Windows 11 discussion - fully supported by VirtualBox 7.0

Discussions about using Windows guests in VirtualBox.
madbrain
Posts: 26
Joined: 26. Mar 2011, 00:52
Primary OS: MS Windows 7
VBox Version: OSE other
Guest OSses: CentOS OS/2

Re: Windows 11 compatibility is being worked on

Post by madbrain »

BillG wrote:Yes, that works, but it would also work on a physical PC which did not meet the hardware specs from Windows 11, so it is not really relevant to VirtualBox. It is a workaround to run Windows 11 on non-supported hardware and is not supported by Microsoft.
Right, I know that. But at least I got to see what Win11 is about finally.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: Windows 11 compatibility is being worked on

Post by fth0 »

One of the other workarounds worked for me: When faced with the screenshot you've posted, I pressed Shift+F10, started regedit, added the LabConfig keys, returned to the Windows Setup, went one page back and then it "passed" the checks.
FranceBB
Posts: 105
Joined: 20. May 2017, 05:07
Primary OS: Fedora other
VBox Version: OSE Fedora
Guest OSses: Windows XP x86
Contact:

Re: Windows 11 compatibility is being worked on

Post by FranceBB »

New commits from the devs: the TPM is still being worked on, but they're making lots of progress: https://www.virtualbox.org/changeset/91614/vbox and https://www.virtualbox.org/changeset/91596/vbox
I look forward to see when the development snapshot will manage to work. :)

By the way it looks like Windows 11 won't be NT11 but rather still NT10.0, so they had to introduce the build number check:

Code: Select all


/* Windows 10 Preview builds starting with 9926. */ 
g_enmVGDrvNtVer = VGDRVNTVER_WIN10; 
/* Windows 11 Preview builds starting with 22000. */ 
if (ulBuildNo >= 22000) 
g_enmVGDrvNtVer = VGDRVNTVER_WIN11; 
break; 
Last edited by FranceBB on 12. Oct 2021, 17:08, edited 1 time in total.
abbleeker
Posts: 13
Joined: 4. Oct 2021, 19:19

Re: Windows 11 compatibility is being worked on

Post by abbleeker »

Code implementing a TPM is being worked on. With VBoxManage you can already specify tpm-type, and tpm-location. This is actually accepted, but it isn't working yet. Windows 10, and 11 won't detect a TPM, Windows 10 will clean install, but will then report there's no TPM detected, and Windows 11 won't clean install at all, it will just stop the installation.

The Microsoft registry key doesn't work, because it won't bypass the TPM check, it will just accept a TPM 1.2 as well as a 2.0, while VB doesn't provide either. However, the LabConfig registry key does work.
Oracleiscool
Posts: 71
Joined: 12. Aug 2021, 19:51
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 11 22H2
Location: US

Re: Windows 11 compatibility is being worked on

Post by Oracleiscool »

Hi Everyone,

Just a quick word of advice on these setup issues:

Lots of Warnings from MS about not being able to use newer device features (lots of newer networking things like 5g or 6g WiFi, and that new (not really) Windows Hello and all that tighter integration with azure and onedrive) will be affected (and any future updates) if you put a "dirty" Windows 11 iso on your system (play the registry bypass, or disable the Windows Security/Experience Features), no matter if on the main hardware system or (I would suppose) in VirtualBox.

And it should go without saying, but they say it could brick your device if things go horribly wrong, and they take no responsibility for that! Just be careful.

There are documents from everywhere in the MS docs about all of these issues, I have been reading them for the last year (mainly about TPM), and I am still finding other MS docs that help us users to understand(?) where they are going with the systems.

BillG (howdy down-under!) is on the ball, as are scottgus1 and mpack!

Right now, Windows 11 is a moving target as it addresses the problems they know of, and Oracle (which IS COOL, by the way) is trying to make a solution for the (1) TPM (2) Secure Boot (UEFI/GPT) and the Security of your VM work with your choice of Host(s). But nothing will change the hardware requirement. You need a TPM, and you need a UEFI Bios, and a proper CPU.

Someone posted on another blog that when they updated to Windows 11, they used a separate partitioning tool (paid for software, not sure which company) before the install to make another partition(?) not sure why, but when they finished the update, something caused the local account in Windows 10 to migrate to their MS main account during upgrade, and encrypt their drive, turn on Bitlocker, and setup One Drive! Of course, he was asking for help, but no one in that blog could really answer what happened, except he was using a beta/dev release from insider channel, and not the one offered from Windows via the update channel.

Once again, be careful. Especially if you need this computer for your work. :wink:
The Raven
Posts: 82
Joined: 18. Aug 2016, 20:43

Re: Windows 11 compatibility is being worked on

Post by The Raven »

You need a TPM, and you need a UEFI Bios, and a proper CPU.


Not strictly true.
I have done clean installs of Windows 11 in VM's and on real hardware - ThinkPad T60 (3GB RAM, Intel Core 2 CPU, no Secure boot, no TPM).
They've all installed correctly *and* run fine. One of ThinkPad drivers is from the Vista era.

The easiest way to install it is to use the Deployment Tool (DISM). It does no checking of the hardware, requires no registry hacking
and works on a machine (real or virtual) with either no existing OS or in a dual boot environment - the ThinkPad mentioned above
now quadruple boots between 2 Debian instances, Windows 10 and Windows 11.
Oracleiscool
Posts: 71
Joined: 12. Aug 2021, 19:51
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 11 22H2
Location: US

Re: Windows 11 compatibility is being worked on

Post by Oracleiscool »

The Raven,

I can see that as a real outcome, and that you got the system to run! (Windows 11)

I have a newer HP device (Actually my spouse's A9-9425 AMD/R5 GPU laptop 2019-2020 Post-covid) that I had to neuter the security in Windows to "allow" VirtualBox to run without all the standard warnings... but we killed that dragon on a different forum.... so moving on to Windows 11.... as you have.

I am just trying to say (or repeat) what the Windows 11 MS engineers are saying about the Enhanced Experience Features mainly on newer hardware... that they will turn on or off, features
(not just security) for the new OS based on the presence of the TPM and UEFI/Secure Boot/GPT and the CPU. (If you run system in legacy mode, and leave virtualization off in the BIOS, this is what they are saying will block their features within their Hyper-V protocol and by association some of the newer hardware system that I have never seen on a newer (post Windows 11) device (it will be years before I see any of this in real practice)).

Anything I say past this would be murky at best, like all of us using wifi for the first time! Not just right now, but in the future (of course, all hardware related) and this new HP does not meet the criteria for the new OS. Not my words or specifications, all MS.

We (my spouse and I) are not real happy with MS or HP right now, as they cut off their CPU baseline above our new system, and I know they did the same kind of baseline for Intel and other CPU devices. (They explained it in the MS documents better than I can... and there are still some marriage issues for some hardware that MS is still dealing with in the new OS (CPU cycles or performance related)). :shock:
abbleeker
Posts: 13
Joined: 4. Oct 2021, 19:19

Re: Windows 11 compatibility is being worked on

Post by abbleeker »

It's possible to install Windows 11 as a guest running under Virtualbox, but it involves hacks, or workarounds. The end result seems to run well now, but as Oracleiscool has mentioned, Microsoft warns us that functions may be restricted if the hardware doesn't meet requirements.

My self-built real box does meet all requirements, mainly because it runs a Ryzen 3700X that has TPM enabled in the UEFI BIOS. The issue is that even so it's not possible to create a virtual box that will meet requirements as well without resorting to hacks, or workarounds. It almost does, the only missing requirement is a TPM, but because there's no way to passthrough the real TPM, or emulate one, it will fail the checks, and refuse to install. The other VMM's will allow this, with qemu for instance you can use the real TPM, or use swtpm to emulate one.

However, the developers are definitely working on code that adds the missing device. With the development builds of VB 7.0, you can use VBoxManage modifyvm to add a TPM type, and a TPM location. I've tried VBoxManage modifyvm vmname --tpm-type=host --tpm-location=/dev/tpm0. This is accepted, but it doesn't seem to work yet. It does seem likely however that this will work in later builds.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: Windows 11 compatibility is being worked on

Post by fth0 »

abbleeker wrote:With the development builds of VB 7.0, you can [...]
With VirtualBox 6.1.97r147373, you can create a new VM, choose Windows 11 as the guest OS type, and install it as usual. A virtual TPM 2.0 will be provided automatically to the guest OS in that case. But note that it's still a work in progress, so surprises are to be expected.

:!: Note that there are no guarantees that a development build will not destroy your host OS installation, so a restorable backup of the host OS is definitely recommended. Or as klaus once wrote: "of course, making clear that this is the dev build, i.e. can chop your arm off unexpectedly :)". You have been warned! :!:
Oracleiscool
Posts: 71
Joined: 12. Aug 2021, 19:51
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 11 22H2
Location: US

Re: Windows 11 compatibility is being worked on

Post by Oracleiscool »

I sent a suggestion to MS today to remind them (and scold them) about the fiasco that the CPU manufacturers caused a few years ago when they forgot to tell MS about some proprietary code that was needed to setup some code that was killing Windows after some update (CPU/GPU related).

I forget the details, getting old, but I do remember that story because it never made the main headlines. It was an obvious oversight (I guess?) but it was really affecting the OS badly. I don't ever remember an apology from the manufacturers, and once MS had the code, they had a patch up and deployed in a day or so. I assume this happens alot without us users ever knowing (as if we would know what it was without some code searching).

I also got onto them about beta testers in the lab. More of a rant than a fact, but more staff with different hardware could be of great importance to keep all of our systems running properly.

I would help, but I can't afford to remove a machine I use for production to test someone else's software without the tools and $$ that come with the work. (That is not the same for Oracle or VirtualBox). This system has a purpose that extends way beyond an OS! 8)
Oracleiscool
Posts: 71
Joined: 12. Aug 2021, 19:51
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 11 22H2
Location: US

Re: Windows 11 compatibility is being worked on

Post by Oracleiscool »

This just keeps getting deep:

OK, so I do not know the hardware coding for an OS boot file, but it seems that MS is really concerned about protecting this FIRST, and they seem(?) to have data to backup their new requirements for security. Part of their yet to be implemented new security layer will be a virtual approach (VBS, HVCI and Secure Boot).

As a quick primer, see this link (it is a little old, but relevant):
https://blogs.windows.com/windows-insid ... uirements/
These NEW security features will make most Windows 11 computers near DOD/NSA compliant. (I didn't know I was being recruited :P )

Their system engineers are starting to be a little more revealing about their plans in the near future to turn these features on by default (update channel without option to opt-out?). This is all to protect the kernel and bootfiles from tampering before the machine will work. Need it be said that when they turn this on "later in the year" (are you scared yet... well, it is Halloween, so it may be by design) all of their additive security devices will need access to the virtualization system space to operate.

If you cannot opt-out in Windows 11 when it hits your system, then you will not be able to use hardware virtualization in VirtualBox unless you go play around in the device settings in Windows 11 and turn stuff off, and reboot, and if it is required to boot, will Windows 11 allow a boot, or see you set it off and re-enable it automatically, then you really didn't change anything?

Why do I bring this up? Obviously VirtualBox will need an exception to access and run in some "ring" that has no boundry interference with Windows, it won't even be able to touch any system running code or Windows will lock it out and report a security violation (to you... maybe.... to MS... for sure).

The more I read, the more I can see that this is going to effect a lot of systems that are used to working in the core and it looks like MS is locking the core down and only allowing their system on a device (Both in the software AND hardware level... we have lost the divide to the firmware wars).

Maybe we need to make VirtualBox a bootable OS so we can inject it like a dual boot system? Or something else, I don't know, but I feel like a dog chasing his tail!

I do not accept the "fix" as a permanent solution that we turn off all Windows 11 Security, that is just dumb, and will effect what Windows will, in the future, allow to run on your machine (and you can't end run around that restriction)!

If VirtualBox becomes a violator, we might be "dis-allowed" by MS! (We don't want that!))

Let me end this with a return to the Subject line of this forum: Re: Windows 11 compatibility is being worked on

(Maybe the real answer is not compatibility, but to move off Windows as a platform. It is not a decision for VirtualBox, Windows is forcing this by design! We need a different approach to this issue, as it will effect VirtualBox with Windows as a host OR a guest.
FranceBB
Posts: 105
Joined: 20. May 2017, 05:07
Primary OS: Fedora other
VBox Version: OSE Fedora
Guest OSses: Windows XP x86
Contact:

Re: Windows 11 compatibility is being worked on

Post by FranceBB »

fth0 wrote: With VirtualBox 6.1.97r147373, you can create a new VM, choose Windows 11 as the guest OS type, and install it as usual. A virtual TPM 2.0 will be provided automatically to the guest OS in that case. But note that it's still a work in progress, so surprises are to be expected.
Nice! Downloading right now! :D
But... what about upgrading a Windows 10 installation?
Does it have something like in the settings to attach a TPM or shall I create a new VM, target Windows 11, attach the .vdi with Windows 10 and boot so that it will find TPM 2.0 and it will be happy and it will allow me to upgrade from the GUI?
I already converted Win10 vdi from MBR to GPT and from BIOS to UEFI.


EDIT: I've downloaded and compiled version r147373, installed the new guest additions, rebooted and attached the Windows 10 disk to the Windows 11 VM. Booted with UEFI, opened "run" tpm.msc and... nothing :(
Attachments
Screenshot from 2021-10-12 16-44-34.png
Screenshot from 2021-10-12 16-44-34.png (23.34 KiB) Viewed 16676 times
Screenshot from 2021-10-12 16-40-47.jpg
Screenshot from 2021-10-12 16-40-47.jpg (116.73 KiB) Viewed 16677 times
Screenshot from 2021-10-12 16-39-48.png
Screenshot from 2021-10-12 16-39-48.png (19.39 KiB) Viewed 16677 times
FranceBB
Posts: 105
Joined: 20. May 2017, 05:07
Primary OS: Fedora other
VBox Version: OSE Fedora
Guest OSses: Windows XP x86
Contact:

Re: Windows 11 compatibility is being worked on

Post by FranceBB »

And indeed the upgrade checker says that it can't find the TPM module... :(
Attachments
Screenshot from 2021-10-12 16-44-56.png
Screenshot from 2021-10-12 16-44-56.png (14.83 KiB) Viewed 16676 times
Oracleiscool
Posts: 71
Joined: 12. Aug 2021, 19:51
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 11 22H2
Location: US

Re: Windows 11 compatibility is being worked on

Post by Oracleiscool »

FranceBB:

That is weird. Depending on the tool (tpm.msc) you run, or that Windows 11 tells you when it does the hardware scan on install, it looks like one says at least TPM 1.2, and the other wants a TPM 2.0 (According to MS, it should be 2.0 to work.... or not). I guess one tool is saying what Windows 10 needs (1.2) vs. 11 (2.0).
FranceBB
Posts: 105
Joined: 20. May 2017, 05:07
Primary OS: Fedora other
VBox Version: OSE Fedora
Guest OSses: Windows XP x86
Contact:

Re: Windows 11 compatibility is being worked on

Post by FranceBB »

Oracleiscool wrote: That is weird. Depending on the tool (tpm.msc) you run, or that Windows 11 tells you when it does the hardware scan on install, it looks like one says at least TPM 1.2, and the other wants a TPM 2.0 (According to MS, it should be 2.0 to work.... or not). I guess one tool is saying what Windows 10 needs (1.2) vs. 11 (2.0).
Yes, tpm.msc from Win10 in Virtualbox set as Windows 11 says that it needs at least 1.2 (which is the Windows 10 requirement).
On the other hand, the Windows 11 installer wants 2.0.
Nonetheless, setting Virtualbox as Windows 11 and attaching an already created .vhd with Windows10 to perform the upgrade doesn't work as the TPM either ain't passed to the machine or it ain't detected by Windows, despite having the Extension and Guest Addition updated... :(
Locked