[SUCCESS] Virtualize Windows 10 for ARM on M1 with Alexander Graf's qemu hypervisor patch

[kupan787]

The best case for us is that brew or macports can get the entitlement and distribute the compiled binaries with bridged networking.

I'm assuming it is more than just doing a codesign with that entitlement, ya?

If we wanted to use the kernel-space nat instead of the qemu user-space nat, I'm assuming more/new code would have to be added to qemu to properly setup and establish the network connection?

I think this is the relevant section from vftool:

vftool/vftool/main.m at 928324524883d24bd16d1528da9ae677943482b6 · evansm7/vftool

A simple macOS Virtualisation.framework wrapper. Contribute to evansm7/vftool development by creating an account on GitHub.

github.com

 

[Gnattu]

I'm assuming it is more than just doing a codesign with that entitlement, ya?

If we wanted to use the kernel-space nat instead of the qemu user-space nat, I'm assuming more/new code would have to be added to qemu to properly setup and establish the network connection?

Exactly. But I don't think we can do anything before we got the entitlement as local development codesign does not work with restricted entitlements, we can not even test the functionality.

 

[kupan787]

Exactly. But I don't think we can do anything before we got the entitlement as local development codesign does not work with restricted entitlements, we can not even test the functionality.

If I understand what the vftool author wrote under the Networking Entitlements section

Fortunately, the "NAT" default works fine for the outgoing direction, and even permits incoming connections -- it appears to be kernel-level NAT from a bridged interface instead of the user-level TCP/IP stuff as used in QEMU. I end up with a host-side bridge100 network interface with IP 192.168.64.1 and my guests get 192.168.64.xaddresses which are reachable from the host. So, at least one can SSH/VNC into guests!

It sounds like, even without the restricted entitlement, it is still possible to make use of the kernel-level NAT. Which offers more functionality than the qemu user-space NAT. I'm not sure if it makes sense to explore that, or if anyone has friends at Apple they could poke to see if we could get one of these restricted entitlements for the open source community.

 

[shal]

thx gays , so now just wait qemu add new network Entitlements or wait macport

other question on ACVM win10 , now i juse install the new 21277 form iso or use VHDX(20231) i also got this problem
i can't ping any ip incloud router ip or 8.8.8.8 , in network status is show No Internet access. Action may be needed
how to fix this problem?

and i can't login my microsoft AC on setting also show have error 0x800713AB (is say no internet access)

but can use edge go to any website

 

[jdb8167]

I tried that:
Unfortunately it is not OK.

I tried to sign that with my development certificate, and tried to sign it without certificate, and both get killed:
View attachment 1699470

If I remove com.apple.vm.networking entitlement but keep com.apple.security.hypervisor and sign it, it works even without a certificate:

View attachment 1699471

We DO need permission from Apple to use that framework, unfortunately.

I might need to try that with security off. That would be enough for my experiments but not useful to most people.

 

[Gnattu]

thx gays , so now just wait qemu add new network Entitlements or wait macport

other question on ACVM win10 , now i juse install the new 21277 form iso or use VHDX(20231) i also got this problem
i can't ping any ip incloud router ip or 8.8.8.8 , in network status is show No Internet access. Action may be needed
how to fix this problem?

and i can't login my microsoft AC on setting also show have error 0x800713AB (is say no internet access)

but can use edge go to any website

let it sit there for couple minutes and it will auto-resolve itself. This is what I do.

 

[haralds]

This works well. Just a hint: turn back to "ramfb" before doing Windows Updates or you lose the screen. Then turn it all back on.

My UX keeps on stalling after while with this driver. Has anybody else seen this? Unhide Mouse Cursor is enabled.

 

[shal]

let it sit there for couple minutes and it will auto-resolve itself. This is what I do.

tmr i use windows 10 vm to setup routerboard router use winbox 1-2H
also same ?

update i try use settings > network & internet > troubleshoot problems
found virtual interfaces have problem click fix & reboot vm
is work

 

[Gnattu]

tmr i use windows 10 vm to setup routerboard router use winbox 1-2H
also same ?

A good news is that we won't need a vm for Winbox in near feuture:

Wine is able to launch Winbox through rosetta, but the current version cannot resize the window (and makes it useless as the windows is way to small) and we need an update with a patch.

The issue for the bug: https://bugs.winehq.org/show_bug.cgi?id=48896

 

[Gnattu]

tmr i use windows 10 vm to setup routerboard router use winbox 1-2H
also same ?

update i try use settings > network & internet > troubleshoot problems
found virtual interfaces have problem click fix & reboot vm
is work

I did make it work by using the wine with patch from crossover, even retina mode is working now:

 

[shal]

I did make it work by using the wine with patch from crossover, even retina mode is working now:
View attachment 1699528

Good News , batter then open vm to use
but i have very mouch network & CCTV software only support windows and with IE
letme try wine / crossover to install network & CCTV software

but windows vm seem not bad , i try use office is very fast
now i try use python on win10 arm to testing my windows only code
if not big problem , i don't need my remote wintel pc doing testing env

 

[kupan787]

I think this is the relevant section from vftool:

vftool/vftool/main.m at 928324524883d24bd16d1528da9ae677943482b6 · evansm7/vftool

A simple macOS Virtualisation.framework wrapper. Contribute to evansm7/vftool development by creating an account on GitHub.

github.com

I just realized there is a difference in Virtualization.framework (which vftool uses) and Hypervisor.framework (which qemu is using). It appears that Hypervisor.framework is more feature rich.

That said, I believe the underlying network entitlement would be the same:

com.apple.vm.networking | Apple Developer Documentation

A Boolean that indicates whether the app manages virtual network interfaces without escalating privileges to the root user.

developer.apple.com

vmnet | Apple Developer Documentation

Connect with network interfaces to read and write packets on guest operating systems.

developer.apple.com

 

[Gnattu]

I just realized there is a difference in Virtualization.framework (which vftool uses) and Hypervisor.framework (which qemu is using). It appears that Hypervisor.framework is more feature rich.

That said, I believe the underlying network entitlement would be the same:

com.apple.vm.networking | Apple Developer Documentation

A Boolean that indicates whether the app manages virtual network interfaces without escalating privileges to the root user.

developer.apple.com

vmnet | Apple Developer Documentation

Connect with network interfaces to read and write packets on guest operating systems.

developer.apple.com

Virtualization framework is a higher level framework utilizing hvf I think

 

[Mcleaver]

Not sure if it will work on your computers, I just replaced qemu-system-aarch64 with mine in the zip, did you static link any libraries?

Please note: You may have to start from a new Windows VHDX after this update, the one that used by the old version may not boot.

Edit: Updated and relinked most libs, now it should work on your computer as long as lib files are in the same directory of the executable.

I tried that, but OSX won't open the file.

 

[Gnattu]

I tried that, but OSX won't open the file.

In console, type:

xattr -d /path/to/file

macOS will quarantine all files downloaded via internet and will prevent it from running if it does not include a valid codesign.

But I highly doubt it will run on your computer still because it requires more libs than the OP. I recommend you just download ACVM and then use the qemu packaged in that instead.

 

[iRonJ]

I'm late to the party, I have win10 in QEMU working from the first page, but is there a guide anywhere that goes over how to
1) expand the VHDX or make it dynamic
2) enable higher resolutions
3) enable SMB routing from Mac OS to windows?
4) get cpu usage to show 0 when idling in the VM

edit:
I was able to resolve 2 by downloading the files in item 6 from here:

Run Windows 10 on ARM64 in QEMU on Apple Silicon Mac

Running Windows 10 on ARM

iamvigneshc.medium.com

for item 1 using qemu-img to convert to a qcow then expand works per:

How To extend/increase KVM Virtual Machine (VM) disk size | ComputingForGeeks

How can I extend / increase / grow a virtual Disk in KVM?. I personally use KVM for all Linux virtualization projects. Sometimes I need to extend or add disk

computingforgeeks.com

make sure to run disk management in windows to expand the partition

You can get qemu-img by compiling qemu from source per the first post, without the patches (because the patches seem broken now). Tip: use "make -j6" it builds MUCH faster (tells make to use 6 jobs).

For item 3 you can use hostfwd in the launch flags:
-net user,hostfwd=tcp::9445-:445

From macOS you can then connect from finder (command k) to localhost:9445 and it will let you mount the windows share

For item 4 I used this v of the binary and it seems to work better:

[SUCCESS] Virtualize Windows 10 for ARM on M1 with Alexander Graf's qemu hypervisor patch

Not sure if it will work on your computers, I just replaced qemu-system-aarch64 with mine in the zip, did you static link any libraries? Please note: You may have to start from a new Windows VHDX after this update, the one that used by the old version may not boot. Edit: Updated and relinked...

forums.macrumors.com

 

[_jason]

When I try to boot CentOS or RHEL 7 or 8 using QEMU on Apple Silicon, I get this error message:

EFI Stub Error: This 64 KB granular kernel is not supported by your CPU.

Like others here, I'm able to get Ubuntu and Fedora to work.

Anyone know how to get CentOS/RHEL to work?

 

[kupan787]

When I try to boot CentOS or RHEL 7 or 8 using QEMU on Apple Silicon, I get this error message:

EFI Stub Error: This 64 KB granular kernel is not supported by your CPU.

Like others here, I'm able to get Ubuntu and Fedora to work.

Anyone know how to get CentOS/RHEL to work?

Do you have a link to the arm ISO? I can give it a try.

 

[_jason]

Do you have a link to the arm ISO? I can give it a try.

Here you go:

http://mirrors.seas.harvard.edu/centos/8.3.2011/isos/aarch64/CentOS-8.3.2011-aarch64-boot.iso

 

[mbers]

If you are referring to Arch Linux, you have to use the generic tar all and set the boot configs including mkinitcpio and fstab and kernel boot args by yourself like what you are doing a normal arch installation on an x86 computer. You can use a distorted with direct bootable iso like Ubuntu, or raw disk file like fedora, then install arch-chroot on it then chroot to your extracted disk to perform the installation. If you managed to install arch linux by yourself you know what to do after chroot.

I attempted setting up Arch Linux with the generic aarch64 tgz but neither qemu-system-aarch64 nor evansm7/vftool will boot the kernel--just results in no console output. I don't think the generic kernel is compatible with the M1's aarch64 variant. I built a new arch kernel via an archlinux docker image and tried loading that but failed to mount the img from the initramfs (doesn't see /dev/vda at all). I documented what I've done on this github issue: https://github.com/evansm7/vftool/issues/16

Curious if anyone has run into this?

 

[Gnattu]

I attempted setting up Arch Linux with the generic aarch64 tgz but neither qemu-system-aarch64 nor evansm7/vftool will boot the kernel--just results in no console output. I don't think the generic kernel is compatible with the M1's aarch64 variant. I built a new arch kernel via an archlinux docker image and tried loading that but failed to mount the img from the initramfs (doesn't see /dev/vda at all). I documented what I've done on this github issue: https://github.com/evansm7/vftool/issues/16

Curious if anyone has run into this?

If I pass the kernel directly to qemu I can see the kernel boots, it is definitely not "no output"

 

[kuestess]

I attempted setting up Arch Linux with the generic aarch64 tgz but neither qemu-system-aarch64 nor evansm7/vftool will boot the kernel--just results in no console output. I don't think the generic kernel is compatible with the M1's aarch64 variant. I built a new arch kernel via an archlinux docker image and tried loading that but failed to mount the img from the initramfs (doesn't see /dev/vda at all). I documented what I've done on this github issue: https://github.com/evansm7/vftool/issues/16

Curious if anyone has run into this?

@mbers I was able to get the Arch Linux aarch64 image to boot - starting with the generic image, add the virtio, virtio_blk, virtio_pci, and virtio_net modules to mkinitcpio.conf. Rebuild the image with mkinitcpio -P and then install an EFI boot loader with systemd-boot (follow the Arch wiki). Works like a charm for me.

 

[mbers]

If I pass the kernel directly to qemu I can see the kernel boots, it is definitely not "no output"

So you got the tarball from http://os.archlinuxarm.org/os/ArchLinuxARM-aarch64-latest.tar.gz, extracted boot/Image and boot/initramfs-linux.img, and you were able to boot into the initramfs?

 

[Gnattu]

So you got the tarball from http://os.archlinuxarm.org/os/ArchLinuxARM-aarch64-latest.tar.gz, extracted boot/Image and boot/initramfs-linux.img, and you were able to boot into the initramfs?

If the kernel image in this tarball does not work for you, you can try download linux-aarch64 package and use the image in that package. The kernel is booting for me, to make it mount root and boot into userspace you should follow regular arch installation process to configure mkinitcpio and configure a proper booting environment. You can use other distrubutions' image or iso then arch-chroot to the mount point of arch's root to do this.

 

[SquealingCustard]

Try as I might I cannot get qemu from git to configure with the flags to enable hvf by using the flag --enable-hvf am I missing something?

./configure --cpu=aarch64 --target-list=aarch64-softmmu --enable-hvf

It compiles fine but always says invalid accelerator hvf due to the missing flags