Developing under Windows 11 in a VM not feasible ?

[A.M. Hoornweg 144]

Hello all,

 

this question isn't strictly Delphi related but rather Windows 11 / VMWare Workstation related.

 

I develop under Windows 10 X64 in a VMWare virtual machine. I'd like to migrate this VM to Windows 11 but there are a few things that currently make this unfeasible IMHO:

 

- before adding a virtual TPM module, VMWare insists on encrypting all virtual hard drives (*.vmdk files) of the VM.

- The encryption key contains information of the host machine. The drives will only decrypt on the same host machine.

- So if my notebook dies, I'm basically scr##ed because the VM won't run anywhere else.

 

 

That's totally unacceptible to me. The whole purpose of virtualization is having virtual hardware so the VM's are independent of the host hardware and its life span. A backup of a VM shouldn't be worthless if my hardware breaks!  I currently have VM's that were created on at least 3 different machines and they still run fine, thanks to a vmx entry uuid.action= "keep" that tells VMWare to maintain the machine identity even if the VM is moved to a different machine.

 

 

So... What gives? Is there a viable workaround for this problem? 

 

I know about the undocumented managedvm.autoAddVTPM="software" vmx entry but let me warn you, that has dire side effects: instead of encrypting the vmdk files as a whole it will just encrypt the header area of the vmdk files. That is even worse because you can't undo it - the decryption password isn't revealed. And it's not documented if this header encryption is machine dependent or not.

 

 

 

 

 

 

[Attila Kovacs 629]

48 minutes ago, A.M. Hoornweg said:

- So if my notebook dies, I'm basically scr##ed because the VM won't run anywhere else.

 

With your logic not only the VM but an encrypted HDD would not be recoverable anymore.

[A.M. Hoornweg 144]

14 minutes ago, Attila Kovacs said:

With your logic not only the VM but an encrypted HDD would not be recoverable anymore.

A virtual HDD encrypted by VMWare would not be recoverable anymore indeed.

 

[edit]

I make weekly backups of my VM's on an external HDD. If they were cryptographically tied to my notebook's hardware, they would become worthless if my notebook broke.

Edited December 16, 2021 by A.M. Hoornweg

[Attila Kovacs 629]

You know that for this reason a recovery key/image/etc... should be generated? 

[David Schwartz 426]

Switch to VirtualBox perhaps?

[A.M. Hoornweg 144]

1 hour ago, Attila Kovacs said:

You know that for this reason a recovery key/image/etc... should be generated? 

Will that work on a new hardware? I mean, will VMWare Workstation boot a recent backup, if I exchange my notebook for a new one?

 

[Attila Kovacs 629]

If not, you should not use that product.

[Lars Fosdal 1792]

Hyper-V VMs are portable, and generation 2 supports a virtual TPM.

https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/learn-more/generation-2-virtual-machine-security-settings-for-hyper-v

Encryption of the image seems to be optional.

[A.M. Hoornweg 144]

1 minute ago, Attila Kovacs said:

If not, you should not use that product.

That's not an option.  VMWare workstation is essential to me, also because of compatibility with ESXI.  (I don't know if other virtualizers that use "passthrough" TPM's don't have the same problem, because in that case the TPM also dies if the host breaks)

[A.M. Hoornweg 144]

1 hour ago, David Schwartz said:

Switch to VirtualBox perhaps?

I have no desire to switch to a different virtualization product. My appreciation of  VMWare far exceeds any desire for Windows 11.

[Sherlock 663]

Well cancel Windows 11 then. No need for it anyway. Only for testing. Some folks still use WinXP, being stuck on Win10 till MS comes to their senses seems not that long.

[Uwe Raabe 2057]

VMware has a workaround for ignoring the TPM requirement mentioned in Installing Windows 11 as a guest OS on VMware Workstation Pro/Player and Fusion

Quote

In case you do not want to Encrypt the Virtual Machine, then to bypass the TPM 2.0 requirements while installing Windows 11, Please follow the below steps:

1. While installing Windows 11, if your computer does not meet the hardware requirements, you will see a message stating, "This PC can't run Windows 11." Windows 11 setup blocked due to missing hardware requirements. 
2. When you see the above message, press Shift+F10 (Or Shift+fn+F10) on your keyboard at the same time to launch a command prompt. At the command prompt, type regedit and press enter to launch the Windows Registry Editor.
3. When the Registry Editor opens, navigate to: HKEY_LOCAL_MACHINE\SYSTEM\Setup, Right-click on the Setup key and select New > Key.
4. When prompted to name the key, Type LabConfig and press enter.
5. Now right-click on the LabConfig key and select New > DWORD (32-bit) value and create a value named BypassTPMCheck, and set its data to 1. 
6. Once you configure the BypassTPMCheck key-value under the LabConfig key, close the Registry Editor, and then type exit in the Command Prompt followed by enter to close the window. You will now be back at the message stating that the PC can't run Windows 11. Click on the back button in the Windows Setup dialog, as shown below. Press the back button in Windows setup.
7. You will now be back at the screen prompting you to select the version of Windows 11 you wish to install. You can now continue with the setup, and the hardware requirements will be bypassed, allowing you to install Windows 11.

 

[Der schöne Günther 316]

18 minutes ago, Sherlock said:

Well cancel Windows 11 then. No need for it anyway. Only for testing

That's the part I also did not understand. I don't see a gain to be had from developing Delphi applications on Windows 11, rather than Windows 10.

 

Testing, of course, but that's going to be a throwaway VM anyway, so no need to worry.

[A.M. Hoornweg 144]

1 hour ago, Sherlock said:

Well cancel Windows 11 then. No need for it anyway. Only for testing. Some folks still use WinXP, being stuck on Win10 till MS comes to their senses seems not that long.

Some things (like Per-Monitor DPI-awareness V2) are really awkward to test through Remote Debugging.  Delphi 11 still has tons of issues regarding DPI Awareness, for which I had to devise workarounds until Embarcadero hopefully gets it right. I expect some improvements to this feature in Windows 11 and it would be really nice to be able to debug it natively rather than remotely.

 

 

[A.M. Hoornweg 144]

1 hour ago, Uwe Raabe said:

VMware has a workaround for ignoring the TPM requirement mentioned in Installing Windows 11 as a guest OS on VMware Workstation Pro/Player and Fusion

 

That workaround is well known, but it'll probably cease working when the first updates of Windows 11 appear. In that case one would be stuck with a possibly buggy initial version.

Edited December 16, 2021 by A.M. Hoornweg

[emileverh 21]

1 hour ago, A.M. Hoornweg said:

Some things (like Per-Monitor DPI-awareness V2) are really awkward to test through Remote Debugging.  Delphi 11 still has tons of issues regarding DPI Awareness, for which I had to devise workarounds until Embarcadero hopefully gets it right. I expect some improvements to this feature in Windows 11 and it would be really nice to be able to debug it natively rather than remotely.

 

 

I agree. DPI awareness in Delphi 11 is a mess!!  People who are telling; you have to develop in 96dpi mode do not own a high-end PC with a high resolution screen. The forms are incredible small in that way, it's impossible to design a form. And frames are the worst part....

[Uwe Raabe 2057]

1 hour ago, A.M. Hoornweg said:

That workaround is well known, but it'll probably cease working when the first updates of Windows 11 appear. In that case one would be stuck with a possibly buggy initial version.

It is also possible that VMware will have a decent solution then.

[A.M. Hoornweg 144]

4 minutes ago, emileverh said:

I agree. DPI awareness in Delphi 11 is a mess!!  People who are telling; you have to develop in 96dpi mode do not own a high-end PC with a high resolution screen. The forms are incredible small in that way, it's impossible to design a form. And frames are the worst part....

One simple workaround is to run Delphi inside a VMWare VM and to configure that VM so, that its resolution is 1920x1080 and "stretched".  That way Delphi will run at a resolution of 2K even though the monitor really has a much higher resolution.

 

 

As for DPI awareness in compiled Delphi applications themselves, I have a whole bunch of workarounds to make things work better. The key for me was to inherit every TForm from a common ancestor and to override some virtual methods in that ancestor  (DoBeforeMonitorDPIChanged, DoAfterMonitorDPIChanged, Loaded, Docreate and some more ...)  to fix the most egregious bugs.  That way any form derived from that common ancestor behaves much better.

 

 

 

 

 

 

 

 

 

[A.M. Hoornweg 144]

17 minutes ago, Uwe Raabe said:

It is also possible that VMware will have a decent solution then.

Sure. Until that time, I'll just stick with Windows 10 in the VM. 

[Uwe Raabe 2057]

32 minutes ago, emileverh said:

People who are telling; you have to develop in 96dpi mode do not own a high-end PC with a high resolution screen. The forms are incredible small in that way, it's impossible to design a form.

With developing in 96dpi they probably mean run the IDE with /highdpi:unaware. There is even a separate start menu entry for that. This is best when you need to keep your DFMs compatible with other systems or older Delphi versions.

[emileverh 21]

Just now, Uwe Raabe said:

With developing in 96dpi they probably mean run the IDE with /highdpi:unaware. There is even a separate start menu entry for that. This is best when you need to keep your DFMs compatible with other systems or older Delphi versions.

Thanks for all the remarks and workarounds.... But I am still not happy, EMB had to do a better (testing) job before releasing D11. 

[Uwe Raabe 2057]

Just now, emileverh said:

EMB had to do a better (testing) job before releasing D11. 

Believe me, testing is not to blame here.

[Cristian Peța 103]

On 12/16/2021 at 10:37 AM, A.M. Hoornweg said:

- The encryption key contains information of the host machine. The drives will only decrypt on the same host machine.

- So if my notebook dies, I'm basically scr##ed because the VM won't run anywhere else.

Just tried in latest VMware 16 Workstation and my Win 11 VM with Delphi works on other machine.

No workarounds. TPM installed and VM password encrypted.

[Lars Fosdal 1792]

On 12/16/2021 at 5:09 PM, Uwe Raabe said:

best when you need to keep your DFMs compatible with other systems or older Delphi versions

...or don't want to deal with all the positioning and scaling issues for forms that are opened by multiple developers with different DPI and scaling settings...

[Uwe Raabe 2057]

4 minutes ago, Lars Fosdal said:

multiple developers with different DPI and scaling settings

That must indeed be a scenario being totally ignored when designing the HighDPI designer. If they only had asked us before...