Emulating MIPS guests in Proxmox 8

I wanted to emulate MIPS guests on my Proxmox hypervisor so that I could do some security research on router firmware. Unfortunately, Proxmox has customised some of the QEMU packages and their dependencies, which makes it impossible to install the standard Debian qemu-system-mips package.

To solve this, we need to build a modified version of Proxmox’s QEMU package from source.

Continue reading Emulating MIPS guests in Proxmox 8

Installing macOS 13 Ventura on Proxmox 7.2

This tutorial for installing macOS 13 Ventura has been adapted for Proxmox from Kholia’s OSX-KVM project and Leoyzen’s OpenCore configuration for KVM. You can get the full sourcecode of my OpenCore release on my GitHub here.

Requirements

I’ll assume you already have Proxmox 7.2 installed. You also need a real Mac available in order to fetch the OSK key.

Ventura now requires that your CPU has support for AVX2, so for Intel your CPU would have to be at least as new as Haswell. However, I have added the CryptexFixup kext to work around this restriction and allow Ventura to be used even on CPUs that don’t have AVX2 support (and merely support SSE 4.2 and AVX1). Note that the AMD graphics card drivers won’t work in this situation, and other apps that assume AVX2 is present could break too! Please see the CryptexFixup readme for details.

Modern AMD CPUs also support AVX2 and should work with this guide.

Continue reading Installing macOS 13 Ventura on Proxmox 7.2

Installing macOS 13 Ventura Developer Beta on Proxmox 7.2

With the public release of macOS 13 Final, this beta guide is now obsolete, please see the new guide here instead

This tutorial for installing macOS 13 Ventura has been adapted for Proxmox from Kholia’s OSX-KVM project and Leoyzen’s OpenCore configuration for KVM. You can get the full sourcecode of my OpenCore release on my GitHub here.

Requirements

Since Ventura is still in closed Developer Beta, you need to be an Apple Developer and have access to a Mac (or Mac VM) to download it.

I’ll assume you already have Proxmox 7.2 installed. You also need a real Mac available in order to build the installer and fetch the OSK key.

Your Proxmox host computer’s CPU must support AVX2 (a new restriction in Ventura), so for Intel your CPU must be at least as new as Haswell. Older CPUs will panic and reboot while trying to boot the installer.

Modern AMD CPUs also support AVX2 and should work with this guide.

Since Ventura is still in Beta and support for it is preliminary in OpenCore, don’t expect full functionality (Beta software makes for a poor daily-driver).

Continue reading Installing macOS 13 Ventura Developer Beta on Proxmox 7.2

Expanding the disk of your Proxmox macOS VM

Have you run out of room on your macOS VM’s disk? Here’s how you can expand it.

In the Hardware tab for your VM, select your disk and click the “resize disk” button at the top of the page. Enter the size increment in gigabytes (note, this is not the final size you want to achieve, it is the amount the disk will grow by).

Continue reading Expanding the disk of your Proxmox macOS VM

Installing macOS 12 “Monterey” on Proxmox 7

A new version of this tutorial is now available for the release of macOS 13 Ventura, you can see that here

This tutorial for installing macOS 12 Monterey has been adapted for Proxmox from Kholia’s OSX-KVM project and Leoyzen’s OpenCore configuration for KVM. You can get the full sourcecode of my OpenCore release on my GitHub here.

Requirements

I’ll assume you already have Proxmox 7 installed. You also need a real Mac available in order to fetch the OSK key.

Your Proxmox host computer’s CPU must support SSE 4.2, so for Intel your CPU must be at least as new as Nehalem, which was the first CPU generation to bear the “Core” i5/i7 branding. Older CPUs will cause Illegal Instruction crashes when apps/extensions attempt to use these missing instructions.

Modern AMD CPUs also support SSE 4.2 and will work with this guide.

Continue reading Installing macOS 12 “Monterey” on Proxmox 7

Installing macOS 12 “Monterey” Developer Beta on Proxmox 6

With the public release of Monterey, this guide is now obsolete, please use my new installation guide instead

This tutorial for installing macOS Monterey Developer Beta has been adapted for Proxmox from Kholia’s OSX-KVM project and Leoyzen’s OpenCore configuration for KVM. You can get the full sourcecode of my OpenCore release on my GitHub here.

Requirements

Since Monterey is still in closed Developer Beta, you need to be an Apple Developer and have access to a Mac (or Mac VM) to download it.

Your Proxmox host computer’s CPU must support SSE 4.2, so for Intel your CPU must be at least as new as Nehalem, which was the first CPU generation to bear the “Core” i5/i7 branding. Older CPUs will cause Illegal Instruction crashes when apps/extensions attempt to use these missing instructions.

Modern AMD CPUs also support SSE 4.2 and will work with this guide.

Continue reading Installing macOS 12 “Monterey” Developer Beta on Proxmox 6

Magic Trackpad 2 causes kernel heap corruption when passed to a Proxmox guest, GPFs

In mid-December I rebooted to upgrade my Proxmox kernel to pve-kernel-5.4.78-2-pve, but I immediately started having an issue where the kernel would trigger a GPF (general protection fault) and reset about 5-20 minutes after starting my macOS VM. I suspected that the new kernel was at fault, but I rolled back to the previous kernel and the problem persisted. I hadn’t experienced this fault before so I was a bit baffled about what change I made before that reboot could have triggered it.

To track down the issue, I built a version of Proxmox’s kernel with KASAN enabled. KASAN is the Kernel Address Sanitiser, it can detect kernel bugs like double-frees or out-of-bounds reads and writes by instrumenting the kernel to add checks around every memory access. This adds a bunch of CPU and memory space overhead, but the impact is bearable so long as your guest doesn’t need much service from the host kernel.

Continue reading Magic Trackpad 2 causes kernel heap corruption when passed to a Proxmox guest, GPFs

Running Tails as a VM with persistence on Proxmox

In this guide I’ll explain how you can run Tails as a VM in Proxmox while retaining the persistence feature, and keeping support for Proxmox backups and snapshots.

Firstly, note that running Tails as a VM defeats a lot of the security features it offers, since you now need to trust the hypervisor to be secure. The VM’s memory could be swapped to disk in the host’s swapfile or persisted in a guest snapshot (if the “include RAM” option is ticked), which will leak the contents of the guest onto the host’s persistent storage, including secret encryption key material.

Continue reading Running Tails as a VM with persistence on Proxmox

Working around the AMD GPU Reset bug on Proxmox using vendor-reset

Most modern AMD GPUs suffer from the AMD Reset Bug: The card cannot be reset properly, so it can only be used once per host power-on. The second time the card is tried to be used Linux will attempt to reset it and fail, causing the VM launch to fail, or the guest, host or both to hang.

This is especially a problem if you only have one GPU in your system, because it will be your primary GPU and so be initialised by the host UEFI during boot, rendering it unusable for passthrough even a single time.

gnif’s new vendor-reset project is an attempt to work around this AMD reset issue by replacing AMD’s missing FLR support with vendor-specific reset quirks.

Continue reading Working around the AMD GPU Reset bug on Proxmox using vendor-reset

Installing macOS 11 “Big Sur” on Proxmox 6

macOS 12 Monterey is now available! If you want to install that instead, check out my newer guide!

This tutorial for installing macOS Big Sur using OpenCore has been adapted for Proxmox from Kholia’s OSX-KVM project and Leoyzen’s OpenCore configuration for KVM. You can get the full sourcecode on my GitHub here.

Requirements

I’ll assume you already have Proxmox 6 installed. You also need a real Mac available in order to fetch the OSK key.

Your Proxmox host computer’s CPU must support SSE 4.2, so for Intel your CPU must be at least as new as Nehalem, which was the first CPU generation to bear the “Core” i5/i7 branding. Older CPUs will cause the finder to repeatedly crash after installation completes (with an Illegal Instruction exception in the graphics code).

Modern AMD CPUs also support SSE 4.2 and will work with this guide.

Continue reading Installing macOS 11 “Big Sur” on Proxmox 6