When attempting to install Windows 11 in QEMU, you may encounter the "unsupported hardware" message. This occurs because QEMU does not enable TPM 2.0 support by default.
To resolve this issue, you will need to add virtual hardware to the hardware list that passes requests through to the onboard chip, as demonstrated below (image from virt-manager):
After performing this step, you may receive an error stating that "/dev/fdset/3" "is not a TPM device". This is simply a permissions issue that can be resolved by adding the "/dev/tpm0 rw," line in "/etc/apparmor.d/abstractions/libvirt-qemu" right before the line that reads "/dev/net/tun rw," and restarting AppArmor if you have VMs already running. The final file should look like:
If you want to use bitlocker
I encountered a problem with BitLocker while using TPM passthrough, which required me to manually input the recovery key each time. To resolve this issue, I ended up using a TPM emulation, following the steps outlined in this article. It's important to choose the correct Linux codename during this process. I mistakenly selected "focal" instead of "jammy," resulting in an error related to libssl1.1 – a version not officially supported in Ubuntu 22.
Additionally, I needed to manually populate the keys as detailed in this thread, in order to enable secure boot in the UEFI BIOS. Be sure to review the comment below the answer, which addresses the missing "count=1" parameter; otherwise, you may end up with an excessively large keys.img file.
References:
https://askubuntu.com/questions/1365829/qemu-failed-to-passthrough-a-tpm-device
https://www.reddit.com/r/Fedora/comments/qqw3sq/qemu_video_virtio_opengl_not_available_after/
https://superuser.com/questions/1725915/auto-resize-vm-with-windows-greyed-out-since-graphics-type-vnc-does-not-supp
No comments:
Post a Comment