bug: Windows 10 and 11 default configuration does not include tpm and secure boot settings

[puresick]

I confirm this bug has not already been reported

• I have searched the issues and this bug has not been reported previously

Describe the bug
Creating a Windows 10 or 11 VM creates a configuration file which misses the necessary tpm="on" and secureboot="off" settings as described in the documentation.

This results in the VM booting up properly to the first part of installing Windows, but gets stuck during one of the reboots and never finishes the installation.

To Reproduce
Steps to reproduce the behavior:

1. Run quickget windows 11
2. Run quickemu --vm windows-11.conf

Expected behavior
VM should properly install and boot up afterwards.

Quickemu output
Run quickemu or quickemu and include the output of the failure below:

Quickemu output

  Quickemu 4.9.6 using /usr/bin/qemu-system-x86_64 v9.0.2                                                                                                                                                                                                       
- Host:     Arch Linux running Linux 6.9.10-arch1-1                                                                                                                                                                                                 
- CPU:      AMD Ryzen 7 PRO 5850U with Radeon Graphics                                                                                                                                                                                                       
- CPU VM:   host, 1 Socket(s), 4 Core(s), 2 Thread(s)                                                                                                                                                                                                        
- MSR:      WARNING! Ignoring unhandled Model-Specific Registers is disabled.                                                                                                                                                                                
                                                                                                                                                                                                                                                            
           echo 1 | sudo tee /sys/module/kvm/parameters/ignore_msrs                                                                                                                                                                                         
                                                                                                                                                                                                                                                            
           If you are unable to run macOS or Windows VMs then run the above 👆                                                                                                                                                                              
           This will enable ignoring of unhandled MSRs until you reboot the host.                                                                                                                                                                           
           You can make this change permanent by running: 'quickemu --ignore-msrs-always'                                                                                                                                                                   
- RAM VM:   8G RAM
- BOOT:     EFI (Windows), OVMF (/usr/share/edk2-ovmf/x64/OVMF_CODE.fd), SecureBoot (off).
- Disk:     windows-11/disk.qcow2 (64G)
- CD-ROM:   windows-11/virtio-win.iso
- Display:  SDL, virtio-vga-gl, GL (on), VirGL (on) @ (1280 x 800)
- Sound:    intel-hda (hda-micro)
- ssh:      On host:  ssh user@localhost -p 22220
- WebDAV:   On guest: dav://localhost:9843/
- TPM:      windows-11/windows-11.swtpm-sock (26509)
- Network:  User (virtio-net)
- Monitor:  On host:  socat -,echo=0,icanon=0 unix-connect:windows-11/windows-11-monitor.socket
- Serial:   On host:  socat -,echo=0,icanon=0 unix-connect:windows-11/windows-11-serial.socket
- Process:  Started windows-11.conf as windows-11 (26515)

[lj3954]

TPM is enabled, and secureboot is disabled. The quickemu logs show that. There's another issue at play here.

[puresick]

@lj3954 I made a mistake! The above log is from starting the VM with the options already added manually to windows-11.conf.

Without these the output looks like this:

Quickemu 4.9.6 using /usr/bin/qemu-system-x86_64 v9.0.2
 - Host:     Arch Linux running Linux 6.9.10-arch1-1
 - CPU:      AMD Ryzen 7 PRO 5850U with Radeon Graphics 
 - CPU VM:   host, 1 Socket(s), 4 Core(s), 2 Thread(s)
 - MSR:      WARNING! Ignoring unhandled Model-Specific Registers is disabled.

             echo 1 | sudo tee /sys/module/kvm/parameters/ignore_msrs

             If you are unable to run macOS or Windows VMs then run the above 👆
             This will enable ignoring of unhandled MSRs until you reboot the host.
             You can make this change permanent by running: 'quickemu --ignore-msrs-always'
 - RAM VM:   8G RAM
 - BOOT:     EFI (Windows), OVMF (/usr/share/edk2-ovmf/x64/OVMF_CODE.fd), SecureBoot (off).
 - Disk:     windows-11/disk.qcow2 (64G)
 - CD-ROM:   windows-11/virtio-win.iso
 - Display:  SDL, virtio-vga-gl, GL (on), VirGL (on) @ (1280 x 800)
 - Sound:    intel-hda (hda-micro)
 - ssh:      On host:  ssh user@localhost -p 22220
 - WebDAV:   On guest: dav://localhost:9843/
 - Network:  User (virtio-net)
 - Monitor:  On host:  socat -,echo=0,icanon=0 unix-connect:windows-11/windows-11-monitor.socket
 - Serial:   On host:  socat -,echo=0,icanon=0 unix-connect:windows-11/windows-11-serial.socket
 - Process:  Started windows-11.conf as windows-11 (15719)

There SecureBoot is still off by default, but TPM is missing.