If you are trying to freshly install Windows 11 on PVE, you can follow this post: https://dannyda.com/2021/10/08/how-to-install-windows-11-on-proxmox-ve-pve-without-workarounds/
If you are like me who wants to add TPM 2.0 and Secure Boot support to an existing Windows 10 installation, you can follow these steps below:
- Upgrade to latest PVE (7.0-13) You may need to reboot your PVE and refresh the Dashboard UI to have the latest TPM and Secure Boot options.
- Important: Install the latest virtio driver before making any changes below. Latest virsion as of writing: https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.208-1/virtio-win-0.1.208.iso If you don't know how/what to install, please follow Windows_10_guest_best_practices. You'll need to at least install the vioscsi driver. Best to install all the disk/network/memory drivers as well as the guest agent. If you have older version installed already, please use the above ISO to ugprade to latest version.
- Now shutdown your Windows 10 VM
- Add a TPM for your Windows 10 and choose the storage.
- Add Secure Boot for you OS (Make sure you have UEFI (OVMF) boot option for you VM.
- To do this, you'll need to remove your existed EFI disk.
- Add a new EFI disk and make sure the "Pre Enroll Keys" is checked.
- Boot the Windows 10 VM, and now you are all good to go. You can install the PC Health Check tool to verify that both TPM and Secure Boot is available. Your VM final config should be something like this: