About Parallels Desktop system extensions on macOS Big Sur (and later)

Guest blog post from Dmitry Geynisman, Product Manager at Parallels

You may have seen these messages from both macOS and Parallels Desktop for Mac:

No worries, in this blog post I will explain the situation in detail. First, I will give you a relatively short answer about why Parallels® Desktop uses system extensions, and then more details will follow. 

  1. Parallels Desktop uses a hypervisor technology to create a high-performance virtual machine, so you can run Windows, Linux, macOS, and other operating systems inside it. 
  1. There are 2 types of hypervisors on macOS that Parallels can use: Apple’s built-in hypervisor or Parallels’ proprietary hypervisor. Parallels proprietary hypervisor is implemented as a system extension. 
  1. System extensions in macOS enable developers to integrate deep into the macOS system to achieve better performance or provide some unique functionality. 
  1. When Parallels Desktop attempts to load the Parallels hypervisor system extensions, macOS prompts a user to ‘allow’ this. System extensions have elevated privileges and if they are coming from a non-trusted source, can be used maliciously. So, it is a security precaution, similar to how your phone apps ask to access your camera. 
    If you downloaded Parallels Desktop from parallels.com and the system extension is signed by “Parallels International GmbH”, then you are in good hands. 
  1. Parallels recommends you use Apple’s built-in hypervisor. That way macOS won’t bother you with System Extension approval or the need to reboot. However, if you need to use the Nested Virtualization feature or a specific workload where Parallels hypervisor shows higher performance scores, you may keep using Parallels hypervisor. 
  1. To change a hypervisor type, first, you need to shut down or stop your virtual machine. Note that for this you might need to start or resume the virtual machine and approve Parallels hypervisor system extension.  
    When your VM is stopped, go to VM configuration > Hardware > CPU & Memory > Advanced Settings > click on the “Hypervisor” dropdown > select “Apple” or “Parallels” respectively. 
    If you have multiple virtual machines, you may need to change the setting for every one of them. 

Now, if you’re not bored yet, I’d love to tell you more about this story. 

For more than a decade, Parallels developed its proprietary drivers (aka system extensions) for running Windows and other OSes on top of the macOS. These drivers made Parallels Desktop the best virtualization solution, the fastest, and the most technologically advanced.  

At the same time, for several years, Apple has been moving towards making macOS the most secure and reliable desktop OS (and I should say, Apple succeeded in many ways). One of the key aspects is not to let developers intrude on the OS kernel by loading those extensions (aka “kexts”), as those who have access to the kernel can do things at the very heart of your Mac, which may prove quite dangerous. In order to do that, Apple must replace 3rd-party kernel extensions with the native system APIs that ultimately enable the same product features, and that is massive engineering work even for such a big enterprise as Apple.   

Since 2017, with the macOS High Sierra 10.13 release, Apple started to block 3rd-party kexts automatically, and users have had to enable them manually since. At that time, we published this blog post that can tell you even more about Parallels Desktop using system extensions.  

In March 2020, with the release of macOS Catalina 10.15.4, Apple started to warn users that some of their apps (that use deprecated system extension) would “be incompatible with a future version of macOS” (read: with macOS Big Sur).  

At WWDC20, Apple was quoted as saying that “System Extensions improve the reliability and security of macOS, and deprecated kernel extensions will not load by default in macOS Big Sur”. Eventually, to make Parallels Desktop fully compatible with the new macOS Big Sur 11.0, Parallels Engineering has gone through years of engineering work of rebuilding Parallels Desktop and its features using the new macOS system APIs. This extensive and time-intensive development resulted in the all-new Parallels Desktop, explicitly designed to work and integrate with new macOS Big Sur technologies, and at the same time, deliver performance and productivity improvements to benefit Parallels Desktop customers. 

This scheme below visually describes the difference between the default Parallels Desktop modes on the corresponding macOS version. The old Parallels Desktop design using Parallels system extensions is shown on the left, and the newly-invented Parallels Desktop 16, using macOS Big Sur APIs, is shown on the right. 

For now, our team continues to work on supporting both Parallels and Apple hypervisors and continues collaborating with Apple on implementing the rest of Parallels Hypervisor features to Apple Hypervisor. We recommend using Apple hypervisor, and if you notice any difference between Apple and Parallels hypervisors for your use case, please let us know. 

Download a free trial of Parallels Desktop for Mac and try it out yourself.  

One comment on “About Parallels Desktop system extensions on macOS Big Sur (and later)