Fix for macOS [High] Sierra 10.12.4+ “don’t steal mac OS” error on boot on Proxmox 4

In Sierra 10.12.4, macOS added some extra copy protection which is able to tell that the SMC emulation that QEMU provides is not a real Mac. This causes a fatal error during boot on Proxmox 4 and earlier. Proxmox 5.1 now includes the fix for this problem in its regular QEMU package so a patch for 5.1 is no longer necessary.

One way of fixing this would be to remove the SMC device from the virtual machine’s arguments, and use FakeSMC.kext instead, like a regular Hackintosh, but this is inelegant.

Instead, we can patch QEMU to fix the SMC support, using the fixes from here:

https://github.com/kholia/OSX-KVM/issues/64

Building the fixed QEMU

If you just want to download the fixed QEMU .deb package, skip to the next section, otherwise you can follow these build instructions to create it yourself.

I’ve applied the patch to my copy of Proxmox 4.4’s version of QEMU, which is currently pve-qemu-kvm 2.7.1-4.

You can build the source directly inside Proxmox, but I didn’t want to dirty my Proxmox install with a bunch of development libraries, so instead I created a new Debian container in Proxmox for building.

Proxmox 4.4

The patched version’s source is here:

https://github.com/thenickdude/pve-qemu-kvm/tree/sierra-smc-fix

Use Debian 8 (Jessie) as the template to create a new container. Inside it, run:

# We want to be able to fetch Proxmox packages too:
echo "
   deb-src http://ftp.debian.org/debian jessie main contrib
   deb http://download.proxmox.com/debian jessie pve-no-subscription 
" >> /etc/apt/sources.list
apt-get update
apt-get install ca-certificates -y

# The dependencies for the Debian QEMU version are a good starting point:
apt-get build-dep qemu -y --force-yes

# Add some more tools and build dependencies:
apt-get install git lintian fakeroot autotools-dev libpci-dev quilt \
 texi2html check pve-libspice-server-dev glusterfs-common libnuma-dev \
 libjemalloc-dev libacl1-dev libbluetooth3 libbrlapi0.6 libvdeplug2 -y --force-yes

# Clone the source with the patch:
git clone --branch sierra-smc-fix \
 https://github.com/thenickdude/pve-qemu-kvm.git

cd pve-qemu-kvm
make

This results in a pve-qemu-kvm_2.7.1-4_amd64.deb file ready to be installed in Proxmox!

Binary package

If you don’t want to build this package yourself, you can download the version I built instead:

Proxmox 4.4

https://github.com/thenickdude/pve-qemu-kvm/releases/tag/2.7.1-4-smc

In Proxmox, do a apt-get update && apt-get upgrade to bring yourself up to date, run apt-get install libbluetooth3 libbrlapi0.6 libvdeplug2, stop your virtual machines, then you can install the package with dpkg -i pve-qemu-kvm_2.7.1-4_amd64.deb.

Keeping your version installed

You can use Apt package pinning to ensure this package isn’t replaced by a later Proxmox update:

apt-mark hold pve-qemu-kvm

Note for Clover

Note that injecting kexts using Clover in Sierra 10.12.4 requires a recent Clover revision, newer than r3994. I’ve updated my Clover installation instructions to include a new version which is compatible.

28 thoughts on “Fix for macOS [High] Sierra 10.12.4+ “don’t steal mac OS” error on boot on Proxmox 4”

  1. Hi, nick,

    I encountered the package error when install pve-qemu-kvm_2.7.1-4_amd64.deb.

    Unpacking pve-qemu-kvm (2.7.1-4) over (2.7.1-4) …
    dpkg: dependency problems prevent configuration of pve-qemu-kvm:
    pve-qemu-kvm depends on libbluetooth3 (>= 4.91); however:
    Package libbluetooth3 is not installed.
    pve-qemu-kvm depends on libbrlapi0.6; however:
    Package libbrlapi0.6 is not installed.
    pve-qemu-kvm depends on libvdeplug2; however:
    Package libvdeplug2 is not installed.

    Any suggestion?
    Thanks,

    Regards,
    Andrew

  2. hi Nick,

    So after noticing that server.app 5.3 (the current app store version of server.app) only supports 10.12.4. I when looking for a way to get an old verson apt store link (http://stackoverflow.com/questions/28573821/where-can-i-download-old-versions-of-os-x-server) but the links weren’t updated. i found a method for getting app store links to old versions of an app from the downloaded files of the app but i’d need to be able to downloaded it (server.app) in the 1st place for which i needed 10.12.4. In the end this snake eating its tail problem lead me to try your method to update to 10.12.4. I ran into the same problem that andrew chang ran into after i gave the .deb you built a spin : after installing the patch none of the vm’s would start and gave errors saying:

    kvm: error while loading shared libraries: libbluetooth.so.3: cannot open shared object file: No such file or directory
    command ‘kvm -version’ failed: exit code 127
    TASK ERROR: detected old qemu-kvm binary (unknown)

    after some head scratching, reverting, reinstalling, etc i found your response Andrew and everything works splendidly 🙂

    Thanks muchly!! 🙂

    1. Whoops, I’ve now added those instructions to the body of the post to avoid confusing further visitors 🙂

  3. Thanks Nick for your hard work, but I’m out of luck starting 10.12.5 on Proxmox 4.4. The boot screen appears, afterwards it’ll change screen resolution, displaying the apple logo very shortly and returning to the boot loader.

    I’ve followed all instructions including installting the patched kvm lib. What am I missing?

    1. You’ll want to boot in verbose mode so you can see where it’s getting up to before the failure occurs. In Clover you can do this by hitting space on the main menu screen and picking options (verbose and don’t reboot on fault). In Enoch I think you type “-v” at the prompt (at least).

  4. Good evening, I’m using proxmox 5 pvetest repos (current official, not your patched deb) and so far 10.12.3 works, I made a UEFI boot install image (using linux), installed, did the gpu passthrough and everything works just fine (except hdmi sound but already found how to fix it).
    Thing is that I downloaded the 10.12.6 installer from store and prepared a bootable uefi installer as before, then I get the apple logo and progressbar, then a full gray background screen with mouse, and then after a couple seconds I get the beach ball of doom (within the gray background, feels like language chooser but noghint else appears).. any thoughts on how to fix it? my host cpu is haswell i5 4460 and 10.12.3 works like a charm. 6GB ram is assigned to the kvm so I don’t think it’s a memory problem.

    Meanwhile I will try to update from 10.12.3 in the app store instead of a clean 10.12.6 install to see if it boots.

    any thoughts on what could be wrong or how to troubleshoot it?

    pveversion -v:
    proxmox-ve: 5.0-16 (running kernel: 4.10.17-1-pve)
    pve-manager: 5.0-23 (running version: 5.0-23/af4267bf)
    pve-kernel-4.10.15-1-pve: 4.10.15-15
    pve-kernel-4.10.11-1-pve: 4.10.11-9
    pve-kernel-4.10.17-1-pve: 4.10.17-16
    libpve-http-server-perl: 2.0-5
    lvm2: 2.02.168-pve2
    corosync: 2.4.2-pve3
    libqb0: 1.0.1-1
    pve-cluster: 5.0-12
    qemu-server: 5.0-14
    pve-firmware: 2.0-2
    libpve-common-perl: 5.0-16
    libpve-guest-common-perl: 2.0-11
    libpve-access-control: 5.0-5
    libpve-storage-perl: 5.0-12
    pve-libspice-server1: 0.12.8-3
    vncterm: 1.5-2
    pve-docs: 5.0-9
    pve-qemu-kvm: 2.9.0-2
    pve-container: 2.0-14
    pve-firewall: 3.0-2
    pve-ha-manager: 2.0-2
    ksm-control-daemon: 1.2-2
    glusterfs-client: 3.8.8-1
    lxc-pve: 2.0.8-3
    lxcfs: 2.0.7-pve2
    criu: 2.11.1-1~bpo90
    novnc-pve: 0.6-4
    smartmontools: 6.5+svn4324-1
    zfsutils-linux: 0.6.5.9-pve16~bpo90
    openvswitch-switch: 2.7.0-2

    1. The patch is required, 10.12.4+ won’t boot without it. Unless you’re using a recent Clover along with the FakeSMC extension, but I haven’t tried that approach.

      I’ve struggled to get the installer to boot using Clover, I used Enoch/Chameleon on SeaBIOS to boot the installer instead, then installed Clover after first boot.

  5. I think it would be life easier to just post the instructions on how to do this when booting Sierra on a VMWare Workstation 12 and this shows up. Just post the steps on how to fix it.

    Thank you

  6. Nick, many thanks for your fine work.
    IS there a plan to bring the code from github for SMC stable into Proxmox VE? This would be very helpful.

  7. Also, in your patched version, there seems to be a bug or so.
    I adjust it to 8 GB of memory, but 16 GB of memory (double) is shown now?

    1. That’s weird. Does it appear in Activity Monitor, or just in the System Information menu? I think the system information menu just shows whatever Clover tells it is installed (doesn’t have to match the actual RAM allocation).

      1. It appears in the system information menu.
        Clover was telling correctly before the patch ;-).
        I have made 2 screens, if you want / need them.

  8. Hi nick:
    I try to install mac os High sierra in my proxmox, but for some reason I can’t, When i begin to run, clover iso, work fine, keyboard, work fine, but, I try to use High-Sierra OS, and the system Says Boot Legacy OS from APPLE INC., TYPE: 0002
    and, unfortunaly, I can’t select the disk high-sierra.ISO to install
    thanks for you help

  9. can you please clarify the status of this? as of now, upstream pve-qemu-kvm version is pve-qemu-kvm/stable,stable 2.11.1-5 amd64

    and I’m stuck with 2.9.0…

    1. 2.11 includes this patch already, so doesn’t need to be modified. However my High Sierra installs refuse to boot on 2.11 for an unknown reason, so I’m staying on 2.9 (to downgrade to Proxmox packages compatible with 2.9 I also needed to `apt-get install qemu-server=5.0-23 pve-manager=5.1-47`). If you get 2.11 working, let me know.

  10. Hi,

    thanks for this tutorial.
    I got a problem, when trying to install. I can boot the .iso, bit I just see the Apple logo on a black screen and 25% CPU load permanently.
    What I´m doing wrong?

    Best regards,

    Sebastian

    System:
    CPU(s) 4 x Intel(R) Xeon(R) CPU E3-1225 v3 @ 3.20GHz (1 Socket)
    Kernelversion Linux 4.13.16-2-pve #1 SMP PVE 4.13.16-47 (Mon, 9 Apr 2018 09:58:12 +0200)
    PVE Manager Version pve-manager/5.1-51/96be5354
    pve-quemu-kvm 2.9.1-9

    1. Try rebooting the host, it seems like it doesn’t start using a newly installed version of qemu-server or qemu-pve-kvm until the server is restarted.

      Otherwise, hit Space at the Clover menu and tick the Verbose option and boot, so you can see at what point it gets stuck at.

      1. Hi nick,

        thanks for the help. Seems like my mistake was somwhere in the downgrade with the qemu-server, pve-manager or the pve-qemu-kvm. Or I just missed the restart.
        Here is, what I did to get it working:
        * apt-get install qemu-server=5.0-23 pve-manager=5.1-47
        * dpkg -i pve-qemu-kvm_2.9.1-9_amd64.deb
        * reboot

        After reboot, the USB-Keyboard setting was gone. I could start the setup, use the mouse but I couldn´t use the keyboard.
        I just re-added the lines

        [device “keyboard1”]
        driver = “usb-kbd”
        bus = “ehci.0”
        port = “2”

        to /usr/share/qemu-server/pve-q35.cfg

        Now, everything is working perfect.
        Have anybody tried to do apt-get upgrade on proxmox after the install? Would this prevent the VM from working?

        Best regards,

        Sebastian

        1. Yes, upgrading those packages will stop the VM booting. Run `apt-mark hold qemu-server pve-qemu-kvm pve-manager` to prevent these being touched by upgrades.

  11. Hi, when I start VM with OSX Proxmox gives me:

    kvm: warning: Unknown firmware file in legacy mode: genroms/multiboot.bin
    WARNING: Using AppleSMC with invalid key

    Any solution?

    Thanks

    1. It gives this error if the OSK you supplied in the “args” is not exactly 64 characters long, did you make a mistake when entering it?

Leave a Reply to Ronny Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.