VMware Communities
MarkAGregory
Contributor
Contributor
‎03-29-2023 05:20 AM

Decrypt windows 11 virtual machine

I need help to decrypt a VM so that I can move it to ESXi that does not support TPM yet. The current instructions on the help pages is not accurate, as I find a message saying cannot decypt whilst TPM installed. Then I read that if TPM is removed the hard disk will be broken and all data lost.

I would appreciate instructions on how to decrypt the entire VM.

 

Tags (2)
0 Kudos
3 Replies
Technogeezer
Immortal
Immortal
‎03-29-2023 07:21 AM

What version of Workstation are you using?

- Paul (Technogeezer)
Editor of the Unofficial Fusion Companion Guides
0 Kudos
MarkAGregory
Contributor
Contributor
‎03-29-2023 04:47 PM

workstation pro v17.01

0 Kudos
Technogeezer
Immortal
Immortal
‎03-29-2023 05:29 PM

Some thoughts:

It's true that you can't decrypt the VM while it has a TPM device.

I'm going to assume that you did not build that Windows 11 VM using the experimental vTPM of Workstation 16. That's not going to be easy to disable so you can make the move to ESXi.

You'll probably need to remove the TPM device. But if you configured BitLocker in the VM, removing the TPM device will break the VM. Trying removing Bitlocker in the VM before attempting to make the jump to ESXi. Or make sure you have your Bitlocker recovery key that you can transport to ESX.

If you didn't use BitLocker, you might be able to remove the TPM device and then decrypt the machine. Again, that's assuming you have either done full VM encryption or the Workstation 17 "partial encryption", not the experimental Workstation 16 vTPM.

Once you transfer the VM to ESXi, then configure the TPM device. 

I'd perform any actions on a copy of the VM, leaving the original alone.

 

- Paul (Technogeezer)
Editor of the Unofficial Fusion Companion Guides
0 Kudos