Hi, my first time posting here, I hope I have the correct location and this isn’t a repeat (I couldn’t find this exact topic anywhere).
I have been setting up packer with the vmware-iso builder to build a whole bunch of VMWare Workstation VMs from Windows ISO images and that is working pretty good atm. However, Windows 11 has thrown quite the curveball. Windows 11 requires secure boot and a TPM, and I have no idea how to set that up via vmware-iso. Is it possible today? Are there plans to update the vmware-iso builder to make that happen?
So, given the overwhelming response, I am guessing this isn’t the right place to ask vmware-iso builder questions. Can anyone point me to a better place? Like some place Hashicorp actually monitors and such?
Hi @bill_k_mckenzie this is a good first place to ask for sure. The community is pretty good in providing help for these types of questions.
I don’t have direct knowledge with the Windows 11 builds for VMware but it does look like it requires a little work to get it working.
Have you seen the kb article from VMware VMware Knowledge Base?
The VMware builder has an open issue around supporting secure boot here
But it does have a vmx_data argument where you might be able to specify the needed options as key/value pairs. A good way to see the options would be to stand up a machine manually than take a look at the vmx file to see what is being set.
I hope this helps push the ball forward a bit. If not feel free to drop a comment on the open issue or create a new one for your exact use case.
Yeah, the problem with trying to examine a working vmx file is, in order to add a TPM to the VM you have to encrypt the VM, and when you do that you end up with a vmx file with almost nothing readable in it, something like:
.encoding = “windows-1252”
displayName = “Windows11_Pro_x64_UEFI_en-US”
encryption.keySafe = “vmware:key/list/(pair/(phrase/sn%2bThUysmLs%3d/pass2key%3dPBKDF2%2dHMAC%2dSHA%2d1%3acipher%3dAES%2d256%3arounds%3d10000%3asalt%3dadmsYCOu3Q%2fdEwpseSXpYg%253d%253d,HMAC%2dSHA%2d1,YiKL%2fQSthrbZoPgqKS0cZc2NRUH%2bsIgzLBQrlaS12jfRFLCg71xWM31ioxpC8RmlVf9%2bcsZHZD%2ftcoSXPVqkdDeXjULRvRdX8JYgwXAZQTguKuFZCHZawZKMTQoKYuKkOpguyg3NEMePp7S5pecHaR7ufQI%3d))”
encryption.data = “huge amount of encrypted data blob”
So, I don’t think vmx_data will be useful in this case.
So…I guess vmware-iso is just dead going forward? I kind of figured that several folks would be having this issue, but I guess not many of us build VMWare Workstation VMs anymore? Hand building Windows 11 VMs is kind of a bummer.
totally agree. The vsphere-iso plugin has tpm support so why can’t we do it in vmware-iso. I do see on Github issues raised about it. For example: Support for UEFI and TPM · Issue #125 · hashicorp/packer-plugin-vmware · GitHub
Can’t check at the moment, but I think (hope) that
this should be a good work-around.
Please let me know if it works!