1. Intro
  2. The fix (or bandage)
  3. Modern EFI or legacy BIOS
  4. Undo the change
  5. Updates
  6. Related stuff

Intro

EFI menu

With macOS High Sierra Apple introduced the APFS filesystem with improved integrity protection. You can boot into Windows just fine, but when you wish to load a Boot Camp OS within a virtual machine the loader complains about a missing disk or some missing EFI elements. Eventually you get a blue Boot Manager screen with a bunch of options. According to VMware is UEFI missing an APFS driver.

This is also the case when installing an EFI based operating system directly in the VM without using Boot Camp.

To make it work you need to losen the integrity protection of your entire Mac. On some forums people just disable the protection completely, but I highly recommend to not doing that! It also protects against some nasty malware attacks on a deep system level. What I suggest to do is to only disable the protection on the filesystem.

This is not ideal either, but at least Fusion can access the Boot Camp partition while not exposing other layers to attacks. Until VMware finds a way to access Boot Camp in a secure way this is all you can do. They are working on it though:

No APFS driver in UEFI renders the Guest OS unbootable when the Guest boot volume is using APFS.

Rest assured we are very excited about and interested in leveraging the new capabilities found in Apple’s new File System, but for now it will give you an OS that you can not boot in a Virtual Machine.

As such, during the installation, be sure to NOT check the ‘Use APFS’ checkbox, otherwise you will render the VM unbootable.

The fix (or bandage)

Either don’t enable APFS during the macOS High Sierra upgrade or bypass the protection of the filesystem by following these steps:

  • Reboot into Recovery-mode, holding CMD+R until the Apple logo appears.
  • Go to Utilities menu > Terminal
  • Enter csrutil enable --without fs && reboot

The mac reboots. When it is done create the Boot Camp VM. You will get an error saying you might not be able to run the VM, but it will be just fine.

Modern EFI or legacy BIOS

When you are installing an EFI based OS to install directly in VM (non-boot camp) try a BIOS variant instead and create a custom VM with legacy BIOS enabled instead of EFI. Otherwise it may work as well, but in my trial and error the BIOS combination came out best.

Undo the change

If you wish to undo the change to re-enable the CSR setting on the file system, redo the fix above and instead of the command run this:

csrutil clear && reboot

You can also do ‘enable’ which should enable all parts, but ‘clear’ will reset them to the OS defaults. At the moment the outcome is the same. However, macOS may change something in the future and intentionally disable a part of CSR and then ‘enable’ could mess things up a bit.


Updates

2017-10-19
I restored the protection on my Mac. My intention was to run LiquidSky through Fusion which used to work great on Fusion v8, but since v10 it is lagging like crazy. So for games I now rather boot to Windows instead of using a virtual machine. Can’t wait for LiquidSky to launch their Mac app and finally be free from Windows. 😝

2017-10-23
Added section about EFI vs BIOS.

2017-11-03
It’s interesting how many visitors this post alone gets. 25 50 unique views per day is not very common for my site, especially the click through rate from Google at 11.4%. Imagine how many users are struggling with this problem.

Changed undo command to ‘clear’.