Apple Hypervisor is completely broken on MacOS Big Sur beta 11.0.1

Question

I am trying to make a basic command-line tool that makes a VM and runs something using Apple Hypervisor.

When I try to run hv_vm_create(HV_VM_DEFAULT) it gives me an error code -85377023.

I tried enforcing App Sandbox and setting the entitlement accordingly for the Big Sur compile target, and now I am getting this output in the console:

Killed

From what I understand from this, this is AMFI killing my process. Is this a bug or my problem?

When I decided to go down the rabbit hole, I found that in the MacOS Big Sur 11.0.1 beta release notes, they deprecated hv_vm_run(_:), while the API documentation says that this function is in beta.

I didn't go as far as disabling AMFI with a kernel flag, but I am almost certain that this is not expected behavior. And that, no matter what, hv_vm_run(_:) can never be deprecated OR be in beta. I am sure that this function existed well before Big Sur.

If anyone can help me with this or just give a response, please do. Do not keep me in darkness as I don't want to waste time on something which is potentially broken.

Thank you.

P.S: I know that there is already a thread in the Apple Developer forums, I am the one who posted it. Though, no one is answering there because their community is not even close to being as large as Stack Overflow.

Answer 1

This error code you're seeing is just a poor UX on the macOS side: what it's really trying to communicate is that the com.apple.security.hypervisor entitlement is missing.

If you're using Xcode, you can add it like that:

1. Press ⌘N and create a new Property List file.
2. Add a new property with the key com.apple.security.hypervisor and a boolean value set to YES.
3. Go to Project → Target → Build Settings → Signing → Code Signing Entitlements and make sure it uses your newly created entitlements file.

Alternatively, you can use command line:

codesign -s - --entitlements app.entitlements --force path/to/your/binary

Where app.entitlements contents is as follows:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.hypervisor</key>
    <true/>
</dict>
</plist>

The other way you to solve this is to simply set the Deployment Target to 10.13 in the Xcode's settings (props to Alexander Pinske):

The reason this works is most likely due to backwards-compatibility, so bear in mind that this might change in the future macOS releases, or, perhaps, on newly introduced platforms like Apple Silicon.