TPM

Discussions about using Windows guests in VirtualBox.

TPM

Postby Joho » 15. Jan 2019, 10:35

Folks,
TPM (Trusted Platform Module) support became necessary.
Using Virtual Box to run Windows 10 as guest on Ubuntu 18 host. The company setup of Windows 10 requires access to the TPM to function properly.
Running Windows 10 without having a TPM is not supported by our corporate setup.
This might get a trend in other companies as well.

Please consider adding a Virtual TPM support.
THANK YOU.
Joho
Joho
 
Posts: 1
Joined: 15. Jan 2019, 10:04
Primary OS: Ubuntu other
VBox Version: PUEL
Guest OSses: W7, W10, Xubuntu 18

Re: TPM

Postby mpack » 15. Jan 2019, 12:06

I suggest that you check out the new features in VirtualBox 6.0.0. Of course these features will probably take a few maintenance updates to bed in.
mpack
Site Moderator
 
Posts: 34248
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: TPM

Postby socratis » 15. Jan 2019, 12:21

mpack wrote:I suggest that you check out the new features in VirtualBox 6.0.0.
mpack, I haven't seen any references regarding TPM in VirtualBox 6.0.0, or in general...

Joho wrote:Running Windows 10 without having a TPM is not supported by our corporate setup. This might get a trend in other companies as well.
Well, your and the rest of the companies could buy some support contracts from Oracle and fund in a sense the development of TPM. Your companies (and perhaps a user or two here and there) would be thankful! ;)
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
socratis
Site Moderator
 
Posts: 27690
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: TPM

Postby mpack » 15. Jan 2019, 14:16

TPM is one of the newish Win10 security features based on Hyper-v is it not? In which case v6 has a potential approach.
mpack
Site Moderator
 
Posts: 34248
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: TPM

Postby andyp73 » 15. Jan 2019, 14:34

To do it properly I would expect that either the hosts TPM hardware will need to be passed to the guest (I haven't checked so don't know if that is actually possible) or a virtual TPM will need to be created. I think one exists in KVM which might be a useful starting point if someone wanted to do it.

-Andy.
My crystal ball is currently broken. If you want assistance you are going to have to give me all of the necessary information.
Please don't ask me to do your homework for you, I have more than enough of my own things to do.
andyp73
Volunteer
 
Posts: 1642
Joined: 25. May 2010, 23:48
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Assorted Linux, Windows Server 2012, DOS, Windows 10, BIOS/UEFI emulation

Re: TPM

Postby socratis » 15. Jan 2019, 15:38

TPM (Trusted Platform Module) AFAIK as it is implemented on a PC, involves a chip in the motherboard. This is something that VirtualBox would have to include either in the BIOS (I don't think so, you can forget the VirtualBox BIOS evolving to include that), or in the EFI (more probable). So far, there's nothing there...
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
socratis
Site Moderator
 
Posts: 27690
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: TPM

Postby mpack » 15. Jan 2019, 15:51

Ah, I hadn't interpreted the OPs post as saying that the guest had to have TPM access, just that it had to be compatible with it. I don't know why a guest would be restricted to the same Win10 image that the host uses, I guess they want to use the same corporate license.
mpack
Site Moderator
 
Posts: 34248
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: TPM

Postby socratis » 15. Jan 2019, 17:00

andyp73 wrote:To do it properly I would expect that either the hosts TPM hardware will need to be passed to the guest

They're already doing something like that with the Apple SCM chip when booting in EFI. That's why you can only boot genuine OSX guests on OSX hosts. Maybe (no clue) something like that could be implemented for the TPM chip...
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
socratis
Site Moderator
 
Posts: 27690
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: TPM

Postby Steve Cliff » 1. Jul 2019, 10:41

A few months old I know but very relevant to me needs currently :)

TPM shouldn't be tied to the underlying hardware of the host but must be virtual IMO - if not then if you were to spin up two VM's they would have to share the same security principles - not good!
VMWare Workstation seems to have implemented a good solution here - they currently support TPM 2.0 virtually so no cross over between VM's and up-to-date v2 so that it can be used with the latest Microsoft "Intune" stuff that corporates tend to like.

Would love to see this in Virtualbox, although my 30 year old BASIC experience probably won't be up-to-scratch for it - lol!
Steve Cliff
 
Posts: 2
Joined: 1. Jul 2019, 10:38

Re: TPM

Postby Steve Cliff » 1. Jul 2019, 10:44

mpack wrote:TPM is one of the newish Win10 security features based on Hyper-v is it not? ...

Just for info, it's at BIOS/EFI level and doesn't need hyper-v support to be enabled.
Steve Cliff
 
Posts: 2
Joined: 1. Jul 2019, 10:38

Re: TPM

Postby bluegroper » 25. Jun 2021, 08:24

It seems the VMWare workstation has a virtualized TPM.
https://www.prajwaldesai.com/enable-tru ... l-machine/

We hope this feature comes soon to VirtualBox, since its prolly gonna be needed for windoze 11.
bluegroper
 
Posts: 50
Joined: 22. Dec 2008, 08:14
Location: Would rather be swimming.
Primary OS: Linux other
VBox Version: OSE other
Guest OSses: Windozes, Linuxes, BSD's

Re: TPM

Postby krafty11 » 25. Jun 2021, 22:02

bluegroper wrote:It seems the VMWare workstation has a virtualized TPM.

We hope this feature comes soon to VirtualBox, since its prolly gonna be needed for windoze 11.


Yes, I've just been looking for the exact same reason, pre release Windows 11 testing starting next week.
krafty11
 
Posts: 2
Joined: 25. Jun 2021, 21:59

Re: TPM

Postby mpack » 26. Jun 2021, 11:05

Is it definitely going to be needed for Win11? Because that would exclude Win11 from running on a bunch of older PCs.
mpack
Site Moderator
 
Posts: 34248
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: TPM

Postby multiOS » 26. Jun 2021, 12:46

Yes, it is a requirement:

- https://www.microsoft.com/en-gb/windows ... ifications

Many of Microsoft's own Surface range of computers (apart from more recent releases) don't seem meet the minimum requirements for Windows 11, e.g. Surface Book 1 and Surface Pros prior to Surface Pro 6, , so there could be a lot of disappointed owners of 'not so old' PCs. Seems close to Apple's long-standing approach to limiting OS upgrade installations on 'older' hardware.
multiOS
Volunteer
 
Posts: 471
Joined: 14. Sep 2019, 16:51
Location: United Kingdom
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Windows 10Pro, 7

Re: TPM

Postby fth0 » 26. Jun 2021, 15:34

mpack wrote:Is it definitely going to be needed for Win11?

multiOS wrote:Yes, it is a requirement:

Well, yes and no. IMHO, a TPM 2.0 is a requirement for physical hardware, but not for virtual machines. Download the Windows 11 minimum hardware requirements document linked within Windows minimum hardware requirements, and especially read chapter 5, which is about virtual machines.

Regarding physical hardware, a TPM 2.0 was already a requirement for Window 10 PCs built after July 2016, so it isn't even a new requirement, only the enforcement is new.

mpack wrote:Because that would exclude Win11 from running on a bunch of older PCs.

That will already be enforced by the CPU requirement (e.g. Intel 8th gen. CPUs). See Windows Processor Requirements for the details.
fth0
Volunteer
 
Posts: 2160
Joined: 14. Feb 2019, 03:06
Location: Germany
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...

Next

Return to Windows Guests

Who is online

Users browsing this forum: linus100 and 14 guests