Categories
Mac admin'ing

A way to install macOS Catalina guest on VirtualBox on a Mac host

Why this blog post?

I won’t say this is the way to install macOS Catalina on VirtualBox, but it’s certainly a way, and it’s difficult to find information about a way to do it. There are a lot of posts indicating that 10.15 or 10.15.1 worked but 10.15.2 and beyond don’t. Or that there are difficulties with VirtualBox and APFS. There are also, if you look for blog posts about macOS guests, many blog posts about Apple-unsanctioned “hackintosh” setups on Windows or Linux hosts.

So there may be a way easier way to set up Catalina as a guest on a Mac host, but at least this is something (happy to link to better tutorials if people post them).

Install macOS High Sierra

I did a modified version of How to Install macOS High Sierra in VirtualBox on Windows 10 to get High Sierra installed on VirtualBox. These are the key parts:

Creating the .iso

hdiutil create -o /tmp/HighSierra.cdr -size 7316m -layout SPUD -fs HFS+J
hdiutil attach /tmp/HighSierra.cdr.dmg -noverify -nobrowse -mountpoint /Volumes/install_build
asr restore -source /Applications/Install\ macOS\ High\ Sierra.app/Contents/SharedSupport/BaseSystem.dmg -target /Volumes/install_build -noprompt -noverify -erase
hdiutil detach /Volumes/OS\ X\ Base\ System
hdiutil convert /tmp/HighSierra.cdr.dmg -format UDTO -o /tmp/HighSierra.iso
mv /tmp/HighSierra.iso.cdr ~/Desktop/HighSierra.iso

Creating the VM

Call the VM macOS (the tutorial says to use High Sierra, but we’ll be upgrading this later). Use two processors and 128 MB of video memory. Add the .iso to the optical drive part of storage.

Configuring the VM

Run these commands:
VBoxManage.exe modifyvm "macOS" --cpuidset 00000001 000306a9 04100800 7fbae3ff bfebfbff
VBoxManage setextradata "macOS" "VBoxInternal/Devices/efi/0/Config/DmiSystemProduct" "MacBookPro11,3"
VBoxManage setextradata "macOS" "VBoxInternal/Devices/efi/0/Config/DmiSystemVersion" "1.0"
VBoxManage setextradata "macOS" "VBoxInternal/Devices/efi/0/Config/DmiBoardProduct" "Mac-2BD1B31983FE1663"
VBoxManage setextradata "macOS" "VBoxInternal/Devices/smc/0/Config/DeviceKey" "ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc"
VBoxManage setextradata "macOS" "VBoxInternal/Devices/smc/0/Config/GetKeyFromRealSMC" 1

Installing High Sierra

The tutorial mentions having to deal with the EFI Internal Shell. You shouldn’t have to. Installing High Sierra at this point with HFS+ (not APFS) should work.

Upgrading to Catalina

Once you’ve booted up to Setup Assistant and answered all the questions, you should be logged in and able to go to the Mac App Store to download and install the macOS Catalina upgrade.

Booting to recovery mode

I didn’t find Cmd-R to be a very reliable way to boot to recovery mode. And Rich Trouton’s trick to booting to recovery mode using VMWare doesn’t really apply to VirtualBox.

Another blog post (How to boot into recovery mode on mac without holding Command + R Key on keyboard ?) did have the solution, though. Just run
sudo nvram "recovery-boot-mode=unused"
and then reboot. That will do a one-time boot to recovery mode. Then when you reboot again, it should boot back to regular mode.

Enabling FileVault… sort of

If you want to enable FileVault, you’ll have to do so from the command-line (it’ll be greyed out in the GUI), but FileVault will basically be unusable (unless you just want to test in recovery mode):
sudo fdesetup enable
Don’t do this unless you already have your VM snapshotted or backed up. It will likely make your VM unbootable.

Changing the serial number

By default, the macOS VirtualBox guest serial number is 0, but you can change it (make sure the VM is powered off first). h/t to Utsav Dusad on Superuser.com:
VBoxManage setextradata "macOS" VBoxInternal/Devices/efi/0/Config/DmiSystemSerial "ACTUALSERIALNUMBER"

Categories
Mac admin'ing

What can you do at the password prompt in Catalina’s recovery mode?

The mysterious password prompt

Starting in macOS 10.15 (Catalina), Apple started requiring a password to do anything useful after booting into recovery mode:

It’s not exactly clear what this password is for. T2-chip Macs have hardware-based encryption, and that encryption is able to turn on instantaneously. Without mounting the encrypted drive, you can’t really reset a password or have access to the data on the drive. This prompt just seems like a rather odd choice, especially since it appears to act as almost some kind of firmware lock… except it’s not.

Option 1: Erase without password or recovery key

If you don’t know the password to a user account and also don’t know the recovery key to FileVault, you can still use recovery mode to erase the current installation and reinstall macOS. Yes, that’s that menu item hidden in the top-left corner.


You can just click Recovery Assistant and then select Erase Mac….

You’ll then be prompted to join a wireless network, and then some kind of Internet recovery is downloaded and booted to, and then you’ll be back at recovery mode with a prompt to activate your Mac, and then with the opportunity to reinstall macOS on the freshly wiped drive.

Option 2: Use FileVault recovery key with no password

But let’s say you don’t want to wipe the drive necessarily—you just want to do other recovery mode stuff, and you don’t know any user passwords. Well, you can click Forgot all passwords?


Then you can enter the FileVault recovery key for the drive.

Option 3: User FileVault-enabled user password

And if you do know a user password, of course, you can select the user, and then enter a password when prompted.



The only odd thing about that is it doesn’t actually get you past FileVault encryption.



That’s right. Even though you’ve entered a user password, if you want to mount the Macintosh HD – Data partition, you’ll still be prompted for a FileVault-enabled user’s password again.