TPM
-
- Posts: 1
- Joined: 15. Jan 2019, 10:04
- Primary OS: Ubuntu other
- VBox Version: PUEL
- Guest OSses: W7, W10, Xubuntu 18
TPM
Folks,
TPM (Trusted Platform Module) support became necessary.
Using Virtual Box to run Windows 10 as guest on Ubuntu 18 host. The company setup of Windows 10 requires access to the TPM to function properly.
Running Windows 10 without having a TPM is not supported by our corporate setup.
This might get a trend in other companies as well.
Please consider adding a Virtual TPM support.
THANK YOU.
Joho
TPM (Trusted Platform Module) support became necessary.
Using Virtual Box to run Windows 10 as guest on Ubuntu 18 host. The company setup of Windows 10 requires access to the TPM to function properly.
Running Windows 10 without having a TPM is not supported by our corporate setup.
This might get a trend in other companies as well.
Please consider adding a Virtual TPM support.
THANK YOU.
Joho
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: TPM
I suggest that you check out the new features in VirtualBox 6.0.0. Of course these features will probably take a few maintenance updates to bed in.
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: TPM
mpack, I haven't seen any references regarding TPM in VirtualBox 6.0.0, or in general...mpack wrote:I suggest that you check out the new features in VirtualBox 6.0.0.
Well, your and the rest of the companies could buy some support contracts from Oracle and fund in a sense the development of TPM. Your companies (and perhaps a user or two here and there) would be thankful!Joho wrote:Running Windows 10 without having a TPM is not supported by our corporate setup. This might get a trend in other companies as well.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
- Volunteer
- Posts: 1631
- Joined: 25. May 2010, 23:48
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Assorted Linux, Windows Server 2012, DOS, Windows 10, BIOS/UEFI emulation
Re: TPM
To do it properly I would expect that either the hosts TPM hardware will need to be passed to the guest (I haven't checked so don't know if that is actually possible) or a virtual TPM will need to be created. I think one exists in KVM which might be a useful starting point if someone wanted to do it.
-Andy.
-Andy.
My crystal ball is currently broken. If you want assistance you are going to have to give me all of the necessary information.
Please don't ask me to do your homework for you, I have more than enough of my own things to do.
Please don't ask me to do your homework for you, I have more than enough of my own things to do.
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: TPM
TPM (Trusted Platform Module) AFAIK as it is implemented on a PC, involves a chip in the motherboard. This is something that VirtualBox would have to include either in the BIOS (I don't think so, you can forget the VirtualBox BIOS evolving to include that), or in the EFI (more probable). So far, there's nothing there...
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: TPM
Ah, I hadn't interpreted the OPs post as saying that the guest had to have TPM access, just that it had to be compatible with it. I don't know why a guest would be restricted to the same Win10 image that the host uses, I guess they want to use the same corporate license.
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: TPM
They're already doing something like that with the Apple SCM chip when booting in EFI. That's why you can only boot genuine OSX guests on OSX hosts. Maybe (no clue) something like that could be implemented for the TPM chip...andyp73 wrote:To do it properly I would expect that either the hosts TPM hardware will need to be passed to the guest
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
- Posts: 2
- Joined: 1. Jul 2019, 10:38
Re: TPM
A few months old I know but very relevant to me needs currently
TPM shouldn't be tied to the underlying hardware of the host but must be virtual IMO - if not then if you were to spin up two VM's they would have to share the same security principles - not good!
VMWare Workstation seems to have implemented a good solution here - they currently support TPM 2.0 virtually so no cross over between VM's and up-to-date v2 so that it can be used with the latest Microsoft "Intune" stuff that corporates tend to like.
Would love to see this in Virtualbox, although my 30 year old BASIC experience probably won't be up-to-scratch for it - lol!
TPM shouldn't be tied to the underlying hardware of the host but must be virtual IMO - if not then if you were to spin up two VM's they would have to share the same security principles - not good!
VMWare Workstation seems to have implemented a good solution here - they currently support TPM 2.0 virtually so no cross over between VM's and up-to-date v2 so that it can be used with the latest Microsoft "Intune" stuff that corporates tend to like.
Would love to see this in Virtualbox, although my 30 year old BASIC experience probably won't be up-to-scratch for it - lol!
-
- Posts: 2
- Joined: 1. Jul 2019, 10:38
Re: TPM
Just for info, it's at BIOS/EFI level and doesn't need hyper-v support to be enabled.mpack wrote:TPM is one of the newish Win10 security features based on Hyper-v is it not? ...
-
- Posts: 50
- Joined: 22. Dec 2008, 08:14
- Primary OS: FreeBSD
- VBox Version: OSE other
- Guest OSses: Windozes, Linuxes, BSD's
- Location: Would rather be swimming.
Re: TPM
It seems the VMWare workstation has a virtualized TPM.
https://www.prajwaldesai.com/enable-tru ... l-machine/
We hope this feature comes soon to VirtualBox, since its prolly gonna be needed for windoze 11.
https://www.prajwaldesai.com/enable-tru ... l-machine/
We hope this feature comes soon to VirtualBox, since its prolly gonna be needed for windoze 11.
Re: TPM
Yes, I've just been looking for the exact same reason, pre release Windows 11 testing starting next week.bluegroper wrote:It seems the VMWare workstation has a virtualized TPM.
We hope this feature comes soon to VirtualBox, since its prolly gonna be needed for windoze 11.
-
- Volunteer
- Posts: 841
- Joined: 14. Sep 2019, 16:51
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: WIN11,10, 7, Linux (various)
- Location: United Kingdom
Re: TPM
Yes, it is a requirement:
- https://www.microsoft.com/en-gb/windows ... ifications
Many of Microsoft's own Surface range of computers (apart from more recent releases) don't seem meet the minimum requirements for Windows 11, e.g. Surface Book 1 and Surface Pros prior to Surface Pro 6, , so there could be a lot of disappointed owners of 'not so old' PCs. Seems close to Apple's long-standing approach to limiting OS upgrade installations on 'older' hardware.
- https://www.microsoft.com/en-gb/windows ... ifications
Many of Microsoft's own Surface range of computers (apart from more recent releases) don't seem meet the minimum requirements for Windows 11, e.g. Surface Book 1 and Surface Pros prior to Surface Pro 6, , so there could be a lot of disappointed owners of 'not so old' PCs. Seems close to Apple's long-standing approach to limiting OS upgrade installations on 'older' hardware.
-
- Volunteer
- Posts: 5677
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: TPM
mpack wrote:Is it definitely going to be needed for Win11?
Well, yes and no. IMHO, a TPM 2.0 is a requirement for physical hardware, but not for virtual machines. Download the Windows 11 minimum hardware requirements document linked within Windows minimum hardware requirements, and especially read chapter 5, which is about virtual machines.multiOS wrote:Yes, it is a requirement:
Regarding physical hardware, a TPM 2.0 was already a requirement for Window 10 PCs built after July 2016, so it isn't even a new requirement, only the enforcement is new.
That will already be enforced by the CPU requirement (e.g. Intel 8th gen. CPUs). See Windows Processor Requirements for the details.mpack wrote:Because that would exclude Win11 from running on a bunch of older PCs.