This guide describes how to install and launch guest Windows 11 running at near-native speed in open-source Qemu emulator under host Windows 11.
This privides an alternative if you want to install and use guest OS on a drive encrypted with open-source software and not with Microsoft-made Bitlocker.
Here are some concerns about Bitlocker:
www.howtogeek.com 
theintercept.com Some quotes:
If you do not want your VM drive recovery keys to be possibly compromised through Microsoft, you may use LUKS-encrypted drives supported in Qemu by default.
If so, this article is for you.
For more details, please see Providing secret data to QEMU — QEMU documentation
1. First of all, make sure you have Hyper-V enabled. Press Windows key + R to open the Run dialog box. Type appwiz.cpl and press Enter. In the Programs and Features window, select Turn Windows features on or off in the left-hand pane. In the Windows Features window, scroll down to Hyper-V and check the box next to it. If you have Windows 11 Home, you have to pre-install Hyper-V feature using one of these guides:
www.thewindowsclub.com 
pureinfotech.com
Go to Download Windows 11 and download Original Windows iso using either Media Creation Tool or directly, save it as orig_win.iso
2. Go to QEMU for Windows – Installers (64 bit) and download QEMU 9.0 (https://qemu.weilnetz.de/w64/qemu-w64-setup-20240423.exe), some 170 MB.
Install it under default path the istaller suggests. (C:\Program Files\qemu)
Go to virtio-win-pkg-scripts/README.md at master · virtio-win/virtio-win-pkg-scripts and download "Stable virtio-win ISO", some 600 MBytes.
Save the drivers as virtio-win-0.1.240.iso
These drivers are needed to get support of SCSI disks inside VM.
Create virtual disk to install Windows to:
3. Launch Windows command prompt under Admin rights to run these commands as follows (provided qemu installed in C:\Program Files\qemu):
This command is needed because whpx accelerator in Qemu 9.0 works only if EFI firmware is a single merged file.
Close command prompt run under admin.
Now, Launch Windows command prompt under a normal user.
4. Run the following command:
5. Launch QEMU using slow tcg accelerator. Later, when Windows setup is done with reboots, you may employ fast whpx accelerator (this is an example of using a plain, non-encrypted drive to store VM, for an example describing encrypted format read further)
G:\VirtualDisk.qcow2 is path of your drive with Windows
C:\Downloads\virtio-win-0.1.240.iso is path to downloaded virtio SCSI drivers
H:\orig_win.iso is path to an Original Windows 11 ISO
Wait until the message "Press any key to boot from CD or DVD" appears and press any key.
EFI should proceed to Windows Setup which suggests you to select your language, time, currency and input method. Click Next.
Then click Install now.
On the next screen, click "I don't have a product key".
Next, Windows Setup will bring you "Select the operating system you want to install" window. Press Shift + F10. Windows Setup will bring you command prompt.
Now, run these commands as follows:
Click Next. Now, accept License Agreement. On the next screen saying "Which type of installation do you want?", select Custom: Install Windows only (advanced).
On the next screen, click "Load driver". Open "virtio-win-0.1.240" and navigate to "vioscsi/w11/amd64" and click OK.
"Red Hat VirtIO SCSI pass-through controller (you_disk_letter:\vioscsi\w11\amd64\vioscsi.inf)" line, which is selected, should appear. Click Next.
Windows Setup installs the driver, taking some 40 secs.
Note the screen "Which type of installation do you want?" shows newly discovered disk space. So select it and click "Next".
Wait for Windows Setup to finish installation. Proceed to other steps as usual. It takes some 40 minutes to complete setup process using tcg accelerator.
6. When Windows setup is complete, shut down your guest VM. Now you can launch your VM using fast whpx accelerator, without extra .iso files:
On my recently produced laptop, it takes some 9 seconds from sending the above command intil Windows log-in screen appears.
P.S.
You can create an encrypted disk you want to install Windows to using this command:
Installation command:
Booting after install:
All other steps of installation process go as usual.
Due to disk encryption-decryption, Windows takes slightly longer to boot and shut down.
P.P.S.
If you need to install and boot legacy Windows 7 (or earlier one), EFI firmware and bootindex are redundant. You can simply run
UPD: added ",cache.direct=on" switch to every qemu launch command to bypass this bug: On Windows, qcow2 is corrupted on expansion (#814) · Issues · QEMU / QEMU · GitLab
This privides an alternative if you want to install and use guest OS on a drive encrypted with open-source software and not with Microsoft-made Bitlocker.
Here are some concerns about Bitlocker:
Here's Why Windows 8.1's Encryption Doesn't Seem to Scare the FBI
The FBI isn't happy about the latest versions of iOS and Android using encryption by default.
www.howtogeek.com Microsoft Gives Details About Its Controversial Disk Encryption
Computer security experts worry that BitLocker may be compromised by the government. Microsoft addressed some of those concerns for The Intercept — and left some unanswered.
theintercept.com If you do not want your VM drive recovery keys to be possibly compromised through Microsoft, you may use LUKS-encrypted drives supported in Qemu by default.
If so, this article is for you.
For more details, please see Providing secret data to QEMU — QEMU documentation
| NOTE: Avoid guest Windows reboot when using whpx accelerator, use Windows shutdown only. Currently whpx accelerator in QEMU 9.0 has a bug preventing guest OS from rebooting. A normal shutdown from guest OS works ok, though. |
1. First of all, make sure you have Hyper-V enabled. Press Windows key + R to open the Run dialog box. Type appwiz.cpl and press Enter. In the Programs and Features window, select Turn Windows features on or off in the left-hand pane. In the Windows Features window, scroll down to Hyper-V and check the box next to it. If you have Windows 11 Home, you have to pre-install Hyper-V feature using one of these guides:
How to install and enable Hyper-V on Windows 11/10 Home
We show you how to enable & use Hyper-V on Windows 11 or Windows 10 Home edition. You need to first use this script to activate Hyper-V.
www.thewindowsclub.com How to install Hyper-V on Windows 11 Home - Pureinfotech
To install Hyper-V on Windows 11 Home, run this custom script to add the components with DISM and restart the computer. Here's how.
pureinfotech.com Go to Download Windows 11 and download Original Windows iso using either Media Creation Tool or directly, save it as orig_win.iso
2. Go to QEMU for Windows – Installers (64 bit) and download QEMU 9.0 (https://qemu.weilnetz.de/w64/qemu-w64-setup-20240423.exe), some 170 MB.
Install it under default path the istaller suggests. (C:\Program Files\qemu)
Go to virtio-win-pkg-scripts/README.md at master · virtio-win/virtio-win-pkg-scripts and download "Stable virtio-win ISO", some 600 MBytes.
Save the drivers as virtio-win-0.1.240.iso
These drivers are needed to get support of SCSI disks inside VM.
Create virtual disk to install Windows to:
Code:
qemu-img create -f qcow2 G:\VirtualDisk.qcow2 60G3. Launch Windows command prompt under Admin rights to run these commands as follows (provided qemu installed in C:\Program Files\qemu):
Code:
cd /d C:\Program Files\qemu\share
copy /B edk2-i386-vars.fd + edk2-x86_64-code.fd edk2-x86_64.fdClose command prompt run under admin.
Now, Launch Windows command prompt under a normal user.
4. Run the following command:
Code:
cd /d C:\Program Files\qemu5. Launch QEMU using slow tcg accelerator. Later, when Windows setup is done with reboots, you may employ fast whpx accelerator (this is an example of using a plain, non-encrypted drive to store VM, for an example describing encrypted format read further)
Code:
qemu-system-x86_64 -accel tcg -bios share\edk2-x86_64.fd -cpu Westmere,aes=on,avx=on,sse4.1=on,sse4.2=on,ssse3=on,x2apic=on,xsave=on,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time -m 8192 -machine q35 -smp 4 -device qxl-vga,vgamem_mb=64 -audiodev sdl,id=audio0 -device intel-hda -device hda-output,audiodev=audio0 -usb -device usb-tablet -drive id=drive-virtio-disk0,file=G:\VirtualDisk.qcow2,format=qcow2,if=none,cache=none,aio=native,discard=unmap,copy-on-read=on,cache.direct=on -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0,bus=scsi.0,rotation_rate=1,bootindex=1 -device ich9-ahci,id=ahci -device ide-cd,drive=cd0,bus=ahci.0,bootindex=0 -device ide-cd,drive=cd1,bus=ahci.1 -drive file=H:\orig_win.iso,if=none,media=cdrom,readonly=on,id=cd0 -drive file=C:\Downloads\virtio-win-0.1.240.iso,if=none,media=cdrom,readonly=on,id=cd1-accel tcg gives a slow acceleration, which can be betterized with -accel whpx
-cpu Westmere,aes=on,avx=on,sse4.1=on,sse4.2=on,ssse3=on,x2apic=on,xsave=on enables Modern version of Windows to boot. Probably, some of these are unnecessary.
,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time makes Hyper-V work a bit faster.
-machine q35 makes Qemu work a bit faster
-smp 4 provides Windows with four virtual cores, installed Windows runs without this switch but refuses to install.
-m 8192 provides Windows with 8GB of RAM
-device qxl-vga,vgamem_mb=64 - I'm not sure how it works but Qemu doesn't render image from VM without it.
-audiodev sdl,id=audio0 -device intel-hda -device hda-output,audiodev=audio0 provides Windows with simple audio output; you can remove it if you don't need sound
-usb -device usb-tablet makes mouse cursor auto-captured by the VM when it over Qemu window and auto-captured by the host OS when cursor leaves Qemu window
-drive id=drive-virtio-disk0,file=G:\VirtualDisk.qcow2,format=qcow2,if=none,cache=none,aio=native,discard=unmap,copy-on-read=on -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0,bus=scsi.0,rotation_rate=1,bootindex=1 - cache=none,aio=native - these options give high disk I/O performance; rotation_rate=1 - makes Qemu process virtual drive as SSD; discard=unmap - the guest filesystem will release assigned-but-unused free space on the host; bootindex=1 - this will make specified drive to load after the drive with bootindex=0 specified during EFI boot process; -device scsi-hd - creates a fast drive but requires extra drivers to be downloaded and installed on the guest OS
-device ich9-ahci,id=ahci - creates a slow AHCI adapter
-drive file=H:\orig_win.iso,if=none,media=cdrom,readonly=on,id=cd0 - creates cdrom device
-device ide-cd,drive=cd0,bus=ahci.0,bootindex=0 - describes how to connect device to adapter
-cpu Westmere,aes=on,avx=on,sse4.1=on,sse4.2=on,ssse3=on,x2apic=on,xsave=on enables Modern version of Windows to boot. Probably, some of these are unnecessary.
,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time makes Hyper-V work a bit faster.
-machine q35 makes Qemu work a bit faster
-smp 4 provides Windows with four virtual cores, installed Windows runs without this switch but refuses to install.
-m 8192 provides Windows with 8GB of RAM
-device qxl-vga,vgamem_mb=64 - I'm not sure how it works but Qemu doesn't render image from VM without it.
-audiodev sdl,id=audio0 -device intel-hda -device hda-output,audiodev=audio0 provides Windows with simple audio output; you can remove it if you don't need sound
-usb -device usb-tablet makes mouse cursor auto-captured by the VM when it over Qemu window and auto-captured by the host OS when cursor leaves Qemu window
-drive id=drive-virtio-disk0,file=G:\VirtualDisk.qcow2,format=qcow2,if=none,cache=none,aio=native,discard=unmap,copy-on-read=on -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0,bus=scsi.0,rotation_rate=1,bootindex=1 - cache=none,aio=native - these options give high disk I/O performance; rotation_rate=1 - makes Qemu process virtual drive as SSD; discard=unmap - the guest filesystem will release assigned-but-unused free space on the host; bootindex=1 - this will make specified drive to load after the drive with bootindex=0 specified during EFI boot process; -device scsi-hd - creates a fast drive but requires extra drivers to be downloaded and installed on the guest OS
-device ich9-ahci,id=ahci - creates a slow AHCI adapter
-drive file=H:\orig_win.iso,if=none,media=cdrom,readonly=on,id=cd0 - creates cdrom device
-device ide-cd,drive=cd0,bus=ahci.0,bootindex=0 - describes how to connect device to adapter
G:\VirtualDisk.qcow2 is path of your drive with Windows
C:\Downloads\virtio-win-0.1.240.iso is path to downloaded virtio SCSI drivers
H:\orig_win.iso is path to an Original Windows 11 ISO
| NOTE: If any of these files contain spaces in their path, surround file=path with double quotes, like this: -drive id=cd0,"file=H:\new folder\win11 image.iso",if=none,media=cdrom,readonly=on Another option: -bios "C:\Program Files\qemu\share\edk2-x86_64.fd" |
EFI should proceed to Windows Setup which suggests you to select your language, time, currency and input method. Click Next.
Then click Install now.
On the next screen, click "I don't have a product key".
Next, Windows Setup will bring you "Select the operating system you want to install" window. Press Shift + F10. Windows Setup will bring you command prompt.
Now, run these commands as follows:
Code:
reg add HKLM\SYSTEM\Setup\LabConfig /v BypassTPMCheck /t REG_DWORD /d 1
reg add HKLM\SYSTEM\Setup\LabConfig /v BypassSecureBootCheck /t REG_DWORD /d 1
reg add HKLM\SYSTEM\Setup\LabConfig /v BypassRAMCheck /t REG_DWORD /d 1
reg add HKLM\SYSTEM\Setup\LabConfig /v BypassStorageCheck /t REG_DWORD /d 1Click Next. Now, accept License Agreement. On the next screen saying "Which type of installation do you want?", select Custom: Install Windows only (advanced).
On the next screen, click "Load driver". Open "virtio-win-0.1.240" and navigate to "vioscsi/w11/amd64" and click OK.
"Red Hat VirtIO SCSI pass-through controller (you_disk_letter:\vioscsi\w11\amd64\vioscsi.inf)" line, which is selected, should appear. Click Next.
Windows Setup installs the driver, taking some 40 secs.
Note the screen "Which type of installation do you want?" shows newly discovered disk space. So select it and click "Next".
Wait for Windows Setup to finish installation. Proceed to other steps as usual. It takes some 40 minutes to complete setup process using tcg accelerator.
6. When Windows setup is complete, shut down your guest VM. Now you can launch your VM using fast whpx accelerator, without extra .iso files:
Code:
qemu-system-x86_64 -accel whpx -bios share\edk2-x86_64.fd -cpu Westmere,aes=on,avx=on,sse4.1=on,sse4.2=on,ssse3=on,x2apic=on,xsave=on,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time -m 8192 -machine q35 -smp 4 -device qxl-vga,vgamem_mb=64 -audiodev sdl,id=audio0 -device intel-hda -device hda-output,audiodev=audio0 -usb -device usb-tablet -drive id=drive-virtio-disk0,file=G:\VirtualDisk.qcow2,format=qcow2,if=none,cache=none,aio=native,discard=unmap,copy-on-read=on,cache.direct=on -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0,bus=scsi.0,rotation_rate=1,bootindex=1On my recently produced laptop, it takes some 9 seconds from sending the above command intil Windows log-in screen appears.
P.S.
You can create an encrypted disk you want to install Windows to using this command:
Code:
qemu-img create -f luks --object secret,id=sec0,file="J:\passphrase.txt" -o key-secret=sec0 K:\demo.luks 60GInstallation command:
Code:
qemu-system-x86_64 -accel tcg -bios share\edk2-x86_64.fd -cpu Westmere,aes=on,avx=on,sse4.1=on,sse4.2=on,ssse3=on,x2apic=on,xsave=on,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time -m 8192 -machine q35 -smp 4 -device qxl-vga,vgamem_mb=64 -audiodev sdl,id=audio0 -device intel-hda -device hda-output,audiodev=audio0 -usb -device usb-tablet -drive id=drive-virtio-disk0,file=K:\demo.luks,if=none,cache=none,aio=native,discard=unmap,copy-on-read=on,cache.direct=on,driver=luks,key-secret=sec0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0,bus=scsi.0,rotation_rate=1,bootindex=1 -device ich9-ahci,id=ahci -device ide-cd,drive=cd0,bus=ahci.0,bootindex=0 -device ide-cd,drive=cd1,bus=ahci.1 -drive file=H:\orig_win.iso,if=none,media=cdrom,readonly=on,id=cd0 -drive file=C:\Downloads\virtio-win-0.1.240.iso,if=none,media=cdrom,readonly=on,id=cd1 -object secret,id=sec0,file=J:\passphrase.txtBooting after install:
Code:
qemu-system-x86_64 -accel whpx -bios share\edk2-x86_64.fd -cpu Westmere,aes=on,avx=on,sse4.1=on,sse4.2=on,ssse3=on,x2apic=on,xsave=on,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time -m 8192 -machine q35 -smp 4 -device qxl-vga,vgamem_mb=64 -audiodev sdl,id=audio0 -device intel-hda -device hda-output,audiodev=audio0 -usb -device usb-tablet -drive id=drive-virtio-disk0,file=K:\demo.luks,if=none,cache=none,aio=native,discard=unmap,copy-on-read=on,cache.direct=on,driver=luks,key-secret=sec0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0,bus=scsi.0,rotation_rate=1,bootindex=1 -object secret,id=sec0,file=J:\passphrase.txtAll other steps of installation process go as usual.
Due to disk encryption-decryption, Windows takes slightly longer to boot and shut down.
| NOTE: These commands use a plain textfile with a passphrase to encrypt disk. You should store such a textfile on a separate device from the one containing luks file. For more advanced options on how to use luks files, see Providing secret data to QEMU — QEMU documentation |
If you need to install and boot legacy Windows 7 (or earlier one), EFI firmware and bootindex are redundant. You can simply run
Code:
qemu-system-x86_64 -accel tcg -cpu Westmere,aes=on,avx=on,sse4.1=on,sse4.2=on,ssse3=on,x2apic=on,xsave=on,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time -m 4G -machine q35 -device qxl-vga,vgamem_mb=64 -usb -device usb-tablet -hda Disk.qcow2 -boot d -cdrom legacy_win.iso -drive file=scsi_drivers.iso,media=cdrom,readonly=onUPD: added ",cache.direct=on" switch to every qemu launch command to bypass this bug: On Windows, qcow2 is corrupted on expansion (#814) · Issues · QEMU / QEMU · GitLab
Last edited:
