search

nanovms / ops

ops - build and run nanos unikernels
https://ops.city
MIT License
1.29k stars 132 forks source link

big sur requires qemu to be code-signed #842

Open eyberg opened 3 years ago

eyberg commented 3 years ago

https://www.reddit.com/r/VFIO/comments/kdhgni/qemu_hvf_support_for_mac_os_x_bug_sur_hv_error/

install should prompt the user to run the following if on big sur or later

codesign -s - --entitlements app.entitlements --force qemu-system-x86_64

app.entitlement:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.hypervisor</key>
    <true/>
</dict>
</plist>
eyberg commented 3 years ago

I think i just ran into this (after updating to big sur) but strange that I didn't codesign before, it's not showing entitlements - and it was spurious - doesn't seem to be easily reproducible.

qemu-system-x86_64: Error: HV_ERROR
signal: abort trap
➜  ~ which qemu-system-x86_64
➜  ~ codesign -d --entitlements :-  /usr/local/bin/qemu-system-x86_64
/usr/local/bin/qemu-system-x86_64: code object is not signed at all
joshuaquek commented 3 years ago

Running into the same issue too, any fix for this on Ops?

eyberg commented 3 years ago

@joshuaquek can you run what I pasted in the top comment here? that'll codesign it manually - we just haven't added it to the install script yet

joshuaquek commented 3 years ago

Thanks @eyberg ! I followed this guide (similar to what you did): https://www.arthurkoziel.com/qemu-on-macos-big-sur/

and now it works!

joshuaquek commented 3 years ago

I think we can close this issue

eyberg commented 3 years ago

glad to hear it works, i'm going to keep this open until the install script is updated here https://github.com/nanovms/ops/blob/master/install.sh

joshuaquek commented 3 years ago

thanks @eyberg !!! πŸ™πŸΌπŸ™πŸΌπŸ™πŸΌ