Re: Windows 11, TPM and encryption

SvenGus · ‎10-05-2021

Is it normal that a Windows 11 VM with encryption and TPM (with saved password) appears with a grey background (instead of showing the desktop) and with no info, when suspended, in the VM Library, and as unknown/off (red) in the VM Menu…? Why not, thus, relax the full VM encryption requirement (probably, that is the culprit…?) for virtual TPM support? For example, in Parallels you can add a virtual TPM chip without encrypting the whole VM…

gringley · ‎10-05-2021

That is how it worked for me, and then OVF exports are in the form of a TAR file rather than an OVA. I clicked something a long time ago and never have to do any additional logons though. VMware is doing TPM correctly in that applications that need a TPM will find one correctly implemented. I have tested Bitlocker management solutions in VMs this way. Parallels is simply consumer Windows on Mac, and did not offer a TPM until Windows 11 required it. I believe the VMware team has acknowledged they need to figure out how to create an insecure TPM device in the mean time.

SvenGus · ‎10-05-2021

In the meantime, I have discovered that the virtual TPM can be removed, together with the full VM encryption, after having installed Windows 11, thus returning the VM Library preview and the VM Menu status to normal behavior, and everything continues to work: but I’m not sure if the TPM check happens again with cumulative updates - who knows…

All

Windows 11, TPM and encryption