BlackBerry publishes method to virtualize ARM64 version of macOS
BlackBerry's cybersecurity team has shared a new report that details how to emulate an ARM macOS kernel on Intel chips for Apple Silicon security research.
Credit: Apple
The report, penned by the BlackBerry Research & Intelligence Team, offers a method for security researchers and penetration testers to successfully emulate a macOS ARM64 kernel using the QEMU open source machine emulator.
This stripped-down macOS kernel can be used by security researchers for debugging and vulnerability discovery. BlackBerry also says the methodology illustrates how emulation can be used to manipulate and control a kernel to find critical bugs or patch a specific kernel area.
"Recent developments in Apple hardware have made it even more difficult for security researchers to keep up, and the demand for ARM-targeted testing environments is increasing," BlackBerry wrote in the report.
The emulation was released in response to Apple Silicon chips like the M1, as well as growing support for ARM64 in popular operating systems. The next version of the Linux kernel, for example, is slated to offer preliminary Apple Silicon support.
The BlackBerry team was able to virtualize an ARM64 macOS environment on a Linux host machine equipped with an Intel Core processor. The method involves downloading macOS Big Sur installer package, configuring QEMU, and tweaking additional settings and files.
As the researchers point out, cross-platform virtualization isn't new -- it's been possible to virtualize an ARM system on an Intel host machine since 2009. Emulating an iOS kernel on a macOS host has also been accomplished and published, so BlackBerry says "it was only a matter of time before XNU, Apple's own Unix-derived kernel, joined the party."
BlackBerry has published resources and additional details so researchers or interested parties can emulate ARM macOS on their own machines. Additional information is available on this BlackBerry Cylance Github page.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
Credit: Apple
The report, penned by the BlackBerry Research & Intelligence Team, offers a method for security researchers and penetration testers to successfully emulate a macOS ARM64 kernel using the QEMU open source machine emulator.
This stripped-down macOS kernel can be used by security researchers for debugging and vulnerability discovery. BlackBerry also says the methodology illustrates how emulation can be used to manipulate and control a kernel to find critical bugs or patch a specific kernel area.
"Recent developments in Apple hardware have made it even more difficult for security researchers to keep up, and the demand for ARM-targeted testing environments is increasing," BlackBerry wrote in the report.
The emulation was released in response to Apple Silicon chips like the M1, as well as growing support for ARM64 in popular operating systems. The next version of the Linux kernel, for example, is slated to offer preliminary Apple Silicon support.
The BlackBerry team was able to virtualize an ARM64 macOS environment on a Linux host machine equipped with an Intel Core processor. The method involves downloading macOS Big Sur installer package, configuring QEMU, and tweaking additional settings and files.
As the researchers point out, cross-platform virtualization isn't new -- it's been possible to virtualize an ARM system on an Intel host machine since 2009. Emulating an iOS kernel on a macOS host has also been accomplished and published, so BlackBerry says "it was only a matter of time before XNU, Apple's own Unix-derived kernel, joined the party."
BlackBerry has published resources and additional details so researchers or interested parties can emulate ARM macOS on their own machines. Additional information is available on this BlackBerry Cylance Github page.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
Comments
This kind of security research is very valuable - this isn't emulation that a casual user would want/need to take advantage of.
I personally prefer seL4 or PikeOS, both of which have undergone formal verification to mathematically prove they are free of bugs, but QNX is very UNIX-y. As a result, there is a very large pool of developer talent to draw from when writing software for QNX.
Despite efforts to prop them up for some law enforcement support around the post-9/11 authoritarian lawmaking free-for-all, EULAs have never been proper contracts. There were a few minor cases where they were even deemed partially or wholly unenforcible... which is why tech corporations lobbied for their own additives to those post-9/11 efforts at authoritarian government overreach (supported by BOTH parties).
In layman's terms, this means there is incontrovertible proof that they have no bugs.
Your software running on them can still have bugs, but the OS itself does not. It's not marketing. Software is math, and we can use formal logic to prove things about math.
How can an OS proven to be bug free have bug fixes?
Mathematical proofs can prove that errors are handled, and all paths were taken, but at the end of the day bugs are about human expectations and intentions which don't always correlate with a set of discrete rules. This is not to say that mathematical proofs do not instil confidence. But it can't prove no bugs exist.