Enable emulated TPM in KVM

Page 2 of 2 FirstFirst 12
  1. cereberus's Avatar
    Posts : 12,474
    Windows10
    Thread Starter
       #11

    Hopachi said:
    The two packages mentioned should work: swtpm, swtpm-tools.
    Though I'm not sure for Ubuntu the exact command you need...

    - - - Updated - - -


    So your Linux TPM installation you need is in KVM in Ubuntu VM under Hyper-V?
    Why not.
    I am running a Windows VM in KVM running in a HyperV VM.

    My plan if I can get it to work is to use older PC to run Windows 11 without having to bypass TPM. It is more as 'proof of concept' rather than any need to do so.
      My Computer

  2. jimbo45's Avatar
    Posts : 10,952
    Windows / Linux : Arch Linux
       #12

    cereberus said:
    I am running a Windows VM in KVM running in a HyperV VM.
    @cereberus

    My plan if I can get it to work is to use older PC to run Windows 11 without having to bypass TPM. It is more as 'proof of concept' rather than any need to do so.
    Hi there
    @cereberus

    On an older PC even with only MBR and BIOS you can get KVM and W11 to work with TPM emulator and UEFI sec boot.
    The trick is to reduce the OS overhead -- KVM being a HYPERVISOR is very efficient in that regard. If you don't say install a GUI you can create the VM -- the easiest way is by "cheating" -- use a VM you've created with the virt-manager in a GUI and then copy the XML file !!.

    This UBUNTU link from Google should enable you to set it up properly --- don't forget of course you'll also need package ovmf to enable sec boot and UEFI in the VM's virtual BIOS. Use the bottom bit "testing without a resource manager" for your Windows VM.

    TPM/Testing - Ubuntu Wiki.

    for OVMF on ubuntu :

    How to install ovmf ubuntu package on Ubuntu 20.04/Ubuntu 18.04/Ubuntu 19.04/Ubuntu 16.04

    some installations when starting the libvirt(d) service might error out on missing dmidecode --install that as well if needed -- you can check that the libvirt service is running -- as root / sudo : systemctl status libvirt (or on some distros it might be called libvirtd.

    remote access to the VM is easily enough done via RDP from a Windows laptop or things like xrdp from a Linux desktop. You can logoff the host completely and still access the VM remotely.

    Note though for VM->HOST communication you need to set up a macvtap NIC -- see previous notes on how to achieve that.

    E.g filezilla from VM to HOST via sftp://192.168.254.1

    Enable emulated TPM in KVM-screenshot_20210908_092236.png

    for HOST>VM communication just use the VM's IP address.

    VM has normal network access to rest of your LAN and standard Internet access.

    When re-booting the HOST you can enable if you want the VM to start automatically. Ensure network services are started automatically on the HOST as well e.g systemctl enable NetworkManager (or whatever the network services are called on UBUNTU if that's what you are using.

    This thing flies on an old Sony VAIO laptop -- doesn't even have USB3 ports -- but does have HDMI screen and decent (although a very old) i5 processor and I replaced the laptop HDD with an SSD.

    Cheers
    jimbo
    Last edited by jimbo45; 08 Sep 2021 at 03:26. Reason: Added image of VM to Host communication
      My Computer

  3. Hopachi's Avatar
    Posts : 1,293
    Linux: Fedora 3x 64-bit / Windows 10 Pro 64-bit in VM
       #13

    cereberus said:
    I am running a Windows VM in KVM running in a HyperV VM.

    My plan if I can get it to work is to use older PC to run Windows 11 without having to bypass TPM. It is more as 'proof of concept' rather than any need to do so.
    Yes, as a proof of concept, it gets you assured to meet the requirement.

    But as of now, with W11 still in beta, you don't need the TPM in the VM as it will install without question.
    There might be a VM detection during install.

    So unless this requirement gets enforced in RTM, you can install W11 in VM without TPM.
    Do correct me if I'm wrong, last time I installed from ISO (22000.100) it was working properly.
      My Computers

  4. jimbo45's Avatar
    Posts : 10,952
    Windows / Linux : Arch Linux
       #14

    Hi there

    @Hopachi

    My view is that if running on a VM one should try and replicate the hardware requirements to prevent updates etc breaking it. It *Might* be possible to install without a VM but you certainly will need UEFI boot. Since also on both Linux and Windows Hosts TPM's can be emulated it seems a bit of a waste not to set them up.

    remember also for HOST TO GUEST communication use the IP with the BLANK default gateway - not the physical IP address
    so in this case the IP address to be used is NOT 192.168.1.187 but 192.168.254.104.

    Enable emulated TPM in KVM-screenshot_20210908_120027.png

    I've shown the other way around in a couple of posts back for GUEST TO HOST

    (For the rest of a LAN the physical addr of the VM is acessible. The VM also has access to network and internet as usual).

    It's a bit fiddly but easily enough done.

    jimbo
      My Computer

  5. Hopachi's Avatar
    Posts : 1,293
    Linux: Fedora 3x 64-bit / Windows 10 Pro 64-bit in VM
       #15

    Thanks for the details Jimbo.
    I'll have to tweak more with networking on that regard.

    jimbo45 said:
    My view is that if running on a VM one should try and replicate the hardware requirements to prevent updates etc breaking it. It *Might* be possible to install without a VM but you certainly will need UEFI boot. Since also on both Linux and Windows Hosts TPM's can be emulated it seems a bit of a waste not to set them up.
    True. It makes the solution bulletproof. And it runs as required. I'm not against it and I highly recommend this for the sake of compatibility.
    In the more extreme cases / older hardware: My view is "if it works without it, don't add it" what would make the VM slighly lighter in resources and cpu usage for an older machine.
    Not that this will be visible in performance but it's possible; the VM tends to get quite heavy for the older cpu's. So the less emulated hardware the better.
    remember also for HOST TO GUEST communication use the IP with the BLANK default gateway - not the physical IP address
    This I do with copy/paste, be it either in KVM and Hyper-V it works.

    I've shown the other way around in a couple of posts back for GUEST TO HOST
    This is more challenging. For me. As I haven't fiddled with FileZilla that way.
    Yes, I'll have to try that out.
    What I use now is usb / disk pass-through to get the data out.
      My Computers

  6. cereberus's Avatar
    Posts : 12,474
    Windows10
    Thread Starter
       #16

    My problem is I cannit work out how to install swtpm on unbuntu. Web shows lot of info but assume a deep knowledge of linux and it should not be that hard to do.
      My Computer


  7. Hopachi's Avatar
    Posts : 1,293
    Linux: Fedora 3x 64-bit / Windows 10 Pro 64-bit in VM
       #17

    cereberus said:
    My problem is I cannit work out how to install swtpm on unbuntu. Web shows lot of info but assume a deep knowledge of linux and it should not be that hard to do.
    Check this:
    TPM/Testing - Ubuntu Wiki
    The important note below the page: official binary packages not available at the moment.

    So not the most easiest in Ubuntu at the moment.
    But still it can be done.

    Add this ppa as shown here to be able to install:
    swtpm : Scott Moser
    Last edited by Hopachi; 08 Sep 2021 at 17:24. Reason: added note
      My Computers

  8. jimbo45's Avatar
    Posts : 10,952
    Windows / Linux : Arch Linux
       #18

    cereberus said:
    My problem is I cannit work out how to install swtpm on unbuntu. Web shows lot of info but assume a deep knowledge of linux and it should not be that hard to do.


    Hi there
    @cereberus

    Check post a few back on installing tpm on ubuntu - the main thing for Linux users you need to be in "Super user" mode which means either run as root (type su from the terminal and enter a password) or if some distros don't allow root then use sudo.

    to install a package on Linux - it's usually quite simple -- depending on the distro it's commands like pacman -S package, yum install package or probably on ubuntu (I don't usually run ubuntu as I stick to fedora and Arch Linux) it's apt-get install package.

    So to install ovmf on ubuntu :

    sudo apt-get install -y ovmf

    same for swtpm, swtpm-tools and possibly dmidecode. For the KVM virtual machine manager it's probably on Ubuntu apt-get install virt-manager.

    now re-boot and you are "good to go".

    Note also in Linux most of the configuration files are text type files (with maybe the odd xml one or two) in directory /etc (under root which is '/'. These files can be edited with any file manager --even Windows notepad - or if you can handle a command type line editor use NANO or VIM.

    The package manager will do any necessary compiling, "unzipping", configuration set up etc etc. Installing packages on Linux actually can be a lot less hassle than installing things in Windows !!!!!

    Cheers
    jimbo
      My Computer


 
Page 2 of 2 FirstFirst 12

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 10:42.
Find Us




Windows 10 Forums