I run Windows on my Mac through VMware Fusion and want to start testing with Windows 11. But it can’t run because I don’t have a Trusted Processor Module (TPM). Is that something I can add to a VMware Fusion virtual machine? If so, how?
Developers have long since realized that one of the great features of a modern Mac system is that it can also run Windows really well. Whether you choose a dual boot scenario or just run Windows within a virtual machine through either Parallels or VMware Fusion, it’s surprisingly fast and compatible. Indeed, most of the Windows tutorials on this site in my PC Help area were produced with the help of my trusty VMware Fusion virtual Win10 system.
As many have written about, the early versions of Microsoft Windows 11 require something called a Trusted Platform Module, or TPM. Not just that, but you need version 2.0 of the physical hardware chip on your computer, so it’s not an app you can install on your PC. But on a virtual machine? It’s a quick download and install, as it happens, and you can indeed make your Windows 10 virtual machine Windows 11 ready, as I’ll demonstrate.
Start out by reading through my Check to See If Your PC is Windows 11 Compatible tutorial. Hopefully, Microsoft has re-enabled the PC Health Check app download too: As I write this, it no longer shows up at the indicated link, but it worked fine 48 hours ago.
Run the compatibility checker on your Windows 10 virtual machine in VMware Fusion and you’ll undoubtedly get this result:
The wrinkle here is that you can’t just install the TPM 2.0 module on your virtual machine: You have to encrypt your virtual machine first…
ENCRYPT VIRTUAL MACHINE IN VMWARE FUSION
Fortunately, both the encryption and TPM install steps are easy if you know what order they need to happen. You can test it for yourself, but the Trusted Platform Module can’t be installed on your virtual machine until you encrypt your VM. That’s done by going into your Windows machine and shutting it down (Start Menu > Power > Shut Down).
Then you can get to the Settings in VMware Fusion for this particular virtual machine, which will look like this:
As highlighted, you’ll want to click on “Encryption” along the bottom row, but before we do that, I want to bring your attention to one more thing: The “Add Device…” button on the top right. We’ll need that in a minute or two.
For now, click on “Encryption” to proceed…
It’s actually easy to turn off encryption once you enable it, though I’m not sure if it’ll then disable the TPM 2.0 module once installed. For our purposes, check the “Enable Encryption” box.
You’ll then be prompted to set a system password:
I checked the “Remember Password” option and found that I never had to enter the password on restarts, re-launch of VMware Fusion, etc. Basically it’s an invisible password at that point, but it lets you encrypt your virtual machine.
Enter a password twice, then click “OK” to proceed. Now go get a cup of tea…
I have a pretty big Windows 10 VM so it took maybe five minutes to complete? Something like that. Once done, a cheery window pops up:
Great. Step one complete.
INSTALL A TPM 2.0 MODULE IN A VMWARE FUSION VM
The second step is easier if a bit confusing. Now that you’ve added encryption, click on that “Add Device…” button on the top right of the main Settings window. You’ll be presented with a list of possible devices you can add:
I’ve highlighted the Trusted Platform Module. Click on that icon and a window pops up that confusingly talks about what happens if you remove this device:
What’s going on here? You’ve already installed the TPM 2.0 module when you checked it and clicked “Add..” so it’s asking if you want to remove it.
Yes, super confusing. I hope VMware Fusion redoes this to at least say “TPM 2.0 Installed.” to make it more clear what’s going on. In any case, you’re done. Close this tiny window and you’ll notice that the list of Removable Devices for this virtual machine is just a bit longer:
Okay, so is the virtual machine now compatible with Windows 11?
MAKE VMWARE FUSION WINDOWS VM COMPATIBLE WITH WINDOWS 11
I’ll run PC Health Check and find out…
Boom! Mission accomplished. Not too difficult once you know you have to encrypt your VM then install the TPM 2.0 module. Now, about Windows 11…
Pro Tip: I’ve been writing about the Mac since, well, the very beginning. Please check out my PC help and my extensive Mac help library for hundreds of useful tutorials and how-to guides. Thanks!
Hi Dave, after making a backup, I tested this last night, Fusion 12, hardware version 18, and Windows 10.
Encryption was successful, and after changing the firmware type to UEFI from Legacy BIOS (following comments above), I added the TPM, also successful.
But the VM would not re-boot at all (unable to locate the OS), and I could not revert the firmware type post-encryption. I did not remove the TPM as doing so “destroys all VM data”. I also note that the VM config file (which I had customised to use controllers for RealFlight) is encrypted, so further changes would be impossible.
So I restored my backup, successfully.
I just tried setting this up with encryption and TPM from the ISO and it still fails. Can this only be done as an upgrade from 10?
Nevermind, I forgot to increase memory to 4gb.
I’m getting the same error
“The trusted platform module can only be added to virtual machine using UEFI firmware”
and I’m on a recent Mac Pro with Big Sur
Solution : Go to Advanced and set the Firmware
https://i.imgur.com/bXWwTg6.png
Dave you need the following row enabled too, “Enable UEFI Secure Boot”. Also, unless you were just spacing out you may want to go learn about UEFI and Secure Boot… unless you enable secure boot you’re still using a legacy boot driver.
Fusion 12 doesn’t work with your method. The TPM option produces error message saying UEFI has to be installed. Under advanced options it doesn’t show a bios/uefi option.
I produced this tutorial with VMWare Fusion 12, so I suspect you have a setting colliding with your efforts…
VMWare Fusion refused to encrypt the virtual machine the first time. Fusion diplayed an error that part of the drive is already encrypted so it aborted. All my Macs have FileVault (whole disk encryption) enabled, so it’s impractical and foolish to disable it just to encrypt Fusion’s VM.
But, surprise, I ran Fusion’s Encryption setting again about 5 minutes later and this time it encrypted the drive without errors. Computers, ugh.
Anyway, after encrypting the VM I enabled TPM and the PC Health check says the VM qualifies for Win11 now.
Thanks for the tips!
You might want to put a disclaimer at the top that states not all processors are compatible with Windows 11 on pre 2018 MacBooks running VMware Fusion.
I tried this on my late 2018 MacBook Pro running Big Sur 11.5.2 using Fusion 12.2 and it worked great.
I took about 30 minutes with my Win 10 configuration to encrypt and after that everything zipped right through.
(Of course the Health Check as of this writing is just the one for the preview version of Win 11 with the official edition not available yet.)
We’ll see what happens when the real deal comes down in October.
Thanks Dave! You saved me hours of wading through VMware support and forums as well as searching the rest of the web for such a simple process.
Great except that I get an error message that states, “The trusted platform module can only be added to virtual machine using UEFI firmware.” So your method didn’t work.
Ah, dang it. It worked when I wrote the post, Jim. Maybe reach out to VMWare Fusion customer service and see what they say?
Will this approach now work that Windows 11 has been released?
I haven’t tested it again, but I expect so. If anything changes, I imagine it’ll be the currently very strict requirements for TPM 2.0…
Hello Dave,
Great guide.
It worked perfectly for me.
Thanks