Follow up:
The Win10 host system's TPM "Specification Version" is 1.2 and cannot be updated (Lenovo W530 laptop).
But... The Win10 guest shows that "Standard hardware security is not supported".
TPM seems to be enabled by changing the guest's TPM setting in "System" > "Motherboard" > "TPM" = 2.0 (currently set to "none")
- Will that cause a problem with the guest on the next boot? Or will it just discover the new TPM "hardware" and be happy?
EDIT -
I changed the guest's settings to TPM=2.0 and rebooted.
I checked the "Device Driver" page for the guest, and the Trusted Platform Module 2.0 is in installed, but it didn't start.
Device Status:
This device cannot start. (Code 10)
A protocol error was detected between the driver and the device.
The Windows Security setting still shows "Standard hardware security is not supported".
Uninstalling / rescanning is the same and "Update Driver" shows it has the latest driver (Microsoft, 6/21/2006, 10.0.19041.4291).
... technically you would need a way to convert your BIOS windows 10 installation to a UEFI windows 10 installation
Is it safe to assume that "Enable EFI (Special OSes Only) in the guest's Settings the same as enabling UEFI? Otherwise, I can't find a setting labeled "UEFI".
The link provided shows the way (potentially) to convert the existing "BIOS" booting to "UEFI" booting:
https://answers.microsoft.com/en-us/win ... 1405f800d7
I understand this may or may not work. So, I'll make sure to make a clone the guest before I start.
EDIT -
The conversion command couldn't validate the Disk, so it couldn't start the conversion.
The procedure on the link is outdated. The menus have changed, and it takes a few extra clicks to get to the CMD window (after a restart).
Then the 1st test is "mbr2gpt.exe /validate /allowfullos" and it fails with the message "Disk layout validation failed for disk 0".
Also, before you start, make sure you have the login details for the local machine's Admin account. Using a domain account isn't going to allow you to get to the point where you can run the mbr2gpt command
then add the registry's windows 11 bypass that you can find in the guest additions so that it won't complain about the CPU and then upgrade
Looking in the guest's C:\Program Files\Oracle\VirtualBox Guests Editions\ folder, there are a few .inf files, but none seem to have any obvious "windows 11 bypass" parameter.
Any clues here?
EDIT -
Also, thanks for posting this link.
"
1) Download the Windows 11 ISO
You’ll need to download the ISO. In our testing, this trick doesn’t work with the Windows 11 Install Assistant, it doesn’t trigger Windows Update, and it doesn’t fool Microsoft’s PC Health Check tool."
This "solution" edits the registry to skip the CPU check when running the install / upgrade from the Windows 11 ISO image. But, the downside is that Microsoft may decide not to allow the system to download updates.
I'll start with a fresh install of Win10 and then play around with it.
My guess it this will be easier as I could set the TPM2.0 and UEFI boot before the install and then just find the registry tag that needs to be edited.
EDIT -
Well, I was wrong about this approach being easier.
The Windows 10 Business Editions version 1903 ISO image I have doesn't seem to support EFI booting. I've used it dozens of times on VM and laptops, but always in BIOS boot mode. With the installation ISO file mounted, the new guest simply cycles through a couple of times and gives up with the error message that no bootable device is found.
Then I'll play with some of the suggestion and see what happens with the copied VDI.