Limitations of nested virtualization with Fusion on Mac OS 11.0 or later
Article ID: 315276
Updated On:
Products
VMware Desktop Hypervisor
Issue/Introduction
This article provides information about the limitations of nested virtualization with Fusion on Mac OS 11.0 or later.
Environment
VMware Fusion 12.x
Resolution
On macOS 11.0 our privileged virtual machine monitor was replaced by a new monitor that runs at user level and uses the Apple hypervisor framework as the virtualization engine. This required some changes to our support for nested virtualization. These changes include:
- On Fusion 12.0 nested virtualization is not supported on CPUs that do not support a feature of Intel CPUs called VMCS shadowing.
For more details on VMCS shadowing see 4th Generation Intel Core vPro Processors with Intel VMCS Shadowing.
- Starting with Fusion 12.1.0 VMCS shadowing is no longer required to use nested virtualization on macOS 11.0 however performance of nested virtualization without VMCS shadowing may be degraded.
- ESX, VMware Fusion and VMware Workstation can be run as guest hypervisors although performance may be degraded when side channel mitigations are enabled.
See VMs with side channel mitigations enabled may exhibit performance degradation for more information on the performance impact of side channel mitigations when running Fusion on macOS 11.0
- Windows guests with virtualization-based security, also known as “VBS”, enabled are not supported at this time due to lack of support for an Intel feature referred to as mode-based execution control (MBE). We are currently working with Apple to add support for MBE. Windows guests with VBS enabled can be used if hypervisor-protected code integrity (HVCI) is disabled.
- Some rarely used features of nested virtualization that were supported on previous versions of Fusion such as page modification logging (PML) and virtualization exceptions (#VE) are not supported when running on macOS 11.0.
Feedback
Yes
No
Powered by
