Windows 11 Now Enforces the Same System Requirements in Virtual Machines - Including TPM

[Craftyawesome]

Summary

Previously, installing or updating Windows 11 in a VM would ignore some requirements like TPM 2.0. However, this is no longer happening with beta build 22000.194 and dev build 22458. Attempting to update will throw an error.

 

 

Quotes

Quote

With all of the system requirement increases in Windows 11, one of the more prominent ones is TPM 2.0. However, that requirement is waived if you’re installing the new OS in a virtual machine, allowing you to test it out on unsupported hardware, as well as run it on things like Apple’s M1 Macs.

 

That’s going to change. Yesterday, Microsoft released Windows 11 build 22458 to the Dev channel, and at the time, the changelog only included some fixes and minor changes. Today, the blog post was updated to reflect that TPM 2.0 is now a requirement for VMs.

 

Later today, Microsoft released a new cumulative update for Windows 11 in the Beta channel, and that’s going to light up the TPM requirement as well. That means that when Windows 11 ships on October 5, TPM 2.0 is still going to be a requirement, even if you’re trying to run it in a virtual machine

 

Quote

This build includes a change that aligns the enforcement of the Windows 11 system requirements on Virtual Machines (VMs) to be the same as it is for physical PCs. Previously created VMs running Insider Preview builds may not update to the latest preview builds. In Hyper-V, VMs need to be created as a Generation 2 VM. Running Windows 11 in VMs in other virtualization products from vendors such as VMware and Oracle will continue to work as long as the hardware requirements are met.

 

My thoughts

It's a shame that MS did this, since a VM is a convenient way to try Windows 11 preview builds. The TPM requirement seems particularly annoying on a Windows host. Hyper-V works, but needs Windows Pro. I couldn't find an indication that Virtualbox supports TPM 2.0 (the above mention of Oracle seems to be about Oracle VM Server or something). VMWare does support vTPM, but it wants an encrypted VM, which the free version cannot create. Outside of Windows, Parallels and QEMU support TPM 2.0.

 

Sources

https://www.xda-developers.com/windows-11-vms-will-likely-soon-require-tpm-2-0/

https://blogs.windows.com/windows-insider/2021/09/15/announcing-windows-11-insider-preview-build-22458/

https://blogs.windows.com/windows-insider/2021/09/16/announcing-windows-11-insider-preview-build-22000-194/

https://techbuzz.asia/2021/09/16/the-latest-build-of-windows-11-is-offering-an-error-message-on-some-computers-that-do-not-have-a-tpm-2-0-chip/

[da na]

Just...

stop. 

 

 

Just stop, Microsoft.

Literally stop. 

 

[bmx6454]

i'm curious why they are pushing tpm so hard. i get that it is more secure, but afaik most people don't want it, so why push it so hard?

[bcredeur97]

how long before MS goes full walled garden like apple? 

[Eric Kazer]

MS wants to support hardware companies. You will need 8th gen or better for the TPM 2.0 support to be built in to CPU. You will also need to have Secure boot enabled. If your not sure, run WhyNotWin11. It's a monopoly again.

[Eric Kazer]

We'll have to except new requirements or switch to a Linux distro. I would reluctantly stay with Microsoft. More games run on it right now. For us Linux is quite limited in this department. I will say that I do not like where they are going with this. Who knows how much stricter it will get, hardware is only the beginning.

[da na]

8 minutes ago, Eric Kazer said:

We'll have to except new requirements or switch to a Linux distro. I would reluctantly stay with Microsoft. More games run on it right now. For us Linux is quite limited in this department. I will say that I do not like where they are going with this. Who knows how much stricter it will get, hardware is only the beginning.

Only reason I still use Windows is, as a developer, programmer and hardware enthusiast, most softwares required for that stuff doesn't run on Linux well, if at all. 

[Arika]

nuh uh, no criticizing!!!!!!!111!!

 

remember: "their platform/os/software/whateverthefuck, tHeIr RuLeS" 

 

Spoiler

yes /s ffs

 

 

actually on topic: didn't even know something like TPM could work within a VM

[rcmaehl]

[Biohazard777]

27 minutes ago, Mel0nMan said:

Only reason I still use Windows is, as a developer, programmer and hardware enthusiast, most softwares required for that stuff doesn't run on Linux well, if at all. 

What kind of developing / programming are you doing?

[da na]

6 minutes ago, Biohazard777 said:

What kind of developing / programming are you doing?

Small game development, C++ work

[Rune]

I sometimes feel like the only person in the universe that doesn't care about the TPM requirement and have far greater concerns about the MS account requirement. I refuse to upgrade until that completely arbitrary bullshit is removed, and it will eventually be. At least TPM does something even if it isn't perfect.

 

Edit: Seems Pro has already removed the account requirement. Bleh.

[Zodiark1593]

1 hour ago, bmx6454 said:

i'm curious why they are pushing tpm so hard. i get that it is more secure, but afaik most people don't want it, so why push it so hard?

DRM maybe? Keep encryption keys from reaching the CPU and memory, you can probably enforce greater control over content even on a PC. Microsoft could be trying to appeal to content owners, and focusing on a more media-heavy use. 

[Kisai]

1 hour ago, bmx6454 said:

i'm curious why they are pushing tpm so hard. i get that it is more secure, but afaik most people don't want it, so why push it so hard?

https://www.microsoft.com/security/blog/2021/09/15/the-passwordless-future-is-here-for-your-microsoft-account/

That's why.

 

[TempestCatto]

Linux is free...

[Quackers101]

1 hour ago, bmx6454 said:

i'm curious why they are pushing tpm so hard. i get that it is more secure, but afaik most people don't want it, so why push it so hard?

control most likely, in one shape or another.

Also reduce any % of "trouble" makers from using an Virtual Machine the better, for them? Maybe?

Hope there is a flaw with it and they get all the backlash they need.

[Craftyawesome]

1 hour ago, Eric Kazer said:

MS wants to support hardware companies. You will need 8th gen or better for the TPM 2.0 support to be built in to CPU. You will also need to have Secure boot enabled. If your not sure, run WhyNotWin11. It's a monopoly again.

6th and 7th gen also have built in TPM 2.0.

[SpikeSpiegel]

Microsoft is shooting itself in the foot.  They're basically telling people to go to Linux if they don't have the supported CPUs/GPUs + TPM 2.0.  It's going to hurt them more than Windows Vista did back in 2007.

[StDragon]

35 minutes ago, Craftyawesome said:

6th and 7th gen also have built in TPM 2.0.

But they don't have hardware accelerated HVCI instruction sets to ensure VBS has little to no performance impact. For that, you must have 8th gen or newer.

Note: Technically 7th gen does have MBEC but it's also the first generation implementation. There might be a security flaw with it that MS and Intel isn't disclosing. Otherwise, I don't see why 7th gen isn't included.

[StDragon]

2 hours ago, Eric Kazer said:

MS wants to support hardware companies. You will need 8th gen or better for the TPM 2.0 support to be built in to CPU. You will also need to have Secure boot enabled. If your not sure, run WhyNotWin11. It's a monopoly again.

Aside from the new look and feel, performance in gaming and other apps is identical to Windows 10. The reason MS is being a hard ass on requirements is to set the bare minimum for hardware based security. Currently VBS and TPM 2.0 is optional with Windows 10 (yes, you can make it as secure as Windows 11), but Windows 11 makes it now mandatory.

So when Microsoft says Windows 11 is their most secure OS yet, they're not lying. It will be, because the hardware to make that happen is a requirement!

[LloydLynx]

And this is just one reason why I avoid Windows like the plague.

[SpikeSpiegel]

8 minutes ago, LloydLynx said:

And this is just one reason why I avoid Windows like the plague.

At this rate who wants to even use Windows?  The UI is a joke, the system requirements are completely insane, and most of all why is Microsoft being so stupid during a chip shortage?  Microsoft needs to get their heads out of the sand and look at the chip shortage.

[suicidalfranco]

You know the gist, "their platform, their rules"

Don't like it go to the competing platform

There is no point in complaining

 

Wonder if win11 will have a market share greater or lesser than win8 at it's peak

[Beerzerker]

26 minutes ago, LloydLynx said:

And this is just one reason why I avoid Windows like the plague.

Anything from Win 10 onward, you betcha.

MS is just trying to force their original "TPM Thing" (Once again) on everyone by using a different angle, then they'll sing, tap dance and lie about "How good and ...... Wonderful it really is for the customer" when all that's really just a crock 'o shit.

[Craftyawesome]

1 hour ago, StDragon said:

But they don't have hardware accelerated HVCI instruction sets to ensure VBS has little to no performance impact. For that, you must have 8th gen or newer.

Note: Technically 7th gen does have MBEC but it's also the first generation implementation. There might be a security flaw with it that MS and Intel isn't disclosing. Otherwise, I don't see why 7th gen isn't included.

HVCI performance is AFAIK the best explanation given so far, but it doesn't explain the inclusion of Zen +, since GMET (AMD equivelent of MBEC) wasn't added until Zen 2.