Comments on How to run Windows 11 in GNOME Boxes (with UEFI and TPM2 emulation)

Thanks! Followed some guide on Reddit but the system wouldn't boot after completing the installation. Your guide got me a fully working system!

In Debian Bookworm, in December 2022, I had to use OVMF_CODE_4M.secboot.fd instead of OVMF_CODE.secboot.fd. More, I had to reload the iso multiple times...

But at the end it worked well!

Thank you,

Ricky

I just created- BypassTPMCheck, BypassRAMCheck & BypassSecureBootCheck in Computer\HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig

Doesn't work for me. Install completes, but during first bootup, SeaBios is there and ends at no bootable media.

Any tips how to get this working forward from this? Does that effect which OVMF_CODE is used, I used same as in guide...

Thanks a lot for the guide.

I am using Gnome Boxes 43.2 on openSUSE Tumbleweed.

For some reason, whenever I was opening the advanced config file, even without any change, the machine was not starting, I always had to close gnome-boxes and open it again to be able to start the machine.

Similarly, the config often lost the Install DVD setting, I needed to add it back, several times, to make it 'stick' and be able to boot from the Windows install media. Strange!

As for the config, I had to generate and add the tpm settings as described in the guide.

I was able to enable EFI from the settings, when creating the machine. I guess the new version supports EFI.

It also recognizes Windows 11 as 11, not as 10.

This is how the OS section looks like:

<os>

<type arch="x86_64" machine="pc-q35-7.1">hvm</type>

<loader readonly="yes" secure="yes" type="pflash">/usr/share/qemu/ovmf-x86_64-smm-ms-code.bin</loader>

<nvram template="/usr/share/qemu/ovmf-x86_64-smm-ms-vars.bin">/home/user/.config/libvirt/qemu/nvram/win11_VARS.fd</nvram>

<boot dev="cdrom"/>

<boot dev="hd"/>

<bootmenu enable="yes"/>

</os>

I had to enter the boot menu using Esc and select the Install DVD manually.

With these settings, there is EFI, but there is no Secure Boot.

I could not find the OVMF_CODE.secboot.fd file, however I have found the following instead:

/usr/share/qemu/ovmf-x86_64-ms.bin

/usr/share/qemu/ovmf-x86_64-ms-4m.bin

With any of these I was able to install Windows 11, so it detects SecureBoot, but in the end it kept running into a blue screen. I tried to reset the installation, but it did not help.

So I started, over, using only EFI, but with SecureBoot check disabled.

I did this to disable cheking for SecureBoot:

Starting the installation process, go to Toubleshhoting, then Command Prompt. Run: regedit.

In the Registry Editor, on the left, navigate to: HKEY_LOCAL_MACHINE\SYSTEM\Setup

Right-click on Setup and choose New > Key, type: LabConfig.

Inside LabConfig create a new Dword (32-bit) Value registry: BypassSecureBootCheck, set value 1.

Close regedit and run setup.exe.

This way it worked fine.

The other possible registry values are: BypassRAMCheck, BypassTPMCheck, set 1 to each if you need to enable them.

Another aspect of Windows 11, if you want to set up an offline account, just disconnect the network and then in the "Let's connect you to a network" page, use these steps:

- Use Shift-F10 to open Command Prompt.

- Type the following command to release to bypass network check:

oobe\bypassnroQuick

Note: there are no space in this command.

The official Gnome Boxes 3D acceleration option is not available in the machine settings, however it can be enabled manually in the settings.

Just change QXL settings to Virtio, search for the <video> section and change it to:

<video>

<model type='virtio' heads='1'>

<acceleration accel3d='yes'/>

</model>

</video>

Ends up with Booting from harddisk and no boot device found, yes I added the iso again and in preferences -> devices & shares the iso is selected