vTPM support - do we have guide to add the vTPM support?

Yes, just realised my HP DL360P might need a physical TPM card.
Would be nice to have some idea about what Proxmox will do about TPM - as you can imagine and have said passthrough won't really work when you have 3 Windows 11 VM's
I have been able to install the "leaked" dev build of 11 and so far runs without TPM on there.
 
Last edited:
Hopefully someone's working on vTPM for PVE, cause Winblows 11 would require it....
Its better to have some type of implementation, instead of all the trickery that would otherwise be required to install W11 w/o TPM.
 
Windows Server 2022 requires Secure Boot with TPM 2.0. VMware has TPM for quite some time. oVirt added TPM 2.0 with Version 4.4.6 and so does RHEV. I hope we see TPM support soon. Customers Buying Windows Server 2022 without Assurance has no way to run it on Proxmox because they have no downgrade right.
 
Another question I have is that I am still on PVE 6.4 - with no plans to upgrade until EOL - if secure boot/vTPM is implemented (in v7) - will it be ported to 6.4 as it is not EOL yet?
 
Another question I have is that I am still on PVE 6.4 - with no plans to upgrade until EOL - if secure boot/vTPM is implemented (in v7) - will it be ported to 6.4 as it is not EOL yet?
No, Proxmox VE 6.4 in security and bug-fix only mode, so we won't backport new features.
 
  • Like
Reactions: Ming-Yuan Yu
That's a bit gross then. At least Windows 11 isn't production yet. :/
How so? You can always just upgrade (in-place) to Proxmox VE 7.x, and we never suggested that we'd backport features, especially not bigger ones, to older releases.
 
  • Like
Reactions: Ming-Yuan Yu
How so? You can always just upgrade (in-place) to Proxmox VE 7.x, and we never suggested that we'd backport features, especially not bigger ones, to older releases.
It's my problem to deal with. Upgrading with LXC's to v7 seems painful (especially when I checked a month or two ago with CT's getting broken), and I am using a host that only workings with GPU stuff with 5.4 kernel.
 
I hope Proxmox staff is now back from holidays ;) and will make a release supporting TPM 2.0 officially so Windows 11 RTM can be used on Proxmox as soon as it gets released.
There's a pve-manager (7.0-12), qemu-server (7.0-15) and pve-edk2-firmware (3.20200531-2) package (with new tpm related dependencies) version available on pvetest. They implement support for adding a TPM v1.2 or v2.0 for VMs.

OVMF with secureboot (that also MS can use) is currently being worked on.
 
Last edited:
  • Like
Reactions: Ming-Yuan Yu
There's a pve-manager (7.0-12), qemu-server (7.0-15) and pve-edk2-firmware (3.20200531-2) package (with new tpm related dependencies) version available on pvetest. They implement support for adding a TPM v1.2 or v2.0 for VMs.

OVMF with secureboot (that also MS can use) is currently worked on

Oh excellent - thanks!

I've never been tempted to try pvetest before...
 
FYI, the create wizard got some new additions in the latest pve-manager (7.0-13) that is available on pvetest at time of writing:
1633458657087.png

With that one can create a TPM there directly (also possible to add on existing VMs via their Hardware tabs "Add -> TPM" button)
Further, with a newer qemu-server one can select if the EFI-vars template should contain pre-enrolled keys (from Linux distros and Microsoft) with Secure boot enabled:

1633458718086.png

Those two things setup allow an up-to-date Windows 11 installation in a VM (note Windows 11's increased minimum requirements on memory/storage space).

If one then installs win11 only to install Firefox and open the same PVE interface the VM is installed on and opens the console for proof, one can get a nice infinite-mirror ;)
win11-pve-inception.png
 
Last edited:
FYI, the create wizard got some new additions in the latest pve-manager (7.0-13) that is available on pvetest at time of writing:
View attachment 30069

With that one can create a TPM there directly (also possible to add on existing VMs via their Hardware tabs "Add -> TPM" button)
Further, with a newer qemu-server one can select if the EFI-vars template should contain pre-enrolled keys (from Linux distros and Microsoft) with Secure boot enabled:

View attachment 30070

Those two things setup allow an up-to-date Windows 11 installation in a VM (note Windows 11's increased minimum requirements on memory/storage space).

If one then installs win11 only to install Firefox and open the same PVE interface the VM is installed on and opens the console for proof, one can get a nice infinite-mirror ;)
View attachment 30072

Is there an easy way to spoof the processor while still passing through all flags in the same manner as Host? I have Intel E5-2697 v4 chips in my cluster, but MS has deemed those antiquated and incapable of running a basic OS...
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!