How to create a PVS master target device on Hyper-V for Windows 11

How to create a PVS master target device on Hyper-V for Windows 11

book

Article ID: CTX693221

calendar_today

Updated On:

Description

The objective here is to creating a PVS master target device VM on Hyper-V, which can be used for both installing Windows 11 and also booting via PVS. Windows 11 has installation requirements which need both Secure boot and TPM available. 

Hyper-V VM options which are relevant here:

  • Secure boot enabled with UEFI template as "Microsoft Windows"
    • Secure boot will only allow Microsoft Windows signed bootstraps to boot.
    • Secure boot will prevent 3rd party bootstraps loading, like the PVS bootstrap which will fail to boot.
  • Secure boot enabled with UEFI template as "Microsoft UEFI Certificate Authority"
    • Secure boot will allow 3rd party bootstraps which are signed by Microsoft to load, the PVS bootstrap can be used to boot with this configuration.
    • Secure boot will not allow Microsoft Windows signed bootstraps to boot.

However once a Hyper-V VM is booted with the option "Enable Trusted Platform Module" enabled, the secure boot Template is locked and cannot be changed.

The question arises, how do we install windows 11, but later boot this VM using the PVS bootstrap to capture a vdisk.

 

Instructions

The main points in these steps:

  • Boot the VM first with options configured as below to lock in required template for booting the PVS bootstrap:
    • Secure boot enabled
    • Secure boot Template configured as "Microsoft UEFI Certificate Authority"
    • Enable Trusted Platform Module" enabled
  • Secure boot can then only be enabled when booting the PVS bootstrap
  • Secure boot needs to be disabled then when not booting the PVS bootstrap.
    • If booting from local windows install, or booting from Windows 11 install ISO, secure boot needs to be unchecked when Template is "Microsoft UEFI Certificate Authority"

 

Steps:

  1. Create a new Gen2 Hyper-V virtual machine.
  2. Reconfigure the VM with secure boot enabled, Template configured as "Microsoft UEFI Certificate Authority" and with "Enable Trusted Platform Module" enabled.
  3. Boot the VM once and shutdown
    • This will initialize the TPM on that VM and lock in the UEFI template as "Microsoft UEFI Certificate Authority" which we require for PVS bootstrap to boot with secure boot enabled.
  4. Reconfigure the VM
    • Uncheck the option "Enable Secure Boot".
    • Add Windows 11 installation ISO.
  5. Boot the VM and install windows 11.
  6. While installing windows 11 from ISO, and later while booting from the local windows 11 install, secure boot must remain unchecked.
  7. Proceed with vdisk creation as normal.

 

Powered by Wolken Software