💡 Note: This is a personal hobby project created purely for fun and educational purposes. 📅 ETA: TBD (Developed in my spare time, progress depends on interest/availability).

Experimental Windows software TPM 2.0 (TpmPresent/TpmReady/Storage/Attestation: True).

New

Old

A software-based Virtual Trusted Platform Module (vTPM) 2.0 implementation designed to satisfy Windows 11's security requirements by emulating a fully functional TPM 2.0 device.

• Kernel-Mode Driver (vtpm.sys): Intercepts standard TPM commands and IOCTLs from Windows.
• User-Mode Service Bridge (vtpm_service.exe): Proxies commands to the simulator, reads Measured Boot logs, replays PCR extensions, and registers the EK certificate in the Registry.
• TPM 2.0 Simulator (Simulator.exe): Handles core TPM 2.0 cryptographic operations (based on Microsoft's reference implementation ms-tpm-20-ref).
• VtpmPreboot.efi: EFI loader that injects custom ACPI tables (MSFT0101) at boot.
• vtpm.sys (Kernel Driver): Root-enumerated TPM driver that intercepts commands/IOCTLs and loads event logs.
• vtpm_service.exe (Service): Bridge handling EK certs, SRK queries, and measured boot sync.
• Simulator.exe: Core TPM 2.0 cryptoprocessor (Microsoft Reference Implementation).

Repository contains source code and scripts only; build artifacts are excluded.

Old

• Windows 11 x64 (Host/Guest, Admin)
• VS 2022 + WDK
• VirtualBox (VM only - experimental phase; architecture & code will be fully revised later)

1. Build (Host): Run .\build_driver_variants.ps1 and .\package_kernel_poc.ps1.
2. Configure VM (Host): .\configure_vbox_acpi_vtpm.ps1 -VmName win11
3. Install (Guest): Copy release-kernel-poc to guest, run install_acpi_platform_vtpm.ps1 (Admin), and reboot.
4. Verify (Guest): Run tpmtool getdeviceinformation
5. Rollback (Host): .\remove_vbox_acpi_vtpm.ps1 -VmName win11

• Forward TPM commands/IOCTLs (vtpm.sys $\leftrightarrow$ vtpm_service.exe)
• Proxy executions to MS TPM reference simulator
• Read measured boot logs from C:\Windows\Logs\MeasuredBoot\
• Sync boot logs to simulator PCRs (resolves TBS_E_NO_EVENT_LOG)
• Generate & register EK Certs in registry (EKCertStore)
• Handle SRK public key queries (IOCTL_TPM_GET_PERSISTENT_PUBLIC)
• Replay registry-based event logs in driver init
• Inject dynamic ACPI tables via EFI loader (VtpmPreboot.efi)

• Encrypt and lock simulator NV state
• Add anti-rollback metadata (clock sync, reset/restart counters)
• Generate synthetic WBCL event log streams
• Test with Windows Hello & BitLocker
• Driver production signing setup
• ... and more

• Signing: Requires Windows Test Mode (TESTSIGNING) or WHQL signature.
• Security: Research software. Do not use for production secrets, BitLocker, or actual attestation.