Fix for macOS [High] Sierra 10.12.4+ “don’t steal mac OS” error on boot on Proxmox 4 and 5

In Sierra 10.12.4, macOS added some extra copy protection which is able to tell that the SMC emulation that QEMU provides is not a real Mac. This causes a fatal error during boot on Proxmox 5 and earlier.

One way of fixing this would be to remove the SMC device from the virtual machine’s arguments, and use FakeSMC.kext instead, like a regular Hackintosh, but this is inelegant.

Instead, we can patch QEMU to fix the SMC support, using the fixes from here:

https://github.com/kholia/OSX-KVM/issues/64

Building the fixed QEMU

If you just want to download the fixed QEMU .deb package, skip to the next section, otherwise you can follow these build instructions to create it yourself.

I’ve applied the patch to my copy of Proxmox 4.4’s version of QEMU, which is currently pve-qemu-kvm 2.7.1-4, and Proxmox 5’s version, which is currently 2.9.1-1.

You can build the source directly inside Proxmox, but I didn’t want to dirty my Proxmox install with a bunch of development libraries, so instead I created a new Debian container in Proxmox for building.

Proxmox 4.4

The patched version’s source is here:

https://github.com/thenickdude/pve-qemu-kvm/tree/sierra-smc-fix

Use Debian 8 (Jessie) as the template to create a new container. Inside it, run:

# We want to be able to fetch Proxmox packages too:
echo "
   deb-src http://ftp.debian.org/debian jessie main contrib
   deb http://download.proxmox.com/debian jessie pve-no-subscription 
" >> /etc/apt/sources.list
apt-get update
apt-get install ca-certificates -y

# The dependencies for the Debian QEMU version are a good starting point:
apt-get build-dep qemu -y --force-yes

# Add some more tools and build dependencies:
apt-get install git lintian fakeroot autotools-dev libpci-dev quilt \
 texi2html check pve-libspice-server-dev glusterfs-common libnuma-dev \
 libjemalloc-dev libacl1-dev libbluetooth3 libbrlapi0.6 libvdeplug2 -y --force-yes

# Clone the source with the patch:
git clone --branch sierra-smc-fix \
 https://github.com/thenickdude/pve-qemu-kvm.git

cd pve-qemu-kvm
make

This results in a pve-qemu-kvm_2.7.1-4_amd64.deb file ready to be installed in Proxmox!

Proxmox 5.0

The patched version’s source is here:

https://github.com/thenickdude/pve-qemu/tree/sierra-smc-fix

Use Debian 9 (Stretch) as the template to create a new container. Inside it, run:

# We want to be able to fetch Proxmox packages too:
echo "
   deb-src http://ftp.debian.org/debian stretch main contrib
   deb http://download.proxmox.com/debian/pve stretch pve-no-subscription 
" >> /etc/apt/sources.list
apt-get update
apt-get install ca-certificates -y

# The dependencies for the Debian QEMU version are a good starting point:
apt-get build-dep qemu -y --allow-unauthenticated

# Add some more tools and build dependencies:
apt-get install git lintian fakeroot autotools-dev libpci-dev quilt \
 texi2html check pve-libspice-server-dev glusterfs-common libnuma-dev \
 libjemalloc-dev libacl1-dev libbluetooth3 libbrlapi0.6 \
 libvdeplug2 -y --allow-unauthenticated

# Clone the original source:
git clone git://git.proxmox.com/git/pve-qemu
cd pve-qemu
# Add my patch branch
git remote add thenickdude https://github.com/thenickdude/pve-qemu.git
git fetch thenickdude
git checkout -b sierra-smc-fix thenickdude/sierra-smc-fix

make

This results in a pve-qemu-kvm_2.9.1-1_amd64.deb file ready to be installed in Proxmox!

Binary package

If you don’t want to build this package yourself, you can download the version I built instead:

Proxmox 4.4

https://github.com/thenickdude/pve-qemu-kvm/releases/tag/2.7.1-4-smc

In Proxmox, do a apt-get update && apt-get upgrade to bring yourself up to date, run apt-get install libbluetooth3 libbrlapi0.6 libvdeplug2, stop your virtual machines, then you can install the package with dpkg -i pve-qemu-kvm_2.7.1-4_amd64.deb.

Proxmox 5.0

https://github.com/thenickdude/pve-qemu/releases/tag/2.9.1-1-smc

In Proxmox, do a apt-get update && apt-get upgrade to bring yourself up to date, run apt-get install libbluetooth3 libbrlapi0.6 libvdeplug2, stop your virtual machines, then you can install the package with dpkg -i pve-qemu-kvm_2.9.1-1_amd64.deb.

Keeping your version installed

You can use Apt package pinning to ensure this package isn’t replaced by a later Proxmox update:

apt-mark hold pve-qemu-kvm

Note for Clover

Note that injecting kexts using Clover in Sierra 10.12.4 requires a recent Clover revision, newer than r3994. I’ve updated my Clover installation instructions to include a new version which is compatible.

19 thoughts on “Fix for macOS [High] Sierra 10.12.4+ “don’t steal mac OS” error on boot on Proxmox 4 and 5”

  1. Hi, nick,

    I encountered the package error when install pve-qemu-kvm_2.7.1-4_amd64.deb.

    Unpacking pve-qemu-kvm (2.7.1-4) over (2.7.1-4) …
    dpkg: dependency problems prevent configuration of pve-qemu-kvm:
    pve-qemu-kvm depends on libbluetooth3 (>= 4.91); however:
    Package libbluetooth3 is not installed.
    pve-qemu-kvm depends on libbrlapi0.6; however:
    Package libbrlapi0.6 is not installed.
    pve-qemu-kvm depends on libvdeplug2; however:
    Package libvdeplug2 is not installed.

    Any suggestion?
    Thanks,

    Regards,
    Andrew

  2. hi Nick,

    So after noticing that server.app 5.3 (the current app store version of server.app) only supports 10.12.4. I when looking for a way to get an old verson apt store link (http://stackoverflow.com/questions/28573821/where-can-i-download-old-versions-of-os-x-server) but the links weren’t updated. i found a method for getting app store links to old versions of an app from the downloaded files of the app but i’d need to be able to downloaded it (server.app) in the 1st place for which i needed 10.12.4. In the end this snake eating its tail problem lead me to try your method to update to 10.12.4. I ran into the same problem that andrew chang ran into after i gave the .deb you built a spin : after installing the patch none of the vm’s would start and gave errors saying:

    kvm: error while loading shared libraries: libbluetooth.so.3: cannot open shared object file: No such file or directory
    command ‘kvm -version’ failed: exit code 127
    TASK ERROR: detected old qemu-kvm binary (unknown)

    after some head scratching, reverting, reinstalling, etc i found your response Andrew and everything works splendidly 🙂

    Thanks muchly!! 🙂

  3. Thanks Nick for your hard work, but I’m out of luck starting 10.12.5 on Proxmox 4.4. The boot screen appears, afterwards it’ll change screen resolution, displaying the apple logo very shortly and returning to the boot loader.

    I’ve followed all instructions including installting the patched kvm lib. What am I missing?

    1. You’ll want to boot in verbose mode so you can see where it’s getting up to before the failure occurs. In Clover you can do this by hitting space on the main menu screen and picking options (verbose and don’t reboot on fault). In Enoch I think you type “-v” at the prompt (at least).

  4. Good evening, I’m using proxmox 5 pvetest repos (current official, not your patched deb) and so far 10.12.3 works, I made a UEFI boot install image (using linux), installed, did the gpu passthrough and everything works just fine (except hdmi sound but already found how to fix it).
    Thing is that I downloaded the 10.12.6 installer from store and prepared a bootable uefi installer as before, then I get the apple logo and progressbar, then a full gray background screen with mouse, and then after a couple seconds I get the beach ball of doom (within the gray background, feels like language chooser but noghint else appears).. any thoughts on how to fix it? my host cpu is haswell i5 4460 and 10.12.3 works like a charm. 6GB ram is assigned to the kvm so I don’t think it’s a memory problem.

    Meanwhile I will try to update from 10.12.3 in the app store instead of a clean 10.12.6 install to see if it boots.

    any thoughts on what could be wrong or how to troubleshoot it?

    pveversion -v:
    proxmox-ve: 5.0-16 (running kernel: 4.10.17-1-pve)
    pve-manager: 5.0-23 (running version: 5.0-23/af4267bf)
    pve-kernel-4.10.15-1-pve: 4.10.15-15
    pve-kernel-4.10.11-1-pve: 4.10.11-9
    pve-kernel-4.10.17-1-pve: 4.10.17-16
    libpve-http-server-perl: 2.0-5
    lvm2: 2.02.168-pve2
    corosync: 2.4.2-pve3
    libqb0: 1.0.1-1
    pve-cluster: 5.0-12
    qemu-server: 5.0-14
    pve-firmware: 2.0-2
    libpve-common-perl: 5.0-16
    libpve-guest-common-perl: 2.0-11
    libpve-access-control: 5.0-5
    libpve-storage-perl: 5.0-12
    pve-libspice-server1: 0.12.8-3
    vncterm: 1.5-2
    pve-docs: 5.0-9
    pve-qemu-kvm: 2.9.0-2
    pve-container: 2.0-14
    pve-firewall: 3.0-2
    pve-ha-manager: 2.0-2
    ksm-control-daemon: 1.2-2
    glusterfs-client: 3.8.8-1
    lxc-pve: 2.0.8-3
    lxcfs: 2.0.7-pve2
    criu: 2.11.1-1~bpo90
    novnc-pve: 0.6-4
    smartmontools: 6.5+svn4324-1
    zfsutils-linux: 0.6.5.9-pve16~bpo90
    openvswitch-switch: 2.7.0-2

    1. The patch is required, 10.12.4+ won’t boot without it. Unless you’re using a recent Clover along with the FakeSMC extension, but I haven’t tried that approach.

      I’ve struggled to get the installer to boot using Clover, I used Enoch/Chameleon on SeaBIOS to boot the installer instead, then installed Clover after first boot.

  5. I think it would be life easier to just post the instructions on how to do this when booting Sierra on a VMWare Workstation 12 and this shows up. Just post the steps on how to fix it.

    Thank you

  6. Nick, many thanks for your fine work.
    IS there a plan to bring the code from github for SMC stable into Proxmox VE? This would be very helpful.

  7. Also, in your patched version, there seems to be a bug or so.
    I adjust it to 8 GB of memory, but 16 GB of memory (double) is shown now?

    1. That’s weird. Does it appear in Activity Monitor, or just in the System Information menu? I think the system information menu just shows whatever Clover tells it is installed (doesn’t have to match the actual RAM allocation).

      1. It appears in the system information menu.
        Clover was telling correctly before the patch ;-).
        I have made 2 screens, if you want / need them.

Leave a Reply

Your email address will not be published. Required fields are marked *