A good update. The <i>VIRTIO_NET_F_MTU</i> negotiation has been a roadblock for many guest OS implementations on apple's virtualization stack. The spec is vague enough that linux just does it while openbsd had to explicitly patch in support to handle the hypervisor's hardmtu limit.<p>This is a big deal for local development imho. With the raw single-thread performance of the M4/M5 chips, an openbsd guest is arguably the best environment for testing pf configurations or running isolated mail servers (for example). Being able to rely on viogpu without the black-screen-of-death means we can slowly move away from serial console-only installs for quick VMs.<p>Big kudos to Helg and Stefan!
> With the raw single-thread performance of the M4/M5 chips, an openbsd guest is arguably the best environment for testing pf configurations or running isolated mail servers (for example).<p>A unikernel would probably be even better? (But then you need a mail server that's set up for running as a unikernel, without an underlying OS.)
>Being able to rely on viogpu without the black-screen-of-death means we can slowly move away from serial console-only installs for quick VMs.<p>No, thanks. My IaC doesn't want or need any interaction when spinning up a quick or slow VM.
The bigger news is that this also fixes the QEMU compatibility bug that makes OpenBSD hang out of the box on arm64 when starting X.<p>It started in 7.3 with the frame buffer changes and the only workaround was to disable the kernel driver.<p>Maybe more people will get to try out OpenBSD successfully now.
Note that this is about Virtualization.framework (Apple's first party VMM). OpenBSD worked on Hypervisor.framework + qemu since a very long time.
Good point. The naming of those frameworks is sooo confusing. IMHO, nearly impossible to not mix them up.
My mental model is that each of these covers a different layer of the stack, from lowest to highest:<p>* hypervisor-framework handles the hypervisor bits, like creating virtual machines, virtualising hardware resources, basically a C API on top of Apple's hypervisor<p>* virtualization-framework is a higher-level API, meant to make it easy to run a full-blown VM with an OS and hardware integration, without having to reinvent the integration with lower-level primitives that hypervisor-framework provides<p>* containerization-framework uses virtualization-framework to run Linux containers on macOS in microVMs.<p>By analogy to not mix them up, it's a bit like KVM > QEMU > containerd.<p>Hope this helps!
Out of my depth here. Is that the one Tahoe was introducing? What did it solve that was impossible before?
Virtualization.framework was introduced in Big Sur. It builds on top of Hypervisor.framework and is essentially Apple's QEMU (in some ways quite literally, it implements QEMU's pvpanic protocol for example). Before QEMU and other VMMs gained ARM64 Hypervisor.framework support, it was the only way to run virtual machines on ARM Macs and still is the only official way to virtualize ARM macOS.<p>The new Tahoe framework you're probably thinking of is Containerization, which is a WSL2-esque wrapper around Virtualization.framework allowing for easy installation of Linux containers.
Oh good point. I mixed it up, UTM is using qemu under hood, but as someone mentioned now OpenBSD snapshot boots with qemu seemlesly. It's still virtualised though.
Maybe I am missing something but the last few times I tested VMs it seemed to end up never <i>shrinking</i> in RAM size once it had grown, is this a real issue and if so is there any improvement coming on that front?
You're missing the complexity of making the guest inform the host that it has fully freed this and that slab of memory and that the host may reclaim it until further notice. It's a bit more complicated than the other way around, where the guest believes it has e.g. 4 GiB of RAM available but the host doesn't allocate all of it for the guest until it tries to read/write there. A virtual machine is something entirely else than a containerized piece of software.
> Maybe I am missing something but the last few times I tested VMs ...<p>Tested VMs on <i>what</i>? For VMs are used daily and there are, what, <i>hundreds of millions</i> of VMs running as we speak? Billions?
Is there a guide on how to do this? I haven’t ever used the raw hypervisor.
a quick kagi search revealed this: <a href="https://briancallahan.net/blog/20250222.html" rel="nofollow">https://briancallahan.net/blog/20250222.html</a>, perhaps it might work for you too ?
It should just be a matter of producing a kernel and, if necessary, RAM disk that can be booted the same way as Linux.
“just” is doing a lot of work in that sentence.
Yes and no; kernels aren’t magic, and “change how this kernel is loaded to match how Linux does it” is actually a reasonable first assignment for an Operating Systems class at a top-tier school. (You’re basically just creating an alternative `main()` if you don’t need a RAM disk image from which to load drivers.)
Then one needs to launch it. Not sure if there are any lancher UIs out there, or if one has to write custom code for that.
Parallels will run a VM that can (manually) boot bsd.rd from the EFI shell if you stick BOOTAA64.EFI and bsd.rd on a FAT32 GUID formatted.dmg, connect it to the VM, then boot EFI shell.
Type:<p><pre><code> connect -r
map -r
fs0:
bootaa64.efi
boot bin.rd
</code></pre>
Then you'll be in the OpenBSD installer, having booted an OpenBSD kernel.<p>You can grab the files from: <a href="https://ftp.openbsd.org/pub/OpenBSD/snapshots/arm64/" rel="nofollow">https://ftp.openbsd.org/pub/OpenBSD/snapshots/arm64/</a><p>Actually installing the system is left as an exercise for the reader.
My point is that as long as OpenBSD can boot like Linux, you just have to tell whatever VM front-end you’re using that you’re booting a Linux but give it an OpenBSD kernel and RAM disk.<p>Traditionally BSD has booted very differently than Linux, because Linus adopted the same boot process as MINIX when he first developed it (since he was actually using the MINIX boot blocks at first).<p>BSD has historically used a bootstrap that understands V7FS/FFS and can load a kernel from a path on it. MINIX takes the actual kernel and RAM disk images as parameters so it doesn’t need to know about filesystems, and that tradition continued with Linux bootstraps once it was standalone.
Well done! FreeBSD 15 is a complete no-go for X right now on utm, rdp/vnc is the only way. Hopefully somebody will work out how to get a frame buffer working there, from this.
This is a significant milestone for OpenBSD on Apple hardware. The improved support for Virtualization.framework will definitely make local development and testing much smoother for many users. Kudos to the developers!
so does redox at least this fork: <a href="https://github.com/pannous/redox" rel="nofollow">https://github.com/pannous/redox</a> completely Rust-based without any Makefiles.
I wonder if openbsd is secure running as a guest ? it it able to isolate it-self sufficiently so that the host cannot mathematically breach it ? (which makes openbsd very suitable for keyholding)
As of 2025 OpenBSD has support for AMD SEV and SEV-ES, with support for SEV-SNP work-in-progress, so with the right hardware yes it's able to isolate itself sufficiently <a href="https://www.bsdcan.org/2025/timetable/timetable-Confidential-Computing-with.html" rel="nofollow">https://www.bsdcan.org/2025/timetable/timetable-Confidential...</a>
The host kernel and probably the host VMM can see guest memory, so I wouldn't use it for that.
On a slightly related note UTM remote is such a nice remote client for VMs that I wish they would make it compatible with other hypervisor protocols such as libvirtd and bhyve.
[dead]
[dead]
No X and networking. What's the point then?
Useless imo