feat: Move TPM emulator (#49)

Dockerfile

@@ -7,10 +7,8 @@ ARG DEBCONF_NONINTERACTIVE_SEEN "true"
 RUN apt-get update \
     && apt-get --no-install-recommends -y install \
         curl \
-        novnc \
-        swtpm \
+        7zip \
         wimtools \
-        p7zip-full \
         genisoimage \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
@@ -23,7 +21,7 @@ ADD https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virt
 
 RUN chmod +x /run/*.sh
 
-EXPOSE 3389 8006
+EXPOSE 8006 3389
 VOLUME /storage
 
 ENV RAM_SIZE "4G"

assets/win10x64.xml

@@ -1,6 +1,5 @@
 <?xml version="1.0"?>
 <unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
-  <settings pass="offlineServicing"/>
   <settings pass="windowsPE">
     <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
       <SetupUILanguage>
@@ -126,6 +125,11 @@
       </DriverPaths>
     </component>
   </settings>
+  <settings pass="offlineServicing">
+    <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <EnableLUA>false</EnableLUA>
+    </component>
+  </settings>
   <settings pass="generalize"/>
   <settings pass="specialize">
     <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
@@ -265,15 +269,21 @@
         <SynchronousCommand wcm:action="add">
           <Order>1</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Set AutoLogonCount to 0</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>2</Order>
+          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Allow RDP login with blank password</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>3</Order>
           <RequiresUserInput>false</RequiresUserInput>
           <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
           <Description>Password Never Expires</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
-          <Order>3</Order>
+          <Order>4</Order>
           <CommandLine>msiexec /i E:\virtio-win-gt-x64.msi /qb!</CommandLine>
           <Description>Install VirtIO drivers</Description>
         </SynchronousCommand>

assets/win11x64.xml

@@ -1,6 +1,5 @@
 <?xml version="1.0"?>
 <unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
-  <settings pass="offlineServicing"/>
   <settings pass="windowsPE">
     <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
       <SetupUILanguage>
@@ -126,6 +125,11 @@
       </DriverPaths>
     </component>
   </settings>
+  <settings pass="offlineServicing">
+    <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <EnableLUA>false</EnableLUA>
+    </component>
+  </settings>
   <settings pass="generalize"/>
   <settings pass="specialize">
     <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
@@ -265,15 +269,21 @@
         <SynchronousCommand wcm:action="add">
           <Order>1</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Set AutoLogonCount to 0</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>2</Order>
+          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Allow RDP login with blank password</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>3</Order>
           <RequiresUserInput>false</RequiresUserInput>
           <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
           <Description>Password Never Expires</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
-          <Order>3</Order>
+          <Order>4</Order>
           <CommandLine>msiexec /i E:\virtio-win-gt-x64.msi /qb!</CommandLine>
           <Description>Install VirtIO drivers</Description>
         </SynchronousCommand>

assets/win2016-eval.xml

@@ -101,34 +101,34 @@
     <component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
       <DriverPaths>
         <PathAndCredentials wcm:action="add" wcm:keyValue="1">
-            <Path>D:\viostor\2k16\amd64</Path>
+          <Path>D:\viostor\2k16\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="2">
-            <Path>D:\NetKVM\2k16\amd64</Path>
+          <Path>D:\NetKVM\2k16\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="3">
-            <Path>D:\Balloon\2k16\amd64</Path>
+          <Path>D:\Balloon\2k16\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="4">
-            <Path>D:\pvpanic\2k16\amd64</Path>
+          <Path>D:\pvpanic\2k16\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="5">
-            <Path>D:\qemupciserial\2k16\amd64</Path>
+          <Path>D:\qemupciserial\2k16\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="6">
-            <Path>D:\qxldod\2k16\amd64</Path>
+          <Path>D:\qxldod\2k16\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="7">
-            <Path>D:\vioinput\2k16\amd64</Path>
+          <Path>D:\vioinput\2k16\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="8">
-            <Path>D:\viorng\2k16\amd64</Path>
+          <Path>D:\viorng\2k16\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="9">
-            <Path>D:\vioscsi\2k16\amd64</Path>
+          <Path>D:\vioscsi\2k16\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="10">
-            <Path>D:\vioserial\2k16\amd64</Path>
+          <Path>D:\vioserial\2k16\amd64</Path>
         </PathAndCredentials>
       </DriverPaths>
     </component>
@@ -162,7 +162,7 @@
     </component>
     <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
       <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon>
-    </component>    
+    </component>
     <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
       <fDenyTSConnections>false</fDenyTSConnections>
     </component>
@@ -177,7 +177,7 @@
           <Profile>all</Profile>
         </FirewallGroup>
       </FirewallGroups>
-    </component>    
+    </component>
   </settings>
   <settings pass="oobeSystem">
     <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
@@ -221,15 +221,21 @@
         <SynchronousCommand wcm:action="add">
           <Order>1</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Set AutoLogonCount to 0</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>2</Order>
+          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Allow RDP login with blank password</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>3</Order>
           <RequiresUserInput>false</RequiresUserInput>
           <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
           <Description>Password Never Expires</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
-          <Order>3</Order>
+          <Order>4</Order>
           <CommandLine>msiexec /i E:\virtio-win-gt-x64.msi /qb!</CommandLine>
           <Description>Install VirtIO drivers</Description>
         </SynchronousCommand>

assets/win2019-eval.xml

@@ -101,34 +101,34 @@
     <component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
       <DriverPaths>
         <PathAndCredentials wcm:action="add" wcm:keyValue="1">
-            <Path>D:\viostor\2k19\amd64</Path>
+          <Path>D:\viostor\2k19\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="2">
-            <Path>D:\NetKVM\2k19\amd64</Path>
+          <Path>D:\NetKVM\2k19\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="3">
-            <Path>D:\Balloon\2k19\amd64</Path>
+          <Path>D:\Balloon\2k19\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="4">
-            <Path>D:\pvpanic\2k19\amd64</Path>
+          <Path>D:\pvpanic\2k19\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="5">
-            <Path>D:\qemupciserial\2k19\amd64</Path>
+          <Path>D:\qemupciserial\2k19\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="6">
-            <Path>D:\qxldod\2k19\amd64</Path>
+          <Path>D:\qxldod\2k19\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="7">
-            <Path>D:\vioinput\2k19\amd64</Path>
+          <Path>D:\vioinput\2k19\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="8">
-            <Path>D:\viorng\2k19\amd64</Path>
+          <Path>D:\viorng\2k19\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="9">
-            <Path>D:\vioscsi\2k19\amd64</Path>
+          <Path>D:\vioscsi\2k19\amd64</Path>
         </PathAndCredentials>
         <PathAndCredentials wcm:action="add" wcm:keyValue="10">
-            <Path>D:\vioserial\2k19\amd64</Path>
+          <Path>D:\vioserial\2k19\amd64</Path>
         </PathAndCredentials>
       </DriverPaths>
     </component>
@@ -162,7 +162,7 @@
     </component>
     <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
       <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon>
-    </component>    
+    </component>
     <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
       <fDenyTSConnections>false</fDenyTSConnections>
     </component>
@@ -177,7 +177,7 @@
           <Profile>all</Profile>
         </FirewallGroup>
       </FirewallGroups>
-    </component>    
+    </component>
   </settings>
   <settings pass="oobeSystem">
     <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
@@ -221,15 +221,21 @@
         <SynchronousCommand wcm:action="add">
           <Order>1</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Set AutoLogonCount to 0</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>2</Order>
+          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Allow RDP login with blank password</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>3</Order>
           <RequiresUserInput>false</RequiresUserInput>
           <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
           <Description>Password Never Expires</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
-          <Order>3</Order>
+          <Order>4</Order>
           <CommandLine>msiexec /i E:\virtio-win-gt-x64.msi /qb!</CommandLine>
           <Description>Install VirtIO drivers</Description>
         </SynchronousCommand>

assets/win2022-eval.xml

@@ -221,15 +221,21 @@
         <SynchronousCommand wcm:action="add">
           <Order>1</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Set AutoLogonCount to 0</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>2</Order>
+          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Allow RDP login with blank password</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>3</Order>
           <RequiresUserInput>false</RequiresUserInput>
           <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
           <Description>Password Never Expires</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
-          <Order>3</Order>
+          <Order>4</Order>
           <CommandLine>msiexec /i E:\virtio-win-gt-x64.msi /qb!</CommandLine>
           <Description>Install VirtIO drivers</Description>
         </SynchronousCommand>

assets/win81x64.xml

@@ -194,9 +194,15 @@
         <SynchronousCommand wcm:action="add">
           <Order>1</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Set AutoLogonCount to 0</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>2</Order>
+          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Allow RDP login with blank password</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>3</Order>
           <CommandLine>msiexec /i E:\virtio-win-gt-x64.msi /qb!</CommandLine>
           <Description>Install VirtIO drivers</Description>
         </SynchronousCommand>

readme.md

@@ -1,4 +1,4 @@
-<h1 align="center">Windows in Docker<br />
+<h1 align="center">Windows<br />
 <div align="center">
 <img src="https://github.com/dockur/windows/raw/master/.github/logo.png" title="Logo" style="max-width:100%;" width="128" />
 </div>
@@ -114,23 +114,6 @@ docker run -it --rm -p 8006:8006 --device=/dev/kvm --cap-add NET_ADMIN dockurr/w
 
     Replace the example path `/var/win` with the desired storage folder.
 
-  * ### How do I verify if my system supports KVM?
-
-    To verify if your system supports KVM, run the following commands:
-
-    ```bash
-    sudo apt install cpu-checker
-    sudo kvm-ok
-    ```
-
-    If you receive an error from `kvm-ok` indicating that KVM acceleration can't be used, check the virtualization settings in the BIOS.
-
-  * ### How do I view the screen?
-
-    The container includes a web-based viewer, so you can visit [http://localhost:8006/](http://localhost:8006/) using any web browser to view the screen and interact with Windows via the keyboard and mouse.
-
-    This is mainly for use during installation, as afterwards you can use Remote Desktop, TeamViewer or any other software you prefer.
-
   * ### How do I perform a manual installation?
 
     If you prefer to perform the installation manually in order to customize some options, such as selecting another edition, add the following environment variable:
@@ -169,6 +152,32 @@ docker run -it --rm -p 8006:8006 --device=/dev/kvm --cap-add NET_ADMIN dockurr/w
     
     During the installation you will need to add some drivers as described in [manual installation](https://github.com/dockur/windows/tree/master?tab=readme-ov-file#how-do-i-perform-a-manual-installation) above.
 
+  * ### How do I pass-through a disk?
+
+    It is possible to pass-through disk devices directly by adding them to your compose file in this way:
+
+    ```yaml
+    environment:
+      DEVICE: "/dev/sda"
+      DEVICE2: "/dev/sdb"
+    devices:
+      - /dev/sda
+      - /dev/sdb
+    ```
+
+    Use ```DEVICE``` if you want it to become your main drive, and use ```DEVICE2``` and higher to add them as secondary drives.
+    
+  * ### How do I verify if my system supports KVM?
+
+    To verify if your system supports KVM, run the following commands:
+
+    ```bash
+    sudo apt install cpu-checker
+    sudo kvm-ok
+    ```
+
+    If you receive an error from `kvm-ok` indicating that KVM acceleration can't be used, check the virtualization settings in the BIOS.
+
   * ### Is this project legal?
 
     Yes, this project contains only open-source code and does not distribute any copyrighted material. Neither does it try to circumvent any copyright protection measures. So under all applicable laws, this project would be considered legal. 

src/entry.sh

@@ -4,7 +4,6 @@ set -Eeuo pipefail
 echo "❯ Starting Windows for Docker v$(</run/version)..."
 echo "❯ For support visit https://github.com/dockur/windows"
 
-export DISPLAY=web
 export BOOT_MODE=windows
 
 cd /run
@@ -20,12 +19,9 @@ cd /run
 
 trap - ERR
 
-ln -sfn /usr/share/novnc/vnc_lite.html /usr/share/novnc/index.html
-websockify -D --web /usr/share/novnc/ 8006 localhost:5900 2>/dev/null
-
-mkdir -p /dev/shm/emulated_tpm
-swtpm socket -t -d --tpmstate dir=/dev/shm/emulated_tpm --ctrl \
-  type=unixio,path=/dev/shm/emulated_tpm/swtpm-sock --log level=1 --tpm2
+if [[ "${DISPLAY,,}" == "web" ]]; then
+  nginx -e stderr
+fi
 
 info "Booting Windows using $VERS..."
 

src/install.sh

@@ -5,9 +5,6 @@ set -Eeuo pipefail
 : "${EXTERNAL:="N"}"
 : "${VERSION:="win11x64"}"
 
-ARGUMENTS="-chardev socket,id=chrtpm,path=/dev/shm/emulated_tpm/swtpm-sock $ARGUMENTS"
-ARGUMENTS="-tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0 $ARGUMENTS"
-
 [[ "${VERSION,,}" == "http"* ]] && EXTERNAL="Y"
 
 [[ "${VERSION,,}" == "11" ]] && VERSION="win11x64"