Linux Vm On Mac



  • Linux as VM on M1 Possible? Hello, i found a lot of Asks and Anwsers about Parallels and Windows; but for me it is more interessting to know it ifs possible to use Linux in VM on a Mac M1. At the moment i use a Air 2020 and with parallels Linux works well (and windows too).
  • So, of course you could run it in a VM in Linux, but only if your Linux machine was actually a Mac which would be rather pointless. They only alternative I'm aware of would be to use a cloud instance & the only one of those I've really heard of though never used is MacinCloud.

Tweak the virtual machine. Feel free to fire up the virtual machine once the import is complete. Before that however, I would recommend tweaking a virtual machine settings. If you are like me and installed Kali Linux in VirtualBox on a Mac Book Pro with Retina Display then you will probably be greeted with a microscopic display.

With the newly released M1 Macs, there have been lots of questions about being able to run other operating systems on it, particularly from developers that are used to running Window or Linux in Virtual Machines using virtualization on their Intel Macs. So what challenges do the M1 Macs bring in this regard?

If you are new to all this, it is important to understand the parts involved. First there are virtual machines, which act as virtual computers running on a main or host computer. Second, there are the instruction sets for the computer and OS. These virtual computers run an operating system (OS) of some kind and in most cases this OS has to have the same instruction set as the host computer. This allows the instruction to be passed through the VM to the CPU and allows for good performance. Which is what makes it so easy to run Windows 10 x86 on an Intel Mac — they both are using Intel CPUs with the same instruction sets.

But what if the instruction sets differ as they do with Intel and M1 Macs? Obviously you can no longer pass an x86 instruction to an M1 chip and expect anything to happen. So some translation or emulation needs to happen. This is typically much, much slower.

In general this is what Apple is doing with Rosetta 2 on Big Sur to allow your x86 Mac apps to run on an M1 Mac. They do an entire app translation on first launch (and also re-do it at times) and then run the translated app. This is a great technique but it doesn’t really work at a virtual machine level. And in fact, Apple specifically says that Rosetta 2 cannot be used with virtualization software.

That’s the bad news. But there are options on the horizon.

Emulation

The first option is OS-level emulation. What would happen here is that emulation software (say, QEMU, a popular open-source emulator and virtualizer) would translate x86 instructions to ARM instructions (usually on-the-fly) so that an x86 operating system could run on an M1 Mac. In theory this would allow Windows 10 x86 for example to run as a (virtual computer) on an M1 Mac.

Technically this is more than a theory since it has been done before. You may remember it was possible to run Windows 98 x86 on a PowerPC Mac back in the day using software such as Connectix Virtual PC. The downside to this approach is that it can be quite slow. Fortunately the M1 Macs are proving to be very speedy and might be able make this technique acceptable for casual use. I expect the QEMU project will be updated to eventually allow emulation of x86 operating systems on M1 Macs.

OS Vendors

You might remember in the WWDC 2020 keynote Apple showed Linux running as a virtual machine with Parallels on an M1 Mac. This demo was actually running an ARM Linux distro in that virtual machine. Since it was not an x86 distro, its usefulness depends on its ability to run the apps you need. If you wanted to run an x86 Linux app then it would not work on an ARM distro.

However, the OS vendors are working on this. Much like what Apple did with Rosetta 2, they can add OS-level support to translate individual apps from x86 to ARM, thus allowing them to work in a virtual machine. I haven’t heard of progress on this front with Linux, but I expect there will be some convoluted way to do it at some point.

Microsoft does have an ARM version of Windows, but right now it is only licensed for OEM use to include with a computer, so virtualizing it is not yet an option. And even if you could virtualize ARM Windows on your M1 Mac, it also is only useful to you if it can run the apps you want.

Currently ARM Windows has a translator that lets it run 32-bit x86 apps, but performance is poor, especially when compared to what Apple has done with Rosetta 2 in Big Sur. Microsoft has said they are working on adding the ability to run 64-bit x86 apps on ARM Windows, but that feature is not ready yet and performance is unknown.

I expect virtualizers such as Parallels, VMware and VirtualBox will all eventually have versions that run on M1 Macs and can run ARM operating systems, although perhaps just Linux to start. I don’t expect them to include emulators in their products.

Update (2020-4-14): Parallels has just released 16.5 with support for running Windows for ARM on M1 Macs.

When Microsoft adds 64-bit x86 translation and has it working at a decent speed and if it decides to make ARM Windows available for use in virtual machines then you would also be able to run Windows on an M1 Mac and run common Windows apps. But for now, we wait.

Update (2020-12-08): Some progress continues to be made on this. Here are some rough instructions on how to get Windows ARM running in a VM (UTM running on QEMU).

Other Options

Another option is the CodeWeavers product that is based on the WINE open-source project. This project essentially provides a translated Windows API that allows some Windows apps to run on a Mac. It does not run Windows itself, only apps, and only a small subset at that.

But because it translates the apps to essentially a Mac x86 app, they are a candidate for Rosetta 2 on Big Sur to translate. That’s a lot of levels of translation, but in the end you end up with a Windows app running on an M1 Mac.

CodeWeavers recently posted some information about their early testing of this.

Wrap Up

With all this said, if you require the ability to run an x86 version of Windows or Linux, then an M1 Mac cannot be your sole machine at this time. You’ll either want to also have an Intel Mac to run those in virtual machines or get dedicated separate hardware for them.

And if you want to make your own native apps for M1 Macs, Xojo now has the ability to create native apps for M1 Macs.

We’ve made every attempt to make this as straightforward as possible, but there’s a lot more ground to cover here than in the first part of the guide. If you find glaring errors or have suggestions to make the process easier, let us know on our discord.

With that out of the way, let’s talk about what you need to get 3D acceleration up and running:

If you’ve arrived here without context, check out part one of the guide here.

General

  • A Desktop. The vast majority of laptops are completely incompatible with passthrough on Mac OS.
  • A working install from part 1 of this guide, set up to use virt-manager
  • A motherboard that supports IOMMU (most AMD chipsets since 990FX, most mainstream and HEDT chipsets on Intel since Sandy Bridge)
  • A CPU that fully supports virtualization extensions (most modern CPUs barring the odd exception, like the i7-4770K and i5-4670K. Haswell refresh K chips e.g. ‘4X90K’ work fine.)
  • 2 GPUs with different PCI device IDs. One of them can be an integrated GPU. Usually this means just 2 different models of GPU, but there are some exceptions, like the AMD HD 7970/R9 280X or the R9 290X and 390X. You can check here (or here for AMD) to confirm you have 2 different device IDs. You can work around this problem if you already have 2 of the same GPU, but it isn’t ideal. If you plan on passing multiple USB controllers or NVMe devices it may also be necessary to check those with a tool like lspci.
  • The guest GPU also needs to support UEFI boot. Check here to see if your model does.
  • Recent versions of Qemu (3.0-4.0) and Libvirt.

AMD CPUs

  • The most recent mainline linux kernel (all platforms)
  • Bios prior to AGESA 0.0.7.2 or a patched kernel with the workaround applied (Ryzen)
  • Most recent available bios (ThreadRipper)
  • GPU isolation fixes applied, e.g. CSM toggle and/or efifb:off (Ryzen)
  • ACS patch (lower end chipsets or highly populated pcie slots)
  • A second discrete GPU (most AMD CPUs do not ship with an igpu)

Intel CPUs

  • ACS patch (only needed if you have many expansion cards installed in most cases. Mainstream and budget chipsets only, HEDT unaffected.)
  • A second discrete GPU (HEDT and F-sku CPUs only)

Nvidia GPUs

  • A 700 Series Card. High Sierra works up to 10 series cards, but Mojave ends support for 9, 10, 20 and all future Nvidia GPUs. Cards older than the 700 series may not have UEFI support, making them incompatible.
  • A google search to make sure your card is compatible with Mac OS on Macs/hackintoshes without patching or flashing.

AMD GPUs

  • A UEFI compatible Card. AMD’s refresh cycle makes this a bit more complicated to work out, but generally pitcairn chips and newer work fine — check your card’s bios for “UEFI Support” on techpowerup to confirm.
  • A card without the Reset Bug (Anything older than Hawaii is bug free but it’s a total crap-shoot on any newer card. 300 series cards may also have Mac OS specific compatibility issues. Vega and Fiji seem especially susceptible)
  • A google search to make sure your card is compatible with Mac OS on Macs/hackintoshes without patching or flashing.

Getting Started with VFIO-PCI

Provided you have hardware that supports this process, it should be relatively straightforward.

First, you want to enable virtualization extensions and IOMMU in your uefi. The exact name and locations varies by vendor and motherboard. These features are usually titled something like “virtualization support” “VT-x” or “SVM” — IOMMU is usually labelled “VT-d” or “AMD-Vi” if not just “IOMMU support.”

Once you’ve enabled these features, you need to tell Linux to use them, as well as what PCI devices to reserve for your vm. The best way of going about this is changing your kernel commandline boot options, which you do by editing your bootloader’s configuration files. We’ll be covering Grub 2 here because it’s the most common. Systemd-boot distributions like Pop!OS will have to do things differently.

run lspci -nnk | grep 'VGA|Audio' — this will output a list of installed devices relevant to your GPU. You can also just run lspci -nnk to get all attached devices, in case you want to pass through something else, like an NVMe drive or a usb controller. Look for the device ids for each device you intend to pass through, for example, my GTX 1070 is listed as [10de:1b81] and [10de:10f0] for the HDMI audio. You need to use every device ID associated with your device, and most GPUs have both an audio controller and VGA. Some cards, in particular VR-ready nvidia GPUs and the new 20 series GPUs will have more devices you’ll need to pass, so refer to the full output to make sure you got all of them.

If two devices you intend to pass through have the same ID, you will have to use a workaround to make them functional. Check the troubleshooting section for more information.

Once you have the IDs of all the devices you intend to pass through taken down, it’s time to edit your grub config:

It should look something like this:

In the line GRUB_CMDLINE_LINUX= add these arguments, separated by spaces: intel_iommu=on OR amd_iommu=on, iommu=pt and vfio-pci.ids= followed by the device IDs you want to use on the VM separated by commas. For example, if I wanted to pass through my GTX 1070, I’d add vfio-pci.ids=10de:1b81,10de:10f0. Save and exit your editor.

Run grub-mkconfig -o /boot/grub/grub.cfg. This path may be different for you on different distros, so make sure to check that this is the location of your grub.cfg prior to running this and change it as necessary. The tool to do this may also be different on certain distributions, e.g. update-grub.

Reboot.

Run Linux Vm On Mac

Verifying Changes

Now that you have your devices isolated and the relevant features enabled, it’s time to check that your machine is registering them properly.

grab iommu.sh from our companion repo, make it executable with chmod +x iommu.sh and run it with ./iommu.sh to see your iommu groups. No output means you didn’t enable one of the relevant UEFI features, or didn’t revise your kernel commandline options correctly. If the GPU and your other devices you want to pass to the host are in their own groups, move on to the next section. If not, refer to the troubleshooting section.

Run dmesg | grep vfio to ensure that your devices are being isolated. No output means that the vfio-pci module isn’t loading and/or you did not enter the correct values in your kernel commandline options.

From here the process is straightforward. Start virt-manager (conversion from raw qemu covered in part one) and make sure the native resolution of both the config.plist and the OVMF options match each other and the display resolution you intend to use on the GPU. if you aren’t sure, just use 1080p.

Click Add Hardware in the VM details, select PCI host device, select a device you’ve isolated with vfio-pci, and hit OK. Repeat for each device you want to pass through. Remove all spice and Qxl devices (including spice:channel), attach a monitor to the gpu and boot into the VM. Install 3d drivers, and you’re ready to go. Note that you’ll need to add your mouse and keyboard to the VM as usb devices, pass through a usb controller, or set up evdev to get input in the host at this point as well.

If all goes well, you just need to install drivers and you’re ready to use 3d on your OSX VM.

Mac OS VM Networking

Fixing What Ain’t Broke:

NAT is fine for most people, but if you use SMB shares or need to access a NAS or other networked device, it can make that difficult. You can switch your network device to macvtap, but that isolates your VM from the host machine, which can also present problems.

If you want access to other networked devices on your guest machine without stopping guest-host communication, you’ll have to set up a bridged network for it. There are several ways to do this, but we’ll be covering the methods that use NetworkManager, since that’s the most common backend. If you use wicd or systemd-networkd, refer to documentation on those packages for bridge creation and configuration.

Via Network GUI:

This process can be done completely in the GUI on modern desktop environment by going to the network settings dialog, by adding a connection, selecting bridge as the type, adding your network interface as the slave device, and then activating the bridge (sometimes you need to restart network manager if the changes don’t take effect immediately.) From there all you need to do is add the bridge as a network device in virt-manager.

Via NMCLI:

Not everyone uses a full desktop environment, but you can do this with nmcli as well:

Run ifconfig or nmcli to get the names of your devices, they’ll be relevant in the next steps. take down or copy the name of the adapter you use to connect to the internet.

Next, run these commands, substituting the placeholders with the device name of the network adapter you want to bridge to the guest. They create a bridge device, connect the bridge to your network adapter, and create a tap for the guest system, respectively:

From here, remove the NAT device in virt-manager, and add a new network device with the connection set to br1: host device tap0. You may need to restart network manager for the device to activate properly.

NOTE: Wireless adapters may not work with this method. The ones that do need to support AP/Mesh Point mode and have multiple channels available. Check for these by running iw list. From there you can set up a virtual AP with hostapd and connect to that with the bridge. We won’t be covering the details of this process here because it’s very involved and requires a lot of prior knowledge about linux networking to set up correctly.

Other Options:

You can also pass through a PCIe NIC to the device if you happen to have a Mac OS compatible model laying around, and you’re comfortable with adding kexts to clover. This is also the best way to get AirDrop working if you need it.

If all else fails, you can manually specify routes between the host and guest using macvtap and ip, or set up a macvlan. Both are complex and require networking knowledge.

Input Tweaks

Emulated input might be laggy, or give you problems with certain input combinations. This can be fixed using several methods.

Attach HIDs as USB Host devices

Run Linux On Mac

This method is the easiest, but has a few drawbacks. Chiefly, you can’t switch your keyboard and mouse back to the host system if the VM crashes. It may also need to be adjusted if you change where your devices are plugged in on the host. Just click the add hardware button, select usb host device, and then select your keyboard and mouse. When you start your VM, the devices will be handed off.

Use Evdev

This method uses a technique that allows both good performance and switchable inputs. We have a guide on how to set it up here. Note that because OS X does not support PS2 Input out of the box, you need to replace your ps/2 devices as follows in your xml:

If you can’t get usb devices working for whatever reason (usually due to an outdated qemu version) you can add the VoodooPS2 Kext to your ESP to enable ps2 input. This may limit compatibility with new releases, so make sure to check that you have an alternative before committing.

Use Barrier/Synergy

Synergy and barrier are networked input packages that allow you to control your host and/or guest on the same machine, or remotely. They offer convenient input, but will not work with certain networking configurations. Synergy is paid software, but Barrier is free, and isn’t hard to set up. with one caveat on MacOS. You either want to stick with a version prior to 1.3.6 or install the binary manually like so:

After that, just follow a synergy configuration guide (barrier is just an open source fork of synergy) to set up your merged input. It’s usually as simple as opening the app, setting one as server, entering the network address of the other, and then arranging the virtual merged screens accordingly. Note that if you experience bad performance on your guest with synergy/barrier, you can make the guest the server and pass usb devices as described above, but this will make your input devices unavailable on the host if the VM crashes.

Use a USB Controller and Hardware KVM Switch

Probably the most elegant solution. You need $20-60 in hardware to do it, but it allows switching your inputs without prior configuration or problems if the guest VM crashes. Simply isolate and pass through a usb controller (as you would a gpu in the section above) and plug a usb kvm switch into a port on that controller as well as a usb controller on the host. Plug your keyboard and mouse into the kvm switch, and press the button to switch your inputs from one to the other.

Some USB3 controllers are temperamental and don’t like being passed through, so stick to usb2 or experiment with the ones you have. Typically newer Asmedia and Intel ones work best. If your built-in USB controller has issues it may still be possible to get it working using a 3rd party script, but this will heavily depend on how your kvm switch operates as well. Your best bet is just to buy a PCIe controller if the one you have doesn’t work.

Audio

By default, audio quality isn’t the best on OS X guest VMs. There are a few ways around it, but we suggest a hardware-based approach for the best reliability.

Hardware-Based Audio Passthrough

This method is fairly simple. Just buy a class compliant USB audio interface advertised as working in Mac OS, and plug it into a USB controller that you’ve passed through to the VM as described in the KVM switch section. If you need seamless audio between host and guest systems, we have a guide on how to get that working as well. We regard this option as the best solution if you plan on using both the host and guest system regularly.

HDMI Audio Extraction

If you’re already passing through a GPU, you can just use that as your audio output for the VM. Just use your monitor’s line out, or grab an audio extractor as described in the linked article above.

Pulseaudio/ALSA passthrough

You can pass through your VM audio via the ich9 device to your host systems’ audio server. We have a guide that goes into detail on this process here.

CoreAudio to Jack

CoreAudio supports sending system sound through Jack, a versatile and powerful unix sound system. Jack supports networking, so it’s possible to connect the guest to the host over the network via Jack. Because Jack is fairly complex and this method requires a specific network setup to get it working, we’ll be saving the specifics of it for a future article. On Linux host systems, tools like Carla can make initial Jack setup easier.

Quality of Life

If you find yourself doing a lot of workarounds or want to customize things even further, these are some tools and resources that can make your life easier.

Clover Configurator

This is a tool that automates some aspects of managing clover and your ESP configuration. It can make things like adding kexts and defining hardware details (needed to get iMessage and other things working) easier. It may change your config.plist in a way that reduces compatibility, so be careful if you elect to use it.

InsanelyMac and AMD-OSX

Forums where people discuss hackintosh installation and maintenance. Many things that work in baremetal hackintoshes will work in a VM, so if you’re looking for tweaks that are only relevant to your software configuration, this is a good place to start.

Troubleshooting

As always, first steps when running into issues should be to read through dmesg output on the host after starting the VM and searching for common problems.

No output after passing through my GPU

Make sure you have a compatible version of Mac OS, most Nvidia cards will only work on High Sierra and earlier, and 20 series cards will not work at all. Make sure you don’t have spice or QXL devices attached, and follow the steps in the verification section to make sure that your vfio-pci configuration works. If it doesn’t you may have to load the driver manually, but this isn’t the case on most modern linux distributions.

Make sure that your config.plist and OVMF resolution match your monitor’s native resolution. How to edit these settings is covered in Part 1.

If all else fails, you can try passing a vbios to the card by downloading the relevant files from techpowerup and adding the path to them in your XML, usually something like <rom bar='on' file='/var/lib/libvirt/vbios/vbios.rom'/> in the pci device section that corresponds to the GPU.

Can’t Connect to SMB shares or see other networked devices

Change to a different networking setup as described in the networking section

Adobe 64 bit download for mac. iMessage/AirDrop/Apple Services not working

You have to configure these just like any other hackintosh. Consult online guides for procedure specifics.

Multiple PCI devices in the same IOMMU group

Mac

You need to install the ACS patch. Arch, fedora and Ubuntu all have prepatched kernel repos. Systemd-boot based ubuntu distributions like Pop!OS will need further work to get an installed kernel working. Refer to your distro documentation for exact procedure needed to switch or patch kernels otherwise. You’ll also need to add

2 identical PCI IDs

You’re going to have to add a script that isolates only 1 card early in the boot process. There’s several ways to do this, and our method may not work for you, but this is the methodology we suggest:

open up a text editor as root and and copy/paste this script:

Save it as /usr/bin/vfioverride.sh.

from there run these commands as root:

On Arch, as root, make a new file called pci-isolate.conf in /etc/modprobe.d, open it in an editor and add the line install/usr/bin/init-top/vfioverride.sh to it. Save it. Make sure modconf is listed in the HOOKS=( array section of your initrd config file, mkinitcpio.conf.

If you’re on fedora or RHEL, you can simply add the install line to install_items+= array and modconf/vfio-pci to the add_drivers+= array.

And update your initial ramdisk using mkinitcpio, dracut, or update-initramfs depending on your distribution (Arch, RHEL/Fedora and *Buntu respectively.)

NOTE: script installation methodology varies from distro to distro. You may have to add initramfs hooks for the script to take effect, or force graphics drivers to load later to prevent the card from being captured before it can be isolated. refer to the Arch Wiki article for a different installation methodology if this one fails. You may also have to add the vfio-pci modules to initramfs hooks if your kernel doesn’t load the vfio-pci module automatically.

Linux Virtual Machine On Mac M1

Reboot and verify your devices are isolated by checking lspci for them (if they’re missing you’re good to go.)

Install Linux Vm On Mac

If not, set vfio-pci to load early with hooks and try again. If it still doesn’t work, you may need to compile a kernel that does not load the module and follow the archwiki guide on traditional setup.

The best preventative measure for this problem is to buy different cards in the first place.

I did everything instructed but the GPU still won’t isolate/VM crashes or hardlocks system on startup

Your Graphics drivers are probably set to load earlier in the boot process than vfio-pci. You can fix this one of 2 ways:

  • blacklisting the graphics driver early
  • tell your initial ramdisk to load vfio-pci earlier than your graphics drivers

The first option can be achieved by adding amdgpu,radeon or nouveau to module_blacklist= in your kernel command line options (same way you added vfio device IDs in the first section of this tutorial.)

The second is done by adding vfio_pci vfio vfio_iommu_type1 vfio_virqfdto your initramfs early modules list, and removing any graphics drivers set to load at the same time. This process varies depending on your distro.

Onmkinitcpio systems (Arch,) you add these to the MODULES=section of /etc/mkinitcpio.conf and then rebuild your initramfs by running mkinitcpio -P.

On dracut systems (Fedora, RHEL, Centos, Arch in future releases,) you add these to a .conf file in the /etc/modules-load.d/ folder.

Images Courtesy Foxlet, Pixabay

Consider Supporting us on Patreon if you like our work, and if you need help or have questions about any of our articles, you can find us on our Discord. We provide RSS feeds as well as regular updates on Twitter if you want to be the first to know about the next part in this series or other projects we’re working on.