Patch OVMF to support macOS in Proxmox 5.1+

Proxmox 5.1’s version of the OVMF firmware contains two commits (2ac1730 and 147fd35) that are intended to mark the pagetables as read-only during startup. This conflicts with the OsxAptioFixDrv drivers in Clover, which expect to be able to modify the pagetables to remap memory:

https://sourceforge.net/p/cloverefiboot/tickets/439/

I’ve patched OVMF to revert the effect of these two commits, which allows macOS to boot again (I also tested it by booting Windows 10, which worked fine). If you just want to download the fixed .deb, skip to the end of the article, otherwise if you want to build it yourself, follow along with the instructions in the next section:

Building the fixed pve-edk2-firmware

Use Debian 9 (Stretch) as a template to create a new container. Inside it, run:

# Add missing locale
echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
locale-gen

# Add tools and build dependencies:
apt-get update
apt-get install build-essential git lintian debhelper iasl nasm \
  python uuid-dev -y

# Clone my patched source
git clone -b macos-support https://github.com/thenickdude/pve-edk2-firmware.git

# Build it
cd pve-edk2-firmware
make

Installing the fixed OVMF

Download the prebuilt pve-edk2-firmware_1.20180612-1_all.deb (updated 2018-06-13) if you didn’t build it yourself in the previous step. Upload it to Proxmox somewhere and run these commands to install it:

dpkg -i pve-edk2-firmware_1.20180612-1_all.deb

# Prevent it from being replaced later by apt upgrade:
apt-mark hold pve-edk2-firmware

If you had previously installed my patched “pve-qemu-kvm” package, you can go ahead and remove it and return to the vanilla Proxmox packages:

apt-mark unhold pve-manager pve-qemu-kvm qemu-server
apt-get upgrade

# You should probably restart the host after replacing QEMU

(pve-qemu-kvm needs to be at least version 2.11.x to support this new OVMF package, as older versions read it from a different location, and to support the pc-q35-2.11 machine type).

17 thoughts on “Patch OVMF to support macOS in Proxmox 5.1+”

  1. Hello,

    I’m trying to install macOS High Sierra 10.13.4 with no success.
    Without this ovmf version I could not get to installer.
    Now, the installer gives me an error:
    https://imgur.com/a/TEePNq2
    and in the installer.log
    https://imgur.com/a/ly2tona

    * proxmox version:
    pve-manager/5.1-52/ba597a64 (running kernel: 4.13.13-6-pve)
    * config
    args: -device isa-applesmc,osk=”…” -smbios type=2 -cpu Penryn,kvm=on,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on
    balloon: 0
    bios: ovmf
    boot: cdn
    bootdisk: ide2
    cores: 4
    cpu: Penryn
    efidisk0: local-zfs:vm-102-disk-2,size=128K
    ide0: shared-data:iso/HighSierra-10.13.4-mod.iso,cache=unsafe,media=cdrom,size=5600M
    ide2: shared-data:iso/clover-r4428-amd64.iso,cache=unsafe
    machine: pc-q35-2.11
    memory: 8192
    name: osx1
    net0: e1000-82545em=C6:C4:F0:42:99:01,bridge=vmbr0
    numa: 0
    ostype: other
    sata0: local-zfs:vm-102-disk-1,cache=unsafe,size=40G
    scsihw: virtio-scsi-pci
    smbios1: uuid=cbcf9d9a-c152-411c-8911-349969148059
    sockets: 1
    vga: std

    Do you have any idea ?

    Thank you.

    1. I would guess you are not using the full ISO image, or its damaged. Nick’s other post on running High Sierra mentions that some Macs used to create the ISO don’t get the full installer. It also mentions how to work around it.

      This is only a guess, but it’s based on your log saying “Image not found” when looking osinstallersetup.

  2. Excellent! Wasn’t able to make it work with the patched Qemu package but with this is works.

    I passed a GTX 770 through to the VM but i’m still stuck with the 1280*1024 resolution, even after changing it in the GUI option in the config.plist and in the OVMF boot. And installed the latest Nvidia web drivers. Any solution for that?

    Are the also some recommended UEFI drivers?

  3. Hello,

    I am following the guide but when I try to start my VM I get the error:

    kvm: -machine type=pc-q35-2.11: unsupported machine type

    I’m on Proxmox 5.1-41

    1. There’s a new QEMU and pve-manager version available, you need to upgrade:

      pve-manager 5.1-52
      pve-qemu-kvm 2.11.1-5
      qemu-server 5.0-25

      If you already have, you may need to restart the host to start using the new QEMU version.

  4. Hi nick! thank you for your packages.
    I’m trying to figure out another way to do this without modify the pve-firmware package, maintaining original OVMF plus the modified one for mac…
    Maybe we can change in QemuServer.pm this:

    push @$cmd, ‘-drive’, “if=pflash,unit=0,format=raw,readonly,file=$OVMF_CODE”;
    push @$cmd, ‘-drive’, “if=pflash,unit=1,format=$format,id=drive-efidisk0,file=$path”;

    to add something like this: ( I don’t know perl syntax so…)

    if $conf->{ostype} && $conf->{ostype} eq ‘other’; {
    push @$cmd, ‘-drive’, “if=pflash,unit=0,format=raw,readonly,file=$OVMF_CODE_MAC”;
    push @$cmd, ‘-drive’, “if=pflash,unit=1,format=$format,id=drive-efidisk0,file=$OVMF_VARS_MAC”;
    } else {
    *ORIGINAL LINE*

    What do you think?

    PS:Sorry for bad english, not main language

  5. Hello Sir!

    I am trying to set up macOS High Sierra on Proxmox 5.1 by following your article but i am stuck at the point
    “Install Patched version of proxmox OVMF library”
    you mentioned above that i have to upload that package file on proxmox somewhere.. but the problem is that i am not able to find any place in proxmox where i could upload a package file with extension “.deb”
    kind guide me that how and where do i upload prebuilt pve-edk2-firmware on proxmox ?

        1. SSH/SFTP works the same way on Proxmox as on any other Linux system, I suggest that you google for tutorials. Without this knowledge, working with Proxmox in general is going to be very difficult.

  6. Hi Nick,

    Nice article! but i am running into a problem when booting up the installation. When i am booting the installation with verbose mode i am finding out it starts hanging at:
    AppleKeyStore::start: _sep_enabled = 0

    Screenshot of the boot log:
    http://imgur.com/VFnR0bKl.png

    I just can’t figure out how to fix this problem, anybody known an solution to this?

    Kindly regards,

    Pascal S.

  7. Are we going to be blessed with an update on how to install Mac OS X Mojave with Proxmox?

    I can supply the beta download if you need it 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.