Arctic-Alumina-Thermal-Adhesive-5g/dp/B0009IQ1BU/ref=sr_1_1?ie=UTF8&qid=1426546059 [2] http://www.techrepublic.com/article/computer-stored-encryption-keys-are-not-...