Mac OS X Guest Support (via KVM/QEMU) -- Serious Inquiry

mantisgroove

Member
Nov 19, 2014
30
3
8
Hello everyone:

First of all, I'd like to say I really, truly appreciate all the hard work that has gone into the Proxmox VE product. It is so incredibly valuable to have something of this caliber available for free (Support costs money, I get that, and it's a great business model).

The reason I'm bringing this issue up is that I'm a Systems Engineer by trade (I do Technical Consulting, Deployment, and Integration work for an Apple VAR & MSP business), and actually have a fair amount of engineering work subcontracted to me from Apple.

Not only am I an engineer by trade, but like many of you I suspect, it's my passion. My hobby. It's what I do, even when I'm not at work, just because it's fun. All that said, over the years as Apple's OS and software offerings in the enterprise I.T. market have become more and more "dumbed down", and less of a serious contender for space in a server room, I became very interested in Linux/UNIX, and especially open source software. I've also become a huge fan of virtualization (Proxmox being my hypervisor of choice).

What I, and many others I suspect DREAM of, is full Mac OS X Guest support in Proxmox. Because people working in I.T. with an Apple focused perspective like me, often NEED to architect solutions based on Linux, and virtualization in order to provide a rock solid, and affordable deployment. BUT, because of the Apple perspective, there's almost always a need for an "element" of OS X. Maybe just for a file share. Or caching of Apple Software Updates on the LAN, or to use their MDM Server. But it drives me crazy to have to deploy a silly little Mac Mini and go bare metal.

It seems EVERY time this is brought up, people cite Apple's EULA as if virtualizing OS X were a "no no". Ever since the introduction of Leopard Server (October of 2007) Apple has modified their EULA to allow some degree of virtualization. For Leopard and then Snow Leopard, the "Mac OS X Server" branch of the OS (it was a separate product/build of the OS back then) was opened up to allow for virtualization. 100% legal, and legit. Parallels even went so far as to develop a server product specifically for this. Parallels "Server for Mac", and later Parallels "Server for Mac Bare Metal" (going one step further and allowing a lightweight linux wrapper around their hypervisor alone. For whatever reason their overpriced, and not so stable product got discontinued.

With the release of Mac OS X Lion (July of 2011) the EULA was modified to allow for the virtualization of up to 2 additional copies of OS X legally for anyone who is running a legitimate copy of OS X. And, I really think this distinction is what caused a lot of confusion. People kept focusing on the language of "already running OS X", and deciding that it was only OK to virtualize OS X if you were currently booted to OS X. I don't think that's the case at all. It wasn't stated that clearly. I think their intent, was to say that, if you downloaded a hacked up torrent of OS X, and installed it on your fancy new Hackintosh you've built then no, of course you are braking the EULA. But I think they were simply trying to say that, if you are legally licensed to be using the OS (i.e. it came on the Mac you purchased), then you could fire up a hypervisor, and legally run a couple VM's with no additional licensing required.

Another reason I'll argue that it's OK to offer Mac OS X Guest support is that VMware has been doing it for YEARS. In the open. Listing the operating systems as having guest support, and several of Apple's computers (Xserves, Mac Pro's, and Mac Mini's) on their hardware compatibility list.

What I'm referring to is their flagship hypervisor (ESXi, and vSphere). These support Mac OS X Guests with no issue. They simply require that you being running ESXi/vSphere on Apple Hardware. That's been the rub all along. You don't have boot OS X, you just need to be using Apple hardware (which, if you look at the specs is just high quality, stylish X86_64 standard stuff).

VMWare, and Parallels in their products always implemented this simply by checking for the presences of Apple's AppleSMC (System Management Controller) and ASCII OSK0 & OSK1 strings/key values. Hackintosh projects often create false dummy hardware to trick the software into thinking they're seeing genuine Apple Hardware, and hacked torrents floating around out there that let you boot OS X from non Apple Hardware do so by "patching" the hypervisor, and disabling it's checking.

But it's not necessary to do any of that. Simply check for the AppleSMC, and OSK key values, and pass the hardware visibility to the guest so that OS X when booting can verify it as well and you're good to go. Parallels Server for Mac Bare Metal did this, and VMware's ESXi, and vSphere do this now. These are major commercial software virtualization vendors, who, incidentally also offer Parallels Desktop, and VMware's Fusion to personal computer user's wanting to run Windows on their Mac, and have retained their developer certification to continue doing so... even selling these products in Apple Stores because of their good relationship.

There was a time when implementing OS X Guest support would be a colossal feat of crude and illegal/un-ethical hacking. That simply is no longer the case.

You CAN offer OS X Guest Support while remaining fully EULA compliant, and if you were to do this, it would be HUGE a differentiator for your product. I would probably start getting it sold to ALL my corporate customers, WITH a support contract if it just offered this Guest support.

So... if your engineering resources are simply stretched too thin to implement something like this, and you think it would be a worthless feature, I can't really argue with you guys (you know your customers better than I), but please. Can we all stop saying it's too hard, or that it will break the EULA. KVM and QEMU updates recently have made this trivial. I wouldn't be surprised if it actually starts working sometime in the near future without you even noticing. It's just a UNIX mach kernel based, X86_64/Intel operating system that uses UEFI instead of BIOS, and some hardware verification on boot.

Please oh, please, oh please, make my year by making Proxmox, TRULY the worlds best virtualization platform by adding OS X Guest support. I'm tempted to even pay someone to integrate the code for you if you'll just merge it into your product.


Most of the technical details, on how this can be done are laid out here:
http://www.contrib.andrew.cmu.edu/~somlo/OSXKVM/


And then additional updates, and information here:
http://blog.definedcode.com/osx-qemu-kvm


Thanks,

Jon Jewett
Systems Engineer
MacAuthority -- Simply Mac
 
AFAIK, you need apple hardware in order to run OSX as guest. if this changed, please point me to the EULA from apple.com. we do not want to encourage people to work against the apple EULA.

as there is NO apple server hardware, so who is the target for such a product?

mac mini is a desktop system (no hardware raid, no ecc memory, overpriced). mac pro is out of discussion anyway (far too expensive).

there are howtos and patches around to get this working (check Proxmox VE devel mailing list), but I do not see any reason to integrate this into the main project and there is no suitable hardware for this available (legally).

Proxmox VE is built to run on mainstream Intel/AMD server hardware.
 
Yes, you are correct. In order to remain EULA compliant (running OS X as a guest) you must use Apple hardware.

While interest in virtualizing OS X in an Enterprise Production environment is certainly a niche subject, for the select few who want to do it, being able to use Proxmox instead of VMware would be HUGE.

I (along with everyone else interested in this niche) am definitely saddened by the discontinuation of Apple Xserve, as it was true, Enterprise, Production, Server Hardware. However, the options that are available from Apple are not worthless. The 6,1 revision of the Mac Pro (small black cylinder) is a fantastic piece of hardware. It actually does use ECC, and using a PCIe/Thunderbolt bridge you can use a hardware RAID card to attach storage arrays. It uses Intel Xeon E5 v2 CPU's, (4, 6, 8, or 12 Core), 1866 MHz ECC DDR3 RAM, and a PCIe solid state boot disk with approximately 900MB/s of R/W. It has two build in Gigabit Ethernet ports, and 6 Thunderbolt connections (3 Independent busses) that each provide 10Gb/s of throughput for peripheral connection to 10Gb Ethernet, or additional storage via a PCIe bridge.

The Mac Pro is often cited as being "too expensive", but really it is quite a reasonable price, it's just that the components it uses are very, very, high quality. Unfortunately in this case (use as a Server) they have used dual, high end GPU's (Dual AMD FirePro D700's) that are very expensive, and to no use to a virtualization host server. The previous Generation of Mac Pro 5,1 (also on VMware's official HCL) had internal PCIe, and Hardware RAID, and HDD disk slots, so if you buy one of those used, it's terrifically suited as a VM host.

Lastly, the Mac Mini's (while on officially on the HCL, there are however patches available for it... it's just missing NIC drivers) are actually used extensively for this. The idea being is that an organization will have a large vSphere cluster of many servers, and only a few of the cluster members will be Apple Hardware, allowing them to run OS X guest VM's in their environment easily.

I certainly understand why you guys are not spending a huge amount of resources and marketing to go after this market. I understand it's niche status. But if compatibility, and support were achieved, it would be a HUGE deal to our little community, as I currently find myself architecting solutions constantly that have to choose between OS X Guest support, and my #1 recommended hypervisor/virtualization platform of choice (Proxmox).
 
just to add here, Proxmox VE on mac mini seems to work without huge problems, e.g. http://forum.proxmox.com/threads/20351-How-to-install-PVE-3-3-on-Mac-Mini-6-1

AFAIK, you just to patch qemu to run OSX guests. so if you know what your are doing, it should be possible. check our dev mailing list, this was topic some time ago.


Yes, I believe you're right there, patching shouldn't be necessary for QEMU, or KVM to my knowledge. However, you still have to go through the process of dealing with the special bootloaders (Chameleon), faking the AppleSMC chip, and creating the VM with a slew of convoluted special command line arguments.

If we could just build a method of AppleSMC passthrough (like what VMware does), you could actually have OS X as an OS option when creating a new VM, and it would simply fail if you tried it on non Apple hardware (this is what VMware does), and having it just work, easily, transparently, and with feature parity to Windows, or Linux OS's.

That would be the "holy grail" in my opinion. Setting up businesses with a Proxmox cluster of 3 servers, and then 2 standalone ESXi boxes to handle their OS X Guest VM's... it just hurts my heart.

What if I hired a developer to actually write all the code to add this functionality, would you incorporate it into your product?
 
...

What if I hired a developer to actually write all the code to add this functionality, would you incorporate it into your product?

yes, I do not see any big problems, just follow the usual developement guidelines, see http://pve.proxmox.com/wiki/Developer_Documentation

and of course, such a feature must also be integrated in our regular test plans in our testlab - or in other words, there is currently no Apple hardware in the testlab and I doubt that our testlab manager is financing mac pro boxes for this.
 
I've tested it and it is fine. Having extra "args" on a KVM configuration is allowed by Proxmox team (because they've implemented it, right?).
I've installed and upgraded a Mavericks instance without any issue.
The only downside I see now is that SMP is not working, so the Mac VM is limited to 1 core.
 
sigxcpu,

Could you send me instructions on how you were able to accomplish this? I have a lot of experience using Mac OS X on Apple Hardware, and am also very familiar with using Proxmox (though I've always used it on Dell hardware). I've installed Proxmox on Apple hardware a few times (1st Generation Mac Pro's with early Xeon CPU's) and they worked great, but I was not able to successfully get OS X working. Could you provide some details regarding what Apple hardware you used (specific model and revision), and all the "args" you had to use?
 
Sure, glad to help.

I've attached the current VM parameters at the end.

I've followed the guide here: http://forum.proxmox.com/threads/19722-Mini-HOWTO-Running-Mac-OS-X-10-9-under-Proxmox-3-3

Note: for an initial working network configuration, you need to append
Code:
-netdev user,id=hub0port0 -device e1000-82545em,netdev=hub0port0,id=mac_vnet0
in args. Then you can install the OS, download and install the virtio network driver for Mac OS from https://github.com/pmj/virtio-net-osx/raw/master/bin/Virtio-Net-Driver-0.9.4.pkg. After that you switch to virtio network and you can remove the "netdev" stuff.

Chameleon bootloader for
Code:
chameleon_svn2360_boot
can be taken from here: http://chameleon.osx86.hu/file_download/45/Chameleon-2.2svn-r2404-binaries.tar.gz. Inside that archive you will find a file named "boot" that you take out, rename to
Code:
chameleon_svn2360_boot
and copy it somewhere on the hypervisor. You may need to adjust the path to it in the VM configuration.

To create an ISO for the Mavericks installer, I've followed the guide/script from here: http://forums.appleinsider.com/t/159955/howto-create-bootable-mavericks-iso

KVM configuration:


Code:
# cat /etc/pve/qemu-server/112.conf
bootdisk: ide0
ide0: ZFS1:112/vm-112-disk-1.qcow2,format=qcow2,cache=unsafe,size=256G
cores: 1
cpu: core2duo
memory: 4096
name: macos-mavericks
net0: virtio=42:B7:5D:FA:CD:B2,bridge=vmbr0
ostype: other
sockets: 1
tablet: 0
args:  -device ahci,id=ide -device isa-applesmc,osk="ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc" -kernel /storage/proxmox/images/112/chameleon_svn2360_boot -smbios type=2 -readconfig /usr/share/qemu-server/pve-q35.cfg -device usb-mouse,id=mouse,bus=ehci.0,port=2 -device usb-kbd,id=keyboard,bus=ehci.0,port=3 -vga std -machine q35 -device ide-drive,bus=ide.1,drive=MacDVD -drive id=MacDVD,if=none,snapshot=on,file=/storage/proxmox/template/iso/mavericks.iso
 
Last edited:
I'm glad folks are talking about this. If one were to buy a Mini and leave it *unused*, then virtualize OSX on some other hardware, I think Apple would be hard-pressed to claim damages ;)

It's a shame we even have to have this conversation, though. Apple has continued to produce OS X Server as a Mac management and SOHO/SMB platform, yet hasn't told us on what hardware they expect us to run it. Silly.

ETA: http://www.macstadium.com/cloud These folks run an entire business on the premise that one can run ESXi "at the bottom" of one's application stack.
 
Last edited:
Yeah, I don't even understand how people can continue to act as if virtualizing OS X were somehow a "grey area", or questionable. VMware, the virtualization giant, and product space leader officially supports OS X Server 10.5, OS X Server 10.6, OS X 10.7, OS X 10.8, and OS X 10.9 officially as guest operating systems. And they support a few Apple hardware models as supported hosts.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!