Windows 11 discussion - fully supported by VirtualBox 7.0

Discussions about using Windows guests in VirtualBox.
BillG
Volunteer
Posts: 5102
Joined: 19. Sep 2009, 04:44
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 10,7 and earlier
Location: Sydney, Australia

Re: Windows 11 compatibility is being worked on

Post by BillG »

TinaBJ wrote:Hi,

I can see a flash of two text lines before I get the prompt to press any key to boot to CD. If I don't press a key I get the UEFI shell which lets me select boot order. nothing that looks like the BIOS TPM (2nd Pic from the OP)

Tina
I don't know where that came from either. The host machine, perhaps?

All I see in the UEFI screen on a UEFI enabled vm is this.
UEFI.png
UEFI.png (19.4 KiB) Viewed 33155 times
If you have a UEFI enabled vm running Windows 10 you can get to the UEFI Firmware screen from Advanced Options in Recovery (just as you can on a physical PC). It is pretty tedious to get there when you are booting the vm.
I doubt that the UEFI settings in the host matter at all. It is not something you can "pass through" to the vm. The vm must have its own implementation of TPM 2.0 and Secure Boot built into its UEFI firmware.
Firmware.png
Firmware.png (31.32 KiB) Viewed 33155 times
Bill
aeichner
Oracle Corporation
Posts: 193
Joined: 31. Aug 2007, 19:12

Re: Windows 11 compatibility is being worked on

Post by aeichner »

6.1.28 has no TPM and Secure Boot support and the 6.1.x line will never receive it due to the massive changes required. This will be a VirtualBox 7 feature only. There are testbuilds available which include support.
abbleeker
Posts: 13
Joined: 4. Oct 2021, 19:19

Re: Windows 11 compatibility is being worked on

Post by abbleeker »

I can confirm that 6.1.x builds will not clean install Windows 11, and refuse to install with error message PC doesn't meet requirements, due to TPM 2.0 missing. It's possible to circumvent the quirements with a Registry hack, but it looks like 6.1 doesn't support a TPM. The development snapshots for 6.1.97 (pre 7.0) do however clean install, because it has at least enough support for TPM 2.0 to satisfy the requirement checks. It seems to be a virtual TPM, but it may not be complete yet, because on my box at least, tpm.msc fails to find a TPM. Still, these are snapshots, and it's already enough to install Windows 11 without hacks!
FranceBB
Posts: 105
Joined: 20. May 2017, 05:07
Primary OS: Fedora other
VBox Version: OSE Fedora
Guest OSses: Windows XP x86
Contact:

Re: Windows 11 compatibility is being worked on

Post by FranceBB »

abbleeker wrote:on my box at least, tpm.msc fails to find a TPM.
ever since version r147373 (around 13th of October) tpm.msc finds the virtualized TPM module and doesn't complain.
We're currently at version r147788, but yeah, the devs nailed it.

Image
Oracleiscool
Posts: 71
Joined: 12. Aug 2021, 19:51
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 11 22H2
Location: US

Re: Windows 11 compatibility is being worked on

Post by Oracleiscool »

Last Post on this issue,
I updated the MS Community post today and must report that, despite my best outreach efforts based on my years of MS experience (1980 and earlier) via phone, email, forums, etc. I can get no answers from MS Windows about this security lockdown, except what is already written by them, and that I have already mentioned here in the forums. I have found this to be an issue at the hardware level for components and now the firmware and software sets. As they said in Cool Hand Luke "What we have here is a failure to communicate." Not for a lack of trying. 8)
abbleeker
Posts: 13
Joined: 4. Oct 2021, 19:19

Re: Windows 11 compatibility is being worked on

Post by abbleeker »

Build 147788 allows Windows 11 to install without hacks, so there's definitely support for TPM 2.0 built in. Kudos for the developers!

Unfortunately, on my box there seems to be an issue with the TPM. I've no idea what's causing it.
Attachments
Screenshot 2021-10-23 20-09-39.png
Screenshot 2021-10-23 20-09-39.png (89.53 KiB) Viewed 32937 times
Oracleiscool
Posts: 71
Joined: 12. Aug 2021, 19:51
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 11 22H2
Location: US

Re: Windows 11 compatibility is being worked on

Post by Oracleiscool »

Looks like a reset happened (either in Windows in tpm.msc or the BIOS TPM settings, or both, or you powered-off the machine while it was still resetting the TPM). It can take some time for the machine to find everything it needs to bring back sanity. Lots of black screens, no display.

When our other Windows system acted up because of a firmware update from 1.2 to 2.0 from the OEM, we lost everything... all of our passwords, Windows Hello PINs, everything. Had to reset TPM in windows, then reset default TPM settings in BIOS to OEM defaults to regain control, then re-install Windows, new passwords, etc.

The only option was to re-install same version, keeping personal files and folders (windows.old) and that allowed us to regain control of the OS.

Also, just as a reminder, UEFI Secure Boot must be available as a feature for the GPT hard drive format. According to MS it has to be available, not really used, but in other MS docs they speak about how the two systems work together to provide a proper (zero-trust) boot environment for Windows 11. (TPM and Secure Boot).

Could Windows 11 on install be trying to make secure boot turn on because you must use a real MS account (Azure-aware cloud, no local account allowed) to load Windows 11?

Just be careful, lots of people loading and then finding out they got Bitlocker turned on and all of their drives were encrypted and they got no prompt to enter a password for Bitlocker, or it encrypted their passwords and ta da.... no access! :oops:
abbleeker
Posts: 13
Joined: 4. Oct 2021, 19:19

Re: Windows 11 compatibility is being worked on

Post by abbleeker »

I had an issue with the Guest Additions, rebooting from disk after installing them didn't work, it went straight to Automatic Repairs every time, which then failed too. I was able to fix this by switching off Secure Boot in the BIOS. I'm not sure if this is related, but after booting up I could check TPM without issues, and it showed the right information.
Oracleiscool
Posts: 71
Joined: 12. Aug 2021, 19:51
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 11 22H2
Location: US

Re: Windows 11 compatibility is being worked on

Post by Oracleiscool »

It sounds like the install formatted the partition as a regular MBR/BIOS file.

Usually, if Secure Boot won't see a windows boot file, or load it, it is because the GPT format wasn't setup properly on install, or the EFI (Special OS's Only) flag in the VM settings in VB were not setup when the machine was first created.

Be careful with this setting, as it will brick the VM install if you mess with it after install. Backup your stuff!

Guest Additions are (I noticed) in a real state of flux right now due to the beta releases of VB for Windows 11.

Might be worth the effort to post your logs and see if the head Moderators can offer some more advice.

Windows 11, VirtualBox and Guest Additions are all moving targets right now, so everything is up in the air as the development work continues. :?
reti
Posts: 2
Joined: 19. Oct 2021, 14:18

Re: Windows 11 compatibility is being worked on

Post by reti »

github/stefanberger/swtpm
Same function?
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: Windows 11 compatibility is being worked on

Post by fth0 »

No, but the VirtualBox development build 6.1.97r147373 provides a virtual TPM based on https://github.com/stefanberger/libtpms, so you were close. ;)
aeichner
Oracle Corporation
Posts: 193
Joined: 31. Aug 2007, 19:12

Re: Windows 11 compatibility is being worked on

Post by aeichner »

VirtualBox supports swtpm as an external TPM emulation as well. You can use

Code: Select all

VBoxManage modifyvm <VM name> --tpm-type swtpm --tpm-location <hostname>:<port>
to configure it. It might be useful for scenarios where the TPM emulation should not live in the same address space as the VM process but it will increas setup complexity and some features like saving a state will fail to work properly. The source code for the driver implementing this functionality is available under [1].

[1] https://www.virtualbox.org/browser/vbox ... TpmEmu.cpp
Legorol
Posts: 95
Joined: 11. Mar 2014, 21:40

Re: Windows 11 compatibility is being worked on

Post by Legorol »

What about UEFI and SecureBoot?

So far discussion in this thread has focused on having TPM available inside a VM, and I'm happy to see that the 6.1.97 test builds have made great progress in that direction.

However, another thing that Windows 11 requires is an implementation of UEFI with support for SecureBoot. Is there any information on whether these are being worked on for VirtualBox?
aeichner
Oracle Corporation
Posts: 193
Joined: 31. Aug 2007, 19:12

Re: Windows 11 compatibility is being worked on

Post by aeichner »

UEFI Secure Boot support is available in the test builds as well and if you have selected the Windows 11 guest OS type when creating the VM (selecting it afterwards will not apply the necessary defaults) it should have Secure Boot enabled automatically.
Legorol
Posts: 95
Joined: 11. Mar 2014, 21:40

Re: Windows 11 discussion - fully supported by VirtualBox 7.0

Post by Legorol »

Thanks aeichner, that's great news
Locked