BlackBerry publishes method to virtualize ARM64 version of macOS

Posted:
in macOS
BlackBerry's cybersecurity team has shared a new report that details how to emulate an ARM macOS kernel on Intel chips for Apple Silicon security research.

Credit: Apple
Credit: Apple


The report, penned by the BlackBerry Research & Intelligence Team, offers a method for security researchers and penetration testers to successfully emulate a macOS ARM64 kernel using the QEMU open source machine emulator.

This stripped-down macOS kernel can be used by security researchers for debugging and vulnerability discovery. BlackBerry also says the methodology illustrates how emulation can be used to manipulate and control a kernel to find critical bugs or patch a specific kernel area.

"Recent developments in Apple hardware have made it even more difficult for security researchers to keep up, and the demand for ARM-targeted testing environments is increasing," BlackBerry wrote in the report.

The emulation was released in response to Apple Silicon chips like the M1, as well as growing support for ARM64 in popular operating systems. The next version of the Linux kernel, for example, is slated to offer preliminary Apple Silicon support.

The BlackBerry team was able to virtualize an ARM64 macOS environment on a Linux host machine equipped with an Intel Core processor. The method involves downloading macOS Big Sur installer package, configuring QEMU, and tweaking additional settings and files.

As the researchers point out, cross-platform virtualization isn't new -- it's been possible to virtualize an ARM system on an Intel host machine since 2009. Emulating an iOS kernel on a macOS host has also been accomplished and published, so BlackBerry says "it was only a matter of time before XNU, Apple's own Unix-derived kernel, joined the party."

BlackBerry has published resources and additional details so researchers or interested parties can emulate ARM macOS on their own machines. Additional information is available on this BlackBerry Cylance Github page.

Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.

Comments

  • Reply 1 of 12
    rob53rob53 Posts: 3,241member
    Of course this use is not permitted in the Apple EULA but who cares these days. Do it under the guise of security and everything is magically allowed. BlackBerry is done so why are they even doing this?
    watto_cobra
  • Reply 2 of 12
    jdb8167jdb8167 Posts: 626member
    Got excited for a moment but then read that it was an Arm64 emulated on a x86-64 CPU on Linux. Why not use an M1 Mac with QEMU’s hvf accelerator to virtualize MacOS at nearly native speed. Oh well, maybe there is enough info in the paper to do this. I’ll check it out. 
    edited May 2021 watto_cobra
  • Reply 3 of 12
    mknelsonmknelson Posts: 1,120member
    rob53 said:
    Of course this use is not permitted in the Apple EULA but who cares these days. Do it under the guise of security and everything is magically allowed. BlackBerry is done so why are they even doing this?
    BlackBerry is done on hardware. They still offer quite a bit of software, mostly for Enterprise clients.

    This kind of security research is very valuable - this isn't emulation that a casual user would want/need to take advantage of.
    CloudTalkinwatto_cobra
  • Reply 4 of 12
    Is BlackBerry still a thing? Learn something new every day... :)
    watto_cobra
  • Reply 5 of 12
    mikethemartianmikethemartian Posts: 1,297member
    Is BlackBerry still a thing? Learn something new every day... :)
    I don’t know if Blackberry itself is involved but one of its founders, Mike Lazaridis, is well known for his investments in quantum computing research.
    watto_cobra
  • Reply 6 of 12
    zimmiezimmie Posts: 651member
    Is BlackBerry still a thing? Learn something new every day... :)
    BlackBerry is still very much a thing. They acquired QNX in 2010. It's a real-time operating system used in many cars' infotainment units, a bunch of core Internet routers, and some slightly more exotic industrial hardware.

    I personally prefer seL4 or PikeOS, both of which have undergone formal verification to mathematically prove they are free of bugs, but QNX is very UNIX-y. As a result, there is a very large pool of developer talent to draw from when writing software for QNX.
    muthuk_vanalingamwatto_cobra
  • Reply 7 of 12
    rob53rob53 Posts: 3,241member
    mknelson said:
    rob53 said:
    Of course this use is not permitted in the Apple EULA but who cares these days. Do it under the guise of security and everything is magically allowed. BlackBerry is done so why are they even doing this?
    BlackBerry is done on hardware. They still offer quite a bit of software, mostly for Enterprise clients.

    This kind of security research is very valuable - this isn't emulation that a casual user would want/need to take advantage of.
    Still doesn't make it right. Just because you say it's valuable, or as the article says--BlackBerry has published resources and additional details so researchers or interested parties can emulate ARM macOS on their own machines, doesn't make it legal. I could locate the section in Apple's EULA that says macOS can only be run on Apple hardware but you've already made up your mind that this doesn't matter to people other than a casual user so I'm not going top waste my time. BTW, which Enterprise customer do you work for? I retired from a very large government contractor and we followed the rules. 
    watto_cobra
  • Reply 8 of 12
    jimh2jimh2 Posts: 611member
    zimmie said:
    Is BlackBerry still a thing? Learn something new every day... :)
    I personally prefer seL4 or PikeOS, both of which have undergone formal verification to mathematically prove they are free of bugs, but QNX is very UNIX-y. As a result, there is a very large pool of developer talent to draw from when writing software for QNX.
    No OS is bug-free nor is any software that is useful. The mathematically proven to be free of bugs is a wonderful piece of worthless marketing. 
    watto_cobra
  • Reply 9 of 12
    dysamoriadysamoria Posts: 3,430member
    jimh2 said:
    zimmie said:
    Is BlackBerry still a thing? Learn something new every day... :)
    I personally prefer seL4 or PikeOS, both of which have undergone formal verification to mathematically prove they are free of bugs, but QNX is very UNIX-y. As a result, there is a very large pool of developer talent to draw from when writing software for QNX.
    No OS is bug-free nor is any software that is useful.
    What a wonderful world we must live in.
  • Reply 10 of 12
    dysamoriadysamoria Posts: 3,430member
    rob53 said:
    mknelson said:
    rob53 said:
    Of course this use is not permitted in the Apple EULA but who cares these days. Do it under the guise of security and everything is magically allowed. BlackBerry is done so why are they even doing this?
    BlackBerry is done on hardware. They still offer quite a bit of software, mostly for Enterprise clients.

    This kind of security research is very valuable - this isn't emulation that a casual user would want/need to take advantage of.
    Still doesn't make it right. Just because you say it's valuable, or as the article says--BlackBerry has published resources and additional details so researchers or interested parties can emulate ARM macOS on their own machines, doesn't make it legal. I could locate the section in Apple's EULA that says macOS can only be run on Apple hardware but you've already made up your mind that this doesn't matter to people other than a casual user so I'm not going top waste my time. BTW, which Enterprise customer do you work for? I retired from a very large government contractor and we followed the rules. 
    “Right” & “wrong” aren’t equivalent concepts to “allowed by license” & “not allowed by license”.

    Despite efforts to prop them up for some law enforcement support around the post-9/11 authoritarian lawmaking free-for-all, EULAs have never been proper contracts. There were a few minor cases where they were even deemed partially or wholly unenforcible... which is why tech corporations lobbied for their own additives to those post-9/11 efforts at authoritarian government overreach (supported by BOTH parties).
    CloudTalkinmuthuk_vanalingam
  • Reply 11 of 12
    MacProMacPro Posts: 19,718member
    I bet the Benchmarks on such a setup are just awful.
    watto_cobra
  • Reply 12 of 12
    zimmiezimmie Posts: 651member
    jimh2 said:
    zimmie said:
    Is BlackBerry still a thing? Learn something new every day... :)
    I personally prefer seL4 or PikeOS, both of which have undergone formal verification to mathematically prove they are free of bugs, but QNX is very UNIX-y. As a result, there is a very large pool of developer talent to draw from when writing software for QNX.
    No OS is bug-free nor is any software that is useful. The mathematically proven to be free of bugs is a wonderful piece of worthless marketing. 
    I don't get what is so hard to understand about this. I'm not being ambiguous. There are mathematical proofs that seL4 and PikeOS match their specifications exactly. That means they do everything which is specified, and they do nothing which is not specified. In technical terms, they have no missing behaviors and no undefined behaviors.

    In layman's terms, this means there is incontrovertible proof that they have no bugs.

    Your software running on them can still have bugs, but the OS itself does not. It's not marketing. Software is math, and we can use formal logic to prove things about math.
    watto_cobra
Sign In or Register to comment.