Windows 11 System Requirements Announced - does it pose any issues?


Recommended Posts

  • Processor: 1 GHz or faster with 2 or more cores on a compatible 64-bit processor. (Microsoft links to a list of compatible processors for Windows 10 but has not yet updated the list for Windows 11).

  • RAM: 4 gigabytes or more

  • Storage: 64 GB or larger storage device (such as a hard drive or SSD)

  • System Firmware: UEFI and Secure Boot capable

  • TPM: Trusted Platform Module 2.0 (common on motherboards manufactured after 2016)

  • Graphics Card: Compatible with DirectX 12 or later with WDDM 2.0 driver

  • Display: An HD display at least 720p (1280×720) resolution larger than 9″ diagonal, 8-bits per color channel

  • Internet Connection and Microsoft Accounts: Windows 11 Home edition requires an internet connection and a Microsoft account to set up the device on first use. Switching a device out of Windows 11 S mode also requires an internet connection.

 

Do any of these suggest there will be issues running it in a VM? The TPM2 requirement is what I am curious about. 

Link to comment
19 hours ago, ghost82 said:

no issues, and qemu already supports tpm 2.0

Hi, what you mean with no issues. 

 

Is unraid able to emulate Tpm? 

Or you mean we can passtrough the device itself. 

 

I can't figure it out. Thanks in advance. 

 

Link to comment
1 hour ago, Ninnetyer said:

Hi, what you mean with no issues. 

 

Is unraid able to emulate Tpm? 

Or you mean we can passtrough the device itself. 

 

I can't figure it out. Thanks in advance. 

 

it's not unraid, it's qemu: unraid is the os, it's a customized linux distribution, virtual machines run in qemu+kvm and libvirt, which are packages.

It's qemu that already supports emulation of tpm 2.0, tpm can be emulated or passed through, you will install windows 11 just like you install any other windows vm.

If you search in youtube you can already find some videos of someone that installed the preview version of win11 in qemu.

Edited by ghost82
Link to comment
23 minutes ago, ghost82 said:

it's not unraid, it's qemu: unraid is the os, it's a customized linux distribution, virtual machines run in qemu+kvm and libvirt, which are packages.

It's qemu that already supports emulation of tpm 2.0, no need to passthrough anything, you will install windows 11 just like you install any other windows vm.

If you search in youtube you can already find some videos of someone that installed the preview version of win11 in qemu.

 

Oh yeah, I am aware of that, I meant unraid as a whole.


Now is there any additional step to take to enable such feature for tpm emulation?, cause currently I am running latest unraid version, with a passed trough nvidia card, uefi enabled windows 10, but when accessing tpm.msc in windows I get that there is no TPM compatibility.

Link to comment
21 minutes ago, ghost82 said:

yes, please read official libvirt documentation:

https://libvirt.org/formatdomain.html#tpm-device

 

You can think at libvirt as the xml of your vm

 

Hey ghost82, thanks for pointing that info, now I am facing the problem that there is no binary in unraid, so I am facing the "Unable to find 'swtpm' binary in $PATH: No such file or directory" message.

 

Any clue on how to get those binarys installed in unraid?

Link to comment

I just ran a Windows 11 compatibility check on my working Windows 10 VM (OVMF BIOS) using Microsoft PC Health Check tool and recieved the following incombatibility error.

"The PC must support Secure Boot"

 

Does this mean I cannot / will not be able to upgrade to Windows 11?

 

image.thumb.png.74706fdd366fd9716000ff5f2888f994.png

Edited by theone
Link to comment

Would there be any benefit to TPM being a core part of unRAID?

 

for instance every mention of windows 11 and TPM is bitlocker encryption. Could unRAID use TPM to encrypt your array or could any other benefits/features of TPM be worthwhile additions to unRAID’s core functionality?

 

I’m running old hardware, 3rd gen i7. I just googled the motherboard manual and it mentions TPM 1.2 but I couldn’t tell you if it’s a module, software or a bios setting. 
 

the point i’m trying to make is with UnRAID’s latest SSL login and tying it your forum login, could TPM be an added optional benefit to protecting your server?

Edited by Jammy B
Link to comment
2 minutes ago, dodgypast said:

That version doesn't require TMP going forward from the build that will be released next week it will be required:

https://www.thurrott.com/windows/windows-11/252333/how-to-get-started-testing-windows-11

Well the leak definitely required TMP and secure boot. I had to turn both on when installing on my ryzen desktop with a gigabyte b450 motherboard  It was easier installing in a VM for sure.  

Link to comment
7 hours ago, david279 said:

I didn't have to enable tpm or secure boot

That is what I found by looking at some videos: no secure boot, nor tpm configured in the vm, installation completed without issues.

1 hour ago, david279 said:

I had to turn both on when installing on my ryzen desktop

 

1 hour ago, dodgypast said:

That version doesn't require TMP

I was thinking that the leaked iso didn't require tpm too, but something sounds strange: why it installs in qemu with no secure boot, nor tpm configured but not in bare metal?

I would wait for an official build and study that instead of making assumptions on a leaked iso.

-------

UPDATE: this explains why you can install win11 in qemu without that requirements, from Microsoft:

Quote

So, while Microsoft recommends that all virtualized instances of the Windows 11 follow the same minimum hardware requirements as described in Section 1.2, the Windows 11 does not apply the hardware-compliance check for virtualized instances either during setup or upgrade. Note that, if the virtualized environment is provisioned such that it does not meet the minimum requirements, this will have an impact to aspects of the user experience when running the OS in the virtualized environment

-------

Unfortunately my board hasn't tpm at all for a bare installation, nor a connector, so moving the os into a vm could be an option to consider, and I think that a lot of users have quite old hardware but still functioning and performing (tpm 2.0 should be from 2019!): I hope microsoft could reconsider the mandatory requirements.

And if it won't be microsoft someone else will probably allow us to install it without that requirements (there are already at least a couple of methods to install win11 in bare metal without tpm nor secure boot).

Moreover, from Microsoft:
 

Quote

A UEFI firmware option to turn off the TPM is not required. Upon approval from Microsoft, OEM systems for special purpose commercial systems, custom order, and customer systems with a custom image are not required to ship with a TPM support enabled.

So it seems possible to have a custom iso with no tpm requirement.

And this probably means that you will have the tpm check only during installation, so there should be only the need to bypass the tpm check during installation in a bare metal installation.

Edited by ghost82
Link to comment
14 hours ago, Ninnetyer said:

I am facing the "Unable to find 'swtpm' binary in $PATH: No such file or directory"

Unfortunately Unraid doesn't include the swtpm package, you need to compile yourself (and) include it in the bzroot file, or wait for it to be included into unraid, or maybe there's some third party app which can install that package (like nerd-tools which installs some useful packages), I don't know.

However, as explained above there's no need to set tpm nor secure boot.

Edited by ghost82
Link to comment
14 hours ago, theone said:

"The PC must support Secure Boot"

 

I have tried to set this in my XML-File:
https://specs.openstack.org/openstack/nova-specs/specs/train/approved/allow-secure-boot-for-qemu-kvm-guests.html

  <os firmware='efi'>
    <type arch='x86_64' machine='pc-q35-5.1'>hvm</type>
    <loader secure='yes'/>
  </os>

But now I am missing the template nvram file: /usr/share/qemu/edk2-i386-vars.fd
Probably configured through: /usr/share/qemu/firmware/50-edk2-x86_64-secure.json


Using the existing nvram file of the VM just turns all cores asigned to the VM to 100% and a black screen.
Nothing special in the log.

 

Edited by Keksgesicht
Link to comment
4 hours ago, ghost82 said:

Unfortunately Unraid doesn't include the swtpm package, you need to compile yourself (and) include it in the bzroot file, or wait for it to be included into unraid, or maybe there's some third party app which can install that package (like nerd-tools which installs some useful packages), I don't know.

However, as explained above there's no need to set tpm nor secure boot.

Maybe it would be worth having @limetech include swamp in the unraid kernel in future releases given that MS suggests not meeting the requirements in VMs might mean a reduced feature set. I wouldn’t think including swamp in the kernel would impose much extra work or introduce any problems into the process. I could, of course, be very very wrong here.

  • Like 2
Link to comment
2 hours ago, Keksgesicht said:

Using the existing nvram file of the VM just turns all cores asigned to the VM to 100% and a black screen

Most probably because that fd files are not compiled with the secureboot flag.

I think there's no need to modify the template, just point to secboot OVMF_CODE.fd and OVMF_VARS.fd.

I compiled edk2 from sources with -DSECURE_BOOT_ENABLE=TRUE, I'm attaching the files here.

Beside this I think you need additional steps to configure the default set of keys.

Quote

The second, you can enroll the default UEFI keys in the “VARS” file, using the UefiShell.iso + EnrollDefaultKeys.efi utilities shipped by various Linux distributions (as part of their EDK2 / OVMF packages), and place it in the appropriate location.

https://github.com/rhuefi/qemu-ovmf-secureboot

 

I don't know if they work, I cannot try on a vm.

2 hours ago, Mantene said:

include swamp

It's swtpm :D

 

But again...there's no need to enable secure boot, nor tpm. In real I don't like them at all, from my experience they caused only issues.

 

6 hours ago, ghost82 said:

there are already at least a couple of methods to install win11 in bare metal without tpm nor secure boot

Moreover, since the check is before installation, for a bare metal installation without secure boot and tpm, one can use a virtual machine with a passed through drive and install without any check and then boot directly without using the vm.

That was also the method used when the first beta of mac os big sur was launched and the bootloaders (clover/opencore) were not still able to inject kexts during installation.

OVMF-stable202105-secboot.zip

EnrollDefaultKeys.efi

UefiShell.iso

OVMF_VARS.fedora-extracted-embed-certificates.fd

Edited by ghost82
Link to comment

I will also say I was able to install windows 11 onto a older Intel laptop I have by copying the install.wim file from the windows 11 iso to a windows 10 iso and installing using the modified windows 10 iso. It's kinda hacky but worked. Now will Microsoft fix that loophole maybe...but I'm sure people will find ways around the tpm and secure boot requirements.

Link to comment

Small report from my side. Yesterday I played around a bit with the leaked win11 build on Unraid VMs.

  • Install on Seabios and OVMF both worked fine.
  • Fresh install of Win11 home without network isn't possible. You need network access on a fresh Home install. Pro works without internet and the use of a local profil is possible
  • Upgrade from Win10 Home to Win11 Home worked without internet access
  • Upgrade from Win10 Pro Seabios or OVMF both worked without any problems
  • Upgrade from Win10 German to Win11 (only available in english) also worked
  • all tests with default Win10 template, only changes I made are on the BIOS versions, 8GB Ram, 60GB vdisk, 6 cores

Not sure what the future limitations like secureboot and tpm2 are, the current build is more like a new Win10 version.

  • Thanks 1
Link to comment
1 hour ago, bastl said:

Not sure what the future limitations like secureboot and tpm2 are

Thanks for your report, so it seems win11 is still compatible in legacy mode too!

As far as I know only tpm affects windows functionality for bitlocker, which I never used and I'm not interested in it.

Secure boot ensures that only trusted code is executed on boot, and it does not affect the os functionality: and since I like playing with bootloaders and firmwares I hate secure boot too, so not interested in it :D

Link to comment

Don't know where it will take me, I installed the leaked DEV version and I just used the insider program menu in settings to add it to the dev channel.

 

I'll see what happens over the next couple of days to see if it gets updated to match up with the insider release.

 

I am wondering if the leaked build was coded to ignore TPM requirements if it detected it was being installed on a QEMU platform. However from what I've gleaned MS seem to be pushing people to upgrade Windows 10 installations to Windows 11 rather than offering a Windows 11 insider program ISO.

 

hopefully @limetech will be working behind the scenes to let us know if / how they'll be supporting TPM going forward. Bearing in mind I can't find anything on Level 1 tech's vfio forum I wouldn't expect anything quickly.

Link to comment
8 minutes ago, dodgypast said:

I am wondering if the leaked build was coded to ignore TPM requirements if it detected it was being installed on a QEMU platform

From the official microsoft, hardware checks are not performed on virtualized environments.

Most probably there will be no need to emulate tpm at all in qemu.

And qemu is already supporting tpm 2.0!So nothing new.

Edited by ghost82
Link to comment

I didn't realize Windows 11 was going to be pushed out to Windows 10 Dev Ring users. I now have Windows 11 on my Windows VM. It was not exactly a pleasant surprise, but I may stick with it. 

It says my computer does not meet the requirements for Windows 11 and that I will be required to reinstall Windows 10 when Windows 11 becomes generally available. Apparently, it requires secure boot be enabled to "comply" with the requirements. 

 

So, question - how does one enable secure boot on an existing VM?

Link to comment

Just installed a new Win10 VM as instructed by Spaceinvader: https://www.youtube.com/watch?v=RD6OWYJOIzU

Upgraded Win11 as instructed by Kevin Stratvert:  https://www.youtube.com/watch?v=hrwUUbaUUOg

 

It works just fine on a 4790k and ASUS Z97 Deluxe without TPM module.

 

So I suggest that you make a VM like this and keep it if you have an older rig, before MS blocks the opportunity to do so.

 

Edited by UNRAID_Hydra
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.