Logging in with my Apple ID anywhere in the system (feedback assistant, Xcode, iCloud, etc.) fails when running under virtualization. Is this a known 'issue'? (networking in general is working fine)

I m trying to identify if my launched process is running on a local mac machine(desktop/laptop) or a virtual macOS X instance like AWS EC2, Azure, MacStadium etc. I have followed this link which searched for its limited providers in the output, but I m not bound to any limited providers and looking for a general solution which is applicable to all the providers. Is there some hardware/network/virtualization-related information that can be used to identify if the process is launched on a virtual MacOS instance? OR is there some system Information that I can use to be sure that my process is running on a local machine?

Virtualization framework is a high-level API to create macOS and Linux virtual machines. Hypervisor is a low-level API to build virtualization solutions without the need for a kernel extension. If you’re interested in containers on the Mac, check out the Containerization package and its associated container tool. Virtualization: Forums subtopic: App & System Services > Core OS Forums tag: Virtualization Virtualization framework documentation Using iCloud with macOS virtual machines documentation article Use iCloud on a virtual machine support article Running macOS in a virtual machine on Apple silicon sample code Running Linux in a Virtual Machine sample code Running GUI Linux in a virtual machine on a Mac sample code Building macOS apps with Xcode 26 on macOS 26 VM forums thread — This thread describes how the development experience in VMs has improved recently, and one remaining issue that you might bump in to. Hypervisor: Forums subtopic: App & System Services > Core OS Forums tag: Hypervisor Hypervisor framework documentation Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

I'm trying to setup a macOS 26 build environment in a VM (using UTM and the virtualization framework Apple provides). I have Xcode 26 installed and have logged into my Apple ID and verified that the team and other configuration looks fine in Xcode settings. When trying to build the macOS app, I see errors saying the VM's device ID has not been registered. I have confirmed that the device ID is registered both in the Provisioning portal AND the downloaded .provisionprofiles (in Library > Developer > Xcode > UserData). This problem appears on multiple targets (e.g. the main app and extensions). If I try to manually provision the app, using the Provisioning portal, I can build the product, but it will not launch because of Gatekeeper issues. Finally, signing to run locally doesn't work either. As the app launches, frameworks refuse to load because Team IDs don't match. With ad hoc provisioning, there are no Team IDs. I've come to the conclusion that this just isn't possible. Which is a shame because I need to support products with a build environment on macOS 15 and cannot move over to macOS 26 yet. I suspect many developers outside of Apple are in a similar position.

Hello, We're developing endpoint security software using the Endpoint Security framework, and we've encountered challenges with the behavior change in macOS 15 regarding provisioning UDIDs in cloned VMs. The Change Prior to macOS 15, cloning a VM preserved its UDID (format: 0000FE00-9C4ED9F68BBDC72D). Starting with macOS 15, cloned VMs receive a new UDID generated from the host's Secure Enclave (format: b043d27202c7ac37ca3c6b82673302225485cae9), making each clone effectively a new device. Our Workflow We maintain a clean base VM image and clone it for each test run. We add the base VM's UDID to our provisioning profile once, then create clones which (previously) retained that same UDID, allowing us to start new testing cycles without re-registering devices. This is essential because our product involves low-level system integration through the Endpoint Security framework, and if something goes wrong during development, it has the potential to affect system stability. To prevent any cascading issues between test runs or different product versions, we need each test to start from a known clean state rather than reusing the same VM. The Challenge With each VM clone generating a new UDID, we're hitting Apple's device registration limits quickly. This particularly impacts: New team members who spin up VMs for the first time and can't run signed builds Our CI/CD pipeline where multiple test environments need provisioning profiles Developers testing different branches who need separate clean environments Current Workaround We've found that VMs created on macOS 14 and upgraded to macOS 15+ retain their original UDID format. However, we're concerned this workaround may stop working in future macOS versions, which would leave us without a viable path forward. If the workaround stops working, our fallback would be signing each CI build with a Developer ID signature to allow running on any device. However, we'd prefer to avoid this as it would significantly increase load on Apple's signing infrastructure for what are essentially internal test builds. We completely understand the security reasoning behind tying UDIDs to the host's Secure Enclave for Apple Account support. However, for development workflows that don't require Apple Account features in VMs but do require clean, isolated test environments, the previous behavior was quite valuable. Question Is there a recommended approach for teams in our situation? We're happy to explore alternative workflows if there's a pattern we're missing, or we'd be glad to provide more context if this is a use case Apple is considering for future updates. Thanks for any guidance you can provide! Feedback case: FB21389730

Hi, I'm trying save and restore features of VZ Framework with saveMachineStateTo and restoreMachineStateFrom(vzvmsaveFilePath) with completionHandler. Saving feature works well without any errors, .vzvmsave file created on my local mac, but the problem occurs on restore. After creating VM with the same volume mounts I used to make .vzvmsave, restoreMachineStateFrom method sends error. Failed to load VM from .vzvmsave file with Error Domain=VZErrorDomain Code=12 UserInfo={NSLocalizedFailure=<private>, NSLocalizedFailureReason=<private>} Because Localized Failure and its reason are both 'private', I cannot get what exactly happened to this VM app. Only thing I know here is the Code of VZError but nobody summarized what exactly the error code means. Could anyone give me the list of VZError code list please?

I'm pleased to share some significant updates that have recently been released for our Hypervisor and Virtualization frameworks. We've focused on enhancing efficiency, expanding capabilities, and addressing common developer needs. I believe these will be valuable for many of you. Here’s a look at what’s new: Hypervisor Updates We've introduced support for configuring the intermediate physical address (IPA) memory granularity of a VM. This allows for more granular memory mappings, enabling granularity sizes down to 4KB. This is particularly useful for certain specialized device drivers requiring finer memory control. Virtualization Framework Updates More Efficient VM Image Storage with ASIF: We've integrated support for the Apple Sparse Image Format (ASIF). This results in a smaller disk footprint and optimized transfer for VM disk images when using VZDiskImageStorageDeviceAttachment, improving storage efficiency. Custom Network Topologies with vmnet: We've added support for vmnet custom network topologies. This enables more flexible VM-to-VM communication based on logical networks with customized configurations, useful for complex testing or development environments. See VZVmnetNetworkDeviceAttachment to get started. Simplified VM Queue Discovery: It's now easier to discover a VM’s on-process thanks to a new property on VZVirtualMachine. This should aid in development and debugging when interacting directly with the VM's queue. These are some of the key highlights of the first beta, and I'm looking forward to seeing how these improvements will be utilized. I encourage you to explore the documentation for full details on these features.

Hi everyone! I've considered this — what if Apple added a native system-wide feature in all of iOS, iPadOS, and macOS called “CrossRun” where you can natively execute non-App Store software like Windows or Linux apps natively on your device? But not in a sluggish emulator—this would use intelligent Apple-signed Just-In-Time (JIT) compilation inside the virtual containers, and the experience would actually perform fast and feel natural. This is my vision for CrossRun: Every developer, student, creative professional, and enterprise user who relies on specialized software—whether it’s legacy Windows tools, Linux-only applications, or vintage DOS and Classic Mac utilities—feels the pain of platform lock‑in. Artists can’t run niche Linux‑based graphics programs on their iPads. Engineers can’t test x64‑only binaries on Apple Silicon without juggling emulators. Retro‑gaming fans miss their favorite DOS titles. Even enterprises struggle to standardize on Apple hardware because critical Windows‑only applications won’t run seamlessly. If we don’t push for CrossRun now, the Apple ecosystem remains siloed: iPads and iPhones will continue limited to App Store apps, Macs will still need multiple third‑party VM tools, and countless workflows stay fragmented across devices. That means slower development cycles, extra licensing costs for virtualization software, and lost opportunities for education, creativity, and business efficiency. Without CrossRun’s universal runtime, we’ll still be rebooting into different environments or paying for separate virtualization apps—year after year. Apple already provides the building blocks: Rosetta 2, Virtualization.framework, Apple Silicon—and QEMU thrives as open‑source, battle‑tested code. With the next wave of Apple Silicon devices on the horizon, demand for cross‑architecture support, legacy‑app compatibility, and enterprise containerization is only growing. Delaying another year will cost developers, businesses, and users real time and money. Let’s show Apple that the community is ready for a truly universal, system‑integrated solution—right now. Key features we should demand in CrossRun: Built‑in Apple‑signed QEMU for all ISAs (x86, ARM, RISC‑V, PowerPC, 68k, MIPS, etc.) Rosetta 2 JIT for seamless macOS and Windows x64 support Metal‑backed 3D GPU passthrough and Vulkan→Metal / Direct3D→Metal translation Downloadable OS and app containers via the App Store or verified repositories (Ubuntu, Windows ARM/x64, Android, Haiku, ReactOS, FreeBSD, retro OSes) Predictive ML pre‑warm cache to speed cold starts Dynamic resource scaling (CPU, GPU, RAM) per container iCloud‑synced snapshots and shareable VM links for cross‑device continuity Customizable on‑screen controls (D‑pad, virtual buttons, trackpad, keyboard) on iPhone, iPad, and macOS Secure sandboxing via Virtualization.framework with VM disk encryption and MDM policy enforcement Virtual LAN and VPN passthrough for container networking Developer tooling (crossrunctl CLI, Xcode debugger integration, CI/CD support) Plugin ecosystem and container SDK for community‑published templates and translation layers Let Apple know it’s time to bake CrossRun into the system and unlock a universal runtime for every app, past and future, across iOS, iPadOS, and macOS.

Starting Xcode 14, iOS Simulator is able to communicate with APNs in order to register for notification in the sandbox environment. I created a sample test for this. A dumb iOS application that registers for notifications. It has UITests to automatize the tap on the consent popup (it is not possible to ask for the permission via CLI sadly). Once the application registers, the AppDelegate method didRegisterForRemoteNotificationsWithDeviceToken is called and the device token is sent to a local server application (node.js). The test itself creates an iOS 18.6 Simulator with xcrun simctl, builds such app and run the tests through through CLI with xcodebuild. Running this on my personal Macbook Pro M1 2021 goes well every time, so I wanted to bring it on Github Actions (arm64 macOS machines), in order to test the works on a open source library I'm building (hapns). Contacting Github support led me to test this on a macOS image running inside a VM inside a Veertu Anka container on my personal Macbook Pro, due to an VM architectural limit suspicion. The results were the same: iOS simulator isn't able to receive the device token. Not even didFailToRegisterForRemoteNotificationsWithError is called (tested through some network probes-requests that communicate to the server which checkpoints the process reached). So, as asked, I've setup a repro-case to be run in the VM and I've collected VM diagnostics ready to be tested and attached. Does anyone know if there is some unspecified (or specified but buried in the documentation) limit for this? Thanks. Github discussion link for further details, repro-case and so on: https://github.com/actions/runner-images/issues/12747

for the Tahoe host and guest: does guest login to app store work, and does xcode in guest work? in my environment: I upgraded host and guest to Tahoe, the guest still cannot login to app store with error: an unknown error occurred

Hi, REQUEST 1: seems Microsoft is ahead of Apple in X86 ARM emulation support at least in features supported.. see: https://blogs.windows.com/windows-insider/2024/11/06/announcing-windows-11-insider-preview-build-27744-canary-channel/ x64 emulated applications through Prism will now have support for additional extensions to the x86 instruction set architecture. These extensions include AVX and AVX2, as well as BMI, FMA, F16C BMI1/2 and F16C aren't yet supported by Rosetta.. would be useful for games like Alan Wake 2.. so asking for Rosetta equaling features to Prism emulator.. REQUEST 2: there is no way to currently enable AVX1/2 on Rosetta Linux.. on macOS using export ROSETTA_ADVERTISE_AVX=1 does the trick.. but not on Linux VM's.. tested setting this via: /bin/launchctl setenv ROSETTA_ADVERTISE_AVX 1 on Mac before VM launch and inside Linux VM but AVX2 isn't exposed..

After upgrading the virtual machines used for building and testing our macOS application, it seems that something new in Sequoia is preventing virtual machines from running anything signed with a Mac Development certificate. At first glance the issue seems very similar to this thread, but it could be unrelated. We are using the tart toolset to build and run our VMs. People seem to be having related issues there with Sequoia in particular. I have added the VM's hardware UUID to the Devices list of our account. I have included that device in the devices list of our Mac Development provisioning profile. I have re-downloaded the profile, ensured that it is properly getting built into the app, and ensured that the hardware UUID of the VM matches the embedded provisioning profile: Virtual-Machine App.app/Contents % system_profiler SPHardwareDataType | grep UUID Hardware UUID: 0CAE034E-C837-53E6-BA67-3B2CC7AD3719 Virtual-Machine App.app/Contents % grep 0CAE034E-C837-53E6-BA67-3B2CC7AD3719 ../../App.app/Contents/embedded.provisionprofile Binary file ../../App.app/Contents/embedded.provisionprofile matches However, when I try to run the application, it fails, and while I have searched the system logs to find a more informative error message, the only thing I can find is that the profile doesn't match the device somehow: Virtual-Machine App.app/Contents % open ../../App.app The application cannot be opened for an unexpected reason, error=Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x6000039440f0 {Error Domain=NSPOSIXErrorDomain Code=153 "Unknown error: 153" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}} Virtual-Machine App.app/Contents % log show --info --debug --signpost --last 3m | grep -i embedded.provisionprofile 2025-01-21 16:33:32.369829+0000 0x65ba Error 0x0 2872 7 taskgated-helper: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] embedded provisioning profile not valid: file:///private/tmp/builds/app/.caches/Xcode/DerivedData/Build/Products/Debug/App.app/Contents/embedded.provisionprofile error: Error Domain=CPProfileManager Code=-212 "Provisioning profile does not allow this device." UserInfo={NSLocalizedDescription=Provisioning profile does not allow this device.} I don't understand why the provisioning profile wouldn't allow the device if the hardware UUID matches. I have also attempted to add the Provisioning UDID in the devices list instead, but the form rejects that value because it's a different format (the form specifically requests a hardware UUID for macOS development, and a provisioning UDID for everything else). If there is any debugging tool that lets me check a provisioning profile against the running hardware and print a more verbose reason for why it's not allowed on the device, please let me know. Otherwise I'd have to conclude that, since I haven't experienced this issue before on an earlier OS, it has something to do with virtual machines running macOS Sequoia. (The same Mac Development-signed application runs just fine on my MacBook Pro running 15.2, as well as the VM host, which is also running 15.2.) I have also tried resetting the VM's hardware UUID and adding that one to the devices list, to no effect. This is obviously seriously impacting our CI/CD pipelines to allow for proper UI testing of our application. If anyone is aware of any workarounds, I would love to hear them!

I see this in Tahoe Beta release notes macOS now supports the Apple Sparse Image Format (ASIF). These space-efficient images can be created with the diskutil image command-line tool or the Disk Utility application and are suitable for various uses, including as a backing store for virtual machines storage via the Virtualization framework. See VZDiskImageStorageDeviceAttachment. (152040832) I'm developing a macOS app using the Virtualization framework and need to create disk images in the ASIF (Apple Sparse Image Format) to make use of the new feature in Tahoe Is there an official way to create/resize ASIF images programmatically using Swift? I couldn’t find any public API that supports this directly. Any guidance or recommendations would be appreciated. Thanks!

I'm just getting started w/ container. I've been using lima. I thought that container should be investigated. I installed the .4.1 package, and started the tutorial. Imagine my surprise when the local dns entry could be created, but not set as a property. The command container system --help doesn't show property as a valid subcommand? OVERVIEW: Manage system components USAGE: container system <subcommand> OPTIONS: --version Show the version. -h, --help Show help information. SUBCOMMANDS: dns Manage local DNS domains logs Fetch system logs for `container` services start Start `container` services stop Stop all `container` services status Show the status of `container` services kernel Manage the default kernel configuration See 'container help system <subcommand>' for detailed help. > ~ container system property Error: Unexpected argument 'property' Usage: container system <subcommand> See 'container system --help' for more information. Some logs container system status apiserver is not running and not registered with launchd > ~ container system start Verifying apiserver is running... Installing base container filesystem... > ~ container system status Verifying apiserver is running... apiserver is running > ~ container system property Error: Unexpected argument 'property' Usage: container system <subcommand> See 'container system --help' for more information. I'm obviously missing something. Advice appreciated

I have this code in my Virutalization application let process = Process() process.executableURL = URL(fileURLWithPath: "/usr/sbin/diskutil") process.arguments = ["image", "create", "blank", "--fs", "none", "--format", "ASIF", "--size", "2GiB", url.path ] try process.run() process.waitUntilExit() if process.terminationStatus == 0 { print("✅ Disk image creation succeeded.") } else { print("❌ Disk image creation failed with exit code \(process.terminationStatus)") } } catch { print("Process failed to launch: \(error.localizedDescription)") return } this code was working fine until Tahoe 26.2. with the update of 26.3 the system freezes at process.waitUntilExit() The code never exits and i get beech balls. This is working fine with intel macs. i am getting the problem in apple silicon m4 mac mini. Any help would be appreciated.

We're trying to create 26.4 beta and RC VMs on 15.x and 26.3 host OS' without success. We see Tue Mar 17 17:27:36 40 anka.log (install) 45803: failed to install macOS: Error Domain=VZErrorDomain Code=10006 "Installation requires a software update." UserInfo={NSLocalizedFailure=A software update is required to complete the installation., NSLocalizedFailureReason=Installation requires a software update.} Yet, if we create it the same way on 26.4 beta host OS, it works. We've tried the usual tricks of installing latest Xcode and preparing it (accepting license, etc). But, they don't work on 26.3 and 15.x. What's the trick to get the creation of 26.4 to work on <= 26.3 host OS?

Hi, been exploring macOS VM on both Parallels and UTM and they lack some "GPU/graphics" things vs native MacOS which could be useful on some situations (testing some non trusted graphics apps on a Mac VM) so providing similar usefulness as Windows Sandbox.. Current limitations: 1)In MacOS VM night mode doesn't work.. 2)HDR support isn't exposed even when enabling HDR on host 3)missing GPTK support for the Paravirtual GPU (Paravitual GPU supports Metal but isn't enough for GPTK to work which complains about unsupported GPU).. 4)OpenCL is supported but only the CPU device.. so expose GPU device in addition to current CPU only device.. 5)OpenGL only supports the software renderer.. I assume OpenGL driver on Apple M1-4 GPUs being Metal based, and being Metal supported no reason for software renderer only thanks..

I have successfully booted the Linux Kernel with VirtIOFS as the rootfs, but file permission issues render it completely unusable. A file on the macOS host belongs to uid 0, gid 0, but on the Linux guest, this file belongs to uid 1000, gid 10. Why does this happen? How are file permissions directly mapped between the host and the guest? If there is no mapping mechanism in place, why does this discrepancy occur? This leads to errors in Linux, such as: sudo: /etc/sudo.conf is owned by uid 1000, should be 0 sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set bootLoader.commandLine = "console=hvc0 rootfstype=virtiofs root=myfs rw" let directorySharingDevice = VZVirtioFileSystemDeviceConfiguration(tag: "myfs") directorySharingDevice.share = VZSingleDirectoryShare(directory: VZSharedDirectory(url: rootURL!, readOnly: false)) The VMM is running as root.

Using VZVirtioFileSystemDeviceConfiguration allows a Linux guest OS to access folders on macOS. However, modifications to the file's uid/gid by the Linux guest OS have no effect, and the file's uid/gid will always appear as the uid/gid of the Linux user currently accessing the file, as if the uid/gid were not stored at all.I hope there’s a way to at least pass through the uid/gid without any mapping.

Works: runs-on: ubuntu-24.04-arm container: image: ubuntu:latest env: DEBIAN_FRONTEND: noninteractive steps: - uses: actions/checkout@v4 - run: | apt-get --assume-yes update apt-get --assume-yes install linux-image-generic dracut binutils - run: | dracut --conf $(mktemp) \ --confdir $(mktemp --directory) \ --verbose \ --modules "base bash" \ --add-drivers "virtio-rng bcachefs btrfs virtiofs overlay xfs" \ --kernel-cmdline "console=hvc0" \ --no-early-microcode \ --no-hostonly \ --no-compress \ --no-uefi \ initramfs \ $(ls /lib/modules/) - run: | cp /boot/vmlinuz-$(ls /lib/modules/) vmlinuz - uses: actions/upload-artifact@v4 with: path: | vmlinuz initramfs Will NOT work: runs-on: ubuntu-24.04-arm container: image: ubuntu:latest env: DEBIAN_FRONTEND: noninteractive steps: - uses: actions/checkout@v4 - run: | apt-get --assume-yes update apt-get --assume-yes install linux-image-generic-64k dracut binutils - run: | dracut --conf $(mktemp) \ --confdir $(mktemp --directory) \ --verbose \ --modules "base bash" \ --add-drivers "virtio-rng bcachefs btrfs virtiofs overlay xfs" \ --kernel-cmdline "console=hvc0" \ --no-early-microcode \ --no-hostonly \ --no-compress \ --no-uefi \ initramfs \ $(ls /lib/modules/) - run: | cp /boot/vmlinuz-$(ls /lib/modules/) vmlinuz - uses: actions/upload-artifact@v4 with: path: | vmlinuz initramfs You can try it on Github Actions

I have developed an app to create and run virual machines using mac os virtualization framework for apple siicon and intel macs. I have tried ubuntu, fedora, debian & linux mint distros and they all worked fine with intel macs. But when i try to run other distros like mx linux, manjaro, pop os, endevour os etc on intel mac they all on booting iso just shows the black screen. is there any list of officilay support linux distros for intel macs and apple silicon. the support of linux distros are fairly limited or am i missing something.

Hey there! I’ve got some exciting news about Apple’s virtio_net_hdr implementation on macOS 15.4. It’s making communication a lot smoother, with a noticeable improvement! Now, I’d love to hear your thoughts on a couple of things. First, how do you think we can validate the populated values? And secondly, should we consider reusing populated values for the other endpoint, like the ‘flags’ field? Your insights would be invaluable!