| Both sides previous revisionPrevious revision | Next revisionBoth sides next revision |
| computing:windows11-vm [2022/07/31 00:11] – oemb1905 | computing:windows11-vm [2022/07/31 00:24] – oemb1905 |
|---|
| ------------------------------------------- | ------------------------------------------- |
| |
| Alright, so to make Windows 11 work on a GNU/Linux VM you need UEFI-based secure boot and a TPM module. Here's what I did after searching online for a few days. The first step is to open your machine in virt-manager, Add Hardware, TPM, and then leave it at default settings. This is the preference pane for managing your machine's TPM, but it does not set up a software TPM emulator / environment for you, it only manages the one you have made. To make one we need to install some dependencies and build two packages from source as follows: | Alright, so to make Windows 11 work on a GNU/Linux VM with virt-manager you need UEFI-based secure boot and a TPM module. Here's what I did after searching online for a few days. First, set up a TPM module on your host OS: |
| |
| sudo apt -y install dpkg-dev debhelper libssl-dev libtool net-tools libfuse-dev libglib2.0-dev libgmp-dev expect libtasn1-dev socat python3-twisted gnutls-dev gnutls-bin libjson-glib-dev gawk git python3-setuptools softhsm2 libseccomp-dev automake autoconf libtool gcc build-essential libssl-dev dh-exec pkg-config dh-autoreconf dh-apparmor | sudo apt -y install dpkg-dev debhelper libssl-dev libtool net-tools libfuse-dev libglib2.0-dev libgmp-dev expect libtasn1-dev socat python3-twisted gnutls-dev gnutls-bin libjson-glib-dev gawk git python3-setuptools softhsm2 libseccomp-dev automake autoconf libtool gcc build-essential libssl-dev dh-exec pkg-config dh-autoreconf dh-apparmor |
| sudo apt install ../swtpm*.deb | sudo apt install ../swtpm*.deb |
| | |
| There was a reddit post from sej7278 [[https://www.reddit.com/r/VFIO/comments/q49xb4/how_install_swtpm_tpm_20_for_ubuntu_impris_indri/|on this thread]] that consolidated and simplified the instructions on the ''swtpm'' maintainer's git, which had instructions for building ''swtpm'' on both [[https://github.com/stefanberger/swtpm/wiki#build-deb-package-ubuntu-debian|Debian]] and [[https://github.com/stefanberger/libtpms/wiki#build-a-package-on-ubuntu|Ubuntu]]. The only thing I found missing on my end, was I needed to add ''dh-apparmor'' to the above package dependency list. Now that the software TPM is running, the next step is to add UEFI support to virt-manager, by install installing the ovmf package. To do that, I located the package on Debian's [[https://wiki.debian.org/SecureBoot/VirtualMachine|Wiki]]. After that, I headed over to the [[https://packages.debian.org/bullseye/all/ovmf-ia32/download|download page]] and after downloading the ''.deb'' I used ''dpkg'' to install it. The last step was making sure that your boot options in virt-manager have SATA CDROM 1 selected and moved to the top of the list. This is because the Windows 11 installer media is interpreted as a CD ROM by virt-manager. | These instructions are pulled from the ''swtpm'' maintainer's git, which had instructions for building ''swtpm'' on both [[https://github.com/stefanberger/swtpm/wiki#build-deb-package-ubuntu-debian|Debian]] and [[https://github.com/stefanberger/libtpms/wiki#build-a-package-on-ubuntu|Ubuntu]], but also a big thanks to sej7278 on Reddit who consolidated and simplified them into a recipe. The only thing I found missing on my end, was I needed to add ''dh-apparmor'' to the above package dependency list. Now that the software TPM is running, the next step is to add UEFI support to virt-manager, by creating a UEFI / secure boot environment using the ovmf package. To do that, I located the [[https://wiki.debian.org/SecureBoot/VirtualMachine|Debian wiki]] on the topic and headed over to the [[https://packages.debian.org/bullseye/all/ovmf-ia32/download|package download]] page and then used ''dpkg -i'' to install it. After this, I rebooted my machine and started up virt-manager. In virt-manager, create a new machine, select the Windows 11 .iso file, create a virtual disk that you prefer, and then select "customize before finishing." In the machine configuration window that comes next, first set up Overview as follows: |
| | |
| | {{ :computing:overview.png?600 |}} |
| | |
| | The Overview pane allows you to pick a chipset and specify the bootloader you want to use. These options were specified on many Wikis, so I followed suit. After this was done, I then changed the Boot Options so that the CD-ROM was punched, and so that it was at the top of the list. This is because virt-manager interprets the .iso as a CD-ROM and won't find the installer media unless this is done. It might already be set this way on your virt-manager instance but it was not on mine, so big thanks to shawnsg for their tutorial because this stumped me for a bit. |
| | |
| | {{ :computing:boot-options.png?600 |}} |
| | |
| |
| --- //[[jonathan@haacksnetworking.org|oemb1905]] 2022/07/30 18:06// | --- //[[jonathan@haacksnetworking.org|oemb1905]] 2022/07/30 18:06// |
| |
| |
