Windows 11 discussion - fully supported by VirtualBox 7.0

Discussions about using Windows guests in VirtualBox.
Oracleiscool
Posts: 71
Joined: 12. Aug 2021, 19:51
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 11 22H2
Location: US

Re: Windows 11 compatibility is being worked on

Post by Oracleiscool »

FranceBB;

I posted in the Windows 10 Security and VirtualBox forum (Under Windows Host) that I got an update from Windows and HP that brought my fTPM (AMD) and Windows 10 up to a newer version of 21H1 (took a good while to update) and fTPM 2.0. Right away, we had errors from the Security Tools, and had to reinstall Windows (preserve files) to get the system back up. Then MS started offering me Windows 11, just to tell me my CPU was not good enough! I think (from what I have read so far) that the hardware TPM (you need one I think even for a soft TPM to communicate with) that can work in 2.0 mode has to be setup for that, but can also run as a 1.2 device. This happens early in the program interface for the TPM device (Like it is asking "How do I run?" 1.2 or 2.0) and I do not think they are compatable (i.e. a 1.2 can't understand 2.0 additional commands, but a 2.0 can understand 1.2 ) and it is not very tolerant of mistakes in programming.... it can see those as hacking attempts and lockup on a timer! Just be careful please. Huge learning curve here (And I thought Windows 3.11 was hard.... geez) :roll:
Oracleiscool
Posts: 71
Joined: 12. Aug 2021, 19:51
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 11 22H2
Location: US

Re: Windows 11 compatibility is being worked on

Post by Oracleiscool »

mpack scottgus1 and Oracle Team;

I resubmitted a post from me (as a user... or product, I forget what role I am supposed to play anymore) here is what I sent to MS (Under Windows 11 Security and Privacy:

When using enhanced security, how to properly load and use "other programs" (i.e. Open Office, java, python, VirtualBox, etc.) without upsetting the Virus threat protection or core isolation features?

Will Windows 11 Pro allow a Windows Host machine to be set to "allow" Hardware enabled Type 2 Hypervisors like VirtualBox to run while maintaining Security Sanity in the Windows Userspace, or will Windows have to be less secure to allow this (with Warnings to the end user about features and how they will be effected)?

Further, who will be allowed to decide this, the end user or Windows? Please provide an appropriate response as other professionals need to know your direction in this area.

Let us see if this gets a reply (I'm posting it here to let you know we are also trying to get their compass heading, and in case they are here in our forum area).
FranceBB
Posts: 105
Joined: 20. May 2017, 05:07
Primary OS: Fedora other
VBox Version: OSE Fedora
Guest OSses: Windows XP x86
Contact:

Re: Windows 11 compatibility is being worked on

Post by FranceBB »

Oracleiscool wrote:I think (from what I have read so far) that the hardware TPM (you need one I think even for a soft TPM to communicate with) that can work in 2.0 mode has to be setup for that, but can also run as a 1.2 device.
Ahhh, so it's the hardware TPM of the host passed to the VM when we select Windows 11 in Virtualbox, I see!!
Well, the problem is that I actually have mine disabled along with Secure Boot in the host 'cause I'm running Fedora.
If I enable Secure Boot and TPM I guess I'll have to sign the module to load in the kernel every time, otherwise no Virtualbox, so I wouldn't really wanna do that.
I got misguided by this post:
fth0 wrote: With r147373, you can create a new VM, choose Windows 11 as the guest OS type, and install it as usual. A virtual TPM 2.0 will be provided automatically to the guest OS in that case. But note that it's still a work in progress, so surprises are to be expected.

'cause it clearly says "a virtual TPM 2.0", but it doesn't seem to be the case then... :(
aeichner
Oracle Corporation
Posts: 193
Joined: 31. Aug 2007, 19:12

Re: Windows 11 compatibility is being worked on

Post by aeichner »

VirtualBox will not pass through the host TPM unless configured using VBoxManage explicitly. The default is to provide a fully virtual TPM.
Oracleiscool
Posts: 71
Joined: 12. Aug 2021, 19:51
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 11 22H2
Location: US

Re: Windows 11 compatibility is being worked on

Post by Oracleiscool »

FranceBB;

Yes, and I think this was all decided years ago when they started implementing TPM (With a lot of support from MS). And the programming language is all out there with LOTS of Warnings about borking your non-compliant OS's like any Linux that is still trying to get their different distributions to play nice with Windows and TPM.

Their goals (MS) are clearly stated in their writings in the USA to get Windows as secure as a DOD/NSA level device (Which most of them run Tor/Linux by design,so I find that funny :lol:) .

They say (linux) security TPM was not on their map since their software os is very secure by design. Windows, on the other hand, went down the road less travelled and made it a hardware/software bindery and anything that interferes with that design is going to be a problem for them and the other OS makers.

Saw an update from MS yesterday that Windows 11 linux support will only be available in the Microsoft Store (WSL2) and that is only Ubuntu like bash shell console (No GUI).

I have been asking questions for weeks now about their exceptions for us in the open source world, and getting no replies from MS. Figures :evil:
Oracleiscool
Posts: 71
Joined: 12. Aug 2021, 19:51
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 11 22H2
Location: US

Re: Windows 11 compatibility is being worked on

Post by Oracleiscool »

FranceBB

I stand corrected on the TPM (Hard vs. Soft). Sorry Oracle. So maybe Windows 11 is smart enough to know what it wants, it just needs their approval (MS) to run as it is setup? Like they would need to approve the device (Hard or Soft) or its game over. No boot?
FranceBB
Posts: 105
Joined: 20. May 2017, 05:07
Primary OS: Fedora other
VBox Version: OSE Fedora
Guest OSses: Windows XP x86
Contact:

Re: Windows 11 compatibility is being worked on

Post by FranceBB »

aeichner wrote:VirtualBox will not pass through the host TPM unless configured using VBoxManage explicitly. The default is to provide a fully virtual TPM.
Perfect. Yeah a Virtual TPM is exactly what most people (including me) actually want, however changing the VM type to Windows 11 doesn't seem to have any effect on the TPM in the development revision 147373 as per my screenshot (see the post in the former page).
Do we have to specify something using the terminal?


Side note: since Windows 11 actually requires a recent CPU, I think it would be worth adding more profiles to: https://www.virtualbox.org/browser/vbox ... 81605#L188

In Line 188 I can see:

Code: Select all

188 #ifndef CPUM_DB_STANDALONE
189	
190	#include "cpus/Intel_Core_i7_6700K.h"
191	#include "cpus/Intel_Core_i7_5600U.h"
192	#include "cpus/Intel_Core_i7_3960X.h"
193	#include "cpus/Intel_Core_i5_3570.h"
194	#include "cpus/Intel_Core_i7_2635QM.h"
195	#include "cpus/Intel_Xeon_X5482_3_20GHz.h"
196	#include "cpus/Intel_Core2_X6800_2_93GHz.h"
197	#include "cpus/Intel_Core2_T7600_2_33GHz.h"
198	#include "cpus/Intel_Core_Duo_T2600_2_16GHz.h"
199	#include "cpus/Intel_Pentium_M_processor_2_00GHz.h"
200	#include "cpus/Intel_Pentium_4_3_00GHz.h"
201	#include "cpus/Intel_Pentium_N3530_2_16GHz.h"
202	#include "cpus/Intel_Atom_330_1_60GHz.h"
203	#include "cpus/Intel_80486.h"
204	#include "cpus/Intel_80386.h"
205	#include "cpus/Intel_80286.h"
206	#include "cpus/Intel_80186.h"
207	#include "cpus/Intel_8086.h"
208	
209	#include "cpus/AMD_FX_8150_Eight_Core.h"
210	#include "cpus/AMD_Phenom_II_X6_1100T.h"
211	#include "cpus/Quad_Core_AMD_Opteron_2384.h"
212	#include "cpus/AMD_Athlon_64_X2_Dual_Core_4200.h"
213	#include "cpus/AMD_Athlon_64_3200.h"
214	
215	#include "cpus/VIA_QuadCore_L4700_1_2_GHz.h"
216	
217	#include "cpus/ZHAOXIN_KaiXian_KX_U5581_1_8GHz.h"
218	
219	#include "cpus/Hygon_C86_7185_32_core.h"
having a template for something like:

#include "cpus/Intel_Core_i7_1195G7.h" to mimic the ID of a recent, Windows 11 supported, CPU would be cool. https://www.intel.co.uk/content/www/uk/ ... tions.html - https://docs.microsoft.com/en-us/window ... processors
Last edited by FranceBB on 13. Oct 2021, 18:30, edited 1 time in total.
aeichner
Oracle Corporation
Posts: 193
Joined: 31. Aug 2007, 19:12

Re: Windows 11 compatibility is being worked on

Post by aeichner »

There should be nothing required apart from setting the guest OS type to Windows 11 when creating the VM. Note that setting the guest OS type after the VM was created will not apply default but keep the current settings. Do you have a VBox.log?
Martin
Volunteer
Posts: 2560
Joined: 30. May 2007, 18:05
Primary OS: Fedora other
VBox Version: PUEL
Guest OSses: XP, Win7, Win10, Linux, OS/2

Re: Windows 11 compatibility is being worked on

Post by Martin »

FranceBB wrote:Side note: since Windows 11 actually requires a recent CPU, I think it would be worth adding more profiles
You are reading this the wrong way. ;)
The CPU profiles in VirtualBox are there to provide an older CPU to a VM, for OSes which don't (want to) work with a "too new" physical CPU.
So for Win11 you don't need to do anything there, Windows will see the physical CPU which needs to be current enough.
FranceBB
Posts: 105
Joined: 20. May 2017, 05:07
Primary OS: Fedora other
VBox Version: OSE Fedora
Guest OSses: Windows XP x86
Contact:

Re: Windows 11 compatibility is being worked on

Post by FranceBB »

aeichner wrote:There should be nothing required apart from setting the guest OS type to Windows 11 when creating the VM. Note that setting the guest OS type after the VM was created will not apply default but keep the current settings. Do you have a VBox.log?
Ok, got it
I've created a new VM and attached the Windows 10 Enterprise vdi file.
As I enter into the VirtualBox UEFI I can now see TPM 2.0 :D (screenshot in attachment), although I had to disable secure boot for compatibility reason with my former installation.
I've set everything exactly the same as it was before, including the EFI option flagged etc, and Windows 10 boots just fine and passes all the security checks.

Very well done, guys!! :D
Attachments
Screenshot from 2021-10-13 18-30-17.png
Screenshot from 2021-10-13 18-30-17.png (25.06 KiB) Viewed 32438 times
Screenshot from 2021-10-13 18-00-28.png
Screenshot from 2021-10-13 18-00-28.png (8.04 KiB) Viewed 32446 times
Oracleiscool
Posts: 71
Joined: 12. Aug 2021, 19:51
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 11 22H2
Location: US

Re: Windows 11 compatibility is being worked on

Post by Oracleiscool »

FranceBB,

You have the attention of Oracle, so I am going to stay in the background on this and watch.

But just to offer this as a possible reason, NOT THE reason. Just based on years of Windows setups. Is it possible that Windows 11 "sees" the Windows 10 OS as some other thing (I know there were some discussions on the version of NT running in the userspace) that it can't use to boot the OS? And by design (new security in Windows 11) it won't let it boot? Or some other hangup that Windows 11 no longer shows?

I got a new update (21H1) last night (Windows 10) as a part of that Part X of X update channel thing they are now doing at MS. Took a long time to install (in reboot + download 1 hour). OK I'll shut up now. :o

I see your edits! Well done!
FranceBB
Posts: 105
Joined: 20. May 2017, 05:07
Primary OS: Fedora other
VBox Version: OSE Fedora
Guest OSses: Windows XP x86
Contact:

Re: Windows 11 compatibility is being worked on

Post by FranceBB »

I think I should update this topic: ever since I've got the TPM 2.0 working thanks to oracle I've upgraded my Windows 10 Enterprise x64 to Windows 11 Enterprise x64. The update was smooth and worked beautifully well. I've been using Windows 11 every morning ever since and it just works. I've even got the first updates through Windows Update as if it was a perfectly valid configuration (I.e supported hardware).
Thanks everyone for working on this, it's been quite a journey but it's working like a charm now, so again, very well done Oracle for developing this and making this open source.
The Raven
Posts: 82
Joined: 18. Aug 2016, 20:43

Re: Windows 11 compatibility is being worked on

Post by The Raven »

I've even got the first updates through Windows Update as if it was a perfectly valid configuration (I.e supported hardware).


Can confirm that Windows Update works on completely unsupported hardware (real or virtual).
I received the Patch Tuesday updates last week as usual, even on my vintage ThinkPad, which fails all the hardware tests.
If you apply the updates manually you will see they're still actually using a Windows 10 naming convention for the files, as follows,
windows10.0-kb5006674-x64_c71b094804f4f592fa810ee9c4484489297c5dfc
which was the cumulative update from last week.
TinaBJ
Posts: 1
Joined: 21. Oct 2021, 02:00

Re: Windows 11 compatibility is being worked on

Post by TinaBJ »

Hi,

I'm in a similar problem but when starting the new VM, I do not get the TPM bios screen posted by the OP... I have TPM 2.0 installed and enabled on my Windows 10 Host (first pic from the OP, by executing TPM.MSC). I have Virtual box 6.1.28 installed, and carefully selected windows 11 as the guest OS as well as checking the Enable EFI setting under system motherboard. I provided the Official Windows 11 iso on the new machine wizard. I can see a flash of two text lines before I get the prompt to press any key to boot to CD. If I don't press a key I get the UEFI shell which lets me select boot order. nothing that looks like the BIOS TPM (2nd Pic from the OP)

On my host I double checked it's bios settings, both TPM 2.0 and allow Virtualization of TPM are both enabled, it is an 5ish years old business class computer.

I've tried searching what the two lines could be (I'm hoping something simple like press f2 to enter bios.) but pressing F2, F12 Space, ESC, etc does not get me to the TPM bios.

and of course Windows 11 is giving me the my hardware is not supported message, and not allowing the installation to continue.

Thanks in advance

Tina
BillG
Volunteer
Posts: 5102
Joined: 19. Sep 2009, 04:44
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 10,7 and earlier
Location: Sydney, Australia

Re: Windows 11 compatibility is being worked on

Post by BillG »

TPM 2.0 and Secure Boot are not yet working in a vm, even with the latest update (6.1.28) .

viewtopic.php?f=1&t=104172
Bill
Locked