This is an old revision of the document!
- windows11-vm
- Jonathan Haack
- Haack's Networking
- webmaster@haacksnetworking.org
windows11-vm
Alright, so to make Windows 11 work on a GNU/Linux VM you need UEFI-based secure boot and a TPM module. Here's what I did after searching online for a few days. The first step is to open your machine in virt-manager, Add Hardware, TPM, and then leave it at default settings. This is the preference pane for managing your machine's TPM, but it does not set up a software TPM emulator / environment for you, it only manages the one you have made. To make one we need to install some dependencies and build two packages from source as follows:
sudo apt -y install dpkg-dev debhelper libssl-dev libtool net-tools libfuse-dev libglib2.0-dev libgmp-dev expect libtasn1-dev socat python3-twisted gnutls-dev gnutls-bin libjson-glib-dev gawk git python3-setuptools softhsm2 libseccomp-dev automake autoconf libtool gcc build-essential libssl-dev dh-exec pkg-config dh-autoreconf dh-apparmor
git clone https://github.com/stefanberger/libtpms.git cd libtpms ./autogen.sh --with-openssl make dist dpkg-buildpackage -us -uc -j4 sudo apt install ../libtpms*.deb
git clone https://github.com/stefanberger/swtpm.git cd swtpm dpkg-buildpackage -us -uc -j4 sudo apt install ../swtpm*.deb
There was a reddit post from sej7278 on this thread that consolidated and simplified the instructions on the swtpm maintainer's git, which had instructions for building swtpm on both Debian and Ubuntu. The only thing I found missing on my end, was I needed to add dh-apparmor to the above package dependency list. Now that the software TPM is running, the next step is to add UEFI support to virt-manager, by install installing the ovmf package. To do that, I located the package on Debian's Wiki. After that, I headed over to the download page and after downloading the .deb I used dpkg to install it. The last step was making sure that your boot options in virt-manager have SATA CDROM 1 selected and moved to the top of the list. This is because the Windows 11 installer media is interpreted as a CD ROM by virt-manager.
— oemb1905 2022/07/30 18:06
