Nested virtualization (FEAT_NV)

Another important ARMv8.3-A enhancement is nested virtualization support, which allows a hypervisor running inside a virtual machine (a “guest hypervisor”) to utilize hardware virtualization features as if it were running on real hardware. In practical terms, ARMv8.3 introduces new trap controls (e.g. HCR_EL2.NV bits) so that if a level-1 guest (EL1) tries to configure EL2 registers (to create a nested VM), the real EL2 hypervisor (the host) will intercept those actions. The host hypervisor can then emulate or forward the operations, enabling the guest to run its own VMs. This is achieved by the CPU “pausing” the guest hypervisor when it accesses sensitive EL2-only controls and invoking the higher-level hypervisor at EL2 to arbitrate. Essentially, the ARM system can virtualize the hypervisor privilege level itself, supporting a guest at EL1 that believes it has an EL2.

Apple’s A-series chips prior to Apple Silicon did not make much use of virtualization, but with macOS on M-series, virtualization became a key feature (for running Linux VMs, Docker, iOS app containers, etc.). The Apple M1 (2020) implements standard hardware virtualization for a host hypervisor (EL2), but notably did not support nested virtualization in hardware (the ARMv8.3 nested virt feature was not enabled). Beginning with M2 and M3, Apple processors introduced full nested virtualization support at the ARMv8.4-A level (which includes improvements for nested virtualization performance). In fact, the Apple M2/M3 implement the second-stage optimizations (ARMv8.4’s NV2 feature) that allow batching of trapped register updates for efficiency. Although the M2 hardware could theoretically support a guest hypervisor, Apple did not expose this capability immediately in macOS. It was only with macOS 15 (2024) and the M3 chip that Apple officially enabled nested virtualization via the Virtualization framework. On supported systems, a Mac can now run (for example) a Windows VM which itself uses Hyper-V to run a Linux subsystem - something previously impossible on M1. This nested virtualization capability is crucial for modern cloud and development scenarios (e.g. running WSL2 on Apple Silicon).

From a design perspective, Apple adopting nested virtualization aligns with providing parity with x86 virtualization features. By implementing ARMv8.3/8.4 NV, Apple Silicon can better support complex virtualization stacks and future-proof macOS for enterprise and cloud workflows. It’s worth noting that even on chips without NV, nested VMs could be attempted via pure software or paravirtualization, but with heavy performance and complexity costs. ARMv8.3-A’s hardware-assisted approach is far more efficient, albeit not free; each trapped operation causes a world switch to EL2, so minimizing trap frequency (aided by ARMv8.4’s NV2) is important. In summary, Apple’s inclusion of nested virtualization support (in hardware by M2/M3 and in software by macOS 15+) brings Apple Silicon to feature parity with the wider ARM ecosystem and demonstrates Apple’s commitment to fully leveraging ARM architectural enhancements as they mature.