Virtualization APIs not working in own app, Sample is fine

Hi,

i'm trying to follow the steps from the Virtualization WWDC22 session. The sample app provided works ok "as is", but if I use the same APIs in my own app (i.e. a project I started from scratch), I get errors such as

Internal Virtualization error. Installation service returned an unexpected error.

when downloading the "best supported" image via VZMacOSRestoreImage.fetchLatestSupportedWithCompletionHandler, and

Internal Virtualization error. Unable to connect to installation service.

if I try and install one I downloaded myself.

I did add the

<key>com.apple.security.virtualization</key>
<true/>

entitlement to my own app and (since this is arm), it is codesigned (with -) . But could it be that there is some other application-level flag or setup needed to enable virtualization use?

Since I'm calling the exact same APIs, and neither seem to depend on much prior setup I could get wrong, it seems weird that they work in the sample app but not when called from my own app...

Ideas? thanx!

Post not yet marked as solved Up vote post of dwarfland Down vote post of dwarfland
1.2k views
Posted by
dwarfland
Reply
Add a Comment

Accepted Reply

From the description, it looks like the binary doesn't have the entitlement.

There are two ways you can verify this.

  1. You can use codesign -d --entitlements :- /path/to/binary to list the entitlements.
  2. You can call VZVirtualMachineConfiguration.validate on your configuration. If the app lacks the necessary entitlement, the exception/error will report that.

If the problem is the entitlement, you can check two settings in your Xcode project:

  • The "Code Signing Entitlements" (aka CODE_SIGN_ENTITLEMENTS) needs to point to your file.
  • The binary must be signed.

You also can check the build logs to verify both aspects.

If that's not the problem, can you attach your sample code?

Posted by
BenjaminApple
Up vote reply of BenjaminApple Down vote reply of BenjaminApple
Post marked as solved

  • Thanx! it turns out that due to something I overlooked, I had the right entitlement, but my Entitlements file was not being used when codesigning for "-", vs a "propper" certificate name/id.

    dwarfland
Add a Comment

Replies

From the description, it looks like the binary doesn't have the entitlement.

There are two ways you can verify this.

  1. You can use codesign -d --entitlements :- /path/to/binary to list the entitlements.
  2. You can call VZVirtualMachineConfiguration.validate on your configuration. If the app lacks the necessary entitlement, the exception/error will report that.

If the problem is the entitlement, you can check two settings in your Xcode project:

  • The "Code Signing Entitlements" (aka CODE_SIGN_ENTITLEMENTS) needs to point to your file.
  • The binary must be signed.

You also can check the build logs to verify both aspects.

If that's not the problem, can you attach your sample code?

Posted by
BenjaminApple
Up vote reply of BenjaminApple Down vote reply of BenjaminApple
Post marked as solved

  • Thanx! it turns out that due to something I overlooked, I had the right entitlement, but my Entitlements file was not being used when codesigning for "-", vs a "propper" certificate name/id.

    dwarfland
Add a Comment