I also spent some time tracing back from various hv_* and pthread* callsīut didn't find anything that was obviously bootstrapping code. Starting from the entry point of the binaryĪnd tracing down was time consuming and wasn't turning up anything interesting. I spent a bit of time statically tracing through the XPC service's subroutines.īased on the hv_* symbol references I found in the binary it seemed like I'dĮventually find the bootloader routine. /.xpcĮxecutable =/System/Library/Frameworks/amework/Versions/A/XPCServices/.xpc/Contents/MacOS/ Thankfully, the XPC service isn't in some fancy cache so I could just The interesting virtualization logic to an XPC service I started reversing that Reversing .xpcĪfter sorting out that the Hypervisor.Framework client seems to defer most of :Ġ0007fff6efb47a0 push rbp Begin of try blockĠ0007fff6efb47c1 mov qword, raxĠ0007fff6efb47c8 call qword _objc_retain, _objc_retain_7fff8703c418Ġ0007fff6efb47d1 mov rsi, qword argument "targetq" for method imp_stubs_xpc_connection_createĠ0007fff6efb47d6 lea rdi, qword End of try block started at 0x7fff6efb47a0, Begin of try block (catch block at 0x7fff6efb4db6), argument "name" for method imp_stubs_xpc_connection_create, ""Ġ0007fff6efb47dd mov qword, raxĠ0007fff6efb47e4 call imp_stubs_xpc_connection_create xpc_connection_create _ensureConnectionWithCompletionHandler which creates an XPC connection to Provides a high level API for sending XPC messages toĬom. which does the hardware emulationĪs an example see this Hopper disassmebly snippet for VZVirtualMachine's Reverse it but my takeaway is that Hypervisor.Framework is a small client that Itself uses much (if any) of Hypervisor.Framework. To get cozy in the debugger) but I don't believe Virtualization.Framework This took me the most time (I don't debug Obj-C too often so it took some time My original approach was debugging vftool with lldb and trying to find some Debugging vftool and Virtualization.Framework This out but I took notes along the way). While it is probably not the most scientific approach to debugging, I started toĭig more into how Virtualization.Framework was implemented so I could see if IĬould better understand what I might be doing wrong (Spoiler: I didn't figure It is very unclear why this failed to successfully boot.
![apple virtualization big sur apple virtualization big sur](https://wikikeep.com/wp-content/uploads/2020/06/macOS-Big-Sur-2020-06-27-08-39-07-960x720.png)
It is very possible I'm not using vftool properly, or providing the rightįormat of kernel or initrd to vftool. 11:25:19.793 vftool +++ kernel at tinycorelinux/vmlinuz, initrd at tinycorelinux/core.gz, cmdline 'console=hvc0', 1 cpus, 1024MB memory $ vftool -k tinycorelinux/vmlinuz -i tinycorelinux/core.gz -m 1024 -a 'console=hvc0'
#Apple virtualization big sur serial#
Output to the serial console during this time. Starts it transitions to a ‘Done’ state within a second or so. Using vftool lead to a “successful” boot of a VM but as soon as the the VM
#Apple virtualization big sur code#
I had assumed (with no clear justification) that Virtualization.Framework wasīorrowing code from xhyve given that xhyve is used in popular projects like
![apple virtualization big sur apple virtualization big sur](https://i1.wp.com/techsprobe.com/wp-content/uploads/2020/07/Select-English-Language-min-min.png)
Successful in booting Arch and Tin圜oreLinux. I could successfully boot Ubuntu,įedora, and OpenSUSE using the same rough workflow described here but was less Helpful in getting an Ubuntu VM setup but following similar workflows didn't
![apple virtualization big sur apple virtualization big sur](https://wallpapershome.com/images/wallpapers/macos-big-sur-5120x2880-dusk-apple-october-2020-event-5k-23094.jpg)
Workflow outlined in the Github issues vftool by user
![apple virtualization big sur apple virtualization big sur](https://phonemantra.com/wp-content/uploads/2020/11/Apple-M1-processor-1-705x420.jpg)
Provides a thin wrapper CLI around Virtualization.Framework but I was seeingįairly unreliable results with booting various Linux distributions. High-level API to boot into a Linux Kernel:īooting Linux was possible with Hypervisor.Framework, you would just need some The great thing about Virtualization.Framework is that it provides a fairly Which gives you a seemingly thin wrapper around This is a higher-level API for creating and managing virtual machines than the This writeup doesn't lead to a notable outcome. These are my notes from reversing implmentation details of the macOS