[SOLVED] vTPM for Proxmox

[adhossain]

The latest release preview of Windows 11 requires TPM2.0 and Secure boot which is now mandatory for all installations including VM.

Has anyone managed to solve this?

I tried to follow this but failed vTPM and Secureboot capability in a Proxmox-KVM [For Windows 11]

 

[tom]

We are working on TPM already and I assume we are ready to release something quite soon.

 

[adhossain]

We are working on TPM already and I assume we are ready to release something quite soon.

Great news and thank you very much

 

[sporknife]

I'm thrilled to see this! I followed the same path as @adhossain and was unsuccessful. Getting a PVE-supported solution will be awesome. Microsoft are making odd decisions with the W11 rollout.

 

[mohadib521]

The latest release preview of Windows 11 requires TPM2.0 and Secure boot which is now mandatory for all installations including VM.

Has anyone managed to solve this?

I tried to follow this but failed vTPM and Secureboot capability in a Proxmox-KVM [For Windows 11]

try this link Secure Boot for Windows Virtual Machines on Proxmox – gareth.com (do not use in production)

 

[adhossain]

try this link Secure Boot for Windows Virtual Machines on Proxmox – gareth.com (do not use in production)

Thanks. That was really easy

 

[LightningManGTS]

We are working on TPM already and I assume we are ready to release something quite soon.

I know secure boot being available natively to ovmf that is packaged with proxmox is being looked into however will we have to recreate the VM's to enable these features or is this something we can add to existing VM's?

 

[ojaksch]

While easyily installing and running W11 on ArchLinux/LibVirt I've just tried that on my PVE 7.0-13 (no-subscription) (PowerEdge R620, Xeon E5-2650) and I was astonished that this has worked at first attempt. I did no tweaks nor patches, just using the original MS ISO file, VirtIO ISO and the attached settings. Voila and cheerio!

 

[gmed]

These days, we've started evaluating of Win11.
Before, we did the upgrade to PVE7.0.13 and it works like a charme.
Creating a new VM as Q35-06 with UEFI instead Seabios, adding UEFI-Storage and a vTMP (you can choose your flavour) is very straight forward and easy.
Windows-Setup was just as usual and hardware-manager shows the TPM as security device.
We did backup and restore test, all good, cloning wasn't a show-stopper, too.

Until now, thumps up,

 

[yomi]

Hi, is it possible to add vTPM to an existing VM?

 

[cromatn5]

Remove existing EFI disk and create a new one, with pre-enroll keys.
You will have to recreate the boot in vBIOS.

 

[gmed]

Hi, is it possible to add vTPM to an existing VM?

Yes, you can add it.
But your maschin-type has to be Q35-6, it needs OMV + UEFI-Storage with preenrolled Keys.
So it may get difficult to implement all requirements for WIN11.

 

[yomi]

Thanks! I added a vTPM disk and all seems good. I had machine type Q35, UEFI and an EFI disk already configured.

Windows 11 health check gave me all green ticks.

I had set up my EFI disk with pre-enroll keys initially and it seems I didn’t have to remove and add it back.

 

[sporknife]

All good on a single-node installation.

I had to switch to the non-sub repo to get 7.0-13. Installing vTPM on existing VMs worked for me, with no other modifications. My VMs are set up as pc-q35-6.0/OVMF with EFI.

Super easy.

 

[docorange6]

Do I need TPM enabled on the host in order to use it on the VM?

 

[jasonsansone]

Do I need TPM enabled on the host in order to use it on the VM?

No. Only if you want to passthrough a real TPM. The vTPM is entirely virtualized.