hi, I managed to virtualize W$11 in TPM/SB mode as well as in "BIOS" mode (with the BypassTPMCheck and BypassSecureBootCheck register keys set to 1). I didn't go further with W$11 in TPM/SB mode, but I was able to start it, once the installation was done, with the SB disabled (file=./OVMF_CODE.fd) and without the TPM device.
here are the command lines used in both cases : # TPM/SB mode $ swtpm socket --ctrl type=unixio,path=./swtpm.sock --terminate --tpmstate dir=. --tpm2 & $ qemu-system-x86_64 \ `# acceleration` \ -accel kvm \ `# CPU / 4G memory` \ -machine q35 \ -cpu host \ -smp cores=2 \ -m 4096 \ `# 720p` \ -device VGA,edid=on,xres=1280,yres=720 \ `# USB support` \ -device qemu-xhci \ -device usb-tablet \ `# secure boot` \ -global ICH9-LPC.disable_s3=1 \ -drive if=pflash,format=raw,file=./OVMF_CODE.secboot.fd,readonly=on \ -drive if=pflash,format=raw,file=./OVMF_VARS.fd \ `# tpm2` \ -chardev socket,id=chrtpm,path=./swtpm.sock \ -tpmdev emulator,id=tpm0,chardev=chrtpm \ -device tpm-tis,tpmdev=tpm0 \ `# 64G hard drive` \ -hda ./11.disk \ -cdrom ./11.iso # "BIOS" mode with HKLM LabConfig register keys $ qemu-system-x86_64 \ `# acceleration` \ -accel kvm \ `# CPU / 4G memory` \ -machine q35 \ -cpu host \ -smp cores=2 \ -m 4096 \ `# 720p` \ -device VGA,edid=on,xres=1280,yres=720 \ `# USB support` \ -device qemu-xhci \ -device usb-tablet \ `# 64G hard drive` \ -hda ./11.disk \ -cdrom ./11.iso regards, lacsaP. Le lun. 18 oct. 2021 à 10:50, Pascal <patate...@gmail.com> a écrit : > hi, > > I simply prefer the manipulation of a few keys in the Windows registry at > the time of installation to the "complex" Qemu boot (SecureBoot and TPM). > > however, I tried to install W$11 with native (passthrough) and emulated > (swtpm) TPM support, but I always get the warning that the (virtual) > computer is not compatible. > unfortunately, this warning does not specify at what level the > incompatibility is. > I would lean towards SecureBoot that I can't implement with Qemu (the > screen stays frozen on "Guest has not initialized the display (yet)."). > > # chmod 666 /dev/tpm0 > $ /usr/bin/qemu-system-x86_64 -accel kvm -machine q35 -m 4096 -device > nec-usb-xhci -device usb-tablet -cpu host -parallel null -serial mon:stdio > -bios /usr/share/edk2-ovmf/x64/OVMF.fd -hda 11.disk -cdrom 11.iso -tpmdev > passthrough,id=tpm0,path=/dev/tpm0 -device tpm-tis,tpmdev=tpm0 > > $ swtpm socket --tpm2 --tpmstate dir=/tmp/mytpm --ctrl > type=unixio,path=/tmp/mytpm/swtpm-sock > $ /usr/bin/qemu-system-x86_64 -accel kvm -machine q35 -m 4096 -device > nec-usb-xhci -device usb-tablet -cpu host -parallel null -serial mon:stdio > -bios /usr/share/edk2-ovmf/x64/OVMF.fd -hda 11.disk -cdrom 11.iso -chardev > socket,id=chrtpm,path=/tmp/mytpm/swtpm-sock -tpmdev > emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0 > > Le ven. 15 oct. 2021 à 18:36, Stefano Cappa <stefano.cappa.k...@gmail.com> > a écrit : > >> Totally agree with Friedrich, there is no reason to use workaround or >> hacks. You can simply use a tpm emulator. I'm using swtpm (it's open source >> and available on github) since this August and it works perfectly. >> >> Stefano >> >> Il ven 15 ott 2021, 18:31 Friedrich Oslage <friedr...@oslage.de> ha >> scritto: >> >>> Why do you want to use the registry workarounds? It's a lot easier to >>> just emulate a TPM and Secure-Boot. And yes, Windows 11 works just fine >>> in a Qemu VM which meets the requirements. >>> >>> Also, I'd recommend using libvirt instead of executing qemu directly, it >>> just makes everything easier. For instance in libvirt adding a TPM is >>> just "<tpm model='tpm-crb'><backend type='emulator' >>> version='2.0'/></tpm>", with plain Qemu you need to manage everything >>> yourself, including control socket and state directory. >>> >>> Regards >>> Friedrich >>> >>> On 10/15/21 1:42 PM, Pascal wrote: >>> > hi everyone, >>> > here is the "environment" used (but it still doesn't work :-() : >>> >>>
