About Parallels Desktop System Extensions on macOS

If you are a Parallels Desktop user (or use another application that requires third-party system extensions), then you have probably seen messages from macOS and Parallels Desktop that say “System extension is blocked.”

So what is it – system extensionand why is the operating system blocking it? Is it dangerous? Quite logical questions for an ordinary user, which are often asked to our Parallels technical support engineers. In this post I will try to explain this situation in as much detail and as possible.

First, a relatively short answer about why Parallels Desktop uses system extensions, and then more details follow.

  1. Parallels Desktop uses hardware hypervisor technology (Intel VT-x hypervisor) to create a high-performance virtual machine, be it Windows, Linux, macOS or other operating systems.
  2. To manage the hypervisor, the system must have a driver, which in macOS is called system extensions (formerly kernel extensions) – an extension (kernel) of the system.
  3. On macOS, there are two types of hypervisor that Parallels Desktop can use: Apple’s built-in hypervisor or Parallels’s own hypervisor.
  4. Parallels proprietary hypervisor is implemented as an extension of the system. System extensions in macOS allow developers to integrate deeply into macOS for better performance or some unique functionality.
  5. When Parallels Desktop tries to load Parallels hypervisor system extensions, macOS prompts the user to “allow” this event (download).
  6. System extensions are elevated and can be used maliciously if they come from an untrusted source. So this is a security measure, similar to how your phone’s apps request access to the camera.
  7. If you downloaded Parallels Desktop from parallels.com and the system extension is signed by “Parallels International GmbH”, then you are in good hands.
  8. Parallels recommends using Apple’s built-in hypervisor. This way, macOS won’t bother you with system expansion approvals or reboots.
  9. However, if you need to use the Nested virtualization feature, or have a unique situation where the Parallels hypervisor performs better, you can continue to use the Parallels hypervisor.
  10. To change the hypervisor type, you must first shut down (stop) the virtual machine. Please note that this may require you to start or resume the virtual machine and approve the Parallels hypervisor system extension.
  11. With your virtual machine stopped, go to Virtual Machine Configuration> Hardware> CPU & Memory> Advanced Settings> click the Hypervisor drop-down list> choose Apple or Parallels, respectively.
  12. If you have multiple virtual machines, you may need to change the setting for each one.

Now, if you are not bored yet, I would like to tell you a little more about this story.

For over a decade, Parallels has been developing proprietary drivers (aka “system extensions”) to run Windows and other operating systems on top of macOS. These drivers have made Parallels Desktop the best on the market: the fastest and most advanced desktop virtualization solution.

At the same time, for several years, Apple has been moving towards making macOS the safest and most reliable desktop operating system (and I must admit, Apple has done well in many ways). One of the key aspects is to prevent developers from invading the kernel by loading these very extensions (also known as “kexts”), since those with kernel access can do things at the heart of your Mac that can turn out to be pretty dangerous.

To do this, Apple must replace third-party kernel extensions with proprietary system APIs that ultimately need to provide the same product functionality, which is a huge engineering effort even for a large enterprise like Apple.

Since 2017, with the release of macOS High Sierra version 10.13, Apple start automatically block third-party “kexts” (as we call them in our slang), and since then users have to manually allow them to download.

In March 2020, with the release of macOS Catalina version 10.15.4, Apple began warning users that some of their applications (which use an outdated system extension) would be “incompatible with a future version of macOS” (read “macOS Big Sur 11”).

In June 2020, during the Apple Worldwide Developers Conference (WWDC-20), published the following statement (still translated from English):

“System extensions make macOS more reliable and secure, and legacy kernel extensions are not loaded by default in macOS Big Sur.” In the end, to make Parallels Desktop fully compatible with the new macOS Big Sur 11, the Parallels engineering team spent years rebuilding Parallels Desktop and its functionality using the new macOS system APIs.

This extensive and laborious work has led to a completely new Parallels Desktop 16specifically designed to work with and integrate with the new macOS Big Sur technologies, while delivering performance and compatibility improvements for the benefit of Parallels Desktop users.

This diagram below illustrates the difference between Parallels Desktop default modes in the corresponding macOS version. The old Parallels Desktop design using Parallels system extensions is shown on the left, and the newly invented Parallels Desktop 16, using macOS Big Sur 11 APIs, is shown on the right.

At the moment, our team continues to work on supporting Parallels and Apple hypervisors and continues to work with Apple to bring the rest of Parallels Hypervisor features to Apple Hypervisor. We recommend using the Apple hypervisor, and if you notice a difference between Apple and Parallels hypervisors for your use case, please let us know.

If you have any questions – write. Thanks for attention!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *