xtrap225 Posted November 20, 2023 Share Posted November 20, 2023 (edited) i am trying to get my work windows 11 image working as a vm. i have passed through my m.2 drive after imaging it as a bare metal machine. i am secure booting and passing through my /dev/tpmrm0 in tis mode. then i recover the bitlocker, then disable it in windows and allow the company policy to re-encrypt it. my intune company portal says i am compliant and is syncing ... however. i believe due to lack of smbios serial information my certlm>Personal>Certificates is lacking the machine certificate that allows my work vpn. this gets auto sync'd when the systems service tag is detected properly. i tried to edit the xml file and add everything i could using these instructions and dmidecode -s from the linux terminal on unraid https://libvirt.org/formatdomain.html#smbios-system-information all my settings are accepted and the log seems okay but i still can't see the serial in windows when i use either powershell's Get-WmiObject win32_bios | select Serialnumber or CMD's wmic bios get SerialNumber i beleive if i can get this to work then i will be 100% compliant and able to get my cert and therefore my vpn working. the libvirt.org page i linked above says the following Quote SMBIOS System Information Some hypervisors allow control over what system information is presented to the guest (for example, SMBIOS fields can be populated by a hypervisor and inspected via the dmidecode command in the guest). The optional sysinfo element covers all such categories of information. Since 0.8.7 does anyone know if this is disabled in unraid's implementation of libvirt? the only other thing that it might be that i will test asap is a couple entries that existed in the example on the page but weren't set on my bare metal system i left blank like so <entry name='version'></entry> but i will test removing them completely from the xml instead. or even setting them to what their output was which was 'Not Specified'. <entry name='version'>Not Specified</entry> any help would be greatly appreciate, if you have experience with this, or if you know that this feature has been removed from unraid's vm implementation. Edited November 20, 2023 by xtrap225 Quote Link to comment
xtrap225 Posted November 20, 2023 Author Share Posted November 20, 2023 found this and am going to try it. https://avdv.github.io/libvirt/formatdomain.html its a bit more clear that i need to change <hyperv mode='custom'> from my xml to either 'host' to copy the 'real' info, sort of like a passthrough for smbios sysinfo or 'emulate' to use the info i had described but not shown from the previous link, also shown in this. new link. sorry for that lack of detail but its maybe a bit private that info like serials and what. not. i will update this thread if i get it working. and as always and input is greatly appreciated. Quote Link to comment
Solution xtrap225 Posted November 20, 2023 Author Solution Share Posted November 20, 2023 okay that was very wrong. you cannot change the hyperv mode line, nor should you. i don't think. i changed the <smbios mode='sysinfo'/> to <smbios mode='host'/> removed .. <sysinfo type='smbios'> .. </sysinfo> if that fails. i will try again by putting the mode to 'emulate' and putting back the sysinfo lines with the bios and chassis info etc. Quote Link to comment
xtrap225 Posted November 20, 2023 Author Share Posted November 20, 2023 according to the log its working. but windows still won't show me the SerialNumber now that is in host mode, which would be ideal. but i guess i can keep testing just in case by fluke the emulate mode works. i have a feeling it will work but not work as well. really have a bad feeling i will get stuck here. Quote Link to comment
xtrap225 Posted November 20, 2023 Author Share Posted November 20, 2023 apparently it is working cause my cert came back. just had to be more patient. not my strong suit, when it comes to computers. especially since i still can't see the smbios sysinfo from the windows terminal. now i am doing hopefully my final decrypt and re-encrypt of bitlocker so i don't have to use my recovery key on each reboot. then i will just need to either get spice multi-monitor working properly or the AzureAD RDP bypass that is working on my other bare metal working machine (that i can't remember how i did), on this vm. without multi-monitors what is the point Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.