Dan K. SnelsonNovember 2025 Updates
Updated commands for macOS Tahoe 26.1 (25B78), however, macOS 26.1 virtual machines do not generate valid system serial numbers.
U of U Mac Admins, July 2022
Honored to co-present with Fedor Korotkov at the July 2022 U of U Mac Admins meeting.
Background
The Updates and Releases section of Armin Briegel’s Weekly News Summary for Admins included a reference to Tart with the following one-line description:
macOS VMs on Apple Silicon to use in CI and other automations
Hoping that someone had figured out a way to specify a VM’s Serial Number for Automated Device Enrollment testing using a Mac with Apple silicon as the host, I quickly installed Homebrew and Tart on my test M1 MacBook Air running macOS 13.1.
# Confirm "arm64" architecture of host Mac arch # Install Homebrew; see https://brew.sh /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" # Install Tart via Homebrew brew install cirruslabs/cli/tart # Confirm installed version of Tart tart --version # Review Tart's help tart --help
TL;DR
Custom Serial Injection #59
First Impressions
Running a Tart VM on a Mac with Apple silicon worked precisely as advertised and — not counting download time — the monterey-base VM was running within minutes.
The anticipation increased as I entered tart set --help in Terminal, hoping to see a way to specify a VM’s Serial Number. Alas, only cpu, memory and display settings can be modified via the tart set command.
After poking around the OS for a few minutes, I gracefully shutdown the VM a tad deflated.
The “What if …” moment
Having read on MacAdmin’s Slack about others who were fine testing User-initiated Enrollment with VMs hosted on M1 Macs, the following occurred to me:
- Computers enrolled via User-initiated Enrollment are most often used by C-level individuals who tend to ”go around” normal purchasing channels — where we leverage Automated Device Enrollment — because they want the latest Apple hardware now!
- Why not test User-initiated Enrollment with a VM?
- Perhaps I could get an enrollment to go ”sideways” (i.e., FileVault enabled pre-enrollment) and then make sure my auto-repair policies are working as expected
Creating from Scratch
The Creating from Scratch instructions also worked liked a champ, although I opted to download the release candidate from Ryan’s Apple Silicon M1 Full macOS Restore IPSW Firmware Files Database.
# Create a "base" VM from the macOS 26.1 (25B78) IPSW in ~/Downloads tart create --from-ipsw=/Users/`id -n -u`/Downloads/UniversalMac_26.1_25B78_Restore.ipsw 26.1_25B78-base # List VMs tart list # Increase VM CPU cores to four # tart set 26.1_25B78-base --cpu 4 # now default with Tart version 0.4.1 # Set VM display tart set 26.1_25B78-base --display 2048x1000x72 # Run VM tart run 26.1_25B78-base --net-bridged=en0 # Configure macOS general settings as desired, then shutdown gracefully via: > Shutdown… # Capture the current date / time for repeated use timestamp=$(date '+%Y-%m-%d-%H%M%S') # Create a timestamped-clone of "base" VM tart clone 26.1_25B78-base 26.1_25B78-clone-$timestamp # List VMs tart list # Reduce VM display tart set 26.1_25B78-clone-$timestamp --display 1024x768x72 # Boot to macOS Recovery tart run 26.1_25B78-clone-$timestamp --recovery
Having tested Automated Device Enrollment almost exclusively for the last several years, it was a nice change to see all the Setup Assistant steps; I even enabled Choose your Look in our lower-lane PreStage Enrollments.
After you’ve completed the unfettered Setup Assistant, my recommend first modification is System Preferences > Dock & Menu Bar > Clock and at least enable Flash the time separators.
(You might as well ensure the Time Zone is correct while you already have System Preferences opened.)
Before enabling these options, on multiple, multiple occasions, I wasn’t sure if the VM was hung or under-powered or something else. With these settings enabled, you can instantly know if you need to bounce your VM (either via the tart > Quit tart Menu Bar or via Control-C in Terminal).
I was initially convinced I caused the vast majority of OS hangs by rapid two-finger scrolling instead of clicking-and-dragging the scroll bar; looks like more cowbell will do the trick (i.e.,
VMs always freeze/lock up after a few minutes. #84--cpu 4)
After poking around on the host, I discovered the VMs live inside of ~/.tart/vms — which doesn’t currently appear to be documented — and I deleted several of my failed attempts.
Next, ensure File Sharing is enabled on the host Mac and the first thing I copied was a text clipping of the FileVault Recovery Key.
User-initiated Enrollment
My first attempts at User-initiated Enrollment failed to reach my lower-lane server until I realized the host Mac had an active VPN connection; disconnecting the host’s VPN connection allowed the VM to reach the lower-lane server as expected.
I also discovered I had locked down UIE via Single Sign-on too far and having corrected the SSO settings, UIE worked as expected.
Watching the UIE workflow again was a good experience and motivated me to self-schedule time to update my internal documentation.
False Assumptions
Once the device was enrolled, I was excited to test our new Setup Your Mac workflow with a UIE device, but I purposely opted to not run it immediately post-enrollment.
I quickly learned that while our FileVault Recovery Key Reissue Self Service policy worked, it presumed all our client-side functions were already in-place as a result of the user having previously completing the Setup Your Mac process.
While Jamf Pro correctly reports the computer as having a Processor Type: Apple M1 (Virtual), the Disk Encryption information is lacking.
Time Machine
You’ll most likely want to add a Time Machine exclusion for the ~/.tart directory.
tmutil addexclusion -p ~/.tartContinuing Impressions
While authoring this post, I’ve had to bounce the VM more times than I can count; perhaps Tart isn’t designed for the use-case of testing Jamf Pro User-initiated Enrollment and its related policies and instead sticking to CI integration.
Regardless, Tart is snappy and is certainly worth a look.
Update (16-May-2022)
Since I wrote this two days ago, there’s already been multiple updates:
% brew update % brew outdated cirruslabs/cli/tart (0.2.4) < 0.3.1 % brew upgrade ==> Upgrading 1 outdated package: cirruslabs/cli/tart 0.2.4 -> 0.3.1
Update (18-May-2022)
Evidently others are also observing VM freezes and the recommend approach is to increase the number of CPU cores; Tart 0.4.1 now defaults to four:
tart set 26.1_25B78-clone-$timestamp --cpu 8
Update (20-May-2022)
All my reported issues have already been resolved with 0.5.0:
- 68 Document location of VMs on host
- 88 Heading order reversed in
tart list? - 89 Sort
tart listby default
And, can you say “macOS Recovery” ?
tart run 26.1_25B78-clone-$timestamp --recoveryUpdate (02-Jun-2022)
Probably the easiest way to interact with your Tart VM is via a VNC client (i.e., Apple Remote Desktop):
tart run 26.1_25B78-clone-$timestamp --no-graphics --vnc
