How to Emulate a TPM 2.0 Module on LibVirt/QEMU
Windows 11 and the new Windows Server will require a TPM (Trusted Platform Module) to be installed to run. Here is how you can emulate the TPM on a RHEL/CentOS/Rocky Linux virtualization host.
Install the required packages on your virtualization host. They are swtpm
(a software TPM emulator) and swtpm-tool
(a set of tools that allow libvirt to interact with the emulator).
sudo dnf install swtpm swtpm-tools
Once installed, you will need to make a modification to your virtual machine and add a device if your host has already been created edit your host sudo virsh edit <host name>
and add the TPM emulated device:
</devices>
<tpm model='tpm-tis'>
<backend type='emulator' version='2.0'/>
</tpm>
</devices>
You will need to stop and start your virtual machine for TPM to be made available, a simple reboot/restart won't work. Also, don't be scared if the host takes a little longer to start the first time. This is a normal process where the host and the TPM generate and exchange keys. After this is done, your virtual machine will start rebooting normally again.
If you are using the virt-install command use the --tpm
option. For example: --tpm backend.type=emulator,backend.version=2.0,model=tpm-tis