Partial success enabling TPM2 in an existing qemu guest VM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

What finally got my existing Win10 guest VM (originally upgraded from Win7) to see a TPM2 device was the following process:
1) Make a copy of the raw disk image. This isn't really necessary, but I did this for backup purposes.
2) In virt-manager I created a new VM, pointing to the existing raw disk image, and directed it to use the canned "Windows 10" operating system configuration, and also selecting the manual configuration option, and then using that to add the TPM2 module. Google searches seemed to suggest that the "TIS" model is the one to use, so that's what I selected.
3) This creates a new VM with the emulated "Q35" chipset, rather thanthe existing i440fx chipset, that Win7 was originally configured for. This is the trick, apparently.
When I booted the new VM, Windows 10 went through some noticable setup and reconfiguration, but it did survive the transplant. The only result was it required me sign into my Microsoft account (I recommend that the Win10 seat be registered to a Microsoft account before doing this, this appears to be the simplest way to avoid license/activation problems). Over the next couple of minutes Windows10 also popped up occasional prompts about setting up this PCI device, or that PCI device. But nothing seemed to indicate a problem with the new VM.
And it now sees the TPM2 device, however it does show a "Device health attestion isn't available" because "Your device does not support this feature". After a few minutes it offered me the option to "Clear TPM" to fix this issue (initially the button was disabled, but it became enabled a few minutes after the boot). However that made no difference, this status remained after the "Clear TPM" and the reboot. I have another Win10 license which I'll try, later, with the other "CRB" emulated TPM model, to see if that works fully. It's also possible that this is it's way of expressing that it knows it's running in a VM. And it now sees the TPM2 device, however it does show a "Device health attestion isn't available" status because "Your device does not support this feature".
Is anyone else getting this error in the "Security processor troubleshooting" (21H1, with all updates installed)?

Attachment: pgpaZehyaYFf_.pgp
Description: PGP signature

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux