How to Emulate a TPM 2.0 Module on LibVirt/QEMU

Windows 11 and the new Windows Server will require a TPM (Trusted Platform Module) to be installed to run. Here is how you can emulate the TPM on a RHEL/CentOS/Rocky Linux virtualization host.

Install the required packages on your virtualization host. They are swtpm (a software TPM emulator) and swtpm-tool (a set of tools that allow libvirt to interact with the emulator).

sudo dnf install swtpm swtpm-tools

Once installed, you will need to make a modification to your virtual machine and add a device if your host has already been created edit your host sudo virsh edit <host name> and add the TPM emulated device:

    <tpm model='tpm-tis'>
      <backend type='emulator' version='2.0'/>

You will need to stop and start your virtual machine for TPM to be made available, a simple reboot/restart won't work. Also, don't be scared if the host takes a little longer to start the first time. This is a normal process where the host and the TPM generate and exchange keys. After this is done, your virtual machine will start rebooting normally again.

If you are using the virt-install command use the --tpm option. For example: --tpm backend.type=emulator,backend.version=2.0,model=tpm-tis