macOS as a VM

[andrewdavidwong]

https://groups.google.com/d/msg/qubes-users/RiVntUzgJmY/rXMtXD3WKQAJ

[lattice0]

I couldn't find information regarding Qubes 4.1. I suppose those pacthes were added already. Do you have any new information?

[andrewdavidwong]

I couldn't find information regarding Qubes 4.1. I suppose those pacthes were added already. Do you have any new information?

No new info on this, as far as I know.

[fabiogermann]

I also couldn't find a pull request in QubesOS/qubes-vmm-xen for those patch files - I assume that would be the appropriate repo. A first step could be to get them into the standard build.

[lattice0]

I don't understand this step

"Update the attached files with the MAC address and IP address assigned to your appvm"

I don't know where to find the MAC and IP addresses in my newly created HVM.

I also don't know if my QEMU is recent enough, and I don't even know which qemu I have. The qemu's that appear in my dom0 are qemu-img-xen and qemu-ndb-xen, for which I can't find the version.

I tried generating an image from https://github.com/kholia/OSX-KVM and booting into an HVM to see if the patches were working but it won't even boot. Maybe the pen drive method from the qubes forum post is still needed. However I'm trying to do an auditable macOS VM so I don't like the idea of starting with a pkg.

If someone finds this post and has a cleaner and auditable way of doing all this, please talk to me :)

[ideologysec]

Different/better strange news (separate from the difficulties of trying to map old Xen -> new macOS instructions and the Xen!=KVM apportionment of effort): https://communities.vmware.com/ideas/1803

Apple dev linked documentation: https://developer.apple.com/documentation/paravirtualizedgraphics

[lattice0]

@ideologysec

Very nice, I just hope Qubes gains ARM support otherwise we'll not have much years to enjoy macOS on it.

I was trying to experiment with UEFI boot: https://github.com/QubesOS/qubes-issues/issues/5767 to try to boot https://github.com/foxlet/macOS-Simple-KVM which runs great on Qemu but I did not go too far yet.

[tbrtje]

Is this currently being worked on? Everything I could find was for Qubes 3. I cannot get it to work on Qubes 4.

[ideologysec]

I have doubts this will ever be much of a priority, especially as Apple moves away from Intel.

I do not have a setup to experiment with currently; I would begin by crossreferencing the differences between Xen & KVM virt options, and understand if an actual patch is needed for Xen, or if it can be done with the proper configuration.

[eduncan911]

Funny... I was JUST watching this not 5 minutes ago and thought of exactly THIS issue to rehash!

https://youtube.com/watch?v=ATnpEOo3GJA

The GitHub uses KVM, but the key VM startup vars info is there that could be copied over to a Xen VM/template.

Their KVM setup uses a dedicated GPU and a dedicated PCIe card for USB (keyboard, mouse, etc).

It's a serious start, knowing the boot vars now.

I don't have a qubes machine at this time or I'd work on it

[lattice0]

@eduncan911 the github project that ables to run macOS on KVM uses KVM + Qemu. Qubes uses Xen + Qemu. The main reason macOS wont run on Qubes easily is the fact that all VMs in Qubes boot in BIOS mode, and macOS uses UEFI. I've learned that Xen supports UEFI and the Xen currently built into Qubes already supports it too as an experimental feature. I even discovered how to enable it but I couldn't boot windows or linux in UEFI mode. Didn't try anything more but if we make UEFI boot work then it should be relatively easy to make macOS run...

[tbrtje]

Uefi isn't required actually. You can create an opencore installation that runs on a standard bios, but I have no idea how to do this with qubes, because I don't really understand how I can attach an existing qcow2 image in qubes.

[lattice0]

@tbrtje yes, the old tutorial does that way, but I think that with UEFI the KVM project will run with much fewer modifications

[agowa]

also for windows vms the uefi is more or less a must by now. It just boots way faster and from experience also has less quirks with updates... And also linux boots near instantly with uefi...

[DemiMarie]

@ninavizz I suspect you will really want this :smile:

Right now the biggest hurdle is that macOS requires a Metal-capable GPU. I do know that virtualizing macOS under macOS (yes, macOS can be a hypervisor :smile:) is supported, so they must have a way to implement this.

[ideologysec]

So, it is possible to run macOS as a guest with no Metal support - VMware Fusion on macOS runs macOS guests prior to Big Sur unaccelerated; performance is just crap.

Big Sur adds support for guest accelerated graphics, and even prior macOS versions started supporting virtual drivers:

https://www.kraxel.org/blog/2019/06/macos-qemu-guest/

[lattice0]

@ideologysec does it mean that it's possible to run macOS on KVM with accelerated graphics? How could I do that? I have a linux machine with macOS on KVM and it runs slow because of video performance. Couldn't make an AMD graphics card work in PCI passtrhough.

[ninavizz]

LOL @DemiMarie you have figured me out! Yes, a big audible gasp happened once I read this. That said, MacOS is a biggy GPU/CPU/RAM/etc hog... and the graphics programs I work with, are no different. Adobe apps, especially. Still mighty jazzed to see this may happen at some point, though! :)

[ideologysec]

Unfortunately the last I checked, for security reasons gpu passthrough is explicitly not a planned feature for Qubes (otherwise Windows which has much better gpu passthrough support would be a great option for Adobe, etc)

@lucaszanella I do not believe there are VirtIO/KVM graphics drivers for macOS at this time, unfortunately, hardware passthrough or unaccelerated being the only options. (Not sure how VMware is doing it - this may not be true, but I'm unable to find the specifications on Apple's website atm).

[DemiMarie]

LOL @DemiMarie you have figured me out! Yes, a big audible gasp happened once I read this.

I laughed when I saw your reply :rofl:.

That said, MacOS is a biggy GPU/CPU/RAM/etc hog... and the graphics programs I work with, are no different. Adobe apps, especially. Still mighty jazzed to see this may happen at some point, though! :)

Not surprised. Qubes OS works just fine with most of its CPU and RAM used by a single qube, though. And I am almost certain that the most powerful Mac has at least twice the CPU and RAM of the least powerful one.

The GPU is going to be the hard part. I do plan on adding GPU acceleration to Qubes OS at some point in the future, but I currently plan on running a custom userspace driver in sys-gui and a matching frontend driver in the qubes. That way, I can ensure that everything is written with security and minimal attack surface in mind, which is what I would need to be comfortable turning it on by default. This won’t be compatible with macOS or Windows, as I have no interest in writing drivers for either of these. Additionally, this will almost certainly be less heavily optimized than the official drivers ― for example, I may choose to have the driver be single-threaded rather than try to deal with synchronization. Finally, this will only support hardware that comes with complete documentation, which currently means Intel and AMD hardware.

For graphics-intensive applications, external GPUs are likely the way forward. Qubes OS does not currently support PCIe hotplug, but this will be fixed.

[netanelc305]

Has anyone successfully set up a macOS virtual machine? I'm currently facing difficulties trying to run it on Xen. It seems that OpenCore doesn't support Xen right off the bat, and there are some implementations that need to be addressed.

[agowa]

No, not really. However instead of macOS you could try ravynOS (website: https://ravynos.com/, GitHub https://github.com/ravynsoft/ravynos). This is an opensource alternative that claims to be compatible with most of the macOS software. I still have checking it out more closely one on my ToDo list. However as I don't know when I'll actually have time to do so feel free to give it a shot and report back. Integrating it is probably also way easier than macOS itself. It should be noted however that it is still in a very early state (last release is 0.4.0pre4 from 2022).