This is an old revision of the document!
- windows11-vm
- Jonathan Haack
- Haack's Networking
- webmaster@haacksnetworking.org
windows11-vm
Alright, so to make Windows 11 work on a GNU/Linux VM with virt-manager you need UEFI-based secure boot and a TPM module. Here's what I did after searching online for a few days. First, set up a TPM module on your host OS:
sudo apt -y install dpkg-dev debhelper libssl-dev libtool net-tools libfuse-dev libglib2.0-dev libgmp-dev expect libtasn1-dev socat python3-twisted gnutls-dev gnutls-bin libjson-glib-dev gawk git python3-setuptools softhsm2 libseccomp-dev automake autoconf libtool gcc build-essential libssl-dev dh-exec pkg-config dh-autoreconf dh-apparmor
git clone https://github.com/stefanberger/libtpms.git cd libtpms ./autogen.sh --with-openssl make dist dpkg-buildpackage -us -uc -j4 sudo apt install ../libtpms*.deb
git clone https://github.com/stefanberger/swtpm.git cd swtpm dpkg-buildpackage -us -uc -j4 sudo apt install ../swtpm*.deb
These instructions are pulled from the swtpm maintainer's git, which had instructions for building swtpm on both Debian and Ubuntu, but also a big thanks to sej7278 on Reddit who consolidated and simplified them into a recipe. The only thing I found missing on my end, was I needed to add dh-apparmor to the above package dependency list. Now that the software TPM is running, the next step is to add UEFI support to virt-manager, by creating a UEFI / secure boot environment using the ovmf package. To do that, I located the Debian wiki on the topic and headed over to the package download page and then used dpkg -i to install it. After this, I rebooted my machine and started up virt-manager. In virt-manager, create a new machine, select the Windows 11 .iso file, create a virtual disk that you prefer, and then select “customize before finishing.” In the machine configuration window that comes next, first set up Overview as follows:
The Overview pane allows you to pick a chipset and specify the bootloader you want to use. These options were specified on many Wikis, so I followed suit. After this was done, I then changed the Boot Options so that the CD-ROM was punched, and so that it was at the top of the list. This is because virt-manager interprets the .iso as a CD-ROM and won't find the installer media unless this is done. It might already be set this way on your virt-manager instance but it was not on mine, so big thanks to shawnsg for their tutorial because this stumped me for a bit.
— oemb1905 2022/07/30 18:06
