Windows 10 TPM chip missing after update to 7.0.8

[MicChow]

Just updated VirtualBox to 7.0.8r156879 on Ubuntu 22.04.2 LTS. The update is from VirtualBox 7.0.6. The update and matching Extension pack installed onto the Host system without issues. However, Windows 10 Enterprise Guest no longer detects or shows a TPM chip in the Windows 10 Control Panel. In VirtualBox 7.0.6 the TPM chip appears in the Windows 10 Control Panel. I have tried reinstalling the Guest Additions, and that does not resolve the Windows 10 Guest system. Any ideas?

We have to have a TPM chip for enterprise compliance in my organization.

I have search bugtracker and this does not appear to be on the list. Not sure if this is indeed a bug, or I have completely missed a setting.

[MicChow]

Upon further investigation, I found in the Guest VM, Windows seems to have lost the driver for the TPM chip. The TPM does appear in the Device Manager, but looks like it has no driver. Even after re-installing the Guest Additions, the driver does not show.

[mpack]

Provide a VM log file. Make sure the VM is fully shut down, then right click it in the manager UI. Select "Show Log" and save "VBox.log" (no other file) to a zip file. Attach the zip here.

[MicChow]

@mpack

Thanks for the help. Here is the attached log.

[fth0]

The TPM does appear in the Device Manager, but looks like it has no driver. Even after re-installing the Guest Additions, the driver does not show.

FWIW, the TPM driver is part of the guest OS, not part of the Guest Additions.

AFAICS, the Windows10-64Bit-Intune-2023-04-28-18-27-52.log file doesn't indicate any problem regarding the TPM.

[MicChow]

Thanks for the support. If I understand correctly, you are saying that the Guest machine is built correctly and it the OS does recognize that there is indeed a TPM chip. That confirms that part. Then the next question, is how or where to I get the driver so Windows 10 can recognize the chip?

[fth0]

If I understand correctly, you are saying that the Guest machine is built correctly and it the OS does recognize that there is indeed a TPM chip.

Well, I can only say that the log file shows the same log messages as in a working setup. That doesn't necessarily mean that VirtualBox provides a (virtual) TPM that the Windows guest OS can recognize. The TPM library was updated from 0.9.0 (VirtualBox 7.0.6) to 0.9.6 (VirtualBox 7.0.8 ), so anything is possible.

Then the next question, is how or where to I get the driver so Windows 10 can recognize the chip?

Such a driver should be part of Windows 10 already. The interesting question is what the driver dislikes about the (virtual) TPM ...

[MicChow]

If I understand correctly, you are saying that the Guest machine is built correctly and it the OS does recognize that there is indeed a TPM chip.

Then the next question, is how or where to I get the driver so Windows 10 can recognize the chip?

Such a driver should be part of Windows 10 already. The interesting question is what the driver dislikes about the (virtual) TPM ...

That is what I thought as well. In 7.06 (TPM library 0.9.0) Windows 10 see it as:
TPM Version: 2.0, 0, 1.64
TPM manufacturer ID: IBM
TPM manufacturer version: 8217.4131.22.13878

After updating VirtualBox to 7.0.8 I get the error message in Device Manager about the driver and Compatible TPM cannot be found when I pull up the TPM Management MMC.

Would this be considered a bug, since it worked in 7.0.6 and now does not in 7.0.8?

[MicChow]

Updated to Version 7.0.10 R158379 today for Ubuntu 22.04 LTS and still have an issue with the TPM chip.

Screenshot from 2023-07-18 21-10-42.png (83.17 KiB) Viewed 7065 times

[S_Schlosnagle]

I just ran into this same issue when updating from 7.0.10 to 7.0.12.
But I'm running a Windows 10 host and a Windows 11 Guest.
The only common item is that the Guest OS is managed by MS Intune.
I have other Windows 11 Guests, that are not managed by Intune, and they are still showing valid TPM hardware.
So, not sure if Intune replaces the default TPM driver with something more restrictive or what.
I did notice that the Virtualbox emulated TPM does not support Attestation, only Storage.
But this has not changed as the Virtualbox versions have progressed.

[S_Schlosnagle]

Ok, a bit of an update.

Continuing to research the issue: it was suggested to check the UEFI BIOS to make sure the TPM is on.
Did that for the Intune Managed VM: the TPM is not only "not on" there are no TPM settings in the BIOS.
Checked in the Non-Intune managed VM: TPM on and many TPM configuration options available.
The TPM missing Intune Managed VM is a recent clone of the Non-Intune Managed VM.

And the TPM was definitely present and working on the Intune managed VM as in passed the Intune enrolment and Bitlocker had encrypted the drive and it was booting fine unlocking the drive via the TPM on many subsequent reboots.

[ijf]

Hello,
I installed VirtualBox on a fresh (new) host machine a little over a month ago and TPM for a Win11Pro guest was working perfect. Then after a recent update I started having the same problem as OP. I'm currently on Version 7.0.12 r159484 (Qt5.15.2) and I believe I've only done a single update of VirtualBox since I installed ... I know I started with VirtualBox 7.?? but I dont remember exactly which revision.

I will say that a hefty Windows update did happen around the same time on the host machine, so I cant exactly pin down which update triggered this to start occurring. Please let me know if I can be of any diagnostic or troubleshooting assistance as I'd like to solve this problem too. -ijf