This is a summary of what I found out about trying to use enable_and_lock_vmx in refind.conf to enable virtualisation. I'm posting this to try to help out anyone who lands up here with the same sort of issue as I have wasted a chunk of 2 days on.
I was trying to install Docker for a project and ended up trying it on several older Macs under 10.13 and 10.15 (with dosdude's patches to enable install).
Specifically, 2010 MacMini Core 2 Duo, 2010 27" i7 iMac, 17" 2010 MacBook Pro, 2008 MacPro 3,1. All with firmware fully up to date.
Note that ALL of these machines show VMX supported by the processor when interrogated with sysctl. The MacPro also supports hardware virtualisation under Windows Server 2012 but NOT under Windows server 2016.
Information from the messages on Docker and their website led me a long chase over the web to find out what is going on. Initial impression was that it was VMX being disabled that was the problem and that rEFInd could fix that. Tried 0.12 and 0.11 with no joy.
Cutting to the chase, turns out that this was not the problem. It is highly likely that VMX was never disabled on these machines, but I have no way (yet) of being completely sure.
The real issue is Apple's Hypervisor framework, and the meaning of sysctl kern.hv_support. This command does not simply check if VMX is enabled, which is the impression you might get from several sites I looked at, but also for 2 or 3 (not entirely sure) other Intel processor capabilities which were being introduced starting in 2010 - but were not in every processor that Apple installed in machines during 2010!!!!!
The Hypervisor framework (https://developer.apple.com/documentation/hypervisor) documentation is where I should have started anyway. "On Intel-based Mac computers, the framework supports machines with an Intel VT-x feature set that includes Extended Page Tables (EPT) and Unrestricted Mode.". It is also possible that it needs Intel® Virtualization Technology for Directed I/O (VT-d) - this was mentioned somewhere else but not in Apple's documentation. Seems Unrestricted Mode is sometimes referred to as Unrestricted Guest.
So, while previous processors did have VMX capability, these additional features were introduced with Westmere processors.
The MacMini, MacPro and iMac all have pre-Westmere processors. The Macbook Pro DOES have all of the necessary processor features.
Note that I cannot speak to operating systems prior to 10.13 in terms of whatever hardware virtualisation is possible from personal experience. Maybe VMX on its own does support some sort of virtualisation on earlier processor/OS combinations. Documentation suggests that the Hypervisor has had these requirements since at least 10.10.
I've come across a number of people trying to use 2010 machines in this way across the WWW. Sorry folks, not happening if you have a pre-Westmere processor in your 2010 machine. I cannot be sure - I have not investigated - whether all 2011 and 2012 machines will work for you. Get your processor name by using sysctl -a | grep brand and then look it up at ark.intel.com and see if the CPU has all of the needed features (under Advanced).
I have not even tried to investigate what is possible on these machines with just VMX under MacOS or under other operating systems. I know that there were tricks like booting into MacOS and then switching into Windows to get virtualisation working under Windows on the 2008 MacPro. Whether rEFInd can help with that is something I may look at eventually.
I hope this helps someone else who has the same problems.
As to rEFInd itself - thanks to Rod Smith - terrific utility AND I've learned a lot about EFI using this and trying to get the virtualisation issue fixed. Shame that it is not the solution for my problem, but that is not its main purpose.
Last edit: peterthegrey 2020-08-22
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The MacMini, MacPro and iMac all have pre-Westmere processors. The Macbook Pro DOES have all of the necessary processor features.
Classsic MacPros (cMP) do have Westmere processors: cMP 1,1 (2006): CPU Model = Merom or Woodcrest cMP 2,1 (2007): CPU Model = Merom or Clovertown cMP 3,1 (2008): CPU Model = Harpertown or Penryn cMP 4,1 (2009): CPU Model = Nehalem cMP 5,1 (2010): CPU Model = Nehalem or Westmere cMP 5,1 (2012): CPU Model = Nehalem or Westmere
It well known amongst users of OpenCore, which relies on telling unsupported Mac OS Versions such as Catalina, that that it is a Virtual Machine (VM Spofing) at installation time, that cMP 5,1 units are the only cMP Models that can do this. This applies to both Nehalem and Westmare variants btw.
For clarity, virtually no one runs a vanilla 4,1 model but flash them to 5,1 firmware as the 5,1 Model is apparently largely just a glorified 4,1 and these flashed units have the same capability.
Not confirmed whether the vanilla 4,1 firmware can do the same but the Nehalem Processor inside can with the 5,1 Firmware in place.
In summary, there are cMP Models with Westmere CPUs and the VM capability is not limited to Westmare CPUs.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This is a summary of what I found out about trying to use enable_and_lock_vmx in refind.conf to enable virtualisation. I'm posting this to try to help out anyone who lands up here with the same sort of issue as I have wasted a chunk of 2 days on.
I was trying to install Docker for a project and ended up trying it on several older Macs under 10.13 and 10.15 (with dosdude's patches to enable install).
Specifically, 2010 MacMini Core 2 Duo, 2010 27" i7 iMac, 17" 2010 MacBook Pro, 2008 MacPro 3,1. All with firmware fully up to date.
Note that ALL of these machines show VMX supported by the processor when interrogated with sysctl. The MacPro also supports hardware virtualisation under Windows Server 2012 but NOT under Windows server 2016.
Information from the messages on Docker and their website led me a long chase over the web to find out what is going on. Initial impression was that it was VMX being disabled that was the problem and that rEFInd could fix that. Tried 0.12 and 0.11 with no joy.
Cutting to the chase, turns out that this was not the problem. It is highly likely that VMX was never disabled on these machines, but I have no way (yet) of being completely sure.
The real issue is Apple's Hypervisor framework, and the meaning of sysctl kern.hv_support. This command does not simply check if VMX is enabled, which is the impression you might get from several sites I looked at, but also for 2 or 3 (not entirely sure) other Intel processor capabilities which were being introduced starting in 2010 - but were not in every processor that Apple installed in machines during 2010!!!!!
The Hypervisor framework (https://developer.apple.com/documentation/hypervisor) documentation is where I should have started anyway. "On Intel-based Mac computers, the framework supports machines with an Intel VT-x feature set that includes Extended Page Tables (EPT) and Unrestricted Mode.". It is also possible that it needs Intel® Virtualization Technology for Directed I/O (VT-d) - this was mentioned somewhere else but not in Apple's documentation. Seems Unrestricted Mode is sometimes referred to as Unrestricted Guest.
So, while previous processors did have VMX capability, these additional features were introduced with Westmere processors.
The MacMini, MacPro and iMac all have pre-Westmere processors. The Macbook Pro DOES have all of the necessary processor features.
Note that I cannot speak to operating systems prior to 10.13 in terms of whatever hardware virtualisation is possible from personal experience. Maybe VMX on its own does support some sort of virtualisation on earlier processor/OS combinations. Documentation suggests that the Hypervisor has had these requirements since at least 10.10.
I've come across a number of people trying to use 2010 machines in this way across the WWW. Sorry folks, not happening if you have a pre-Westmere processor in your 2010 machine. I cannot be sure - I have not investigated - whether all 2011 and 2012 machines will work for you. Get your processor name by using sysctl -a | grep brand and then look it up at ark.intel.com and see if the CPU has all of the needed features (under Advanced).
I have not even tried to investigate what is possible on these machines with just VMX under MacOS or under other operating systems. I know that there were tricks like booting into MacOS and then switching into Windows to get virtualisation working under Windows on the 2008 MacPro. Whether rEFInd can help with that is something I may look at eventually.
I hope this helps someone else who has the same problems.
As to rEFInd itself - thanks to Rod Smith - terrific utility AND I've learned a lot about EFI using this and trying to get the virtualisation issue fixed. Shame that it is not the solution for my problem, but that is not its main purpose.
Last edit: peterthegrey 2020-08-22
Nice write up.
On this:
Classsic MacPros (cMP) do have Westmere processors:
cMP 1,1 (2006): CPU Model = Merom or Woodcrest
cMP 2,1 (2007): CPU Model = Merom or Clovertown
cMP 3,1 (2008): CPU Model = Harpertown or Penryn
cMP 4,1 (2009): CPU Model = Nehalem
cMP 5,1 (2010): CPU Model = Nehalem or Westmere
cMP 5,1 (2012): CPU Model = Nehalem or Westmere
It well known amongst users of OpenCore, which relies on telling unsupported Mac OS Versions such as Catalina, that that it is a Virtual Machine (VM Spofing) at installation time, that cMP 5,1 units are the only cMP Models that can do this. This applies to both Nehalem and Westmare variants btw.
For clarity, virtually no one runs a vanilla 4,1 model but flash them to 5,1 firmware as the 5,1 Model is apparently largely just a glorified 4,1 and these flashed units have the same capability.
Not confirmed whether the vanilla 4,1 firmware can do the same but the Nehalem Processor inside can with the 5,1 Firmware in place.
In summary, there are cMP Models with Westmere CPUs and the VM capability is not limited to Westmare CPUs.