WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud
  • Tanzu
    • Application Modernization
    • Tanzu services
    • Tanzu Community Edition
    • Tanzu Kubernetes Grid
    • vSphere with Tanzu
  • Home Lab
  • Nested Virtualization
  • Apple
You are here: Home / ESXi-Arm / How to install Windows 11 Arm with a vTPM using ESXi-Arm v1.11 

How to install Windows 11 Arm with a vTPM using ESXi-Arm v1.11 

10.26.2022 by William Lam // 4 Comments

The ESXi-Arm team has just released v1.11 of the ESXi-Arm Fling and one of the most exciting new capability is that you can now run Windows 11 Arm using an ESXi VM! There is also a TON of new features, so definitely check out the official ESXi-Arm Blog post announcement for more details.

One of the requirements for running Windows 11 Arm is the need for a Trusted Platform Module (TPM). Luckily, the latest ESXi-Arm v1.11 also now supports adding a vTPM to a guest and a requirement for setting this is a Key Management Server (KMS). Currently, the ESXi-Arm Fling is based on vSphere 7.0 (GA) and you can either use an existing compatible KMS (which you can look through VMware KMS Compatibility List) or for lab/testing purposes, you can use my KMIP Docker Container, which was also updated recently to support both amd64 and arch64 architecture.

For those interested in quickly setting this up and using my KMIP Docker Container for the KMS component, below is a quick walkthrough on how to set this up.

Note: While vSphere 7.0 Update 2 introduced an embedded Native Key Provider (NKP) within vCenter Server, it can not be used with ESXi-Arm as both ESXi and vCenter must be running 7.0 Update 2 and the ESXi-Arm Fling is based on 7.0 GA.

Pre-Requisite:

  • Install or upgrade to the latest ESXi-Arm 1.11 release
  • Download and create a Windows 11 Arm ISO, please refer to Page 30 of this document for detailed instructions which is also applicable for the VMware Fusion Tech Preview for Apple Silicon
  • A Linux (x86 or Arm) VM with the Docker runtime installed and enabled to run the KMIP Docker Container

Setting up Standard Key Provider (SKP)

Step 1 - Login to your Linux VM (any Linux distribution that can run Docker is fine) and run the following command which will pull down my KMIP Docker Container and start running it in daemon mode.

docker run -d -p 5696:5696 lamw/vmwkmip

If the command was successful, you will see the ID of the running container. Optionally, you can watch the logs to ensure that your vCenter Server is able to connect in next step by running the command:

docker logs -f [CONTAINER-SHORT-ID]


You will also need to make a note of the IP Address or FQDN of the Linux VM and the KMS port that the KMIP Docker Container is configured to run, which by default is 5696.

Step 2 - Next, add the SKP to vCenter by selecting the vCenter Server inventory object and under Configure->Security->Key Providers click on add and provide the IP Address/FQDN and port (5696) of your KMIP Docker Container. If your vCenter Server can properly communicate with the Linux VM hosting the KMIP Docker Container, you should get a prompt displaying the details from the SKP and confirm to complete the configuration.


Step 3 - The last thing we need to do before vCenter Server can start using the KMS is to establish a trust between the two systems. Click on the newly configured SKP and expand the Establish Trust window as shown in the screenshot above and then click on Trust KMS button.

You are now ready to start using the KMS whether it is for VM Encryption or adding a vTPM to a VM.

Creating Windows 11 Arm VM

During the VM creation wizard, select the Windows 10 guest operating system option whether you are installing Windows 10 or 11. You can add a vTPM during the initial VM creation by clicking on the Add New Device option and then selecting Trusted Platform Module


Lastly, browse to the location on your ESXi host where your Windows 11 ISO has been uploaded and power on the VM to start the OS installation.


Windows 11 Arm does not include VMware's VMXNET3 network driver, so you will need to manually install the driver for network connectivity. To do so, click on the "Install VMware Tools" link in the yellow banner in the VM summary view (as shown in screenshot above) which will mount the VMware Tools ISO. Currently, the VMware Tools ISO does not actually contain the typical VMware Tools auto-installer, but rather a generic ISO that contains the Windows network driver.

Once the ISO has been mounted in the guest, you will need to browse to VMXNET3 directory and install the networking driver under Windows Device Manager. I should also note that this is the same experience as VMware Fusion for Apple Silicon and ESXi-Arm is simply distributing the exact same VMware Tools ISO.


Note: Make sure you DO NOT install the SVGA driver, it is currently not supported and will cause issues with the Windows 11 installation which will require a reinstallation.

More from my site

  • Create Windows 11 Virtual Appliance using Tiny 11 with only 2GB memory
  • How to install PowerCLI 13.0 and use new Image Builder & Auto Deploy cmdlets on Apple Silicon?
  • ESXi running in unexpected places ...
  • Cluster API BYOH Provider on Photon OS (Arm) with Tanzu Community Edition (TCE) and ESXi-Arm
  • Hybrid (x86 and Arm) Kubernetes clusters using Tanzu Community Edition (TCE) and ESXi-Arm

Categories // ESXi-Arm Tags // Arm, windows 11

Comments

  1. Chris says

    10/26/2022 at 3:45 pm

    QQ: How do you install win 11 without a cluster? That’s an even more ridiculous requirement that tpm itself.

    Reply
    • William Lam says

      10/26/2022 at 4:05 pm

      vCenter Server provides the full KMS management, so that's going to be a requirement and this no different than ESXi-x86

      Reply
  2. virtualbox1 says

    10/28/2022 at 4:37 pm

    just upgraded from 7.0.0-20133114, now i lost console (both web/vmrc) to vm. keyboard is not responding. only have photon linux clients running.

    Reply
    • virtualbox1 says

      10/29/2022 at 1:22 pm

      reinstalled from scratched. same behaviour. May be a bug in the new release.

      Reply

Thanks for the comment! Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Author

William Lam is a Senior Staff Solution Architect working in the VMware Cloud team within the Cloud Infrastructure Business Group (CIBG) at VMware. He focuses on Cloud Native technologies, Automation, Integration and Operation for the VMware Cloud based Software Defined Datacenters (SDDC)

Connect

  • Email
  • GitHub
  • LinkedIn
  • RSS
  • Twitter
  • Vimeo

Recent

  • Self-Contained & Automated VMware Cloud Foundation (VCF) deployment using new VLC Holodeck Toolkit 03/29/2023
  • ESXi configstorecli enhancement in vSphere 8.0 Update 1 03/28/2023
  • ESXi on Intel NUC 13 Pro (Arena Canyon) 03/27/2023
  • Quick Tip - Enabling ESXi Coredumps to be stored on USB 03/26/2023
  • How to disable the Efficiency Cores (E-cores) on an Intel NUC? 03/24/2023

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2023

 

Loading Comments...