Add emulated TPM instead of Real one to W11 VM if using QEMU/KVM via command line


jimbo45

Well-known member
Power User
VIP
Local time
9:11 PM
Posts
2,075
Location
Hafnarfjörður IS
OS
Windows XP,7,10,11 Linux Arch Linux
Hi folks
If you are creating Windows 11 VM's that want an "emulated" TPM - even if you have a "Real one" in KVM/QEMU -- just add this to the XML config of the VM -- no setup / start services etc is needed other than just installing the swtpm package (and accept any other packages it might require - probably libswtpm but depends on your distro).

Using the "Real TPM" on a Windows Guest on KVM is a bit of a horrendous exercise to get working.

(Note you don't have to disable any real TPM in BIOS and you can use this also even if you don't have a TPM).

Use Nano or VIM and add these lines in the appropriate place in your xml config file for the Guest Windows system after installing the package(s) on the HOST.

</devices>
<tpm model='tpm-tis'>
<backend type='emulator' version='2.0'/>
</tpm>
</devices>


If you have other devices just add the text in the correct place and remove the </devices> lines in the example shown..

Now in the Windows guest when executing tpm.msc you should see this :

Skjámynd 2022-03-27 135230.png



"Seemples" !!!!!

Cheers
jimbo
 
Last edited:

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7

cereberus

Well-known member
Pro User
VIP
Local time
10:11 PM
Posts
2,591
OS
Windows 10 Pro + others in VHDs
Hi folks
If you are creating Windows 11 VM's that want an "emulated" TPM - even if you have a "Real one" in KVM/QEMU -- just add this to the XML config of the VM -- no setup / start services etc is needed other than just installing the swtpm package (and accept any other packages it might require - probably libswtpm but depends on your distro).

Using the "Real TPM" on a Windows Guest on KVM is a bit of a horrendous exercise to get working.

(Note you don't have to disable any real TPM in BIOS and you can use this also even if you don't have a TPM).

Use Nano or VIM and add these lines in the appropriate place in your xml config file for the Guest Windows system after installing the package(s) on the HOST.

</devices>
<tpm model='tpm-tis'>
<backend type='emulator' version='2.0'/>
</tpm>
</devices>


If you have other devices just add the text in the correct place and remove the </devices> lines in the example shown..

Now in the Windows guest when executing tpm.msc you should see this :

View attachment 25525



"Seemples" !!!!!

Cheers
jimbo
I tried this on ubuntu - there were so many variation of swtpm and other dependencies I could never get it to work.

I always think Linux experts tend to be like those car mechanic guides:-

How to repair oil sump

Step 1 - get a size 10 TorX screwdriver
Step 2 - remove engine
Step 3 - remove torx screws on sump

How on earth you get past step 2 is a total mystery!

It would be really helpful if you or some Linux expert has the time to produce a mini tutorial showing step by step how to install kvm, install a linux distro (ubuntu preferably) and then show the commands needed to install swtpm, and then how to install Windows.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0

jimbo45

Well-known member
Power User
VIP
Thread Starter
Local time
9:11 PM
Posts
2,075
Location
Hafnarfjörður IS
OS
Windows XP,7,10,11 Linux Arch Linux
I tried this on ubuntu - there were so many variation of swtpm and other dependencies I could never get it to work.

I always think Linux experts tend to be like those car mechanic guides:-

How to repair oil sump

Step 1 - get a size 10 TorX screwdriver
Step 2 - remove engine
Step 3 - remove torx screws on sump

How on earth you get past step 2 is a total mystery!

It would be really helpful if you or some Linux expert has the time to produce a mini tutorial showing step by step how to install kvm, install a linux distro (ubuntu preferably) and then show the commands needed to install swtpm, and then how to install Windows.
Hi there
Will do next week -- UBUNTU should be Ok as it's similar to Arch Linux -- all being derived from probably Debian. I'll have a go with the LTS version ,

All I can say once W11 works on a VM under KVM it really performs fine -- and as a VM it really can work on all sorts of hardware where a "Real" installation would fail for failing to meet the hardware requirments - especially as you can run a UEFI / Sec boot VM on an ordinary MBR BIOS real machine. The swtpm version needed is the IBM emulator - available also on git-hub. No need to actually configure it or start services either.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7

jimbo45

Well-known member
Power User
VIP
Thread Starter
Local time
9:11 PM
Posts
2,075
Location
Hafnarfjörður IS
OS
Windows XP,7,10,11 Linux Arch Linux
I tried this on ubuntu - there were so many variation of swtpm and other dependencies I could never get it to work.

I always think Linux experts tend to be like those car mechanic guides:-

How to repair oil sump

Step 1 - get a size 10 TorX screwdriver
Step 2 - remove engine
Step 3 - remove torx screws on sump

How on earth you get past step 2 is a total mystery!

It would be really helpful if you or some Linux expert has the time to produce a mini tutorial showing step by step how to install kvm, install a linux distro (ubuntu preferably) and then show the commands needed to install swtpm, and then how to install Windows.


So far testing on Ubuntu 20.04 LTS Server -- installed also with kde gui for ease so using GUI desktop instead of CLI : Installed the OS and the Windows VM on external SSD connected to laptop voa SATA->USB connector so no change to "internal HDD's" on laptop.

stage 1 -- bog standard install (clean from ISO - working so far GB ENG versions of Ubuntu server 20.04 LTS and W11 wit 105 PC extended keyboard - GB version with windows keys.

Screenshot_20220328_145049.png


All working now including TPM emulated device -- Clean install after all the silly security questions etc gone through.

Note for proper full screen video install the video driver driver from the virtio iso in the GUEST but it works without that

2022-03-28_15-55.png

I'll now tidy it all up -- but the basic idea was to show it's all working on W11 with emulated TPM and sec boot in the VM.

So it does work on Ubuntu (so far) !!!
Note not activated as this only a test "Throw away version" before I try one that's suitable for an easy to follow tutorial. This was for me essentially to see if the process works as I haven't used Ubuntu before - but all these are essentially variants of "Good 'ol Debian".

Cheers
jimbo
 
Last edited:

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7

Latest Tutorials

Top Bottom