* QEMU, UEFI and Windows with Bitlocker encryption
@ 2022-03-09 16:55 Jostein Kjønigsen
2022-03-27 15:19 ` Jostein Kjønigsen
0 siblings, 1 reply; 2+ messages in thread
From: Jostein Kjønigsen @ 2022-03-09 16:55 UTC (permalink / raw)
To: QEMU Developers
[-- Attachment #1: Type: text/plain, Size: 946 bytes --]
Dear QEMU developers.
I’m having some issues with one of my QEMU VMs. I’m not sure if the mailing list is the best place to get help, and if it’s a complete miss, feel free to direct me towards more appropriate venues.
My case in short: I have a Windows 11 VM with BitLocker encryption which is imported from a physical volume. I run it through virt-manager, booting with UEFI through OVMF, tpm pass-through and it boots just fine.
What is annoying is that I have to manually enter the 48-digit BitLocker recovery key on every boot.
I would assume these keys should get stored in EFI vars or TPM somewhere? If so, shouldn’t they be persisted when the VM is rebooted or powered off?
Any advice on how I can resolve this situation would be greatly appreciated.
--
Kind regards
Jostein Kjønigsen
jostein@kjonigsen.net 🍵 jostein@gmail.com
https://jostein.kjønigsen.no <https://jostein.xn--kjnigsen-64a.no/>
[-- Attachment #2: Type: text/html, Size: 1621 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: QEMU, UEFI and Windows with Bitlocker encryption
2022-03-09 16:55 QEMU, UEFI and Windows with Bitlocker encryption Jostein Kjønigsen
@ 2022-03-27 15:19 ` Jostein Kjønigsen
0 siblings, 0 replies; 2+ messages in thread
From: Jostein Kjønigsen @ 2022-03-27 15:19 UTC (permalink / raw)
To: QEMU Developers
[-- Attachment #1: Type: text/plain, Size: 1893 bytes --]
I didn’t get any response to this, but found out the solution myself, so I just thought I’d share the solution for anyone with a similar issue.
Basically the root of this problem seems to have been TPM-related and not UEFI-related.
So switching from a pass through-TPM to a swtpm for my VM caused Windows to having to reinitialize the TPM and thus bitlocker.
After doing this the VM boots cleanly, like expected.
I’m guessing that simply resetting the existing TPM and reinitializing it in Windows would have solved the issue too, and that a similar fix might work when shifting a BitLocker encrypted boot drive from one system to another, VM or not.
Cheers!
--
Vennlig hilsen
Jostein Kjønigsen
jostein@kjonigsen.net 🍵 jostein@gmail.com
https://jostein.kjønigsen.no <https://jostein.xn--kjnigsen-64a.no/>
On Wed, Mar 9, 2022, at 17:55, Jostein Kjønigsen wrote:
> Dear QEMU developers.
>
> I’m having some issues with one of my QEMU VMs. I’m not sure if the mailing list is the best place to get help, and if it’s a complete miss, feel free to direct me towards more appropriate venues.
>
> My case in short: I have a Windows 11 VM with BitLocker encryption which is imported from a physical volume. I run it through virt-manager, booting with UEFI through OVMF, tpm pass-through and it boots just fine.
>
> What is annoying is that I have to manually enter the 48-digit BitLocker recovery key on every boot.
>
> I would assume these keys should get stored in EFI vars or TPM somewhere? If so, shouldn’t they be persisted when the VM is rebooted or powered off?
>
> Any advice on how I can resolve this situation would be greatly appreciated.
>
> --
> Kind regards
> Jostein Kjønigsen
>
> jostein@kjonigsen.net 🍵 jostein@gmail.com
> https://jostein.kjønigsen.no <https://jostein.xn--kjnigsen-64a.no/>
>
[-- Attachment #2: Type: text/html, Size: 3192 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-03-27 15:21 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-03-09 16:55 QEMU, UEFI and Windows with Bitlocker encryption Jostein Kjønigsen
2022-03-27 15:19 ` Jostein Kjønigsen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).