TPM

Discussions about using Windows guests in VirtualBox.
Joho
Posts: 1
Joined: 15. Jan 2019, 10:04
Primary OS: Ubuntu other
VBox Version: PUEL
Guest OSses: W7, W10, Xubuntu 18

TPM

Post by Joho »

Folks,
TPM (Trusted Platform Module) support became necessary.
Using Virtual Box to run Windows 10 as guest on Ubuntu 18 host. The company setup of Windows 10 requires access to the TPM to function properly.
Running Windows 10 without having a TPM is not supported by our corporate setup.
This might get a trend in other companies as well.

Please consider adding a Virtual TPM support.
THANK YOU.
Joho
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: TPM

Post by mpack »

I suggest that you check out the new features in VirtualBox 6.0.0. Of course these features will probably take a few maintenance updates to bed in.
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: TPM

Post by socratis »

mpack wrote:I suggest that you check out the new features in VirtualBox 6.0.0.
mpack, I haven't seen any references regarding TPM in VirtualBox 6.0.0, or in general...
Joho wrote:Running Windows 10 without having a TPM is not supported by our corporate setup. This might get a trend in other companies as well.
Well, your and the rest of the companies could buy some support contracts from Oracle and fund in a sense the development of TPM. Your companies (and perhaps a user or two here and there) would be thankful! ;)
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: TPM

Post by mpack »

TPM is one of the newish Win10 security features based on Hyper-v is it not? In which case v6 has a potential approach.
andyp73
Volunteer
Posts: 1631
Joined: 25. May 2010, 23:48
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Assorted Linux, Windows Server 2012, DOS, Windows 10, BIOS/UEFI emulation

Re: TPM

Post by andyp73 »

To do it properly I would expect that either the hosts TPM hardware will need to be passed to the guest (I haven't checked so don't know if that is actually possible) or a virtual TPM will need to be created. I think one exists in KVM which might be a useful starting point if someone wanted to do it.

-Andy.
My crystal ball is currently broken. If you want assistance you are going to have to give me all of the necessary information.
Please don't ask me to do your homework for you, I have more than enough of my own things to do.
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: TPM

Post by socratis »

TPM (Trusted Platform Module) AFAIK as it is implemented on a PC, involves a chip in the motherboard. This is something that VirtualBox would have to include either in the BIOS (I don't think so, you can forget the VirtualBox BIOS evolving to include that), or in the EFI (more probable). So far, there's nothing there...
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: TPM

Post by mpack »

Ah, I hadn't interpreted the OPs post as saying that the guest had to have TPM access, just that it had to be compatible with it. I don't know why a guest would be restricted to the same Win10 image that the host uses, I guess they want to use the same corporate license.
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: TPM

Post by socratis »

andyp73 wrote:To do it properly I would expect that either the hosts TPM hardware will need to be passed to the guest
They're already doing something like that with the Apple SCM chip when booting in EFI. That's why you can only boot genuine OSX guests on OSX hosts. Maybe (no clue) something like that could be implemented for the TPM chip...
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Steve Cliff
Posts: 2
Joined: 1. Jul 2019, 10:38

Re: TPM

Post by Steve Cliff »

A few months old I know but very relevant to me needs currently :)

TPM shouldn't be tied to the underlying hardware of the host but must be virtual IMO - if not then if you were to spin up two VM's they would have to share the same security principles - not good!
VMWare Workstation seems to have implemented a good solution here - they currently support TPM 2.0 virtually so no cross over between VM's and up-to-date v2 so that it can be used with the latest Microsoft "Intune" stuff that corporates tend to like.

Would love to see this in Virtualbox, although my 30 year old BASIC experience probably won't be up-to-scratch for it - lol!
Steve Cliff
Posts: 2
Joined: 1. Jul 2019, 10:38

Re: TPM

Post by Steve Cliff »

mpack wrote:TPM is one of the newish Win10 security features based on Hyper-v is it not? ...
Just for info, it's at BIOS/EFI level and doesn't need hyper-v support to be enabled.
bluegroper
Posts: 50
Joined: 22. Dec 2008, 08:14
Primary OS: FreeBSD
VBox Version: OSE other
Guest OSses: Windozes, Linuxes, BSD's
Location: Would rather be swimming.

Re: TPM

Post by bluegroper »

It seems the VMWare workstation has a virtualized TPM.
https://www.prajwaldesai.com/enable-tru ... l-machine/

We hope this feature comes soon to VirtualBox, since its prolly gonna be needed for windoze 11.
krafty11
Posts: 2
Joined: 25. Jun 2021, 21:59

Re: TPM

Post by krafty11 »

bluegroper wrote:It seems the VMWare workstation has a virtualized TPM.

We hope this feature comes soon to VirtualBox, since its prolly gonna be needed for windoze 11.
Yes, I've just been looking for the exact same reason, pre release Windows 11 testing starting next week.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: TPM

Post by mpack »

Is it definitely going to be needed for Win11? Because that would exclude Win11 from running on a bunch of older PCs.
multiOS
Volunteer
Posts: 800
Joined: 14. Sep 2019, 16:51
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: WIN11,10, 7, Linux (various)
Location: United Kingdom

Re: TPM

Post by multiOS »

Yes, it is a requirement:

- https://www.microsoft.com/en-gb/windows ... ifications

Many of Microsoft's own Surface range of computers (apart from more recent releases) don't seem meet the minimum requirements for Windows 11, e.g. Surface Book 1 and Surface Pros prior to Surface Pro 6, , so there could be a lot of disappointed owners of 'not so old' PCs. Seems close to Apple's long-standing approach to limiting OS upgrade installations on 'older' hardware.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: TPM

Post by fth0 »

mpack wrote:Is it definitely going to be needed for Win11?
multiOS wrote:Yes, it is a requirement:
Well, yes and no. IMHO, a TPM 2.0 is a requirement for physical hardware, but not for virtual machines. Download the Windows 11 minimum hardware requirements document linked within Windows minimum hardware requirements, and especially read chapter 5, which is about virtual machines.

Regarding physical hardware, a TPM 2.0 was already a requirement for Window 10 PCs built after July 2016, so it isn't even a new requirement, only the enforcement is new.
mpack wrote:Because that would exclude Win11 from running on a bunch of older PCs.
That will already be enforced by the CPU requirement (e.g. Intel 8th gen. CPUs). See Windows Processor Requirements for the details.
Locked