i got it all worked out
i had to emulate TPM 2.0, boot win10 and convert my mbr hard drive to
GPT, shutdown and switch to uefi and boot win10, and manually run the
win11 setup from a thumbdrive
i had previously told qemu i had an amd EPYC cpu due to issues with
threadrippers at the time.
win11 wont accept EPYC so i had to uninstall the epyc processors one at
a time, tell qemu to pass through the host cpu instead (-cpu host).
i was allowed to keep my win10 license and did not have to make a
microsoft account
overall, not pleasant but doable
On 8/20/22 9:20 PM, Brett Peckinpaugh wrote:
You also need secure boot enabled bios even if you do not fully use
it. Have it working on a VM as well
On Aug 20, 2022, at 4:55 PM, Roger Lawhorn <r...@twc.com> wrote:
i added tmp 2.0 support to my virt machine.
windows pc health check says i dont qualify for windows 11.
my amd epyc cpu is not supported and i dont use secure boot
says tpm not detected and yet the device manager shows tpm 2.0 installed
i can add secure boot if needed
On 8/4/21 10:24 AM, Roger Lawhorn wrote:
i found this:
https://titanwolf.org/Network/Articles/Article?AID=61faf297-0fb8-4dac-babc-877e889b896e#gsc.tab=0
On 8/3/21 8:36 PM, Ivan Volosyuk wrote:
It's a package, just run in your gentoo box: emerge swtpm
And setup using:
https://qemu-project.gitlab.io/qemu/specs/tpm.html On Wed,
Aug 4, 2021 at 2:49 AM Roger Lawhorn <r...@twc.com> wrote:
how do i install swtpm? is it a package in my repo or
do i need to compile the source code? i dont use
libvert, i run a qemu script to launch windows 10 how
do i tell qemu that it needs to use it? is it an
additional switch on the command line? thanks On
8/3/21 2:20 AM, Brett Peckinpaugh wrote: I found my
issue, it was mainly I was still using the i440fx and
needed to switch to q35. Which required a bit more
work, and as I had to rebuild and reinstall windows I
used the secure boot OVMF and with that I should be if
I decide to 100% windows 11 compliant. You will need
to install swtpm and might have to correct some
permissions based on your install, and what user and
it's permissions that are running your qemu and
libvirt. On Mon, Aug 2, 2021 at 9:39 PM Roger Lawhorn
<r...@twc.com> wrote:
We are all facing a forced upgrade to windows 11
so we must answer this question. Thanks for asking
it. I am not familiar with TPM in virt machines so
I decline to comment. On 7/2/21 2:03 AM, Brett
Peckinpaugh wrote: With Win 11 coming I figured I
would spend a bit of time tinkering and see I
could be ready if I decided it isn't the junk OS
that every other windows OS is. I run a guest
with OVMF for UEFI and pass through a PCIE video
card. Everything works fine. Challenge I am
running into is I installed swtpm, then added a
software TPM to my guest. System boots and runs
fine but the TPM fails to start in the Windows
guest with a code of 10. From Linux it all looks
good. Windows events just say generic failure
messages. To confuse me more, I have a server with
a guest running windows that is just virtual.
Added the TPM and it shows up and is working on
that guest. Host is Manjaro flavor of Arch. Linux
logs for the TPM seems good. Any ideas? I tried
to boot using a secure boot enabled version of
OVMF and guest would not even start. Starting vTPM
manufacturing as root:root @ Thu 01 Jul 2021
10:48:40 PM PDT Successfully created RSA 2048 EK
with handle 0x81010001. Invoking
/usr/share/swtpm/swtpm-localca --type ek --ek
ac3b97418acfd724aed5d9dcc0f0e10a1a90b04ab21525115e7bb00009b9ea63525acc5ac367deef59d99620f129417f21e1419edaebd8b1f385a5b874b463d744c609b2f4c6fc00bfe5712bea7d7506e29ba8b4cb34e1b3c90d3f5a1805ba52628751aef659959d12a33d5238ec82bfa0b04ebab52bde403c9291f80a949de6303af04aa1a706ca4b054f45e94d4749b729ddf2b50849abaae1f681c3bb48ddfce1166fd804b9197d14af5fff9a52e48b0707916091516ed67c4c1e519b51478ecc25c89d9ad7a6f1e29e263b35cb54ca75ebe8bc2d7a82a3f262108abc75592467ccf5defe9e46f3706cc90ae67a4b38910e61a05ff62a9d3ec383bd352143
--dir
/var/lib/libvirt/swtpm/5e3c8d62-c0ef-41d7-9b7f-cddf618df88a/tpm2
--logfile
/var/log/swtpm/libvirt/qemu/Megaera-swtpm.log
--vmid
Megaera:5e3c8d62-c0ef-41d7-9b7f-cddf618df88a
--tpm-spec-family 2.0 --tpm-spec-level 0
--tpm-spec-revision 162 --tpm-manufacturer
id:00001014 --tpm-model swtpm --tpm-version
id:20191023 --tpm2 --configfile
/etc/swtpm-localca.conf --optsfile
/etc/swtpm-localca.options Successfully created EK
certificate locally. Invoking
/usr/share/swtpm/swtpm-localca --type platform
--ek
ac3b97418acfd724aed5d9dcc0f0e10a1a90b04ab21525115e7bb00009b9ea63525acc5ac367deef59d99620f129417f21e1419edaebd8b1f385a5b874b463d744c609b2f4c6fc00bfe5712bea7d7506e29ba8b4cb34e1b3c90d3f5a1805ba52628751aef659959d12a33d5238ec82bfa0b04ebab52bde403c9291f80a949de6303af04aa1a706ca4b054f45e94d4749b729ddf2b50849abaae1f681c3bb48ddfce1166fd804b9197d14af5fff9a52e48b0707916091516ed67c4c1e519b51478ecc25c89d9ad7a6f1e29e263b35cb54ca75ebe8bc2d7a82a3f262108abc75592467ccf5defe9e46f3706cc90ae67a4b38910e61a05ff62a9d3ec383bd352143
--dir
/var/lib/libvirt/swtpm/5e3c8d62-c0ef-41d7-9b7f-cddf618df88a/tpm2
--logfile
/var/log/swtpm/libvirt/qemu/Megaera-swtpm.log
--vmid
Megaera:5e3c8d62-c0ef-41d7-9b7f-cddf618df88a
--tpm-spec-family 2.0 --tpm-spec-level 0
--tpm-spec-revision 162 --tpm-manufacturer
id:00001014 --tpm-model swtpm --tpm-version
id:20191023 --tpm2 --configfile
/etc/swtpm-localca.conf --optsfile
/etc/swtpm-localca.options Successfully created
platform certificate locally. Successfully created
NVRAM area 0x1c00002 for RSA 2048 EK certificate.
Successfully created NVRAM area 0x1c08000 for
platform certificate. Successfully created ECC EK
with handle 0x81010016. Invoking
/usr/share/swtpm/swtpm-localca --type ek --ek
x=0ecc2c9a02316295724304fcdeb9802c6d2f2d5fa40c34717ea9ff64f4d5e969c79f6eaba9bf4f8e6c67416057542a7e,y=6d54604b00bbbc83f8e9d02983c3486514218c9eabf29dbfc692058506828b299cec8605be490173ebe1727719ff5c90,id=secp384r1
--dir
/var/lib/libvirt/swtpm/5e3c8d62-c0ef-41d7-9b7f-cddf618df88a/tpm2
--logfile
/var/log/swtpm/libvirt/qemu/Megaera-swtpm.log
--vmid
Megaera:5e3c8d62-c0ef-41d7-9b7f-cddf618df88a
--tpm-spec-family 2.0 --tpm-spec-level 0
--tpm-spec-revision 162 --tpm-manufacturer
id:00001014 --tpm-model swtpm --tpm-version
id:20191023 --tpm2 --configfile
/etc/swtpm-localca.conf --optsfile
/etc/swtpm-localca.options Successfully created EK
certificate locally. Successfully created NVRAM
area 0x1c00016 for ECC EK certificate.
Successfully activated PCR banks sha1,sha256 among
sha1,sha256,sha384,sha512. Successfully authored
TPM state. Ending vTPM manufacturing @ Thu 01 Jul
2021 10:48:40 PM PDT
------------------------------------------------------------------------
vfio-users mailing list vfio-users@redhat.com
https://listman.redhat.com/mailman/listinfo/vfio-users
------------------------------------------------------------------------
vfio-users mailing list vfio-users@redhat.com
https://listman.redhat.com/mailman/listinfo/vfio-users
------------------------------------------------------------------------
vfio-users mailing list vfio-users@redhat.com
https://listman.redhat.com/mailman/listinfo/vfio-users
------------------------------------------------------------------------
vfio-users mailing list vfio-users@redhat.com
https://listman.redhat.com/mailman/listinfo/vfio-users
------------------------------------------------------------------------
vfio-users mailing list
vfio-users@redhat.com
https://listman.redhat.com/mailman/listinfo/vfio-users
_______________________________________________
vfio-users mailing list
vfio-users@redhat.com
https://listman.redhat.com/mailman/listinfo/vfio-users
