How to setup a Windows 11 VM for use with REVEN?

Tetrane team
  • Updated
Follow

This article gives some guidelines to install a Microsoft Windows 11 VM to use with REVEN on Debian Buster.

The following steps were performed using the official Windows 11 installer, downloaded from this page on October 6th 2021.

Windows 11 ISO sha256 sum: 667bd113a4deb717bc49251e7bdc9f09c2db4577481ddfbce376436beb9d1d2f

Windows 11 prerequisites

With this version of Windows 11, the prerequisites are the following:

  • At least two CPU cores
  • At least 4GB of RAM
  • At least 64GB of disk space
  • A TPM device
  • An UEFI boot sequence

Those prerequisites are only enforced at the installation step, and once installed, the VM can be booted with a single core to be used with REVEN.

Creating a VM according to the prerequisites

Because of the above prerequisites, the VM must be created with a more recent version of QEMU than the one implemented by REVEN. Some TPM software must also be built along as it is not provided as a Debian package. These steps are described in the following sections.

Getting QEMU from the backports

Install QEMU from the buster-backports repository, as the one from buster is too old:

  1. echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list
  2. apt update
  3. apt install -t buster-backports qemu-system-x86

Building the software TPM

Build swtpm to emulate a software TPM to give to the VM:

  1. Install build dependencies: sudo apt install autoconf build-essential expect git libfuse-dev libglib2.0-dev libgmp-dev libjson-glib-dev libseccomp-dev libssl-dev libssl-dev libtasn1-dev libtasn1-dev libtool net-tools openssl pkg-config socat softhsm2
  2. Clone libtpms and enter it: git clone https://github.com/stefanberger/libtpms && cd libtpms
  3. The build steps are the following:
  4. ./autogen.sh
  5. make -j4
  6. make check
  7. sudo make install
  8. Clone swtpm and enter it: git clone https://github.com/stefanberger/swtpm && cd swtpm
  9. The build steps are the following:
  10. ./autogen.sh
  11. make -j4
  12. make check
  13. sudo make install

You should now have the swtpm command installed on your system.

Starting the TPM and the VM

First create the VM disk (remember, at least 64GB):

qemu-img create -f qcow2 win11.qcow2 128G

Start the TPM:

mkdir /tmp/software_tpm  # Create a working directory
swtpm socket --tpmstate dir=/tmp/software_tpm --ctrl type=unixio,path=/tmp/emulated_tpm/swtpm-sock --log level=20 --tpm2

Then start the VM:

qemu-system-x86_64 \
    -enable-kvm \  #  do not emulate the CPU
    -smp 2 \ # two CPU cores
    -m 4G \  # 4GB of RAM
    -hda win11.qcow2 \  # the previously created virtual disk
    -cdrom /path/to/Win11_English_x64.iso \  # give the Win11 iso
    -bios /usr/share/ovmf/OVMF.fd \  # UEFI boot sequence
    -usbdevice tablet \  #  to have a better usage of the mouse
    -chardev socket,id=chrtpm,path=/tmp/emulated_tpm/swtpm-sock \  # create a char device for QEMU
    -tpmdev emulator,id=tpm0,chardev=chrtpm \  # create a TPM backend with the char device
    -device tpm-tis,tpmdev=tpm0  #  expose the TPM backend to the guest

The Windows 11 installation should be able to complete in this VM.

Registering the VM in REVEN

The created qcow2 can now be registered in a REVEN installation and used normally, even with only 2GB of RAM if you want faster snapshots.
Be careful to check the Use UEFI option in the VM registration wizard.

Related articles

Comments

0 comments

Please sign in to leave a comment.