Apple Silicon and Virtual Machines: Beating the 2 VM Limit (2023)
A Mac admin intern discovered a hidden boot argument that overrides Apple's virtualization restriction.
Developer and Mac admin intern Mykola Grymalyuk investigated why Apple Silicon hosts are limited to running only two macOS virtual machines simultaneously. While Apple's macOS Software License Agreement officially restricts users to two VMs for development and testing, Grymalyuk traced the technical enforcement to Apple's XNU kernel. Through reverse engineering using tools like IDA and comparing Intel and Apple Silicon kernels, he discovered the limitation is managed via the `hv_apple_isa_vm_quota` variable in kernel functions like `hv_vm_destroy_0` and `hv_trap_vm_create`.
In macOS Sonoma Beta 4's development kernel, Grymalyuk found that setting the `hv_apple_isa_vm_quota=` boot argument can override the default two-VM limit. However, this functionality appears to be gated behind System Integrity Protection (SIP) checks in release kernels, specifically requiring the `CSR_ALLOW_APPLE_INTERNAL` flag. The discovery reveals Apple's internal testing mechanisms and provides a potential workaround for developers needing multiple macOS VM environments on a single Apple Silicon machine.
- Apple's macOS SLA officially limits virtualization to 2 macOS instances per host for development/testing
- The restriction is enforced in XNU kernel code via `hv_apple_isa_vm_quota` variable management
- Development kernels contain `hv_apple_isa_vm_quota=` boot argument that can override the 2-VM limit
Why It Matters
Enables developers and researchers to run multiple macOS test environments on Apple Silicon hardware, improving workflow efficiency.