Support for Mac OS host with Win 10 guests that have Device Guard/Credential Guard enabled

Here you can provide suggestions on how to improve the product, website, etc.
Post Reply
joncle
Posts: 2
Joined: 11. Oct 2017, 21:30

Support for Mac OS host with Win 10 guests that have Device Guard/Credential Guard enabled

Post by joncle »

I would like to confirm if/when VirtualBox on Mac OS will support Win 10 guests with virtualization-based security (VBS) features such as Device Guard and Credential Guard enabled. VMWare released Fusion 10 recently, which includes support for these features on Win 10 guests. More info is available on the VMWare Fusion Blog. Trying to understand if Oracle has plans to offer similar functionality in VirtualBox or not.
Last edited by joncle on 12. Oct 2017, 16:04, edited 1 time in total.
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: Support for Mac OS host with Win 10 guests that have Device Guard/Credential Guard enabled

Post by socratis »

Moving to "Suggestions" from "OSX Hosts", since this is a suggestion/enhancement that applies more broadly than OSX hosts.

BTW, comparing apples (no pun intended) and oranges doesn't help. If nothing else it's distracting. A program and its developers do not base their roadmap necessarily on what others do. Just my 0.02 €.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
joncle
Posts: 2
Joined: 11. Oct 2017, 21:30

Re: Support for Mac OS host with Win 10 guests that have Device Guard/Credential Guard enabled

Post by joncle »

Apologies if I wasn't clear. I want to confirm whether VirtualBox on a macOS host supports Win 10 guests with VBS enabled (Device Guard & Credential Guard). Your reply implies that VirtualBox on macOS doesn't support Win 10 guests with VBS enabled (though let me know if that is not the case).

The point of mentioning VMWare Fusion's new VBS capabilities is to show that it is technically possible to support these Microsoft features via a third party hypervisor. In the past, Hyper-V was the only option, though it only works on Windows hosts. VirtualBox on macOS is essentially a no-go in environments that require Win 10 guests to have VBS enabled.
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: Support for Mac OS host with Win 10 guests that have Device Guard/Credential Guard enabled

Post by socratis »

First of all, for those of you that don't know (I certainly didn't), VBS is not Visual Basic Script as I originally thought, it's Virtualization Based Security, i.e. Device Guard & Credential Guard in Windows 10 systems.

@joncle
In order to have virtualization based anything in the guest, that means that the guest will have to "see" some hardware features in the CPU, mainly the ability for hardware virtualization, a.k.a. VT-x. For the moment the VT-x availability on the host is not passed on to the guest, so at the moment, no, you can't do that. BTW, you might also see this feature referred to as "nested virtualization".

I believe that there are plans to enable this feature at some point in the future, but (as any developer that has some self-respect), the VirtualBox developers will not talk about a timeline for this (or any other planned) feature.

PS. It's not just your Mac, VirtualBox is a multi-OS program.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
michaln
Oracle Corporation
Posts: 2973
Joined: 19. Dec 2007, 15:45
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Any and all
Contact:

Re: Support for Mac OS host with Win 10 guests that have Device Guard/Credential Guard enabled

Post by michaln »

joncle wrote:VirtualBox on macOS is essentially a no-go in environments that require Win 10 guests to have VBS enabled.
I expect those environments will let us know through their Oracle sales or support representative.
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: Support for Mac OS host with Win 10 guests that have Device Guard/Credential Guard enabled

Post by socratis »

@victhevikas
I'm not quite sure what you mean. Plus Microsoft has many blogs and bloggers. Any specific one? Even the title would do...
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Post Reply