Re: bhyve + swtpm + W11

Reply: Andrea Venturoli : "Re: bhyve + swtpm + W11"
In reply to: Andrea Venturoli : "bhyve + swtpm + W11"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Jonathan Vasquez <jon_at_xyinn.org>
Date: Thu, 27 Nov 2025 14:41:51 UTC
Not sure about that issue since I don’t use Windows 11 (I stayed on 10) but I did do some experiments a few months ago and documented how to bypass all of those requirements (including TPM) when installing 11 on bhyve. Maybe skipping it altogether can help get your setup running. You can take a look at my post here:

https://xyinn.org/blog/freebsd/install_windows_11_bhyve

Jonathan Vasquez
PGP: 34DA 858C 1447 509E C77A D49F FB85 90B7 C4CA 5279
Sent with ProtonMail Secure Email

Sent from Proton Mail for iOS.

-------- Original Message --------
On Thursday, 11/27/25 at 09:31 Andrea Venturoli <ml@netfence.it> wrote:
Hello.

I'm hitting my head on this, but cannot make it work.

Is it expected to work or am I just wasting my time?


FreeBSD 14.3/amd64
edk2-bhyve-g202308_5
vm-bhyve-1.6.2_1

  bye & Thanks
	av.


P.S.
In case someone is interested in the details:
vmbhyve starts bhyve with:
> bhyve options: -c 3,sockets=1,cores=3,threads=1 -m 4G -AHPw -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd -l tpm,swtpm,/var/run/swtpm/tpm -k
> /zroot/vm/eserver/bhyve.conf -U f753439f-bffa-11e8-b279-a4bf0142162f]
> bhyve devices: -s 0,hostbridge -s 31,lpc -s 4:0,virtio-blk,/dev/zvol/zroot/vm/eserver/disk0,sectorsize=512 -s 5:0,virtio-net,tap0,mac=58:9c:fc:00:11:65
>  -s 6:0,fbuf,tcp=192.168.XXX.1:25900 -s 7:0,xhci,tablet]

Windows sees the TPM device but says it cannot be started (code 10) due
to a protocol error.

In bhyve.log I see:
> /tmp/bhyve.z4HOkg5    873:         OperationRegion(TPP1, SystemMemory, Add(0xfed45000, Arg0), One)
> Remark   2173 -                                      ^ Creation of named objects within a method is highly inefficient, use globals or method local variables instead (\_S
> B.TPM.TPFN)
>
> /tmp/bhyve.z4HOkg5    895:       Method(_DSM, 4, Serialized)
> Warning  3115 -                           ^ Not all control paths return a value (\_SB.TPM._DSM)
>
> /tmp/bhyve.z4HOkg5    895:       Method(_DSM, 4, Serialized)
> Warning  3107 -                           ^ Reserved method must return a value (Integer/String/Buffer/Package/Reference required for _DSM)
>
> /tmp/bhyve.z4HOkg5    985:         If(LEqual(Arg0, ToUUID("376054ED-CC13-4675-901C-4756D7F2D45D"))) /* UUID */
> Remark   2184 -                                                           Unknown UUID string ^
>
> bhyve: tpm_swtpm_execute_cmd: rsp read failed (bytes read: 4 / 3968): No error: 0
> bhyve: tpm_crb_mem_handler: cancelling a TPM command is not implemented yet
> bhyve: tpm_swtpm_execute_cmd: rsp read failed (bytes read: 4 / 3968): No error: 0
> bhyve: tpm_crb_mem_handler: cancelling a TPM command is not implemented yet
> bhyve: tpm_swtpm_execute_cmd: rsp read failed (bytes read: 4 / 3968): No error: 0

In swtpm logs:
>  Ctrl Cmd: length 12
>  80 01 00 00 00 0C 00 00 01 44 00 00
> Error: Unknown command: 0x80010000
>  Ctrl Rsp: length 4
>  00 00 00 0A
>  Ctrl Cmd: length 22
>  80 01 00 00 00 16 00 00 01 7A 00 00 00 06 00 00
>  01 00 00 00 00 2A
> Error: Unknown command: 0x80010000
>  Ctrl Rsp: length 4
>  00 00 00 0A
>  Ctrl Cmd: length 22
>  80 01 00 00 00 16 00 00 01 7A 00 00 00 06 00 00
>  01 00 00 00 00 2A
> Error: Unknown command: 0x80010000
>  Ctrl Rsp: length 4
>  00 00 00 0A




This looks possibly like:
> https://github.com/stefanberger/swtpm/issues/1069

That's for a different platform however and I have no idea how to "port"
those info to bhyve.



I have no previous experiences with swtpm (and I find it hard to get a
good howto/tutorial); TPM passthrough works for me (but obviously not on
machines without TPM).