| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| computing:windows11-vm [2022/07/31 00:11] – oemb1905 | computing:windows11-vm [2022/07/31 00:31] (current) – oemb1905 |
|---|
| ------------------------------------------- | ------------------------------------------- |
| |
| Alright, so to make Windows 11 work on a GNU/Linux VM you need UEFI-based secure boot and a TPM module. Here's what I did after searching online for a few days. The first step is to open your machine in virt-manager, Add Hardware, TPM, and then leave it at default settings. This is the preference pane for managing your machine's TPM, but it does not set up a software TPM emulator / environment for you, it only manages the one you have made. To make one we need to install some dependencies and build two packages from source as follows: | Alright, so to make Windows 11 work on a GNU/Linux VM with virt-manager you need UEFI-based secure boot and a TPM module. Here's what I did after searching online for a few days. First, set up a TPM module on your host OS: |
| |
| sudo apt -y install dpkg-dev debhelper libssl-dev libtool net-tools libfuse-dev libglib2.0-dev libgmp-dev expect libtasn1-dev socat python3-twisted gnutls-dev gnutls-bin libjson-glib-dev gawk git python3-setuptools softhsm2 libseccomp-dev automake autoconf libtool gcc build-essential libssl-dev dh-exec pkg-config dh-autoreconf dh-apparmor | sudo apt -y install dpkg-dev debhelper libssl-dev libtool net-tools libfuse-dev libglib2.0-dev libgmp-dev expect libtasn1-dev socat python3-twisted gnutls-dev gnutls-bin libjson-glib-dev gawk git python3-setuptools softhsm2 libseccomp-dev automake autoconf libtool gcc build-essential libssl-dev dh-exec pkg-config dh-autoreconf dh-apparmor |
| sudo apt install ../swtpm*.deb | sudo apt install ../swtpm*.deb |
| | |
| There was a reddit post from sej7278 [[https://www.reddit.com/r/VFIO/comments/q49xb4/how_install_swtpm_tpm_20_for_ubuntu_impris_indri/|on this thread]] that consolidated and simplified the instructions on the ''swtpm'' maintainer's git, which had instructions for building ''swtpm'' on both [[https://github.com/stefanberger/swtpm/wiki#build-deb-package-ubuntu-debian|Debian]] and [[https://github.com/stefanberger/libtpms/wiki#build-a-package-on-ubuntu|Ubuntu]]. The only thing I found missing on my end, was I needed to add ''dh-apparmor'' to the above package dependency list. Now that the software TPM is running, the next step is to add UEFI support to virt-manager, by install installing the ovmf package. To do that, I located the package on Debian's [[https://wiki.debian.org/SecureBoot/VirtualMachine|Wiki]]. After that, I headed over to the [[https://packages.debian.org/bullseye/all/ovmf-ia32/download|download page]] and after downloading the ''.deb'' I used ''dpkg'' to install it. The last step was making sure that your boot options in virt-manager have SATA CDROM 1 selected and moved to the top of the list. This is because the Windows 11 installer media is interpreted as a CD ROM by virt-manager. | These instructions are pulled from the ''swtpm'' maintainer's git, which had instructions for building ''swtpm'' on both [[https://github.com/stefanberger/swtpm/wiki#build-deb-package-ubuntu-debian|Debian]] and [[https://github.com/stefanberger/libtpms/wiki#build-a-package-on-ubuntu|Ubuntu]], but also a big thanks to sej7278 on Reddit who consolidated and simplified them into a recipe. The only thing I found missing on my end, was I needed to add ''dh-apparmor'' to the above package dependency list. Now that the software TPM is running, the next step is to add UEFI support to virt-manager, by creating a UEFI / secure boot environment using the ovmf package. To do that, I located the [[https://wiki.debian.org/SecureBoot/VirtualMachine|Debian wiki]] on the topic and headed over to the [[https://packages.debian.org/bullseye/all/ovmf-ia32/download|package download]] page and then used ''dpkg -i'' to install it. After this, I rebooted my machine and started up virt-manager. In virt-manager, create a new machine, select the Windows 11 .iso file, create a virtual disk that you prefer, and then select "customize before finishing." In the machine configuration window that comes next, first set up Overview as follows: |
| |
| --- //[[jonathan@haacksnetworking.org|oemb1905]] 2022/07/30 18:06// | {{ :computing:overview.png?600 |}} |
| | |
| | The Overview pane allows you to pick a chipset and specify the bootloader you want to use. These options were specified on many Wikis, so I followed suit. After this was done, I then changed the Boot Options so that the CD-ROM was punched, and so that it was at the top of the list. This is because virt-manager interprets the .iso as a CD-ROM and won't find the installer media unless this is done. It might already be set this way on your virt-manager instance but it was not on mine because I had disabled it before. I only figured this out after searching through random forums and banging my head. Super obvious in hindsight; thanks to shawnsg's random ltt post! |
| | |
| | {{ :computing:boot-options.png?600 |}} |
| | |
| | Lastly, once virt-manager was configured for using secure boot and to load the installer media, it was now time to configure this virtual machine to use the software based TPM module we created earlier. To do that, I clicked "Add Hardware" in the virt-manager GUI, selected TPM, and left the default settings. |
| | |
| | {{ :computing:tpm.png?600 |}} |
| | |
| | Once those two environments were built, the ovfm package installed, and virt-manager configured to leverage all of those properly, the machine booted flawlessly. Here's the splash screen after the core parts of the OS installed: |
| | |
| | {{ :computing:splash.png?600 |}} |
| | |
| | --- //[[jonathan@haacksnetworking.org|oemb1905]] 2022/07/30 18:24// |
| |
| |
