Windows 11 discussion - fully supported by VirtualBox 7.0
-
- Posts: 71
- Joined: 12. Aug 2021, 19:51
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows 11 22H2
- Location: US
Re: Windows 11 compatibility is being worked on
FranceBB;
I posted in the Windows 10 Security and VirtualBox forum (Under Windows Host) that I got an update from Windows and HP that brought my fTPM (AMD) and Windows 10 up to a newer version of 21H1 (took a good while to update) and fTPM 2.0. Right away, we had errors from the Security Tools, and had to reinstall Windows (preserve files) to get the system back up. Then MS started offering me Windows 11, just to tell me my CPU was not good enough! I think (from what I have read so far) that the hardware TPM (you need one I think even for a soft TPM to communicate with) that can work in 2.0 mode has to be setup for that, but can also run as a 1.2 device. This happens early in the program interface for the TPM device (Like it is asking "How do I run?" 1.2 or 2.0) and I do not think they are compatable (i.e. a 1.2 can't understand 2.0 additional commands, but a 2.0 can understand 1.2 ) and it is not very tolerant of mistakes in programming.... it can see those as hacking attempts and lockup on a timer! Just be careful please. Huge learning curve here (And I thought Windows 3.11 was hard.... geez)
I posted in the Windows 10 Security and VirtualBox forum (Under Windows Host) that I got an update from Windows and HP that brought my fTPM (AMD) and Windows 10 up to a newer version of 21H1 (took a good while to update) and fTPM 2.0. Right away, we had errors from the Security Tools, and had to reinstall Windows (preserve files) to get the system back up. Then MS started offering me Windows 11, just to tell me my CPU was not good enough! I think (from what I have read so far) that the hardware TPM (you need one I think even for a soft TPM to communicate with) that can work in 2.0 mode has to be setup for that, but can also run as a 1.2 device. This happens early in the program interface for the TPM device (Like it is asking "How do I run?" 1.2 or 2.0) and I do not think they are compatable (i.e. a 1.2 can't understand 2.0 additional commands, but a 2.0 can understand 1.2 ) and it is not very tolerant of mistakes in programming.... it can see those as hacking attempts and lockup on a timer! Just be careful please. Huge learning curve here (And I thought Windows 3.11 was hard.... geez)
-
- Posts: 71
- Joined: 12. Aug 2021, 19:51
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows 11 22H2
- Location: US
Re: Windows 11 compatibility is being worked on
mpack scottgus1 and Oracle Team;
I resubmitted a post from me (as a user... or product, I forget what role I am supposed to play anymore) here is what I sent to MS (Under Windows 11 Security and Privacy:
When using enhanced security, how to properly load and use "other programs" (i.e. Open Office, java, python, VirtualBox, etc.) without upsetting the Virus threat protection or core isolation features?
Will Windows 11 Pro allow a Windows Host machine to be set to "allow" Hardware enabled Type 2 Hypervisors like VirtualBox to run while maintaining Security Sanity in the Windows Userspace, or will Windows have to be less secure to allow this (with Warnings to the end user about features and how they will be effected)?
Further, who will be allowed to decide this, the end user or Windows? Please provide an appropriate response as other professionals need to know your direction in this area.
Let us see if this gets a reply (I'm posting it here to let you know we are also trying to get their compass heading, and in case they are here in our forum area).
I resubmitted a post from me (as a user... or product, I forget what role I am supposed to play anymore) here is what I sent to MS (Under Windows 11 Security and Privacy:
When using enhanced security, how to properly load and use "other programs" (i.e. Open Office, java, python, VirtualBox, etc.) without upsetting the Virus threat protection or core isolation features?
Will Windows 11 Pro allow a Windows Host machine to be set to "allow" Hardware enabled Type 2 Hypervisors like VirtualBox to run while maintaining Security Sanity in the Windows Userspace, or will Windows have to be less secure to allow this (with Warnings to the end user about features and how they will be effected)?
Further, who will be allowed to decide this, the end user or Windows? Please provide an appropriate response as other professionals need to know your direction in this area.
Let us see if this gets a reply (I'm posting it here to let you know we are also trying to get their compass heading, and in case they are here in our forum area).
-
- Posts: 115
- Joined: 20. May 2017, 05:07
- Primary OS: Fedora other
- VBox Version: OSE Fedora
- Guest OSses: Windows XP x86
- Contact:
Re: Windows 11 compatibility is being worked on
Ahhh, so it's the hardware TPM of the host passed to the VM when we select Windows 11 in Virtualbox, I see!!Oracleiscool wrote:I think (from what I have read so far) that the hardware TPM (you need one I think even for a soft TPM to communicate with) that can work in 2.0 mode has to be setup for that, but can also run as a 1.2 device.
Well, the problem is that I actually have mine disabled along with Secure Boot in the host 'cause I'm running Fedora.
If I enable Secure Boot and TPM I guess I'll have to sign the module to load in the kernel every time, otherwise no Virtualbox, so I wouldn't really wanna do that.
I got misguided by this post:
fth0 wrote: With r147373, you can create a new VM, choose Windows 11 as the guest OS type, and install it as usual. A virtual TPM 2.0 will be provided automatically to the guest OS in that case. But note that it's still a work in progress, so surprises are to be expected.
'cause it clearly says "a virtual TPM 2.0", but it doesn't seem to be the case then...
Re: Windows 11 compatibility is being worked on
VirtualBox will not pass through the host TPM unless configured using VBoxManage explicitly. The default is to provide a fully virtual TPM.
-
- Posts: 71
- Joined: 12. Aug 2021, 19:51
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows 11 22H2
- Location: US
Re: Windows 11 compatibility is being worked on
FranceBB;
Yes, and I think this was all decided years ago when they started implementing TPM (With a lot of support from MS). And the programming language is all out there with LOTS of Warnings about borking your non-compliant OS's like any Linux that is still trying to get their different distributions to play nice with Windows and TPM.
Their goals (MS) are clearly stated in their writings in the USA to get Windows as secure as a DOD/NSA level device (Which most of them run Tor/Linux by design,so I find that funny ) .
They say (linux) security TPM was not on their map since their software os is very secure by design. Windows, on the other hand, went down the road less travelled and made it a hardware/software bindery and anything that interferes with that design is going to be a problem for them and the other OS makers.
Saw an update from MS yesterday that Windows 11 linux support will only be available in the Microsoft Store (WSL2) and that is only Ubuntu like bash shell console (No GUI).
I have been asking questions for weeks now about their exceptions for us in the open source world, and getting no replies from MS. Figures
Yes, and I think this was all decided years ago when they started implementing TPM (With a lot of support from MS). And the programming language is all out there with LOTS of Warnings about borking your non-compliant OS's like any Linux that is still trying to get their different distributions to play nice with Windows and TPM.
Their goals (MS) are clearly stated in their writings in the USA to get Windows as secure as a DOD/NSA level device (Which most of them run Tor/Linux by design,so I find that funny ) .
They say (linux) security TPM was not on their map since their software os is very secure by design. Windows, on the other hand, went down the road less travelled and made it a hardware/software bindery and anything that interferes with that design is going to be a problem for them and the other OS makers.
Saw an update from MS yesterday that Windows 11 linux support will only be available in the Microsoft Store (WSL2) and that is only Ubuntu like bash shell console (No GUI).
I have been asking questions for weeks now about their exceptions for us in the open source world, and getting no replies from MS. Figures
-
- Posts: 71
- Joined: 12. Aug 2021, 19:51
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows 11 22H2
- Location: US
Re: Windows 11 compatibility is being worked on
FranceBB
I stand corrected on the TPM (Hard vs. Soft). Sorry Oracle. So maybe Windows 11 is smart enough to know what it wants, it just needs their approval (MS) to run as it is setup? Like they would need to approve the device (Hard or Soft) or its game over. No boot?
I stand corrected on the TPM (Hard vs. Soft). Sorry Oracle. So maybe Windows 11 is smart enough to know what it wants, it just needs their approval (MS) to run as it is setup? Like they would need to approve the device (Hard or Soft) or its game over. No boot?
-
- Posts: 115
- Joined: 20. May 2017, 05:07
- Primary OS: Fedora other
- VBox Version: OSE Fedora
- Guest OSses: Windows XP x86
- Contact:
Re: Windows 11 compatibility is being worked on
Perfect. Yeah a Virtual TPM is exactly what most people (including me) actually want, however changing the VM type to Windows 11 doesn't seem to have any effect on the TPM in the development revision 147373 as per my screenshot (see the post in the former page).aeichner wrote:VirtualBox will not pass through the host TPM unless configured using VBoxManage explicitly. The default is to provide a fully virtual TPM.
Do we have to specify something using the terminal?
Side note: since Windows 11 actually requires a recent CPU, I think it would be worth adding more profiles to: https://www.virtualbox.org/browser/vbox ... 81605#L188
In Line 188 I can see:
Code: Select all
188 #ifndef CPUM_DB_STANDALONE
189
190 #include "cpus/Intel_Core_i7_6700K.h"
191 #include "cpus/Intel_Core_i7_5600U.h"
192 #include "cpus/Intel_Core_i7_3960X.h"
193 #include "cpus/Intel_Core_i5_3570.h"
194 #include "cpus/Intel_Core_i7_2635QM.h"
195 #include "cpus/Intel_Xeon_X5482_3_20GHz.h"
196 #include "cpus/Intel_Core2_X6800_2_93GHz.h"
197 #include "cpus/Intel_Core2_T7600_2_33GHz.h"
198 #include "cpus/Intel_Core_Duo_T2600_2_16GHz.h"
199 #include "cpus/Intel_Pentium_M_processor_2_00GHz.h"
200 #include "cpus/Intel_Pentium_4_3_00GHz.h"
201 #include "cpus/Intel_Pentium_N3530_2_16GHz.h"
202 #include "cpus/Intel_Atom_330_1_60GHz.h"
203 #include "cpus/Intel_80486.h"
204 #include "cpus/Intel_80386.h"
205 #include "cpus/Intel_80286.h"
206 #include "cpus/Intel_80186.h"
207 #include "cpus/Intel_8086.h"
208
209 #include "cpus/AMD_FX_8150_Eight_Core.h"
210 #include "cpus/AMD_Phenom_II_X6_1100T.h"
211 #include "cpus/Quad_Core_AMD_Opteron_2384.h"
212 #include "cpus/AMD_Athlon_64_X2_Dual_Core_4200.h"
213 #include "cpus/AMD_Athlon_64_3200.h"
214
215 #include "cpus/VIA_QuadCore_L4700_1_2_GHz.h"
216
217 #include "cpus/ZHAOXIN_KaiXian_KX_U5581_1_8GHz.h"
218
219 #include "cpus/Hygon_C86_7185_32_core.h"
#include "cpus/Intel_Core_i7_1195G7.h" to mimic the ID of a recent, Windows 11 supported, CPU would be cool. https://www.intel.co.uk/content/www/uk/ ... tions.html - https://docs.microsoft.com/en-us/window ... processors
Last edited by FranceBB on 13. Oct 2021, 18:30, edited 1 time in total.
Re: Windows 11 compatibility is being worked on
There should be nothing required apart from setting the guest OS type to Windows 11 when creating the VM. Note that setting the guest OS type after the VM was created will not apply default but keep the current settings. Do you have a VBox.log?
-
- Volunteer
- Posts: 2561
- Joined: 30. May 2007, 18:05
- Primary OS: Fedora other
- VBox Version: PUEL
- Guest OSses: XP, Win7, Win10, Linux, OS/2
Re: Windows 11 compatibility is being worked on
You are reading this the wrong way.FranceBB wrote:Side note: since Windows 11 actually requires a recent CPU, I think it would be worth adding more profiles
The CPU profiles in VirtualBox are there to provide an older CPU to a VM, for OSes which don't (want to) work with a "too new" physical CPU.
So for Win11 you don't need to do anything there, Windows will see the physical CPU which needs to be current enough.
-
- Posts: 115
- Joined: 20. May 2017, 05:07
- Primary OS: Fedora other
- VBox Version: OSE Fedora
- Guest OSses: Windows XP x86
- Contact:
Re: Windows 11 compatibility is being worked on
Ok, got itaeichner wrote:There should be nothing required apart from setting the guest OS type to Windows 11 when creating the VM. Note that setting the guest OS type after the VM was created will not apply default but keep the current settings. Do you have a VBox.log?
I've created a new VM and attached the Windows 10 Enterprise vdi file.
As I enter into the VirtualBox UEFI I can now see TPM 2.0 (screenshot in attachment), although I had to disable secure boot for compatibility reason with my former installation.
I've set everything exactly the same as it was before, including the EFI option flagged etc, and Windows 10 boots just fine and passes all the security checks.
Very well done, guys!!
- Attachments
-
- Screenshot from 2021-10-13 18-30-17.png (25.06 KiB) Viewed 32548 times
-
- Screenshot from 2021-10-13 18-00-28.png (8.04 KiB) Viewed 32556 times
-
- Posts: 71
- Joined: 12. Aug 2021, 19:51
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows 11 22H2
- Location: US
Re: Windows 11 compatibility is being worked on
FranceBB,
You have the attention of Oracle, so I am going to stay in the background on this and watch.
But just to offer this as a possible reason, NOT THE reason. Just based on years of Windows setups. Is it possible that Windows 11 "sees" the Windows 10 OS as some other thing (I know there were some discussions on the version of NT running in the userspace) that it can't use to boot the OS? And by design (new security in Windows 11) it won't let it boot? Or some other hangup that Windows 11 no longer shows?
I got a new update (21H1) last night (Windows 10) as a part of that Part X of X update channel thing they are now doing at MS. Took a long time to install (in reboot + download 1 hour). OK I'll shut up now.
I see your edits! Well done!
You have the attention of Oracle, so I am going to stay in the background on this and watch.
But just to offer this as a possible reason, NOT THE reason. Just based on years of Windows setups. Is it possible that Windows 11 "sees" the Windows 10 OS as some other thing (I know there were some discussions on the version of NT running in the userspace) that it can't use to boot the OS? And by design (new security in Windows 11) it won't let it boot? Or some other hangup that Windows 11 no longer shows?
I got a new update (21H1) last night (Windows 10) as a part of that Part X of X update channel thing they are now doing at MS. Took a long time to install (in reboot + download 1 hour). OK I'll shut up now.
I see your edits! Well done!
-
- Posts: 115
- Joined: 20. May 2017, 05:07
- Primary OS: Fedora other
- VBox Version: OSE Fedora
- Guest OSses: Windows XP x86
- Contact:
Re: Windows 11 compatibility is being worked on
I think I should update this topic: ever since I've got the TPM 2.0 working thanks to oracle I've upgraded my Windows 10 Enterprise x64 to Windows 11 Enterprise x64. The update was smooth and worked beautifully well. I've been using Windows 11 every morning ever since and it just works. I've even got the first updates through Windows Update as if it was a perfectly valid configuration (I.e supported hardware).
Thanks everyone for working on this, it's been quite a journey but it's working like a charm now, so again, very well done Oracle for developing this and making this open source.
Thanks everyone for working on this, it's been quite a journey but it's working like a charm now, so again, very well done Oracle for developing this and making this open source.
Re: Windows 11 compatibility is being worked on
I've even got the first updates through Windows Update as if it was a perfectly valid configuration (I.e supported hardware).
Can confirm that Windows Update works on completely unsupported hardware (real or virtual).
I received the Patch Tuesday updates last week as usual, even on my vintage ThinkPad, which fails all the hardware tests.
If you apply the updates manually you will see they're still actually using a Windows 10 naming convention for the files, as follows,
windows10.0-kb5006674-x64_c71b094804f4f592fa810ee9c4484489297c5dfc
which was the cumulative update from last week.
Re: Windows 11 compatibility is being worked on
Hi,
I'm in a similar problem but when starting the new VM, I do not get the TPM bios screen posted by the OP... I have TPM 2.0 installed and enabled on my Windows 10 Host (first pic from the OP, by executing TPM.MSC). I have Virtual box 6.1.28 installed, and carefully selected windows 11 as the guest OS as well as checking the Enable EFI setting under system motherboard. I provided the Official Windows 11 iso on the new machine wizard. I can see a flash of two text lines before I get the prompt to press any key to boot to CD. If I don't press a key I get the UEFI shell which lets me select boot order. nothing that looks like the BIOS TPM (2nd Pic from the OP)
On my host I double checked it's bios settings, both TPM 2.0 and allow Virtualization of TPM are both enabled, it is an 5ish years old business class computer.
I've tried searching what the two lines could be (I'm hoping something simple like press f2 to enter bios.) but pressing F2, F12 Space, ESC, etc does not get me to the TPM bios.
and of course Windows 11 is giving me the my hardware is not supported message, and not allowing the installation to continue.
Thanks in advance
Tina
I'm in a similar problem but when starting the new VM, I do not get the TPM bios screen posted by the OP... I have TPM 2.0 installed and enabled on my Windows 10 Host (first pic from the OP, by executing TPM.MSC). I have Virtual box 6.1.28 installed, and carefully selected windows 11 as the guest OS as well as checking the Enable EFI setting under system motherboard. I provided the Official Windows 11 iso on the new machine wizard. I can see a flash of two text lines before I get the prompt to press any key to boot to CD. If I don't press a key I get the UEFI shell which lets me select boot order. nothing that looks like the BIOS TPM (2nd Pic from the OP)
On my host I double checked it's bios settings, both TPM 2.0 and allow Virtualization of TPM are both enabled, it is an 5ish years old business class computer.
I've tried searching what the two lines could be (I'm hoping something simple like press f2 to enter bios.) but pressing F2, F12 Space, ESC, etc does not get me to the TPM bios.
and of course Windows 11 is giving me the my hardware is not supported message, and not allowing the installation to continue.
Thanks in advance
Tina
-
- Volunteer
- Posts: 5104
- Joined: 19. Sep 2009, 04:44
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows 10,7 and earlier
- Location: Sydney, Australia
Re: Windows 11 compatibility is being worked on
TPM 2.0 and Secure Boot are not yet working in a vm, even with the latest update (6.1.28) .
viewtopic.php?f=1&t=104172
viewtopic.php?f=1&t=104172
Bill