How to Emulate a TPM 2.0 Module on LibVirt/QEMU
Windows 11 and the new Windows Server will require a TPM (Trusted Platform Module) to be installed to run. Here is how you can emulate the TPM on a RHEL/CentOS/Rocky Linux virtualization host.
Install the required packages on your virtualization host. They are
swtpm (a software TPM emulator) and
swtpm-tool (a set of tools that allow libvirt to interact with the emulator).
sudo dnf install swtpm swtpm-tools
Once installed, you will need to make a modification to your virtual machine and add a device if your host has already been created edit your host
sudo virsh edit <host name> and add the TPM emulated device:
</devices> <tpm model='tpm-tis'> <backend type='emulator' version='2.0'/> </tpm> </devices>
You will need to stop and start your virtual machine for TPM to be made available, a simple reboot/restart won't work. Also, don't be scared if the host takes a little longer to start the first time. This is a normal process where the host and the TPM generate and exchange keys. After this is done, your virtual machine will start rebooting normally again.
If you are using the virt-install command use the
--tpm option. For example: