starred/Docker-OSX
1
0
Fork 0
mirror of https://github.com/sickcodes/Docker-OSX.git synced 2026-01-13 13:53:28 +01:00
Code Issues 411 Packages Projects Releases Wiki Activity

Igpu passthrough #107

New Issue
Open
opened 2025-12-28 23:24:31 +01:00 by adam · 37 comments
adam commented 2025-12-28 23:24:31 +01:00
Owner
Copy Link

Originally created by @Silfalion on GitHub (Jan 22, 2021).

Stumbled upon this:

https://github.com/patmagauran/i915ovmfPkg/wiki

From this article:

https://www.reddit.com/r/VFIO/comments/innriq/successful_macos_catalina_with_intel_gvtg/?utm_source=share&utm_medium=ios_app&utm_name=iossmf

(Way more up to date details in the first comment)

This could be used to improve the responsiveness of the container even more if passed in the args, thoughts?

Originally created by @Silfalion on GitHub (Jan 22, 2021). Stumbled upon this: https://github.com/patmagauran/i915ovmfPkg/wiki From this article: https://www.reddit.com/r/VFIO/comments/innriq/successful_macos_catalina_with_intel_gvtg/?utm_source=share&utm_medium=ios_app&utm_name=iossmf (Way more up to date details in the first comment) This could be used to improve the responsiveness of the container even more if passed in the args, thoughts?
adam added the enhancementhelp wanted labels 2025-12-28 23:24:31 +01:00
adam commented 2025-12-28 23:24:31 +01:00
Author
Owner
Copy Link

@sickcodes commented on GitHub (Jan 27, 2021):

I have tried this but I have AMD + AMD GPU + NVIDIA iGPU and I was unable to get it to work.

I do believe it's possible on intel iGPU.

Some more notes here: https://github.com/sickcodes/Docker-OSX/blob/master/helm/INSTALL-QEMU-AND-GPU-IOMMU.md

@sickcodes commented on GitHub (Jan 27, 2021): I have tried this but I have AMD + AMD GPU + NVIDIA iGPU and I was unable to get it to work. I do believe it's possible on intel iGPU. Some more notes here: https://github.com/sickcodes/Docker-OSX/blob/master/helm/INSTALL-QEMU-AND-GPU-IOMMU.md
adam commented 2025-12-28 23:24:32 +01:00
Author
Owner
Copy Link

@Silfalion commented on GitHub (Jan 27, 2021):

I see. Then once I set up the container I will give it a try and report back on it.

@Silfalion commented on GitHub (Jan 27, 2021): I see. Then once I set up the container I will give it a try and report back on it.
adam commented 2025-12-28 23:24:32 +01:00
Author
Owner
Copy Link

@Silfalion commented on GitHub (Apr 5, 2021):

so, following these resources:
https://www.reddit.com/r/VFIO/comments/innriq/successful_macos_catalina_with_intel_gvtg/
https://wiki.archlinux.org/index.php/Intel_GVT-g
https://github.com/patmagauran/i915ovmfPkg/wiki

so it's basically consist of activating gvt-g and using a custom rom while on the vm, the rom is available from the 3rd link in the release section.

I arrived to this result:

(qemu) qemu-system-x86_64: -device vfio-pci,sysfsdev=/sys/bus/mdev/devices/0f9daa70-9637-11eb-9840-7b4d486004cd,display=on,x-igd-opregion=on,romfile=i915ovmf.rom: vfio 0f9daa70-9637-11eb-9840-7b4d486004cd: failed to open /dev/vfio/13: Permission denied

even after adding myself to both the qemu and libvirt gorup.

Any idea on how to fix this?

(usb passthrough works here and with iphone as well)

@Silfalion commented on GitHub (Apr 5, 2021): so, following these resources: https://www.reddit.com/r/VFIO/comments/innriq/successful_macos_catalina_with_intel_gvtg/ https://wiki.archlinux.org/index.php/Intel_GVT-g https://github.com/patmagauran/i915ovmfPkg/wiki so it's basically consist of activating gvt-g and using a custom rom while on the vm, the rom is available from the 3rd link in the release section. I arrived to this result: ```(qemu) qemu-system-x86_64: -device vfio-pci,sysfsdev=/sys/bus/mdev/devices/0f9daa70-9637-11eb-9840-7b4d486004cd,display=on,x-igd-opregion=on,romfile=i915ovmf.rom: vfio 0f9daa70-9637-11eb-9840-7b4d486004cd: failed to open /dev/vfio/13: Permission denied``` even after adding myself to both the qemu and libvirt gorup. Any idea on how to fix this? (usb passthrough works here and with iphone as well)
adam commented 2025-12-28 23:24:33 +01:00
Author
Owner
Copy Link

@sickcodes commented on GitHub (Apr 6, 2021):

Add --privileged you might almost have it!

@sickcodes commented on GitHub (Apr 6, 2021): Add `--privileged` you might almost have it!
adam commented 2025-12-28 23:24:33 +01:00
Author
Owner
Copy Link

@sickcodes commented on GitHub (Apr 6, 2021):

Very cool getting the iPhone to pasthrough! Would love a PR or a blog post I can link to if you want to write something up :)

@sickcodes commented on GitHub (Apr 6, 2021): Very cool getting the iPhone to pasthrough! Would love a PR or a blog post I can link to if you want to write something up :)
adam commented 2025-12-28 23:24:34 +01:00
Author
Owner
Copy Link

@Silfalion commented on GitHub (Apr 6, 2021):

Add --privileged you might almost have it!

That was the thing that was needed for the iphone passthrough, it took me 3 days to figure it out lol. Any other ideas?

@Silfalion commented on GitHub (Apr 6, 2021): > Add `--privileged` you might almost have it! That was the thing that was needed for the iphone passthrough, it took me 3 days to figure it out lol. Any other ideas?
adam commented 2025-12-28 23:24:34 +01:00
Author
Owner
Copy Link

@Silfalion commented on GitHub (Apr 6, 2021):

Very cool getting the iPhone to pasthrough! Would love a PR or a blog post I can link to if you want to write something up :)

Sure! Just need a little bit of time. Also, the issue that helped me incredibly was this one:

https://github.com/sickcodes/Docker-OSX/issues/36

The even cooler thing is that I was able to sign up the app for a job no problem, so it should be 100% functional.

@Silfalion commented on GitHub (Apr 6, 2021): > Very cool getting the iPhone to pasthrough! Would love a PR or a blog post I can link to if you want to write something up :) Sure! Just need a little bit of time. Also, the issue that helped me incredibly was this one: https://github.com/sickcodes/Docker-OSX/issues/36 The even cooler thing is that I was able to sign up the app for a job no problem, so it should be 100% functional.
adam commented 2025-12-28 23:24:35 +01:00
Author
Owner
Copy Link

@mandelake commented on GitHub (May 7, 2021):

Sure! Just need a little bit of time. Also, the issue that helped me incredibly was this one:

Hey Silfalion, is it possible for you to share the steps needed for the iPhone passthrough? Every other day I'm checking this tread for your instructions, in no avail.

Thanks

@mandelake commented on GitHub (May 7, 2021): > > Sure! Just need a little bit of time. Also, the issue that helped me incredibly was this one: > Hey **Silfalion**, is it possible for you to share the steps needed for the iPhone passthrough? Every other day I'm checking this tread for your instructions, in no avail. Thanks
adam commented 2025-12-28 23:24:35 +01:00
Author
Owner
Copy Link

@Silfalion commented on GitHub (May 7, 2021):

Sure! Just need a little bit of time. Also, the issue that helped me incredibly was this one:

Hey Silfalion, is it possible for you to share the steps needed for the iPhone passthrough? Every other day I'm checking this tread for your instructions, in no avail.

Thanks

Oh very sorry, ping without any problem, just got distracted with work. Will try to add the steps here today or tomorrow, if that's alright.

@Silfalion commented on GitHub (May 7, 2021): > > > > > > > Sure! Just need a little bit of time. Also, the issue that helped me incredibly was this one: > > > > > Hey **Silfalion**, is it possible for you to share the steps needed for the iPhone passthrough? Every other day I'm checking this tread for your instructions, in no avail. > > > > Thanks > > > > Oh very sorry, ping without any problem, just got distracted with work. Will try to add the steps here today or tomorrow, if that's alright.
adam commented 2025-12-28 23:24:36 +01:00
Author
Owner
Copy Link

@Silfalion commented on GitHub (May 10, 2021):

@mandelake

Ok, so, the first step is to edit the grub to activate iommu:

1-Go to /etc/default/grub with sudo gedit /etc/default/grub
2-On the line that starts with GRUB_CMDLINE_LINUX_DEFAULT add intel_iommu=on or amd_iommu=on, depending on which processor brand you have. It will look like this:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash intel_iommu=on"
or
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash amd_iommu=on"

3-Update your grub with the command sudo update-grub
4-Reboot

This part will allow us to passthrough devices to the VM.

To be able to do the passthrough we need to identify your usb controllers and which one to pass. To do so, execute or put in a file then execute(make sure the execution permission is on in the file properties in case you put it in one):

#!/bin/sh

#mafferri (https://bbs.archlinux.org)

BASE="/sys/kernel/iommu_groups"

for i in $(find $BASE -maxdepth 1 -mindepth 1 -type d); do
	GROUP=$(basename $i)
	echo "### Group $GROUP ###"
	for j in $(find $i/devices -type l); do
		DEV=$(basename $j)
		echo -n "    "
		lspci -s $DEV
	done
done

The result will be a list of groups and with each group items. You want to look for one called usb controller, there could be many, just choose one and make sure you're not using it for something important.

Once you decide on one, mark down the digits at the very beginning of its line, the ones between brackets, Ex: 00:00:12.0.

This actually may need a bit of research as I didn't too much into. The next step will make your usb available to the guest(VM) but not the host(your OS), read somewhere this could be irreversible but didn't find on other tutorial, still go about it with caution.

The following script will bind your USB controller but you will need to reboot to gain back access to your USB, there is most definitely a script to unbind it, but didn't find one at the moment:

https://raw.githubusercontent.com/andre-richter/vfio-pci-bind/master/vfio-pci-bind.sh

Execute it as follow: sudo ./vfio-pci-bind XX:XX:XX.X

Replace the number with the numbers you got earlier. Now your usb should be ready to passthrough.

All you have to do now is add these 2 lines to your docker run command:

--privileged \
And
-e EXTRA='-device vfio-pci,host=XX:XX.X'

Just remove the 2 first zeros of the number of earlier and replace it instead of the Xs.

This should be all, if you have any problem, do ask.

@Silfalion commented on GitHub (May 10, 2021): @mandelake Ok, so, the first step is to edit the grub to activate iommu: 1-Go to /etc/default/grub with sudo gedit /etc/default/grub 2-On the line that starts with ```GRUB_CMDLINE_LINUX_DEFAULT``` add intel_iommu=on or amd_iommu=on, depending on which processor brand you have. It will look like this: `GRUB_CMDLINE_LINUX_DEFAULT="quiet splash intel_iommu=on"` or `GRUB_CMDLINE_LINUX_DEFAULT="quiet splash amd_iommu=on"` 3-Update your grub with the command `sudo update-grub` 4-Reboot This part will allow us to passthrough devices to the VM. To be able to do the passthrough we need to identify your usb controllers and which one to pass. To do so, execute or put in a file then execute(make sure the execution permission is on in the file properties in case you put it in one): ``` #!/bin/sh #mafferri (https://bbs.archlinux.org) BASE="/sys/kernel/iommu_groups" for i in $(find $BASE -maxdepth 1 -mindepth 1 -type d); do GROUP=$(basename $i) echo "### Group $GROUP ###" for j in $(find $i/devices -type l); do DEV=$(basename $j) echo -n " " lspci -s $DEV done done ``` The result will be a list of groups and with each group items. You want to look for one called usb controller, there could be many, just choose one and make sure you're not using it for something important. Once you decide on one, mark down the digits at the very beginning of its line, the ones between brackets, **Ex: 00:00:12.0**. This actually may need a bit of research as I didn't too much into. The next step will make your usb available to the guest(VM) but not the host(your OS), read somewhere this could be irreversible but didn't find on other tutorial, still go about it with caution. The following script will bind your USB controller but you will need to reboot to gain back access to your USB, there is most definitely a script to unbind it, but didn't find one at the moment: https://raw.githubusercontent.com/andre-richter/vfio-pci-bind/master/vfio-pci-bind.sh Execute it as follow: `sudo ./vfio-pci-bind XX:XX:XX.X` Replace the number with the numbers you got earlier. Now your usb should be ready to passthrough. All you have to do now is add these 2 lines to your docker run command: `--privileged \` And `-e EXTRA='-device vfio-pci,host=XX:XX.X'` Just remove the 2 first zeros of the number of earlier and replace it instead of the Xs. This should be all, if you have any problem, do ask.
adam commented 2025-12-28 23:24:36 +01:00
Author
Owner
Copy Link

@mandelake commented on GitHub (May 11, 2021):

@Silfalion

Thank you for taking the time to answer, still, your help would be much appreciated. I'm stucked with the vfio-pci-bind script.

Error: Please provide Version:Device (vvvv:dddd) and/or Domain:Bus:Device.Function (dddd:bb:dd.f)

By the way, the first script throws an error:

15: Syntax error: end of file unexpected (expecting "done")

I fixed it with:

d changed to done;
added done;

And so, the script show that I have two usb controllers.

### Group 5 ###
    00:14.0 USB controller: Intel Corporation Comet Lake PCH-LP USB 3.1 xHCI Host Controller
    
### Group 18 ###
    3b:00.0 USB controller: Intel Corporation JHL6540 Thunderbolt 3 USB Controller (C step) [Alpine Ridge 4C 2016] (rev 02)

lspci -nn | grep -i USB

00:14.0 USB controller [0c03]: Intel Corporation Comet Lake PCH-LP USB 3.1 xHCI Host Controller [8086:02ed]
3b:00.0 USB controller [0c03]: Intel Corporation JHL6540 Thunderbolt 3 USB Controller (C step) [Alpine Ridge 4C 2016] [8086:15d4] (rev 02)

The processor virtualization is enabled:

sudo dmesg | grep -E "DMAR|IOMMU"

[    0.011812] ACPI: DMAR 0x000000005FF9E000 0000A8 (v01 INTEL  Dell Inc 00000002      01000013)
[    0.126913] DMAR: Host address width 39
[    0.126913] DMAR: DRHD base: 0x000000fed90000 flags: 0x0
[    0.126917] DMAR: dmar0: reg_base_addr fed90000 ver 1:0 cap 1c0000c40660462 ecap 19e2ff0505e
[    0.126918] DMAR: DRHD base: 0x000000fed91000 flags: 0x1
[    0.126920] DMAR: dmar1: reg_base_addr fed91000 ver 1:0 cap d2008c40660462 ecap f050da
[    0.126921] DMAR: RMRR base: 0x0000005f4e5000 end: 0x0000005f504fff
[    0.126922] DMAR: RMRR base: 0x0000006b000000 end: 0x0000006f7fffff
[    0.126923] DMAR-IR: IOAPIC id 2 under DRHD base  0xfed91000 IOMMU 1
[    0.126924] DMAR-IR: HPET id 0 under DRHD base 0xfed91000
[    0.126925] DMAR-IR: Queued invalidation will be enabled to support x2apic and Intr-remapping.
[    0.129117] DMAR-IR: Enabled IRQ remapping in x2apic mode
[    0.612835] DMAR: Intel-IOMMU force enabled due to platform opt in
[    0.612888] DMAR: No ATSR found
[    0.612928] DMAR: dmar0: Using Queued invalidation
[    0.612930] DMAR: dmar1: Using Queued invalidation
[    0.613743] DMAR: Intel(R) Virtualization Technology for Directed I/O
@mandelake commented on GitHub (May 11, 2021): **@Silfalion** Thank you for taking the time to answer, still, your help would be much appreciated. I'm stucked with the vfio-pci-bind script. `Error: Please provide Version:Device (vvvv:dddd) and/or Domain:Bus:Device.Function (dddd:bb:dd.f)` By the way, the first script throws an error: `15: Syntax error: end of file unexpected (expecting "done")` I fixed it with: _d_ changed to `done;` added `done;` And so, the script show that I have two usb controllers. ``` ### Group 5 ### 00:14.0 USB controller: Intel Corporation Comet Lake PCH-LP USB 3.1 xHCI Host Controller ### Group 18 ### 3b:00.0 USB controller: Intel Corporation JHL6540 Thunderbolt 3 USB Controller (C step) [Alpine Ridge 4C 2016] (rev 02) ``` -------------------------- ``` lspci -nn | grep -i USB 00:14.0 USB controller [0c03]: Intel Corporation Comet Lake PCH-LP USB 3.1 xHCI Host Controller [8086:02ed] 3b:00.0 USB controller [0c03]: Intel Corporation JHL6540 Thunderbolt 3 USB Controller (C step) [Alpine Ridge 4C 2016] [8086:15d4] (rev 02) ``` -------------------------- The processor virtualization is enabled: ``` sudo dmesg | grep -E "DMAR|IOMMU" [ 0.011812] ACPI: DMAR 0x000000005FF9E000 0000A8 (v01 INTEL Dell Inc 00000002 01000013) [ 0.126913] DMAR: Host address width 39 [ 0.126913] DMAR: DRHD base: 0x000000fed90000 flags: 0x0 [ 0.126917] DMAR: dmar0: reg_base_addr fed90000 ver 1:0 cap 1c0000c40660462 ecap 19e2ff0505e [ 0.126918] DMAR: DRHD base: 0x000000fed91000 flags: 0x1 [ 0.126920] DMAR: dmar1: reg_base_addr fed91000 ver 1:0 cap d2008c40660462 ecap f050da [ 0.126921] DMAR: RMRR base: 0x0000005f4e5000 end: 0x0000005f504fff [ 0.126922] DMAR: RMRR base: 0x0000006b000000 end: 0x0000006f7fffff [ 0.126923] DMAR-IR: IOAPIC id 2 under DRHD base 0xfed91000 IOMMU 1 [ 0.126924] DMAR-IR: HPET id 0 under DRHD base 0xfed91000 [ 0.126925] DMAR-IR: Queued invalidation will be enabled to support x2apic and Intr-remapping. [ 0.129117] DMAR-IR: Enabled IRQ remapping in x2apic mode [ 0.612835] DMAR: Intel-IOMMU force enabled due to platform opt in [ 0.612888] DMAR: No ATSR found [ 0.612928] DMAR: dmar0: Using Queued invalidation [ 0.612930] DMAR: dmar1: Using Queued invalidation [ 0.613743] DMAR: Intel(R) Virtualization Technology for Directed I/O ```
adam commented 2025-12-28 23:24:37 +01:00
Author
Owner
Copy Link

@Silfalion commented on GitHub (May 12, 2021):

Ah yes sorry, must've forgotten the last character when copy-pasting.

You're very close. Didn't try with a thunderbolt USB controller, may be really useful with the new ipad. So choose the first one, your XX.... number is 00:14.0. Just need to add it as an argument with the first script you mentioned.

@Silfalion commented on GitHub (May 12, 2021): Ah yes sorry, must've forgotten the last character when copy-pasting. You're very close. Didn't try with a thunderbolt USB controller, may be really useful with the new ipad. So choose the first one, your XX.... number is 00:14.0. Just need to add it as an argument with the first script you mentioned.
adam commented 2025-12-28 23:24:38 +01:00
Author
Owner
Copy Link

@sickcodes commented on GitHub (May 13, 2021):

@mandelake

Ok, so, the first step is to edit the grub to activate iommu:

1-Go to /etc/default/grub with sudo gedit /etc/default/grub

2-On the line that starts with GRUB_CMDLINE_LINUX_DEFAULT add intel_iommu=on or amd_iommu=on, depending on which processor brand you have. It will look like this:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash intel_iommu=on"

or

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash amd_iommu=on"

3-Update your grub with the command sudo update-grub

4-Reboot

This part will allow us to passthrough devices to the VM.

To be able to do the passthrough we need to identify your usb controllers and which one to pass. To do so, execute or put in a file then execute(make sure the execution permission is on in the file properties in case you put it in one):


#!/bin/sh



#mafferri (https://bbs.archlinux.org)



BASE="/sys/kernel/iommu_groups"



for i in $(find $BASE -maxdepth 1 -mindepth 1 -type d); do

	GROUP=$(basename $i)

	echo "### Group $GROUP ###"

	for j in $(find $i/devices -type l); do

		DEV=$(basename $j)

		echo -n "    "

		lspci -s $DEV

	d

The result will be a list of groups and with each group items. You want to look for one called usb controller, there could be many, just choose one and make sure you're not using it for something important.

Once you decide on one, mark down the digits at the very beginning of its line, the ones between brackets, Ex: 00:00:12.0.

This actually may need a bit of research as I didn't too much into. The next step will make your usb available to the guest(VM) but not the host(your OS), read somewhere this could be irreversible but didn't find on other tutorial, still go about it with caution.

The following script will bind your USB controller but you will need to reboot to gain back access to your USB, there is most definitely a script to unbind it, but didn't find one at the moment:

https://raw.githubusercontent.com/andre-richter/vfio-pci-bind/master/vfio-pci-bind.sh

Execute it as follow: sudo ./vfio-pci-bind XX:XX:XX.X

Replace the number with the numbers you got earlier. Now your usb should be ready to passthrough.

All you have to do now is add these 2 lines to your docker run command:

--privileged \

And

-e EXTRA='-device vfio-pci,host=XX:XX.X'

Just remove the 2 first zeros of the number of earlier and replace it instead of the Xs.

This should be all, if you have any problem, do ask.

Yo yo this is awesome!

Will give it a try this week and make it easy to use :) thanks a ton for writing this!

@sickcodes commented on GitHub (May 13, 2021): > @mandelake > > > > Ok, so, the first step is to edit the grub to activate iommu: > > > > 1-Go to /etc/default/grub with sudo gedit /etc/default/grub > > 2-On the line that starts with ```GRUB_CMDLINE_LINUX_DEFAULT``` add intel_iommu=on or amd_iommu=on, depending on which processor brand you have. It will look like this: > > `GRUB_CMDLINE_LINUX_DEFAULT="quiet splash intel_iommu=on"` > > or > > `GRUB_CMDLINE_LINUX_DEFAULT="quiet splash amd_iommu=on"` > > > > 3-Update your grub with the command `sudo update-grub` > > 4-Reboot > > > > This part will allow us to passthrough devices to the VM. > > > > To be able to do the passthrough we need to identify your usb controllers and which one to pass. To do so, execute or put in a file then execute(make sure the execution permission is on in the file properties in case you put it in one): > > > > ``` > > #!/bin/sh > > > > #mafferri (https://bbs.archlinux.org) > > > > BASE="/sys/kernel/iommu_groups" > > > > for i in $(find $BASE -maxdepth 1 -mindepth 1 -type d); do > > GROUP=$(basename $i) > > echo "### Group $GROUP ###" > > for j in $(find $i/devices -type l); do > > DEV=$(basename $j) > > echo -n " " > > lspci -s $DEV > > d > > ``` > > > > The result will be a list of groups and with each group items. You want to look for one called usb controller, there could be many, just choose one and make sure you're not using it for something important. > > > > Once you decide on one, mark down the digits at the very beginning of its line, the ones between brackets, **Ex: 00:00:12.0**. > > > > This actually may need a bit of research as I didn't too much into. The next step will make your usb available to the guest(VM) but not the host(your OS), read somewhere this could be irreversible but didn't find on other tutorial, still go about it with caution. > > > > The following script will bind your USB controller but you will need to reboot to gain back access to your USB, there is most definitely a script to unbind it, but didn't find one at the moment: > > > > https://raw.githubusercontent.com/andre-richter/vfio-pci-bind/master/vfio-pci-bind.sh > > > > Execute it as follow: `sudo ./vfio-pci-bind XX:XX:XX.X` > > > > Replace the number with the numbers you got earlier. Now your usb should be ready to passthrough. > > > > All you have to do now is add these 2 lines to your docker run command: > > > > `--privileged \` > > And > > `-e EXTRA='-device vfio-pci,host=XX:XX.X'` > > > > Just remove the 2 first zeros of the number of earlier and replace it instead of the Xs. > > > > This should be all, if you have any problem, do ask. Yo yo this is awesome! Will give it a try this week and make it easy to use :) thanks a ton for writing this!
adam commented 2025-12-28 23:24:38 +01:00
Author
Owner
Copy Link

@Silfalion commented on GitHub (May 15, 2021):

@mandelake
Ok, so, the first step is to edit the grub to activate iommu:
1-Go to /etc/default/grub with sudo gedit /etc/default/grub
2-On the line that starts with GRUB_CMDLINE_LINUX_DEFAULT add intel_iommu=on or amd_iommu=on, depending on which processor brand you have. It will look like this:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash intel_iommu=on"
or
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash amd_iommu=on"
3-Update your grub with the command sudo update-grub
4-Reboot
This part will allow us to passthrough devices to the VM.
To be able to do the passthrough we need to identify your usb controllers and which one to pass. To do so, execute or put in a file then execute(make sure the execution permission is on in the file properties in case you put it in one):


#!/bin/sh



#mafferri (https://bbs.archlinux.org)



BASE="/sys/kernel/iommu_groups"



for i in $(find $BASE -maxdepth 1 -mindepth 1 -type d); do

	GROUP=$(basename $i)

	echo "### Group $GROUP ###"

	for j in $(find $i/devices -type l); do

		DEV=$(basename $j)

		echo -n "    "

		lspci -s $DEV

	d

The result will be a list of groups and with each group items. You want to look for one called usb controller, there could be many, just choose one and make sure you're not using it for something important.
Once you decide on one, mark down the digits at the very beginning of its line, the ones between brackets, Ex: 00:00:12.0.
This actually may need a bit of research as I didn't too much into. The next step will make your usb available to the guest(VM) but not the host(your OS), read somewhere this could be irreversible but didn't find on other tutorial, still go about it with caution.
The following script will bind your USB controller but you will need to reboot to gain back access to your USB, there is most definitely a script to unbind it, but didn't find one at the moment:
https://raw.githubusercontent.com/andre-richter/vfio-pci-bind/master/vfio-pci-bind.sh
Execute it as follow: sudo ./vfio-pci-bind XX:XX:XX.X
Replace the number with the numbers you got earlier. Now your usb should be ready to passthrough.
All you have to do now is add these 2 lines to your docker run command:
--privileged \
And
-e EXTRA='-device vfio-pci,host=XX:XX.X'
Just remove the 2 first zeros of the number of earlier and replace it instead of the Xs.
This should be all, if you have any problem, do ask.

Yo yo this is awesome!

Will give it a try this week and make it easy to use :) thanks a ton for writing this!

All my pleasure:) the more we democratize Macos for everyone, the better it is.

@Silfalion commented on GitHub (May 15, 2021): > > @mandelake > > Ok, so, the first step is to edit the grub to activate iommu: > > 1-Go to /etc/default/grub with sudo gedit /etc/default/grub > > 2-On the line that starts with `GRUB_CMDLINE_LINUX_DEFAULT` add intel_iommu=on or amd_iommu=on, depending on which processor brand you have. It will look like this: > > `GRUB_CMDLINE_LINUX_DEFAULT="quiet splash intel_iommu=on"` > > or > > `GRUB_CMDLINE_LINUX_DEFAULT="quiet splash amd_iommu=on"` > > 3-Update your grub with the command `sudo update-grub` > > 4-Reboot > > This part will allow us to passthrough devices to the VM. > > To be able to do the passthrough we need to identify your usb controllers and which one to pass. To do so, execute or put in a file then execute(make sure the execution permission is on in the file properties in case you put it in one): > > ``` > > > > #!/bin/sh > > > > > > > > #mafferri (https://bbs.archlinux.org) > > > > > > > > BASE="/sys/kernel/iommu_groups" > > > > > > > > for i in $(find $BASE -maxdepth 1 -mindepth 1 -type d); do > > > > GROUP=$(basename $i) > > > > echo "### Group $GROUP ###" > > > > for j in $(find $i/devices -type l); do > > > > DEV=$(basename $j) > > > > echo -n " " > > > > lspci -s $DEV > > > > d > > ``` > > > > > > > > > > > > > > > > > > > > > > > > > > The result will be a list of groups and with each group items. You want to look for one called usb controller, there could be many, just choose one and make sure you're not using it for something important. > > Once you decide on one, mark down the digits at the very beginning of its line, the ones between brackets, **Ex: 00:00:12.0**. > > This actually may need a bit of research as I didn't too much into. The next step will make your usb available to the guest(VM) but not the host(your OS), read somewhere this could be irreversible but didn't find on other tutorial, still go about it with caution. > > The following script will bind your USB controller but you will need to reboot to gain back access to your USB, there is most definitely a script to unbind it, but didn't find one at the moment: > > https://raw.githubusercontent.com/andre-richter/vfio-pci-bind/master/vfio-pci-bind.sh > > Execute it as follow: `sudo ./vfio-pci-bind XX:XX:XX.X` > > Replace the number with the numbers you got earlier. Now your usb should be ready to passthrough. > > All you have to do now is add these 2 lines to your docker run command: > > `--privileged \` > > And > > `-e EXTRA='-device vfio-pci,host=XX:XX.X'` > > Just remove the 2 first zeros of the number of earlier and replace it instead of the Xs. > > This should be all, if you have any problem, do ask. > > Yo yo this is awesome! > > Will give it a try this week and make it easy to use :) thanks a ton for writing this! All my pleasure:) the more we democratize Macos for everyone, the better it is.
adam commented 2025-12-28 23:24:39 +01:00
Author
Owner
Copy Link

@Silfalion commented on GitHub (May 15, 2021):

@mandelake

Did evrerything work for you?

@Silfalion commented on GitHub (May 15, 2021): @mandelake Did evrerything work for you?
adam commented 2025-12-28 23:24:39 +01:00
Author
Owner
Copy Link

@mandelake commented on GitHub (May 16, 2021):

@Silfalion

Sorry for the delay, I was out of town. Anyways, the answer is NO, I didn't make it work just yet.

The vfio-pci-bind is sorted out
Screenshot from 2021-05-16 17-42-28
I'm stucked now with

docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: exec: "-e": executable file not found in $PATH: unknown.
ERRO[0000] error waiting for container: context canceled

to which I'm looking for a fix.

So don't worry, I'll leave a word once everything works.

@mandelake commented on GitHub (May 16, 2021): **@Silfalion** Sorry for the delay, I was out of town. Anyways, the answer is NO, I didn't make it work just yet. The vfio-pci-bind is sorted out ![Screenshot from 2021-05-16 17-42-28](https://user-images.githubusercontent.com/34622100/118408103-32412300-b684-11eb-93d2-0eacafa196b7.png) I'm stucked now with ``` docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: exec: "-e": executable file not found in $PATH: unknown. ERRO[0000] error waiting for container: context canceled ``` to which I'm looking for a fix. So don't worry, I'll leave a word once everything works.
adam commented 2025-12-28 23:24:40 +01:00
Author
Owner
Copy Link

@Silfalion commented on GitHub (May 16, 2021):

If you want, you can post your run docker container script so that we sort it out.

@Silfalion commented on GitHub (May 16, 2021): If you want, you can post your run docker container script so that we sort it out.
adam commented 2025-12-28 23:24:40 +01:00
Author
Owner
Copy Link

@mandelake commented on GitHub (May 16, 2021):

sudo docker ps -a

09eef4a45cf8   sickcodes/docker-osx:latest   "/bin/bash -c 'sudo …"   7 weeks ago      Exited (0) About an hour ago             dreamy_kalam

Being an old container, initially I tried to use start instead of run to initialize it, but it complained about unknown flag: --privileged

sudo docker start -ai -i 09eef4a45cf8 \
    --privileged \
    -e EXTRA='-device vfio-pci,host=00:00:14.0'

that gave

unknown flag: --privileged
See 'docker start --help'.

So, I changed that to

sudo docker run --privileged sickcodes/docker-osx:latest \
     -e EXTRA='-device vfio-pci,host=00:00:14.0'

which creates an entirely new container and also gives

docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: exec: "-e": executable file not found in $PATH: unknown.
ERRO[0000] error waiting for container: context canceled
@mandelake commented on GitHub (May 16, 2021): ``` sudo docker ps -a 09eef4a45cf8 sickcodes/docker-osx:latest "/bin/bash -c 'sudo …" 7 weeks ago Exited (0) About an hour ago dreamy_kalam ``` Being an old container, initially I tried to use _start_ instead of _run_ to initialize it, but it complained about `unknown flag: --privileged` ``` sudo docker start -ai -i 09eef4a45cf8 \ --privileged \ -e EXTRA='-device vfio-pci,host=00:00:14.0' ``` that gave ``` unknown flag: --privileged See 'docker start --help'. ``` So, I changed that to ``` sudo docker run --privileged sickcodes/docker-osx:latest \ -e EXTRA='-device vfio-pci,host=00:00:14.0' ``` which creates an entirely new container and also gives ``` docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: exec: "-e": executable file not found in $PATH: unknown. ERRO[0000] error waiting for container: context canceled ```
adam commented 2025-12-28 23:24:40 +01:00
Author
Owner
Copy Link

@sickcodes commented on GitHub (May 17, 2021):

sudo docker start -ai -i 09eef4a45cf8 \ --privileged \ -e EXTRA='-device vfio-pci,host=00:00:14.0'

This doesn't work on Docker, you can use the image in naked following these steps:

https://github.com/sickcodes/Docker-OSX#container-creation-examples

@sickcodes commented on GitHub (May 17, 2021): > `sudo docker start -ai -i 09eef4a45cf8 \ --privileged \ -e EXTRA='-device vfio-pci,host=00:00:14.0'` This doesn't work on Docker, you can use the image in naked following these steps: https://github.com/sickcodes/Docker-OSX#container-creation-examples
adam commented 2025-12-28 23:24:41 +01:00
Author
Owner
Copy Link

@Silfalion commented on GitHub (May 19, 2021):

True, forgot to add that I extracted the system image and made it work with the naked version not the classic one. (Sorry was busy with work)

@Silfalion commented on GitHub (May 19, 2021): True, forgot to add that I extracted the system image and made it work with the naked version not the classic one. (Sorry was busy with work)
adam commented 2025-12-28 23:24:41 +01:00
Author
Owner
Copy Link

@henriquenunez commented on GitHub (May 27, 2021):

Hello everyone!

First things first, so thank you for providing this awesome utility!

I am having the following problem when trying to forward the usb:

(qemu) qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory
qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory
qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory
qemu-system-x86_64: -device vfio-pci,host=00:14.0: vfio 0000:00:14.0: failed to setup container for group 3: memory listener initialization failed: Region pc.ram: vfio_dma_map(0x55e7fbad4df0, 0x0, 0xa0000, 0x7f00eee00000) = -12 (Cannot allocate memory)

My init script is:

sudo docker run -it \
	--device /dev/kvm \
	-p 50922:10022 \
     -v /mnt/docker/overlay2/41c5c8acaafaabb20d4c91f94aa8c233eaa6c627672dcb39dce486086a21a3d1/diff/home/arch/OSX-KVM/mac_hdd_ng.img:/image \
	-v /tmp/.X11-unix:/tmp/.X11-unix \
     -e DISPLAY=:0 \
     -e RAM=10 \
	-e CORES=4 \
	--privileged \
	-e EXTRA='-device vfio-pci,host=00:14.0' \
	sickcodes/docker-osx:naked

afaik, i did everything correctly:

  • intel_iommu=on (refind configurations)
  • search usb devices: 00:14.0 USB controller: Intel Corporation Sunrise Point-LP USB 3.0 xHCI Controller (rev 21)
  • sudo ./vfio-pci-bind.sh 00:14.0

And now this problem is happening.

Any suggestions? thx a lot

@henriquenunez commented on GitHub (May 27, 2021): Hello everyone! First things first, so thank you for providing this awesome utility! I am having the following problem when trying to forward the usb: ``` (qemu) qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory qemu-system-x86_64: -device vfio-pci,host=00:14.0: vfio 0000:00:14.0: failed to setup container for group 3: memory listener initialization failed: Region pc.ram: vfio_dma_map(0x55e7fbad4df0, 0x0, 0xa0000, 0x7f00eee00000) = -12 (Cannot allocate memory) ``` My init script is: ``` sudo docker run -it \ --device /dev/kvm \ -p 50922:10022 \ -v /mnt/docker/overlay2/41c5c8acaafaabb20d4c91f94aa8c233eaa6c627672dcb39dce486086a21a3d1/diff/home/arch/OSX-KVM/mac_hdd_ng.img:/image \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e DISPLAY=:0 \ -e RAM=10 \ -e CORES=4 \ --privileged \ -e EXTRA='-device vfio-pci,host=00:14.0' \ sickcodes/docker-osx:naked ``` afaik, i did everything correctly: - intel_iommu=on (refind configurations) - search usb devices: `00:14.0 USB controller: Intel Corporation Sunrise Point-LP USB 3.0 xHCI Controller (rev 21)` - `sudo ./vfio-pci-bind.sh 00:14.0` And now this problem is happening. Any suggestions? thx a lot
adam commented 2025-12-28 23:24:41 +01:00
Author
Owner
Copy Link

@henriquenunez commented on GitHub (Jun 5, 2021):

Hello everyone!

First things first, so thank you for providing this awesome utility!

I am having the following problem when trying to forward the usb:

(qemu) qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory
qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory
qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory
qemu-system-x86_64: -device vfio-pci,host=00:14.0: vfio 0000:00:14.0: failed to setup container for group 3: memory listener initialization failed: Region pc.ram: vfio_dma_map(0x55e7fbad4df0, 0x0, 0xa0000, 0x7f00eee00000) = -12 (Cannot allocate memory)

My init script is:

sudo docker run -it \
	--device /dev/kvm \
	-p 50922:10022 \
     -v /mnt/docker/overlay2/41c5c8acaafaabb20d4c91f94aa8c233eaa6c627672dcb39dce486086a21a3d1/diff/home/arch/OSX-KVM/mac_hdd_ng.img:/image \
	-v /tmp/.X11-unix:/tmp/.X11-unix \
     -e DISPLAY=:0 \
     -e RAM=10 \
	-e CORES=4 \
	--privileged \
	-e EXTRA='-device vfio-pci,host=00:14.0' \
	sickcodes/docker-osx:naked

afaik, i did everything correctly:

* intel_iommu=on (refind configurations)

* search usb devices: `00:14.0 USB controller: Intel Corporation Sunrise Point-LP USB 3.0 xHCI Controller (rev 21)`

* `sudo ./vfio-pci-bind.sh 00:14.0`

And now this problem is happening.

Any suggestions? thx a lot

Hey everyone, for some reason, it now works.
Probably I just needed to put my laptop to rest for a while XD.

@henriquenunez commented on GitHub (Jun 5, 2021): > Hello everyone! > > First things first, so thank you for providing this awesome utility! > > I am having the following problem when trying to forward the usb: > > ``` > (qemu) qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory > qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory > qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory > qemu-system-x86_64: -device vfio-pci,host=00:14.0: vfio 0000:00:14.0: failed to setup container for group 3: memory listener initialization failed: Region pc.ram: vfio_dma_map(0x55e7fbad4df0, 0x0, 0xa0000, 0x7f00eee00000) = -12 (Cannot allocate memory) > ``` > > My init script is: > > ``` > sudo docker run -it \ > --device /dev/kvm \ > -p 50922:10022 \ > -v /mnt/docker/overlay2/41c5c8acaafaabb20d4c91f94aa8c233eaa6c627672dcb39dce486086a21a3d1/diff/home/arch/OSX-KVM/mac_hdd_ng.img:/image \ > -v /tmp/.X11-unix:/tmp/.X11-unix \ > -e DISPLAY=:0 \ > -e RAM=10 \ > -e CORES=4 \ > --privileged \ > -e EXTRA='-device vfio-pci,host=00:14.0' \ > sickcodes/docker-osx:naked > ``` > > afaik, i did everything correctly: > > * intel_iommu=on (refind configurations) > > * search usb devices: `00:14.0 USB controller: Intel Corporation Sunrise Point-LP USB 3.0 xHCI Controller (rev 21)` > > * `sudo ./vfio-pci-bind.sh 00:14.0` > > > And now this problem is happening. > > Any suggestions? thx a lot Hey everyone, for some reason, it now works. Probably I just needed to put my laptop to rest for a while XD.
adam commented 2025-12-28 23:24:42 +01:00
Author
Owner
Copy Link

@EhsanFortuna commented on GitHub (Jun 23, 2021):

Hello everyone!

First things first, so thank you for providing this awesome utility!

I am having the following problem when trying to forward the usb:

(qemu) qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory
qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory
qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory
qemu-system-x86_64: -device vfio-pci,host=00:14.0: vfio 0000:00:14.0: failed to setup container for group 3: memory listener initialization failed: Region pc.ram: vfio_dma_map(0x55e7fbad4df0, 0x0, 0xa0000, 0x7f00eee00000) = -12 (Cannot allocate memory)

My init script is:

sudo docker run -it \
	--device /dev/kvm \
	-p 50922:10022 \
     -v /mnt/docker/overlay2/41c5c8acaafaabb20d4c91f94aa8c233eaa6c627672dcb39dce486086a21a3d1/diff/home/arch/OSX-KVM/mac_hdd_ng.img:/image \
	-v /tmp/.X11-unix:/tmp/.X11-unix \
     -e DISPLAY=:0 \
     -e RAM=10 \
	-e CORES=4 \
	--privileged \
	-e EXTRA='-device vfio-pci,host=00:14.0' \
	sickcodes/docker-osx:naked

afaik, i did everything correctly:

  • intel_iommu=on (refind configurations)
  • search usb devices: 00:14.0 USB controller: Intel Corporation Sunrise Point-LP USB 3.0 xHCI Controller (rev 21)
  • sudo ./vfio-pci-bind.sh 00:14.0

And now this problem is happening.

Any suggestions? thx a lot

Hi everyone , I am having the same problem
any suggestions ?
Thank you so much.

@EhsanFortuna commented on GitHub (Jun 23, 2021): > Hello everyone! > > First things first, so thank you for providing this awesome utility! > > I am having the following problem when trying to forward the usb: > > ``` > (qemu) qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory > qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory > qemu-system-x86_64: -device vfio-pci,host=00:14.0: VFIO_MAP_DMA failed: Cannot allocate memory > qemu-system-x86_64: -device vfio-pci,host=00:14.0: vfio 0000:00:14.0: failed to setup container for group 3: memory listener initialization failed: Region pc.ram: vfio_dma_map(0x55e7fbad4df0, 0x0, 0xa0000, 0x7f00eee00000) = -12 (Cannot allocate memory) > ``` > > My init script is: > > ``` > sudo docker run -it \ > --device /dev/kvm \ > -p 50922:10022 \ > -v /mnt/docker/overlay2/41c5c8acaafaabb20d4c91f94aa8c233eaa6c627672dcb39dce486086a21a3d1/diff/home/arch/OSX-KVM/mac_hdd_ng.img:/image \ > -v /tmp/.X11-unix:/tmp/.X11-unix \ > -e DISPLAY=:0 \ > -e RAM=10 \ > -e CORES=4 \ > --privileged \ > -e EXTRA='-device vfio-pci,host=00:14.0' \ > sickcodes/docker-osx:naked > ``` > > afaik, i did everything correctly: > > * intel_iommu=on (refind configurations) > * search usb devices: `00:14.0 USB controller: Intel Corporation Sunrise Point-LP USB 3.0 xHCI Controller (rev 21)` > * `sudo ./vfio-pci-bind.sh 00:14.0` > > And now this problem is happening. > > Any suggestions? thx a lot Hi everyone , I am having the same problem any suggestions ? Thank you so much.
adam commented 2025-12-28 23:24:43 +01:00
Author
Owner
Copy Link

@evertonrobertoauler commented on GitHub (Aug 7, 2021):

Hey guys, I Had the same issue and struggle a lot to find a way to make it work, from inside the Docker container, unfortunatly I couldn't pass this error.

failed to setup container for group 22: memory listener initialization failed: Region pc.ram: vfio_dma_map

After a lot of research, I fixed it runing qemu with sudo from my host system and my USB controller passthrough is working pefectly.

A made it work doing the following steps, I hope it helps some of you guys that like me depends on it for iOS development that some times needs to debug or test some functionality on a real device.

  1. Start your docker container normaly without -e EXTRA='-device vfio-pci,host=05:00.0' and add a folder as a volume -v /home/myuser/myfolder:/home/arch/OSX-KVM/myfolder:rw --name=mycontainer

  2. In another terminal docker exec -ti mycontainer bash

  3. Then from inside the container, copy the following files to myfolder

cp -rf Launch.sh myfolder/.
cp -rf OpenCore-Catalina/OpenCore.qcow2 myfolder/.
cp -rf OVMF_CODE.fd myfolder/.
cp -rf OVMF_VARS-1024x768.fd myfolder/.
cp -rf BaseSystem.img myfolder/.
cp -rf BaseSystem.img myfolder/.
cp -rf mac_hdd_ng.img myfolder/.

  1. Now you can turn down the VM.

  2. Download https://raw.githubusercontent.com/andre-richter/vfio-pci-bind/master/vfio-pci-bind.sh inside your folder

  3. Update your Launch.sh, and replace 05:00.0 with your USB Controller.

sudo bash vfio-pci-bind.sh 0000:05:00.0

sudo qemu-system-x86_64  \
-cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check \
-machine q35,"accel=kvm:tcg" \
-smp 8,cores=4 \
-usb -device usb-kbd -device usb-tablet \
-device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \
-drive if=pflash,format=raw,readonly,file=OVMF_CODE.fd \
-drive if=pflash,format=raw,file=OVMF_VARS-1024x768.fd \
-smbios type=2 \
-audiodev alsa,id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda \
-device ich9-ahci,id=sata \
-drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=OpenCore.qcow2 \
-device ide-hd,bus=sata.2,drive=OpenCoreBoot \
-device ide-hd,bus=sata.3,drive=InstallMedia \
-drive id=InstallMedia,if=none,file=BaseSystem.img,format=qcow2 \
-drive id=MacHDD,if=none,file=mac_hdd_ng.img,format=qcow2 \
-device ide-hd,bus=sata.4,drive=MacHDD \
-monitor stdio \
-vga vmware \
-device vfio-pci,host=05:00.0
  1. Finally run bash Launch.sh and enjoy.

I'm using 8GB of RAM (-m 8000), 8 threads and 4 cores, but you guys can easily change this params above and adjust anything that is needed.

@evertonrobertoauler commented on GitHub (Aug 7, 2021): Hey guys, I Had the same issue and struggle a lot to find a way to make it work, from inside the Docker container, unfortunatly I couldn't pass this error. ```sh failed to setup container for group 22: memory listener initialization failed: Region pc.ram: vfio_dma_map ``` After a lot of research, I fixed it runing qemu with sudo from my host system and my USB controller passthrough is working pefectly. A made it work doing the following steps, I hope it helps some of you guys that like me depends on it for iOS development that some times needs to debug or test some functionality on a real device. 1) Start your docker container normaly without `-e EXTRA='-device vfio-pci,host=05:00.0'` and add a folder as a volume `-v /home/myuser/myfolder:/home/arch/OSX-KVM/myfolder:rw --name=mycontainer` 2) In another terminal `docker exec -ti mycontainer bash` 3) Then from inside the container, copy the following files to myfolder ```sh cp -rf Launch.sh myfolder/. cp -rf OpenCore-Catalina/OpenCore.qcow2 myfolder/. cp -rf OVMF_CODE.fd myfolder/. cp -rf OVMF_VARS-1024x768.fd myfolder/. cp -rf BaseSystem.img myfolder/. cp -rf BaseSystem.img myfolder/. cp -rf mac_hdd_ng.img myfolder/. ``` 4) Now you can turn down the VM. 5) Download https://raw.githubusercontent.com/andre-richter/vfio-pci-bind/master/vfio-pci-bind.sh inside your folder 6) Update your Launch.sh, and replace 05:00.0 with your USB Controller. ```sh sudo bash vfio-pci-bind.sh 0000:05:00.0 sudo qemu-system-x86_64 \ -cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check \ -machine q35,"accel=kvm:tcg" \ -smp 8,cores=4 \ -usb -device usb-kbd -device usb-tablet \ -device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \ -drive if=pflash,format=raw,readonly,file=OVMF_CODE.fd \ -drive if=pflash,format=raw,file=OVMF_VARS-1024x768.fd \ -smbios type=2 \ -audiodev alsa,id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda \ -device ich9-ahci,id=sata \ -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=OpenCore.qcow2 \ -device ide-hd,bus=sata.2,drive=OpenCoreBoot \ -device ide-hd,bus=sata.3,drive=InstallMedia \ -drive id=InstallMedia,if=none,file=BaseSystem.img,format=qcow2 \ -drive id=MacHDD,if=none,file=mac_hdd_ng.img,format=qcow2 \ -device ide-hd,bus=sata.4,drive=MacHDD \ -monitor stdio \ -vga vmware \ -device vfio-pci,host=05:00.0 ``` 7) Finally run `bash Launch.sh` and enjoy. I'm using 8GB of RAM (-m 8000), 8 threads and 4 cores, but you guys can easily change this params above and adjust anything that is needed.
adam commented 2025-12-28 23:24:43 +01:00
Author
Owner
Copy Link

@sickcodes commented on GitHub (Aug 7, 2021):

Nice one! Possible work around could be passing -v /sys:/sys and -v /dev:/dev

But this is great, I will try and give it a go

@sickcodes commented on GitHub (Aug 7, 2021): Nice one! Possible work around could be passing `-v /sys:/sys` and `-v /dev:/dev` But this is great, I will try and give it a go
adam commented 2025-12-28 23:24:43 +01:00
Author
Owner
Copy Link

@evertonrobertoauler commented on GitHub (Aug 7, 2021):

Thanks men, unfortunatly passing those volumes -v /sys:/sys -v /dev:/dev didn't fixed the group 22: memory listener initialization failed issue for me, I'm using Fedora, it could be something related to my host system, something related to Selinux or something that is blocking access to the vfio-pci device from inside the container.

But still, this is an awesome project, I only had this USB Controller Passthrough issue, that I was able to work around with the steps above.

But overall, thanks a lot for this project, I think that this is the easiest way to get a Mac OSx vm up and running.

@evertonrobertoauler commented on GitHub (Aug 7, 2021): Thanks men, unfortunatly passing those volumes `-v /sys:/sys -v /dev:/dev` didn't fixed the `group 22: memory listener initialization failed` issue for me, I'm using Fedora, it could be something related to my host system, something related to Selinux or something that is blocking access to the vfio-pci device from inside the container. But still, this is an awesome project, I only had this USB Controller Passthrough issue, that I was able to work around with the steps above. But overall, thanks a lot for this project, I think that this is the easiest way to get a Mac OSx vm up and running.
adam commented 2025-12-28 23:24:44 +01:00
Author
Owner
Copy Link

@Silfalion commented on GitHub (Aug 7, 2021):

If its usb controller passtrhough, added this repo that should be later merged with docker osx.

https://github.com/Silfalion/Iphone_docker_osx_passthrough

Any suggestions/contributions/bug report is welcome.

@Silfalion commented on GitHub (Aug 7, 2021): If its usb controller passtrhough, added this repo that should be later merged with docker osx. https://github.com/Silfalion/Iphone_docker_osx_passthrough Any suggestions/contributions/bug report is welcome.
adam commented 2025-12-28 23:24:44 +01:00
Author
Owner
Copy Link

@Silfalion commented on GitHub (Aug 7, 2021):

And if anyone needs something for igpu, this sounds very promising:

https://github.com/patmagauran/i915ovmfPkg/wiki

But didn't get the time to test yet, if anyone manage to make it work, would be great if they shared it here:)

The issues seem to have the key for making it work.

@Silfalion commented on GitHub (Aug 7, 2021): And if anyone needs something for igpu, this sounds very promising: https://github.com/patmagauran/i915ovmfPkg/wiki But didn't get the time to test yet, if anyone manage to make it work, would be great if they shared it here:) The issues seem to have the key for making it work.
adam commented 2025-12-28 23:24:45 +01:00
Author
Owner
Copy Link

@sickcodes commented on GitHub (Aug 16, 2021):

  -device virtio-vga,virgl=on \
  -display gtk,gl=on \
  # -vga vmware

192:~ fullname$ system_profiler SPDisplaysDataType
Graphics/Displays:

    Display:

      Type: GPU
      VRAM (Total): 7 MB
      Device ID: 0x1050
      Revision ID: 0x0001
      Kernel Extension Info: No Kext Loaded
      Displays:
        Display:
          Resolution: 1920 x 1080 (1080p FHD - Full High Definition)
          UI Looks like: 1920 x 1080
          Framebuffer Depth: 24-Bit Color (ARGB8888)
          Main Display: Yes
          Mirror: Off
          Online: Yes
          Automatically Adjust Brightness: No
      Vendor ID: 0x1af4

  -device virtio-vga,virgl=on \
  -display gtk,gl=es \
  # -vga vmware

192:~ fullname$ system_profiler SPDisplaysDataType
Graphics/Displays:

    Display:

      Type: GPU
      VRAM (Total): 7 MB
      Device ID: 0x1050
      Revision ID: 0x0001
      Kernel Extension Info: No Kext Loaded
      Displays:
        Display:
          Resolution: 1920 x 1080 (1080p FHD - Full High Definition)
          UI Looks like: 1920 x 1080
          Framebuffer Depth: 24-Bit Color (ARGB8888)
          Main Display: Yes
          Mirror: Off
          Online: Yes
          Automatically Adjust Brightness: No
      Vendor ID: 0x1af4

  -device virtio-vga,virgl=on
  -display gtk,gl=es
  -vga virtio

192:~ fullname$ system_profiler SPDisplaysDataType
Graphics/Displays:

    Display:

      Type: GPU
      VRAM (Total): 7 MB
      Device ID: 0x1050
      Revision ID: 0x0001
      Kernel Extension Info: No Kext Loaded
      Displays:
        Display:
          Resolution: 1920 x 1080 (1080p FHD - Full High Definition)
          UI Looks like: 1920 x 1080
          Framebuffer Depth: 24-Bit Color (ARGB8888)
          Main Display: Yes
          Mirror: Off
          Online: Yes
          Automatically Adjust Brightness: No
      Vendor ID: 0x1af4

    Display:

      Type: GPU
      Device ID: 0x1050
      Revision ID: 0x0001
      Kernel Extension Info: No Kext Loaded
      Vendor ID: 0x1af4

192:~ fullname$ 

  -device virtio-vga,max_hostmem=268435456
  # -device virtio-vga,max_hostmem=134217728,virgl=on
  # -display gtk,gl=on

192:~ fullname$ system_profiler SPDisplaysDataType
Graphics/Displays:

    Display:

      Type: GPU
      VRAM (Total): 7 MB
      Device ID: 0x1050
      Revision ID: 0x0001
      Kernel Extension Info: No Kext Loaded
      Displays:
        Display:
          Resolution: 1920 x 1080 (1080p FHD - Full High Definition)
          UI Looks like: 1920 x 1080
          Framebuffer Depth: 24-Bit Color (ARGB8888)
          Main Display: Yes
          Mirror: Off
          Online: Yes
          Automatically Adjust Brightness: No
      Vendor ID: 0x1af4

-device virtio-gpu

192:~ fullname$ system_profiler SPDisplaysDataType
Graphics/Displays:

    Display:

      Type: GPU
      VRAM (Total): 10 MB
      Device ID: 0x1111
      Revision ID: 0x0002
      Vendor ID: 0x1234

    Display:

      Type: GPU
      Device ID: 0x1050
      Revision ID: 0x0001
      Kernel Extension Info: No Kext Loaded
      Vendor ID: 0x1af4

  -vga virtio
  -display sdl,gl=on


192:~ fullname$ system_profiler SPDisplaysDataType
Graphics/Displays:

    Display:

      Type: GPU
      VRAM (Total): 7 MB
      Device ID: 0x1050
      Revision ID: 0x0001
      Kernel Extension Info: No Kext Loaded
      Vendor ID: 0x1af4

Other options:

Display devices:
name "ati-vga", bus PCI
name "bochs-display", bus PCI
name "cirrus-vga", bus PCI, desc "Cirrus CLGD 54xx VGA"
name "isa-cirrus-vga", bus ISA
name "isa-vga", bus ISA
name "qxl", bus PCI, desc "Spice QXL GPU (secondary)"
name "qxl-vga", bus PCI, desc "Spice QXL GPU (primary, vga compatible)"
name "ramfb", bus System, desc "ram framebuffer standalone device"
name "secondary-vga", bus PCI
name "sga", bus ISA, desc "Serial Graphics Adapter"
name "VGA", bus PCI
name "vhost-user-gpu", bus virtio-bus
name "vhost-user-gpu-pci", bus PCI
name "vhost-user-vga", bus PCI
name "virtio-gpu-device", bus virtio-bus
name "virtio-gpu-pci", bus PCI, alias "virtio-gpu"
name "virtio-vga", bus PCI
name "vmware-svga", bus PCI
@sickcodes commented on GitHub (Aug 16, 2021): ``` -device virtio-vga,virgl=on \ -display gtk,gl=on \ # -vga vmware ``` ``` 192:~ fullname$ system_profiler SPDisplaysDataType Graphics/Displays: Display: Type: GPU VRAM (Total): 7 MB Device ID: 0x1050 Revision ID: 0x0001 Kernel Extension Info: No Kext Loaded Displays: Display: Resolution: 1920 x 1080 (1080p FHD - Full High Definition) UI Looks like: 1920 x 1080 Framebuffer Depth: 24-Bit Color (ARGB8888) Main Display: Yes Mirror: Off Online: Yes Automatically Adjust Brightness: No Vendor ID: 0x1af4 ``` --- ``` -device virtio-vga,virgl=on \ -display gtk,gl=es \ # -vga vmware ``` ``` 192:~ fullname$ system_profiler SPDisplaysDataType Graphics/Displays: Display: Type: GPU VRAM (Total): 7 MB Device ID: 0x1050 Revision ID: 0x0001 Kernel Extension Info: No Kext Loaded Displays: Display: Resolution: 1920 x 1080 (1080p FHD - Full High Definition) UI Looks like: 1920 x 1080 Framebuffer Depth: 24-Bit Color (ARGB8888) Main Display: Yes Mirror: Off Online: Yes Automatically Adjust Brightness: No Vendor ID: 0x1af4 ``` --- ``` -device virtio-vga,virgl=on -display gtk,gl=es -vga virtio ``` ``` 192:~ fullname$ system_profiler SPDisplaysDataType Graphics/Displays: Display: Type: GPU VRAM (Total): 7 MB Device ID: 0x1050 Revision ID: 0x0001 Kernel Extension Info: No Kext Loaded Displays: Display: Resolution: 1920 x 1080 (1080p FHD - Full High Definition) UI Looks like: 1920 x 1080 Framebuffer Depth: 24-Bit Color (ARGB8888) Main Display: Yes Mirror: Off Online: Yes Automatically Adjust Brightness: No Vendor ID: 0x1af4 Display: Type: GPU Device ID: 0x1050 Revision ID: 0x0001 Kernel Extension Info: No Kext Loaded Vendor ID: 0x1af4 192:~ fullname$ ``` --- ``` -device virtio-vga,max_hostmem=268435456 # -device virtio-vga,max_hostmem=134217728,virgl=on # -display gtk,gl=on ``` ``` 192:~ fullname$ system_profiler SPDisplaysDataType Graphics/Displays: Display: Type: GPU VRAM (Total): 7 MB Device ID: 0x1050 Revision ID: 0x0001 Kernel Extension Info: No Kext Loaded Displays: Display: Resolution: 1920 x 1080 (1080p FHD - Full High Definition) UI Looks like: 1920 x 1080 Framebuffer Depth: 24-Bit Color (ARGB8888) Main Display: Yes Mirror: Off Online: Yes Automatically Adjust Brightness: No Vendor ID: 0x1af4 ``` --- ``` -device virtio-gpu ``` ``` 192:~ fullname$ system_profiler SPDisplaysDataType Graphics/Displays: Display: Type: GPU VRAM (Total): 10 MB Device ID: 0x1111 Revision ID: 0x0002 Vendor ID: 0x1234 Display: Type: GPU Device ID: 0x1050 Revision ID: 0x0001 Kernel Extension Info: No Kext Loaded Vendor ID: 0x1af4 ``` --- ``` -vga virtio -display sdl,gl=on ``` ``` 192:~ fullname$ system_profiler SPDisplaysDataType Graphics/Displays: Display: Type: GPU VRAM (Total): 7 MB Device ID: 0x1050 Revision ID: 0x0001 Kernel Extension Info: No Kext Loaded Vendor ID: 0x1af4 ``` Other options: ``` Display devices: name "ati-vga", bus PCI name "bochs-display", bus PCI name "cirrus-vga", bus PCI, desc "Cirrus CLGD 54xx VGA" name "isa-cirrus-vga", bus ISA name "isa-vga", bus ISA name "qxl", bus PCI, desc "Spice QXL GPU (secondary)" name "qxl-vga", bus PCI, desc "Spice QXL GPU (primary, vga compatible)" name "ramfb", bus System, desc "ram framebuffer standalone device" name "secondary-vga", bus PCI name "sga", bus ISA, desc "Serial Graphics Adapter" name "VGA", bus PCI name "vhost-user-gpu", bus virtio-bus name "vhost-user-gpu-pci", bus PCI name "vhost-user-vga", bus PCI name "virtio-gpu-device", bus virtio-bus name "virtio-gpu-pci", bus PCI, alias "virtio-gpu" name "virtio-vga", bus PCI name "vmware-svga", bus PCI ```
adam commented 2025-12-28 23:24:46 +01:00
Author
Owner
Copy Link

@sickcodes commented on GitHub (Aug 27, 2021):



# Linux PC
yay usbfluxd
systemctl restart usbmuxd
avahi-daemon
usbfluxd -f -n
socat tcp-listen:5000,fork unix-connect:/var/run/usbmuxd

# MAC
# get homebrew
brew install make autoheader automake autoconf libtool pkg-config gcc libimobiledevice
# clone & make corellium/usbfluxd
usbfluxd -f -r 192.168.1.X:5000

Adding instructions tomorrow, this is insane

Screenshot_2021-08-26_21-55-12

@sickcodes commented on GitHub (Aug 27, 2021): ```bash # Linux PC yay usbfluxd systemctl restart usbmuxd avahi-daemon usbfluxd -f -n socat tcp-listen:5000,fork unix-connect:/var/run/usbmuxd # MAC # get homebrew brew install make autoheader automake autoconf libtool pkg-config gcc libimobiledevice # clone & make corellium/usbfluxd usbfluxd -f -r 192.168.1.X:5000 ``` Adding instructions tomorrow, this is insane ![Screenshot_2021-08-26_21-55-12](https://user-images.githubusercontent.com/65906298/131045974-24ce6c0c-75da-4c77-b7e9-8a80d22dd9c8.png)
adam commented 2025-12-28 23:24:46 +01:00
Author
Owner
Copy Link

@noelhibbard commented on GitHub (Aug 30, 2021):

brew isn't finding a package named autoheader.

@noelhibbard commented on GitHub (Aug 30, 2021): brew isn't finding a package named autoheader.
adam commented 2025-12-28 23:24:46 +01:00
Author
Owner
Copy Link

@sickcodes commented on GitHub (Aug 30, 2021):

brew isn't finding a package named autoheader.

Ignore that one, I'll fix the readme now, thanks!

@sickcodes commented on GitHub (Aug 30, 2021): > brew isn't finding a package named autoheader. Ignore that one, I'll fix the readme now, thanks!
adam commented 2025-12-28 23:24:47 +01:00
Author
Owner
Copy Link

@noelhibbard commented on GitHub (Aug 31, 2021):

I got Configurator 2 to connect to an iDevice but I'm unable to supervise the device. It tells the phone to erase and reboot but then it never reconnects. Why does Apple only give us one way to supervise an iDevice. Apple is so ridiculous sometimes.

@noelhibbard commented on GitHub (Aug 31, 2021): I got Configurator 2 to connect to an iDevice but I'm unable to supervise the device. It tells the phone to erase and reboot but then it never reconnects. Why does Apple only give us one way to supervise an iDevice. Apple is so ridiculous sometimes.
adam commented 2025-12-28 23:24:47 +01:00
Author
Owner
Copy Link

@sickcodes commented on GitHub (Sep 1, 2021):

I got Configurator 2 to connect to an iDevice but I'm unable to supervise the device. It tells the phone to erase and reboot but then it never reconnects. Why does Apple only give us one way to supervise an iDevice. Apple is so ridiculous sometimes.

This will be something about device resetting, does either usbfluxd window close? What happens if you run usbmuxd in the foreground?

@sickcodes commented on GitHub (Sep 1, 2021): > I got Configurator 2 to connect to an iDevice but I'm unable to supervise the device. It tells the phone to erase and reboot but then it never reconnects. Why does Apple only give us one way to supervise an iDevice. Apple is so ridiculous sometimes. This will be something about device resetting, does either usbfluxd window close? What happens if you run usbmuxd in the foreground?
adam commented 2025-12-28 23:24:47 +01:00
Author
Owner
Copy Link

@noelhibbard commented on GitHub (Sep 1, 2021):

This will be something about device resetting, does either usbfluxd window close? What happens if you run usbmuxd in the foreground?

I got it working. I just had to hit cancel in Configurator and then restart both ends of usbfluxd and then the device came back up in Configurator and I was able to supervise on my second attempt because the device was then in an erased state.

It would be cool if usbmuxd survived disconnect/connects.

@noelhibbard commented on GitHub (Sep 1, 2021): > This will be something about device resetting, does either usbfluxd window close? What happens if you run usbmuxd in the foreground? I got it working. I just had to hit cancel in Configurator and then restart both ends of usbfluxd and then the device came back up in Configurator and I was able to supervise on my second attempt because the device was then in an erased state. It would be cool if usbmuxd survived disconnect/connects.
adam commented 2025-12-28 23:24:48 +01:00
Author
Owner
Copy Link

@andrestone commented on GitHub (Sep 7, 2021):

Did anyone make progress with the iGPU passthrough?

@andrestone commented on GitHub (Sep 7, 2021): Did anyone make progress with the iGPU passthrough?
adam commented 2025-12-28 23:24:48 +01:00
Author
Owner
Copy Link

@jthoward64 commented on GitHub (May 6, 2022):

  -device virtio-vga,virgl=on \
  -display gtk,gl=on \
  # -vga vmware

192:~ fullname$ system_profiler SPDisplaysDataType
Graphics/Displays:

    Display:

      Type: GPU

...

192:~ fullname$ system_profiler SPDisplaysDataType
Graphics/Displays:

Display:

  Type: GPU
  VRAM (Total): 7 MB
  Device ID: 0x1050
  Revision ID: 0x0001
  Kernel Extension Info: No Kext Loaded
  Vendor ID: 0x1af4


Other options:

Display devices:
name "ati-vga", bus PCI
name "bochs-display", bus PCI
name "cirrus-vga", bus PCI, desc "Cirrus CLGD 54xx VGA"
name "isa-cirrus-vga", bus ISA
name "isa-vga", bus ISA
name "qxl", bus PCI, desc "Spice QXL GPU (secondary)"
name "qxl-vga", bus PCI, desc "Spice QXL GPU (primary, vga compatible)"
name "ramfb", bus System, desc "ram framebuffer standalone device"
name "secondary-vga", bus PCI
name "sga", bus ISA, desc "Serial Graphics Adapter"
name "VGA", bus PCI
name "vhost-user-gpu", bus virtio-bus
name "vhost-user-gpu-pci", bus PCI
name "vhost-user-vga", bus PCI
name "virtio-gpu-device", bus virtio-bus
name "virtio-gpu-pci", bus PCI, alias "virtio-gpu"
name "virtio-vga", bus PCI
name "vmware-svga", bus PCI

Are these configs for iGPU pass-through with patmagauran/i915ovmfPkg?

@jthoward64 commented on GitHub (May 6, 2022): > ``` > -device virtio-vga,virgl=on \ > -display gtk,gl=on \ > # -vga vmware > ``` > > ``` > 192:~ fullname$ system_profiler SPDisplaysDataType > Graphics/Displays: > > Display: > > Type: GPU > ``` > > *...* > > > 192:~ fullname$ system_profiler SPDisplaysDataType > Graphics/Displays: > > Display: > > Type: GPU > VRAM (Total): 7 MB > Device ID: 0x1050 > Revision ID: 0x0001 > Kernel Extension Info: No Kext Loaded > Vendor ID: 0x1af4 > ``` > > Other options: > > ``` > Display devices: > name "ati-vga", bus PCI > name "bochs-display", bus PCI > name "cirrus-vga", bus PCI, desc "Cirrus CLGD 54xx VGA" > name "isa-cirrus-vga", bus ISA > name "isa-vga", bus ISA > name "qxl", bus PCI, desc "Spice QXL GPU (secondary)" > name "qxl-vga", bus PCI, desc "Spice QXL GPU (primary, vga compatible)" > name "ramfb", bus System, desc "ram framebuffer standalone device" > name "secondary-vga", bus PCI > name "sga", bus ISA, desc "Serial Graphics Adapter" > name "VGA", bus PCI > name "vhost-user-gpu", bus virtio-bus > name "vhost-user-gpu-pci", bus PCI > name "vhost-user-vga", bus PCI > name "virtio-gpu-device", bus virtio-bus > name "virtio-gpu-pci", bus PCI, alias "virtio-gpu" > name "virtio-vga", bus PCI > name "vmware-svga", bus PCI > ``` Are these configs for iGPU pass-through with [patmagauran/i915ovmfPkg](https://github.com/patmagauran/i915ovmfPkg)?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
documentation
enhancement
following upstream developments
good first issue
help wanted
invalid
pull-request
Mirrored from GitHub Pull Request
 question
No Label enhancement help wanted
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/Docker-OSX#107
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?