When will the pve-manager (7.0-13) be released to the community repository?FYI, the create wizard got some new additions in the latest pve-manager (7.0-13) that is available on pvetest at time of writing:
View attachment 30069
With that one can create a TPM there directly (also possible to add on existing VMs via their Hardware tabs "Add -> TPM" button)
Further, with a newer qemu-server one can select if the EFI-vars template should contain pre-enrolled keys (from Linux distros and Microsoft) with Secure boot enabled:
View attachment 30070
Those two things setup allow an up-to-date Windows 11 installation in a VM (note Windows 11's increased minimum requirements on memory/storage space).
If one then installs win11 only to install Firefox and open the same PVE interface the VM is installed on and opens the console for proof, one can get a nice infinite-mirror
View attachment 30072
No. They mentioned earlier in this thread the 6 is on bug fixes and security only. They won't be back porting features.
Setup a nested PVE to test this, my poor 32GB desktop Install is groaning...
but it works.Can confirm TPM works perfect, passing that side of the W11 health test.
Noticed there's a new qemu-server (7.0-16) and efi (3.20210831-1), do they implement the UEFI secure boot as above? if so, can they be retoactively applied to an existing W10 install? not seeing any secure boot options in the UEFI bios for myexisting test W10 VM.
Last edited:
Setup a nested PVE to test this, my poor 32GB desktop Install is groaning...
Can confirm TPM works perfect, passing that side of the W11 health test.
Noticed there's a new qemu-server (7.0-16) and efi (3.20210831-1), do they implement the UEFI boot? if so, can they be retoactively applied to an existing W10 install? not seeing any secure boot options in the UEFI bios for myexisting test W10 VM.
Couldn't enable UEFI secure boot on my existing VM - options were there in the UEFI bios but disabled. I did try resetting the keys, but that made no difference.
I did setup a new W10 VM, UEFI bios had secure boot enabled by default and my VM passes the W11 health check.
Thanks! this is really awesome.
Last edited:
Thanks for your nested-KVM-CPU-time sacrifice and your feedback!Setup a nested PVE to test this, my poor 32GB desktop Install is groaning...
Can confirm TPM works perfect, passing that side of the W11 health test.
yes.
Well, yes but not straight forward. The thing is that existing VMs using a smaller build of OVMF (2 MB flash vs 4 MB flash), their size bump was required due to secure-boot and organic code-growth. Now, secure-boot basically needs the 4 MB firmware with SMM-enforcement support, but that one is not compatible with the legacy EFI vars file, as those are explicitly tailored for each build size.
So how can one switch the not-so-straight-forward-way you ask? You'd need to update to recent enough software in PVE 7.x, that'd be
pve-manager (>= 7.0-13), qemu-server (>= 7.0-16) and pve-edk2-firmware (>= 3.20210831-1), then remove the EFIdisk completely (see NOTE below!) and re-add a new one. When re-adding, you'd ideally keep the new "Pre-enrolled Keys" setting checked (as that saves you of enrolling MS keys yourself). With the updated packages version Proxmox VE'll defaults to the 4 MB build of OVMF, that comes with more bells and (secure-boot) whistles than the 2 MB one.NOTE: dropping the EFI vars disk and recreating it drops your boot entries from it, but you can re-add them for example see:
https://pve.proxmox.com/wiki/OVMF/UEFI_Boot_Entries
Or try to boot the Windows system manually once and then use the system repair thingy it has, also available on the ISO IIRC (not really a Windows-person though).
The VM from my screenshot is hosted on a PVE with an
Intel(R) Xeon(R) CPU E5-2620 v3, I used the default kvm64 as host but enabled a few CPU flags (as I usually do): flags=+md-clear;+pcid;+spec-ctrl;+ssbd;+aes, that worked out OK here.
No, all too much machinery updates and regression potential for a release that is in security-and-bugfix only maintenance mode. You need to upgrade to Proxmox VE 7.x for this.
I have broken all :/
I have added pvetest repo and upgrade the 3 paquets: pve-manager qemu-server pve-edk2-firmware
I had another version of trousers because of mortar framework installed:
root@pve:/mnt/temp/backup_ext# dpkg -l | grep trousers
iF trousers 0.3.14+fixed1-1.2 amd64 open-source TCG Software Stack (daemon)
It refuse to upgrade this packages:
trousers
swtpm-tools
qemu-server
proxmox-ve
pve-manager
pve-ha-manager
I tried install -f and --reinstall, but no succes
Now somes packages are not correctly configured
I have added pvetest repo and upgrade the 3 paquets: pve-manager qemu-server pve-edk2-firmware
I had another version of trousers because of mortar framework installed:
root@pve:/mnt/temp/backup_ext# dpkg -l | grep trousers
iF trousers 0.3.14+fixed1-1.2 amd64 open-source TCG Software Stack (daemon)
It refuse to upgrade this packages:
trousers
swtpm-tools
qemu-server
proxmox-ve
pve-manager
pve-ha-manager
Job for trousers.service failed because the control process exited with error code.
See "systemctl status trousers.service" and "journalctl -xe" for details.
invoke-rc.d: initscript trousers, action "start" failed.
● trousers.service - LSB: starts tcsd
Loaded: loaded (/etc/init.d/trousers; generated)
Active: failed (Result: exit-code) since Wed 2021-10-06 08:12:12 CEST; 4ms ago
Docs: man:systemd-sysv-generator(8)
Process: 862242 ExecStart=/etc/init.d/trousers start (code=exited, status=30)
CPU: 8ms
oct. 06 08:12:12 pve systemd[1]: Starting LSB: starts tcsd...
oct. 06 08:12:12 pve trousers[862242]: Starting Trusted Computing daemon: tcsd/etc/init.d/trousers: 32: [: /dev/tpm0: unexpected operator
oct. 06 08:12:12 pve tcsd[862247]: TCSD TDDL[862247]: TrouSerS ioctl: (25) Inappropriate ioctl for device
oct. 06 08:12:12 pve tcsd[862247]: TCSD TDDL[862247]: TrouSerS Falling back to Read/Write device support.
oct. 06 08:12:12 pve tcsd[862247]: TCSD TCS[862247]: TrouSerS ERROR: TCS GetCapability failed with result = 0x1e
oct. 06 08:12:12 pve trousers[862248]: failed!
oct. 06 08:12:12 pve systemd[1]: trousers.service: Control process exited, code=exited, status=30/n/a
oct. 06 08:12:12 pve systemd[1]: trousers.service: Failed with result 'exit-code'.
oct. 06 08:12:12 pve systemd[1]: Failed to start LSB: starts tcsd.
dpkg: erreur de traitement du paquet trousers (--configure) :
installed trousers package post-installation script subprocess returned error exit status 1
Paramétrage de libpve-access-control (7.0-5) ...
Paramétrage de libuutil3linux (2.1.1-pve1) ...
Paramétrage de libpve-http-server-perl (4.0-3) ...
Paramétrage de libzfs4linux (2.1.1-pve1) ...
dpkg: des problèmes de dépendances empêchent la configuration de swtpm-tools :
swtpm-tools dépend de trousers (>= 0.3.9) ; cependant :
Le paquet trousers n'est pas encore configuré.
dpkg: erreur de traitement du paquet swtpm-tools (--configure) :
problèmes de dépendances - laissé non configuré
Paramétrage de libzpool5linux (2.1.1-pve1) ...
dpkg: des problèmes de dépendances empêchent la configuration de qemu-server :
qemu-server dépend de swtpm-tools ; cependant :
Le paquet swtpm-tools n'est pas encore configuré.
dpkg: erreur de traitement du paquet qemu-server (--configure) :
problèmes de dépendances - laissé non configuré
Paramétrage de zfsutils-linux (2.1.1-pve1) ...
Installation de la nouvelle version du fichier de configuration /etc/zfs/zfs-functions ...
zfs-import-scan.service is a disabled or a static unit, not starting it.
dpkg: des problèmes de dépendances empêchent la configuration de proxmox-ve :
proxmox-ve dépend de qemu-server ; cependant :
Le paquet qemu-server n'est pas encore configuré.
dpkg: erreur de traitement du paquet proxmox-ve (--configure) :
problèmes de dépendances - laissé non configuré
dpkg: des problèmes de dépendances empêchent la configuration de pve-manager :
pve-manager dépend de qemu-server (>= 6.2-17) ; cependant :
Le paquet qemu-server n'est pas encore configuré.
dpkg: erreur de traitement du paquet pve-manager (--configure) :
problèmes de dépendances - laissé non configuré
Paramétrage de zfs-zed (2.1.1-pve1) ...
Installation de la nouvelle version du fichier de configuration /etc/zfs/zed.d/zed-functions.sh ...
Traitement des actions différées (« triggers ») pour libc-bin (2.31-13) ...
Traitement des actions différées (« triggers ») pour man-db (2.9.4-2) ...
dpkg: des problèmes de dépendances empêchent le traitement des actions différées pour pve-ha-manager :
pve-ha-manager dépend de qemu-server (>= 6.0-15) ; cependant :
Le paquet qemu-server n'est pas encore configuré.
dpkg: erreur de traitement du paquet pve-ha-manager (--configure) :
problèmes de dépendances - actions différées non exécutées
Des erreurs ont été rencontrées pendant l'exécution :
trousers
swtpm-tools
qemu-server
proxmox-ve
pve-manager
pve-ha-manager
E: Sub-process /usr/bin/dpkg returned an error code (1)
See "systemctl status trousers.service" and "journalctl -xe" for details.
invoke-rc.d: initscript trousers, action "start" failed.
● trousers.service - LSB: starts tcsd
Loaded: loaded (/etc/init.d/trousers; generated)
Active: failed (Result: exit-code) since Wed 2021-10-06 08:12:12 CEST; 4ms ago
Docs: man:systemd-sysv-generator(8)
Process: 862242 ExecStart=/etc/init.d/trousers start (code=exited, status=30)
CPU: 8ms
oct. 06 08:12:12 pve systemd[1]: Starting LSB: starts tcsd...
oct. 06 08:12:12 pve trousers[862242]: Starting Trusted Computing daemon: tcsd/etc/init.d/trousers: 32: [: /dev/tpm0: unexpected operator
oct. 06 08:12:12 pve tcsd[862247]: TCSD TDDL[862247]: TrouSerS ioctl: (25) Inappropriate ioctl for device
oct. 06 08:12:12 pve tcsd[862247]: TCSD TDDL[862247]: TrouSerS Falling back to Read/Write device support.
oct. 06 08:12:12 pve tcsd[862247]: TCSD TCS[862247]: TrouSerS ERROR: TCS GetCapability failed with result = 0x1e
oct. 06 08:12:12 pve trousers[862248]: failed!
oct. 06 08:12:12 pve systemd[1]: trousers.service: Control process exited, code=exited, status=30/n/a
oct. 06 08:12:12 pve systemd[1]: trousers.service: Failed with result 'exit-code'.
oct. 06 08:12:12 pve systemd[1]: Failed to start LSB: starts tcsd.
dpkg: erreur de traitement du paquet trousers (--configure) :
installed trousers package post-installation script subprocess returned error exit status 1
Paramétrage de libpve-access-control (7.0-5) ...
Paramétrage de libuutil3linux (2.1.1-pve1) ...
Paramétrage de libpve-http-server-perl (4.0-3) ...
Paramétrage de libzfs4linux (2.1.1-pve1) ...
dpkg: des problèmes de dépendances empêchent la configuration de swtpm-tools :
swtpm-tools dépend de trousers (>= 0.3.9) ; cependant :
Le paquet trousers n'est pas encore configuré.
dpkg: erreur de traitement du paquet swtpm-tools (--configure) :
problèmes de dépendances - laissé non configuré
Paramétrage de libzpool5linux (2.1.1-pve1) ...
dpkg: des problèmes de dépendances empêchent la configuration de qemu-server :
qemu-server dépend de swtpm-tools ; cependant :
Le paquet swtpm-tools n'est pas encore configuré.
dpkg: erreur de traitement du paquet qemu-server (--configure) :
problèmes de dépendances - laissé non configuré
Paramétrage de zfsutils-linux (2.1.1-pve1) ...
Installation de la nouvelle version du fichier de configuration /etc/zfs/zfs-functions ...
zfs-import-scan.service is a disabled or a static unit, not starting it.
dpkg: des problèmes de dépendances empêchent la configuration de proxmox-ve :
proxmox-ve dépend de qemu-server ; cependant :
Le paquet qemu-server n'est pas encore configuré.
dpkg: erreur de traitement du paquet proxmox-ve (--configure) :
problèmes de dépendances - laissé non configuré
dpkg: des problèmes de dépendances empêchent la configuration de pve-manager :
pve-manager dépend de qemu-server (>= 6.2-17) ; cependant :
Le paquet qemu-server n'est pas encore configuré.
dpkg: erreur de traitement du paquet pve-manager (--configure) :
problèmes de dépendances - laissé non configuré
Paramétrage de zfs-zed (2.1.1-pve1) ...
Installation de la nouvelle version du fichier de configuration /etc/zfs/zed.d/zed-functions.sh ...
Traitement des actions différées (« triggers ») pour libc-bin (2.31-13) ...
Traitement des actions différées (« triggers ») pour man-db (2.9.4-2) ...
dpkg: des problèmes de dépendances empêchent le traitement des actions différées pour pve-ha-manager :
pve-ha-manager dépend de qemu-server (>= 6.0-15) ; cependant :
Le paquet qemu-server n'est pas encore configuré.
dpkg: erreur de traitement du paquet pve-ha-manager (--configure) :
problèmes de dépendances - actions différées non exécutées
Des erreurs ont été rencontrées pendant l'exécution :
trousers
swtpm-tools
qemu-server
proxmox-ve
pve-manager
pve-ha-manager
E: Sub-process /usr/bin/dpkg returned an error code (1)
I tried install -f and --reinstall, but no succes
Now somes packages are not correctly configured
proxmox-ve: not correctly installed (running kernel: 5.11.22-5-pve) pve-manager: not correctly installed (running version: 7.0-13/7aa7e488) pve-kernel-helper: 7.1-2 pve-kernel-5.11: 7.0-8 pve-kernel-5.11.22-5-pve: 5.11.22-10 pve-kernel-5.11.22-4-pve: 5.11.22-9 ceph-fuse: 14.2.21-1 corosync: 3.1.5-pve1 criu: 3.15-1+pve-1 glusterfs-client: 9.2-1 ifupdown2: 3.1.0-1+pmx3 ksmtuned: 4.20150326 libjs-extjs: 7.0.0-1 libknet1: 1.22-pve1 libproxmox-acme-perl: 1.3.0 libproxmox-backup-qemu0: 1.2.0-1 libpve-access-control: 7.0-5 libpve-apiclient-perl: 3.2-1 libpve-common-perl: 7.0-10 libpve-guest-common-perl: 4.0-2 libpve-http-server-perl: 4.0-3 libpve-storage-perl: 7.0-12 libspice-server1: 0.14.3-2.1 lvm2: 2.03.11-2.1 lxc-pve: 4.0.9-4 lxcfs: 4.0.8-pve2 novnc-pve: 1.2.0-3 proxmox-backup-client: 2.0.11-1 proxmox-backup-file-restore: 2.0.11-1 proxmox-mini-journalreader: 1.2-1 proxmox-widget-toolkit: 3.3-6 pve-cluster: 7.0-3 pve-container: 4.0-10 pve-docs: 7.0-5 pve-edk2-firmware: 3.20210831-1 pve-firewall: 4.2-3 pve-firmware: 3.3-2 pve-ha-manager: not correctly installed pve-i18n: 2.5-1 pve-qemu-kvm: 6.0.0-4 pve-xtermjs: 4.12.0-1 qemu-server: not correctly installed smartmontools: 7.2-pve2 spiceterm: 3.2-2 vncterm: 1.7-1 zfsutils-linux: 2.1.1-pve1
Was your system installed quite a while ago? E.g., with a PVE version older than 5.0? As this seems like some sysv-to-systemd compat package issue that one only gets if installed. Anyhow, I'll look into it and see if I can fix trousers init.d script, thanks for your report!
We re-build the upstream package with a more resilient postinst and init script and uploaded that to pvetest as
trousers in version 0.3.14+fixed1-1.2+pve1 (FWIW, the "fixed" part in the version was already there and not my invention )An error may still get printed on update, but it should not fail the whole update itself anymore (which is not really useful to do then anyway).
Can you try
apt update and another apt full-upgrade (or manual apt -f install trousers)Thanks! I'll look into that.
nb. Did a clean W11 ISO install, no drama's
Interesting thing was the .208 virtio ISO installed with no issues as well, it failed on the W11 insider releases.
I think this should work out of the box. If it doesn't work leave your CPU in common KVM, this will work for sure.
I upgraded from 6 to 7.
Its works with the new package ! Thanks you !
After shutdown and restart:
Its works with the new package ! Thanks you !
After shutdown and restart:
Last edited:
You can also bypass most (all?) requirements of the windows installer if you just deploy it using command prompt. Press Shift + F10 and use diskpart for partitioning and dism /apply-image to apply the w11 image you want. I used this method to deploy latest w11 insider. I have no vTPM, or secure boot and it works. I'm using a fairly recent CPU in host mode though
Could you please tell me more precisely how you installed Windows 11 without TPM / SecureBoot?
Nope, it doesn't, fails the CPU test. I imagine there's some flags you can set though, haven't looked into it yet.