[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: QEMU, UEFI and Windows with Bitlocker encryption
|
From: |
Jostein Kjønigsen |
|
Subject: |
Re: QEMU, UEFI and Windows with Bitlocker encryption |
|
Date: |
Sun, 27 Mar 2022 17:19:41 +0200 |
|
User-agent: |
Cyrus-JMAP/3.5.0-alpha0-4911-g925b585eab-fm-20220323.003-g925b585e |
I didn’t get any response to this, but found out the solution myself, so I just thought I’d share the solution for anyone with a similar issue.
Basically the root of this problem seems to have been TPM-related and not UEFI-related.
So switching from a pass through-TPM to a swtpm for my VM caused Windows to having to reinitialize the TPM and thus bitlocker.
After doing this the VM boots cleanly, like expected.
I’m guessing that simply resetting the existing TPM and reinitializing it in Windows would have solved the issue too, and that a similar fix might work when shifting a BitLocker encrypted boot drive from one system to another, VM or not.
Cheers!
On Wed, Mar 9, 2022, at 17:55, Jostein Kjønigsen wrote:
Dear QEMU developers.
I’m having some issues with one of my QEMU VMs. I’m not sure if the mailing list is the best place to get help, and if it’s a complete miss, feel free to direct me towards more appropriate venues.
My case in short: I have a Windows 11 VM with BitLocker encryption which is imported from a physical volume. I run it through virt-manager, booting with UEFI through OVMF, tpm pass-through and it boots just fine.
What is annoying is that I have to manually enter the 48-digit BitLocker recovery key on every boot.
I would assume these keys should get stored in EFI vars or TPM somewhere? If so, shouldn’t they be persisted when the VM is rebooted or powered off?
Any advice on how I can resolve this situation would be greatly appreciated.