When emulating macOS on Proxmox, it seems that we are forced to set the guest’s CPU type to “Penryn”. This is a very old architecture, and is missing some features that could unlock higher CPU performance. In particular, I wanted to use AVX (for accelerated stream processing) and AES-NI (for encryption), but macOS panics on boot if I set the CPU to Sandy Bridge, which would match my CPU which includes those features.
Luckily, kholia over at the OSX-KVM project has discovered that we can keep using Penryn, but enable the passthrough of individual advanced CPU features and have Sierra use them, even though Penryn never supported these features.
See his guide here:
One stumbling block for me was that my VM only seemed to boot correctly if the “machine” type was set to “pc-q35-2.5”. Using any newer version caused a division by zero error during early boot:
pc-q35-2.8 or newer is required to pass through AVX and AES-NI, so I was stuck. However I finally realised that my VM would boot correctly using the newest pc-q35-2.9 version if I set the “core” count to 16 or fewer.
I have two CPUs, both with 8 cores and 2 threads per core, and I was trying to pass through 32 threads in total. Since Proxmox doesn’t support setting the number of threads, I was doing this by passing through 32 “cores” on one emulated socket, which worked fine on pc-q35-2.5, but failed on any newer version.
To solve this, I set sockets to 1 and cores to 32 in Proxmox’s VM settings, but then added my own “-smp” option to the custom “args” in order to override the CPU layout and set the number of threads per core correctly. Here’s my completed args for the passthrough of AVX and AES-NI with 32 threads:
args: ... -cpu Penryn,kvm=on,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+avx,+aes,+xsave,+xsaveopt,enforce -smp 32,sockets=1,cores=16,threads=2 sockets: 1 cores: 32
There are more options that can be passed through on newer CPUs, including AVX2 (see kholia’s guide for details), but these are the options that work for my Sandy Bridge-EP system.
Note that the kernel mitigation for the 2018 Intel CPU vulnerabilities Spectre and Meltdown is said to use the “pcid” CPU feature to reduce the overhead of working around the vulnerability, so pass that one through too!
Note: I also had trouble passing through strange numbers of cores to macOS, like 14, I’m not sure what’s going on there. Maybe it’s checking against a list of supported CPU topologies?