CarltonR
Contributor
Contributor

"Safely Remove" Devices from Windows 11 with TPM [encryption]

Jump to solution

I have installed Windows 11 with TPM (encryption) enabled, using Workstation Pro 16, and am unable to remove unwanted devices from the Windows 'Safely Remove' toolbar selection.

I would have normally edited the .vmx file and added the devices.hotplug = "FALSE" line to it, but unfortunately with the TPM encryption in place, this no longer works.  The .vmx file has also been significantly shortened with the majority now filled with the encryption data/key:

.encoding = "windows-11"
displayName = "Win 11 [x64] 21H2"
devices.hotplug = "FALSE"
guestOS.detailed.data = "xxxxxxx"
encryption.keySafe = "xxxxxxxx"
encryption.data = "xxxxxxxxx"

I have tried the 'devices.hotplug' line in various locations to no avail, clearly, as encryption is in place it would seem logical that all 'unexpected' entries would be ignored.

I would therefore be grateful for advice on how this may be resolved.

Many thanks

0 Kudos
1 Solution

Accepted Solutions
CarltonR
Contributor
Contributor

Thank you very much for this link . . . it worked a treat, and Win 11 installed with no issues . . with VMware v16.2.0.

 

When checking the the VM's hardware settings the TPM has been added to the list, and has been recognised within Win 11 Computer Management (Secure devices) . 

 

There is however one VMware idiosyncrasy which I was unaware of, but perhaps I should have been, is that to get the VMware app to read the vmx file correctly you have to close the associated VM tab from within the VMware App, So:

  1. create a new VM and link it to the Win 11 iso file
  2. close the newly created VM tab in the VMware Workstation app
  3. edit vmx and add the managedvm.autoAddVTPM = "software" line to it
  4. then power on the new VM and run through the Win 11 install.

Many thanks for your help, and to all those involved in creating this "new experimental and currently undocumented feature".

View solution in original post

0 Kudos
6 Replies
bluefirestorm
Virtuoso
Virtuoso
0 Kudos
CarltonR
Contributor
Contributor

Many thanks for this information . . . will give it a try.

As an aside, is it likely that VMware will consider introducing in-app support for editing decrypt/encrypt .vmx config files  ?

0 Kudos
bluefirestorm
Virtuoso
Virtuoso

As an aside, is it likely that VMware will consider introducing in-app support for editing decrypt/encrypt .vmx config files  ?


I am not a VMware employee so I have no idea. There is a another thread where Mike Roy (VMware product manager for Workstation/Fusion product lines) responded they are working on removing the encryption of virtual disks as a requirement for encrypted VMs (largely due to the virtual TPM 2.0 to be added for a Windows 11 VM). No timeline given though. If the encryption of virtual disks is removed as prerequisite for vTPM, I suppose it is slightly less onerous to decrypt, edit and re-encrypt the vmx file.

0 Kudos
CarltonR
Contributor
Contributor

Might this be the thread to which you refer:

Windows 11 vTPM

https://communities.vmware.com/t5/VMware-Workstation-Pro/Windows-11-vTPM/m-p/2867009#M171330

0 Kudos
wila
Leadership
Leadership

It's out.... (well.. OK, only the download links, official release notes and blog post from VMware are coming soon)

There's a new experimental setting in the .vmx so that you don't have to encrypt anymore.

See;
https://twitter.com/mikeroySoft/status/1448675626714501122

--
Wil

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva
0 Kudos
CarltonR
Contributor
Contributor

Thank you very much for this link . . . it worked a treat, and Win 11 installed with no issues . . with VMware v16.2.0.

 

When checking the the VM's hardware settings the TPM has been added to the list, and has been recognised within Win 11 Computer Management (Secure devices) . 

 

There is however one VMware idiosyncrasy which I was unaware of, but perhaps I should have been, is that to get the VMware app to read the vmx file correctly you have to close the associated VM tab from within the VMware App, So:

  1. create a new VM and link it to the Win 11 iso file
  2. close the newly created VM tab in the VMware Workstation app
  3. edit vmx and add the managedvm.autoAddVTPM = "software" line to it
  4. then power on the new VM and run through the Win 11 install.

Many thanks for your help, and to all those involved in creating this "new experimental and currently undocumented feature".

View solution in original post

0 Kudos