TPM for KVM please?


NLS

Recommended Posts

the RC1 already completely messes up my unraid (VMs and docker paths are completely messed up) so the solution to install a test branch is a no go... 

 

Honestly I'm getting tired of all this and I'm seriously considering going back to a bare metal system...

 

Link to comment
2 minutes ago, NLS said:

I will see now if the key to allow unsupported CPU will allow me to update Win11 before it expires. :/

 

Unsuported cpu is not a stopper, at least with clean installation, no hacks needed. You should be able to update as far as you have a compatible secure boot, tpm and enough ram and storage.

Link to comment
27 minutes ago, ghost82 said:

Unsuported cpu is not a stopper, at least with clean installation, no hacks needed. You should be able to update as far as you have a compatible secure boot, tpm and enough ram and storage.

 

We'll see, it is updating now. Last time (before rc2) I think it failed AFTER it installed the update (and reverted it).
Installation is not clean. It was an older Win10 VM that got upgraded to 11.
Compatibility checker, now shows TPM 2.0 green, but CPU red.
We'll see.

AFAIK KVM cannot report a fake CPU.

 

Link to comment
On 10/20/2021 at 1:10 PM, ich777 said:

Maybe...
I haven't looked into what the script does.

Also don't unterstand why this is even needed.

As said I would recommend to revert the changes, maybe reboot unRAID and wait for RC2. ;)

Sent from my C64
 

Hi,

 

I wrote the integration guide, the script is needed to restore the TPM state…

 

regards

 

Zoltan

Link to comment
On 10/22/2021 at 10:20 AM, ich777 said:

I can only speak for myself and I started looking at the beginning of October into it how swTPM is working and also support BitLocker without recovering the drive every time you reboot the host (unRAID), BitLocker is with the current method possible but you have to recover the driver every time you reboot the host.

 

The other way also involves to create a user script that maybe break your Dockers <- this is a thing that I can't confirm but if you read back in the thread you will see that some users reported that some Docker containers are broken on reboot with the other way.

 

Please also keep in mind a template needs to be created for Windows 11 and a more or less easy way of upgrading or changing the BIOS type from the VM to the new TPM type is also needed, this also involves writing tutorials on how to do this step by step and so on...

Keep in mind this is all time consuming and needs to be tested so that everything is working correctly and not breaking anything.

 

But the requirement for TPM and that secure boot is available is. ;)

 

 

Keep in mind this is all from my perspective as a community developer.


so the TPM support in RC2 doesn’t support keeping the TPM state persistent? Then I will continue to use my integration

 

Zoltan

Link to comment
On 10/20/2021 at 1:06 PM, esaru said:

Thank you!

 

Some people mentioned that this guide breaks their dockers. Could this be the reason that my jackett docker randomly stopped working? It boots up alright, log seems fine but I can't access the webui.

I can’t see why my script would break docker… it is only setting up a symlink and adjusting /var/lib permission. If you don’t need Bitlocker then you won’t need the script…

Link to comment
5 hours ago, rezo said:


so the TPM support in RC2 doesn’t support keeping the TPM state persistent? Then I will continue to use my integration

 

Zoltan

Im using it since Ysterday from windows 10 updated to Windows 11 and i restart the server multiple times foe the test and it is persistent so far no issues.

The only problem as for me is my built-in Bluetooth driver cannot be installed on 6.10rc2 its saying error code 10.

  • Like 2
Link to comment

Hello all, 
I am not very familiar with the TPM 2.0 topic. Well for me the trick with the registry works fine on my test Windows 11. This also before the RC 2 of unraid.
However, I would like to understand how the fix should work from ich777. 
Therefore some questions: 
Is there anything I need to be aware of or do after installing RC2? 
I have an X570 Strix E-Gaming board with a 3950X CPU according to the list must be set up in the BIOS/Advanced\AMD fTPM configuration firmware TPM, this is the case for me, but Windows 10/11 does not detect TPM, can someone help me? 

Link to comment
8 minutes ago, taafedi1 said:

However, I would like to understand how the fix should work from ich777. 

This is not really a fix, it is a implementation in unRAID so that you can utilize swTPM (emulated TPM) in a VM.

 

8 minutes ago, taafedi1 said:

Is there anything I need to be aware of or do after installing RC2? 

You mentioned that you made some registry tweaks in Windows itself? I sadly can't help with that but I think this tweaks will be reverted when a "bigger" update from Windows is released or am I wrong about that?

 

8 minutes ago, taafedi1 said:

I have an X570 Strix E-Gaming board with a 3950X CPU according to the list must be set up in the BIOS/Advanced\AMD fTPM configuration firmware TPM

This is a VM and since this is a emulated TPM device you don't need to setup anything in your BIOS, unRAID will take cover of that via emulation.

 

Here are the instructions what needs to be changed in your VM template to enable the emulated TPM: Click

(Start at "Shutdown your Windows 10 VM" and stop at "Save the changes and start the VM", of course you have to be on RC2 to be able to make the changes)

 

Hope that makes sense to you.

  • Like 1
Link to comment
15 hours ago, ich777 said:

This is not really a fix, it is a implementation in unRAID so that you can utilize swTPM (emulated TPM) in a VM.

 

You mentioned that you made some registry tweaks in Windows itself? I sadly can't help with that but I think this tweaks will be reverted when a "bigger" update from Windows is released or am I wrong about that?

 

This is a VM and since this is a emulated TPM device you don't need to setup anything in your BIOS, unRAID will take cover of that via emulation.

 

Here are the instructions what needs to be changed in your VM template to enable the emulated TPM: Click

(Start at "Shutdown your Windows 10 VM" and stop at "Save the changes and start the VM", of course you have to be on RC2 to be able to make the changes)

 

Hope that makes sense to you.

perfect i didn't now about the OVMF TPM BIOS Profile. that was really helpfull. 
Thx ich777 top job! 

  • Thanks 1
Link to comment

Any update on how "soon" the next release will be out?

 

Alturismo posted on Sept 30th;

Quote

i can say i made alot of tests with @ich777 and it looks all good to be coming soon (very)

 

its now a matter to make it as easy as possible due webgui which is also pretty far done, so no manual actions would be needed.

 

AMD has patched their Win11 bugs so looking to get it going on my rig.

 

Thanks gents.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.