From 764967c8e0889b8e4db2557d49f0d6fe48398835 Mon Sep 17 00:00:00 2001
From: Artur Gurgul <artur@gurgul.pro>
Date: Wed, 27 Aug 2025 11:37:46 +0200
Subject: [PATCH] Trying to install Windows11 ARM on QEMU

---
 bin/recipes/edk2/make                         | 108 +++++++++
 .../microsoft corporation kek 2k ca 2023.crt  | Bin 0 -> 1462 bytes
 bin/recipes/edk2/notes.md                     |  61 +++++
 bin/recipes/edk2/windows uefi ca 2023.crt     | Bin 0 -> 1454 bytes
 bin/vm-cmd                                    | 217 ++++++++++++++++--
 lib/virtual-machine.rb                        |   2 +-
 6 files changed, 365 insertions(+), 23 deletions(-)
 create mode 100755 bin/recipes/edk2/make
 create mode 100644 bin/recipes/edk2/microsoft corporation kek 2k ca 2023.crt
 create mode 100644 bin/recipes/edk2/notes.md
 create mode 100644 bin/recipes/edk2/windows uefi ca 2023.crt

diff --git a/bin/recipes/edk2/make b/bin/recipes/edk2/make
new file mode 100755
index 0000000..83e754b
--- /dev/null
+++ b/bin/recipes/edk2/make
@@ -0,0 +1,108 @@
+#!/usr/bin/env bash
+
+rm -rf edk2
+rm -rf output
+
+git clone https://github.com/tianocore/edk2.git
+cd edk2
+git checkout fc0fffa7e9089e7b79b9ae7babb950f1f153e0ae
+
+
+# 0) Make sure LLVM is installed
+brew install llvm acpica nasm
+brew install lld
+
+# 1) Point PATH and tool vars to Homebrew’s LLVM (Apple Silicon path shown)
+export LLVM_PREFIX="/opt/homebrew/opt/llvm"        # Intel Macs: /usr/local/opt/llvm
+export LLD_PREFIX="/opt/homebrew/opt/lld"
+export PATH="$LLVM_PREFIX/bin:$LLD_PREFIX/bin:$PATH"
+
+hash -r
+
+# 2) Explicitly select LLVM tools so EDK2 doesn’t fall back to Apple’s
+export CC="$LLVM_PREFIX/bin/clang"
+export CXX="$LLVM_PREFIX/bin/clang++"
+export LD="$LLD_PREFIX/bin/ld.lld"
+export AR="$LLVM_PREFIX/bin/llvm-ar"
+export RANLIB="$LLVM_PREFIX/bin/llvm-ranlib"
+export NM="$LLVM_PREFIX/bin/llvm-nm"
+export STRIP="$LLVM_PREFIX/bin/llvm-strip"
+export OBJCOPY="$LLVM_PREFIX/bin/llvm-objcopy"
+export OBJDUMP="$LLVM_PREFIX/bin/llvm-objdump"
+
+# 3) Sanity check — these MUST point into .../opt/llvm/bin
+which clang; clang --version
+which ld.lld
+which llvm-ar
+
+# 4) Rebuild tools & firmware
+make -C BaseTools -j
+source ./edksetup.sh
+
+build -a AARCH64 -t CLANGDWARF \
+      -p ShellPkg/ShellPkg.dsc \
+      -m ShellPkg/Application/KeyTools/KeyTool/KeyTool.inf \
+      -b RELEASE
+
+
+cd ..
+
+mkdir -p output/keys/EFI/Boot
+openssl x509 -in "microsoft corporation kek 2k ca 2023.crt" -outform DER -out output/keys/kek2023.cer
+openssl x509 -in "windows uefi ca 2023.crt" -outform DER -out output/keys/db2023.cer
+
+open /Users/artur/projs/edk2
+
+exit 0
+
+
+# (Optional) clean the previous failed build to avoid stale flags/objects
+rm -rf Build/ArmVirtQemu-AARCH64
+
+build -a AARCH64 \
+      -t CLANGDWARF \
+      -p ArmVirtPkg/ArmVirtQemu.dsc \
+      -D SECURE_BOOT_ENABLE=TRUE \
+      -b DEBUG
+
+
+
+# CODE="/Volumes/Cache/vms/image/win11-arm64/win11/QEMU_EFI.fd"
+# VARS="/Volumes/Cache/vms/image/win11-arm64/win11/QEMU_VARS.fd"
+
+
+# # Make blank 64 MiB raws
+# qemu-img create -f raw QEMU_EFI-pflash.raw 64M
+# qemu-img create -f raw QEMU_VARS-pflash.raw 64M
+
+# # Copy firmware into the front of each file without truncating the 64 MiB size
+# dd if="$CODE" of=QEMU_EFI-pflash.raw  conv=notrunc
+# dd if="$VARS" of=QEMU_VARS-pflash.raw conv=notrunc
+
+# # Confirm size is exactly 67108864 bytes
+# stat -f "%z %N" QEMU_EFI-pflash.raw QEMU_VARS-pflash.raw
+
+
+
+# https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-secure-boot-key-creation-and-management-guidance?view=windows-11
+# https://go.microsoft.com/fwlink/?linkid=2239775
+# https://go.microsoft.com/fwlink/?linkid=2239776
+
+
+# -drive if=none,id=mskeys,format=raw,file=fat:rw:keys
+# -device usb-storage,drive=mskeys
+
+
+# 5. Enroll the certs in firmware
+# Boot into UEFI shell, run FS0:\EFI\Boot\KeyTool.efi.
+
+# In KeyTool:
+# Go to Edit Keys → KEK → Add New Key, pick kek2023.cer.
+# Go to Edit Keys → db → Add New Key, pick db2023.cer.
+# If no PK is present yet, you must enroll a Platform Key (PK) first (can be self-signed with OpenSSL; KeyTool can also generate). Without a PK, Secure Boot remains “greyed out.”
+
+# ✅ After PK + KEK + DB are enrolled, reboot → go into firmware setup → Secure Boot option will be toggleable → set it to Enabled.
+# Now Windows 11 installer/bootloader should run under Secure Boot.
+# Ref: 68adf715-f29c-832e-89d7-a37025f63cf3
+
+
diff --git a/bin/recipes/edk2/microsoft corporation kek 2k ca 2023.crt b/bin/recipes/edk2/microsoft corporation kek 2k ca 2023.crt
new file mode 100644
index 0000000000000000000000000000000000000000..e6ffb4f975fae9658631e5ca7697b63d3692b869
GIT binary patch
literal 1462
zcmXqLV%=oW#5`*OGZP~dldv%Z1B0-L*p9^9rY3J78^|-@W#iOp^Jx3d%gD&h%3u&>
z$Zf#M#vIDRCd?EXY$#_S1LANAi~43J7v&e{r<Eu;=NA>^7bTWt=I0q|8)$;$nT3@Q
z@<G9l3NEQ-naQce3PJh#Kn;!xMg~TP26E!OM#cul21X#Bv1ybzudxM$YYgHV#E@pU
zu7NhhZWV;xNN!W`cJ)>;@`l=OY|zB0gzQ;HRtDxKMt%mMI2ThBBO}A(xQ^~(ox@y5
zUVc5-sQZ!sqnfGtMbF^EjnR{X);|=zf3Mqe?|Prq(%`4JxQu4#8>?;8-Zy3D{5Q7_
z^|6{v66R0dU$UrZg=XD+BSlS)$Rp)Pv?lqqZ(}xpJ?qiolUqC#4<}A}B_6o(xyU1x
zWWB4OjxGJPC{8}}SRn6m&EG*>vmbZ7$oRke*QCt#N5uZeK8=5H|4mvbcjBQn)(Uy|
zxA4B!K5^lYiC@z+%Xc3QTUl)1Un~24_|(CxJ^I`N8nZoSZ4eMya&yYljOep@&#T_-
zS>U;2W$+DO{Y}*;ZtdCh{LktFf%2)Yo`2U~vKK#{HtSQZ*<CK3M+e#!btm8En0Dz!
zOvpnfW=00a#Z8R4z!1qa-~$G&EI%XTe-;*C+G#ToVB^$gV`O1$G8bh8i7*(*f>iLa
zh_Q$~SY5Pdn%(~$X|rnuqMYqwoI={;4J6?jM3`83<hU4u8A=(F7@Qd#4fsJig+XSs
z8ZZMX19^~uGK++PSc6E5OB)-*411kbn~!#WUZZ#N*<4O$gH(_Ld6qbX7=x$<5evfF
zLNZE93as??%gf94a$zY`FF8L~zaTp^zo1w@xhO{;o-9<241kFeNJ5h(h!0GdK*|{;
z3QCT8Kn(^(Y#cyOva+%>GP0x@q!=W@_y$aEVFYbVEh;G{)y@*+Bnixa%uT?cZDnE;
z`jx)U-*V*+lRL3m6_V8!@8&f1OFy!)HR6ifAHnuK|3|OH3h9=wvrnz<=5XOt>(#jt
zpQo(K{wvx?O|Q(*SugL!3B!Y4mp(CVU-q%|$+Wj@k4{aka9Lqoc17Fw`kp)O)~kIr
z*G}u)e)UlQYPZ9&oBzIDI`3=QcJ0>xGZxOzmYHq${T-k9;=gA456^1Mka3u)c8a-o
zndz%bT+6$~)+sVF$f@&h=iB6D7^e5^N8c+RlMjCP3k)(@E}p+UC&exQjN;kT?^%s@
zb1b_t-_;`4@6wz}oiB@@RB@Qf`7b-PE8A|ne29tXuPs%lZ!M6IY}D5J)}glHSI(!`
z2XCx%e3<`dzwnDZk>}5kGj}`86tG~+E!fL=;$Cl<tOdWn@(NXld%HDso!2kfqtLvS
z?I)|^eCwT+yan082TBh~3kYw1lFzx~{Kf5jg)!St_CJ;RARKyg^3HX!_NTZvL}s~q
z9e(&&y@FS)@lS;AM#o(eyyri>U(F%s|KrcGzutFc-y5g~ST4T*&wl5x*VCq7IQx@D
z?KiK7B*%@1lMe<Q&&$1WA-ivCQA)tcx1pVR2fY`uT`}6aGB=g6>SIv21gk;J4vjRy
z?NuKN{n`=}s&d1QM|0XOdVhs)-lWU&Gr!H<C|gmH{r`m)%le9RyAN92%OAutzHFaq
VYB1sLb=T}UXPzy3@=SdBT>u?nFpB^H

literal 0
HcmV?d00001

diff --git a/bin/recipes/edk2/notes.md b/bin/recipes/edk2/notes.md
new file mode 100644
index 0000000..cbb8a67
--- /dev/null
+++ b/bin/recipes/edk2/notes.md
@@ -0,0 +1,61 @@
+That error means your **WORKSPACE** points to a *different* edk2 tree:
+
+```
+/Users/artur/.dat/bin/recipes/edk2/edk2
+```
+
+so `build` is looking for `ShellPkg/.../KeyTool.inf` **there**, not in `~/projs/edk2`.
+
+Fix by resetting your env and sourcing `edksetup.sh` from the repo you actually want to build.
+
+## Do this exactly
+
+```bash
+# 0) Go to the edk2 you want to use
+cd ~/projs/edk2
+git rev-parse --show-toplevel   # should print /Users/artur/projs/edk2
+
+# 1) Clear any stale EDK2 env from previous shells
+unset WORKSPACE EDK_TOOLS_PATH PACKAGES_PATH
+
+# 2) Rebuild BaseTools (with your LLVM/lld PATH still set like earlier)
+make -C BaseTools -j
+
+# 3) Reset Conf inside THIS tree and re-source
+rm -f Conf/target.txt Conf/tools_def.txt
+source ./edksetup.sh
+
+# Sanity checks — these must point into ~/projs/edk2
+echo "WORKSPACE=$WORKSPACE"
+echo "EDK_TOOLS_PATH=$EDK_TOOLS_PATH"
+test -f "$WORKSPACE/ShellPkg/Application/KeyTools/KeyTool/KeyTool.inf" && echo "KeyTool found"
+
+# 4) Build KeyTool for AArch64 with clang/lld
+build -a AARCH64 -t CLANGDWARF \
+      -p ShellPkg/ShellPkg.dsc \
+      -m ShellPkg/Application/KeyTools/KeyTool/KeyTool.inf \
+      -b RELEASE
+```
+
+### If you still see it picking the wrong path
+
+You probably have these variables exported in your shell config. Force them for this shell:
+
+```bash
+export WORKSPACE="$PWD"
+export EDK_TOOLS_PATH="$WORKSPACE/BaseTools"
+export PACKAGES_PATH="$WORKSPACE"
+source ./edksetup.sh
+```
+
+Then re-run the `build` command above.
+
+### Where the binary will land
+
+Typical output path (adjust for your build target):
+
+```
+Build/Shell/RELEASE_CLANGDWARF/AARCH64/ShellPkg/Application/KeyTools/KeyTool/KeyTool/OUTPUT/KeyTool.efi
+```
+
+Once you’ve got `KeyTool.efi`, mount it along with your `kek2023.cer` and `db2023.cer`, enroll **PK → KEK → db**, reboot into the firmware UI, and enable **Secure Boot**.
diff --git a/bin/recipes/edk2/windows uefi ca 2023.crt b/bin/recipes/edk2/windows uefi ca 2023.crt
new file mode 100644
index 0000000000000000000000000000000000000000..4c5430b28340de623d877bf09ce5284a7c45785b
GIT binary patch
literal 1454
zcmXqLVqIm>#5`#MGZP~dldv%Z1A|mY_Y8(GrIv$0Hjrn)%f_kI=F#?@mywa1mBFB~
z!;ss6lZ`o)g-w_#G}utsKoG>?5atR`EY8TxOE1aKGZZl30|~MVvj?T7<mTt47|I#Q
zfJC^2MSU}qi}H)}(@GSa^NR}dixNvRfjW!~3_$YC!kP&Ap!|HGqST_2%(Tqp#FA76
z$I_CF{G!Z~N(CbWLjwajab6>112aQoLkm+2Bg-gpUSm@**U|vQHSj@oDIq7w8c0K&
zAQGOLmy%yztPtwz=BeQ92(%4oPZOgOa#%33GB7tW@-qO%xtN+585#C$GQAj5xuyS1
zqgLK#p=*<;8`N0D?5~_8$;GeB^>6=!6*r9RFRjkcZ#?KLp6PnNwLyJx&1S<hOPBlp
zbiNR!e_cZQQp7Y?%f(Z-@3~ufaKZWhN5OL1YDp_()|tuqFTB4~co&cAZk5z@##OS8
z0^7|FX6tRu5xDF(?ZSMmg&*H86y<K3dh~yCm+;m}CUS;xiGu55&wLbk=2LmHXp>1-
zQ<&~*{+a{+llvk|9oyD$3UGc3ObyujRdKVLW$&sZ6F1*klcLOa)-;~i$#afB@41HN
zrpSNyy<HwUoUl#ac7BT!uVu_7CjlOgLnW_e?&R&^S~Fw!nO|}?%bUfH-e$UWbK3oE
zCT2zk#>GvHZom+60>{5BKO^IR78YRAYBLaE<J4wjWMOPF7i9#AFc`=J16!7lMT|vc
z-Jkf~`&eW9dsjt-6njn)UmX=xWFQIGAi~7LBge%M%uvdZ#Nf=}XuuEBDGV~3)qojD
z8OVbKlvyMU#2Q4dehWL@|6);0QpQEwDHEcvpPMCd#2^f$K%T|lz}LWgf#(AEHrI@j
zk^(Dz{p6w?y<Av=)Jx9K)i21-1c~Yw6y>LsCYKcJ1JffgAp(;jF!jZQ(w(k>nXZws
z9#D}%6dMQ7SFEh;jEpRP20jK}Funm(n;q1O^73+QRsfSVKC?@Z(;6_}F*gCjZ2rk@
z|MMQsu@3$AuiNr&B1`^-waI72%e+=NclQ1`_Ngas!ow#SOGV%8xSYV_5H9~a&a^1;
z-gLv9$^~D=)_KdkW#oDPJ)GakKqB+U!o_;iC+*lL{ZG3s&dEuzzpub|!t%e2$)8g8
z&wf<R(RkkTlezf)k3WkpAC^5l!PWO!1KZxePqQ-5ZLae(jBY7j@uJ9H-SlLQ!a0W7
z{ttY%m}Q>+ZXzgHB2=}aN3StwS-@J!Un|^P^Eaj!AI^U4@IouIUq#@dW?rvY$Gg7z
zw8>2Q(eqe(&NRxbogVU0La#1p!k)l;T72u$UhPTATQD)@iN4T^J<qdu9haV6DV37;
z(Rs_o!)}Tejg>yXJ{a;|uKZsmv{d%y-8GB&3!A=A{vWe2ab4;sk;b=`QM1}#B~+i@
z>|bhfYS+T|i@q&ta9!A~-gx$ExrN;+zq=Z*B6b~Jpn0#Yr{m95^}xHUFJFk}EkB;q
zAA0@DBEIM+CT=2PvX5o1<<4B|^QN#^fAzUdTQu*58U$Nf8FhbnHK#+!nl(dm|M~VH
zf#27J6FxhpeBlUhJUv%%Y2TNp>R%UIy?J8mwf)@B4&M2DPvu_n+7nUMXT&lk@9vlL
zx$e1#u4mn8FMPFR|NHdmb9NkWFw@eCJb8d;xyyp$tv%;0qSpP`-8S`u%i6Rm<F|!R
VT-%$UE<d-(;X=_R4~Abqr2ux)FKhq+

literal 0
HcmV?d00001

diff --git a/bin/vm-cmd b/bin/vm-cmd
index 41874eb..b62323d 100755
--- a/bin/vm-cmd
+++ b/bin/vm-cmd
@@ -1,5 +1,11 @@
 #!/usr/bin/env bash
 
+rm -rf /Volumes/Cache/vms/image/win11-arm64/win11/code.fd
+rm -rf /Volumes/Cache/vms/image/win11-arm64/win11/vars.fd
+cp /opt/homebrew/share/qemu/edk2-aarch64-code.fd /Volumes/Cache/vms/image/win11-arm64/win11/code.fd
+cp /opt/homebrew/share/qemu/edk2-arm-vars.fd /Volumes/Cache/vms/image/win11-arm64/win11/vars.fd
+
+
 # brew install qemu swtpm
 
 # qemu-system-aarch64 -drive if=pflash,format=raw,unit=0,readonly=on,file=/Volumes/Cache/vms/image/win11-arm64/win11/code.fd -drive if=pflash,format=raw,unit=1,file=/Volumes/Cache/vms/image/win11-arm64/win11/vars.fd -display cocoa -device qemu-xhci,id=xhci -device usb-kbd -device usb-tablet -device virtio-keyboard-device -device virtio-mouse-device -device virtio-gpu -device virtio-net,netdev=n0 -netdev user,id=n0 -accel hvf -machine virt -cpu max -m 16384 -smp 6 -name FirstVM -boot order=d -drive file=/Volumes/Cache/vms/image/win11-arm64/win11/root.img,if=virtio,cache=writeback,format=raw,id=nvme0 -drive id=cd,format=raw,file=/Volumes/Cache/downloads/win11arm64.iso,media=cdrom -device usb-storage,drive=cd,bootindex=1 -device ramfb -chardev socket,id=chrtpm,path=/Users/agurgul/Downloads/tpm/tpm.sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis-device,tpmdev=tpm0
@@ -15,28 +21,36 @@
 #   -device virtio-keyboard-pci \
 #   -device virtio-tablet-pci \
 
+#    -device ich9-ahci,id=ahci0 \
+#    -device ide-hd,drive=drv0,bus=ahci0.0 \
 
-qemu-system-aarch64 \
-  -boot order=d \
-  -machine virt,accel=hvf \
-  -cpu host -smp 6 -m 8G \
-  -drive if=pflash,format=raw,file=/Volumes/Cache/vms/image/win11-arm64/win11/code.fd,readonly=on \
-  -drive if=pflash,format=raw,file=/Volumes/Cache/vms/image/win11-arm64/win11/vars.fd \
-  -drive file=/Volumes/Cache/vms/image/win11-arm64/win11/root.img,if=none,format=raw,id=drv0 \
-  -device ich9-ahci,id=ahci0 \
-  -device nvme,drive=drv0,serial=nvme0 \
-  -device virtio-scsi-pci,id=scsi0 \
-  -drive file=/Volumes/Cache/downloads/win11arm64.iso,if=none,media=cdrom,id=cd0 \
-  -device scsi-cd,drive=cd0,bus=scsi0.0,bootindex=1 \
-  -device ramfb \
-  -device qemu-xhci,id=xhci \
-  -device usb-kbd,bus=xhci.0,port=1 \
-  -device usb-tablet,bus=xhci.0,port=2 \
-  -netdev user,id=net0,hostfwd=tcp::33890-:3389 \
-  -device virtio-net-pci,netdev=net0 \
-  -chardev socket,id=chrtpm,path=/Users/artur/Downloads/tpm/tpm.sock \
-  -tpmdev emulator,id=tpm0,chardev=chrtpm \
-  -device tpm-tis-device,tpmdev=tpm0
+#    -device nvme,drive=drv0,serial=nvme0
+
+# -boot order=d \
+# -device usb-storage,drive=udisk,port=3\
+
+# wget http://http.us.debian.org/debian/pool/main/e/edk2/qemu-efi-aarch64_2025.02-8_all.deb
+# qemu-system-aarch64 \
+#   -machine virt,accel=hvf \
+#   -cpu host -smp 6 -m 8G \
+#   --boot order=d,menu=on \
+#   -bios /Users/artur/Downloads/tpm/QEMU_EFI.fd \
+#   -device qemu-xhci,id=xhci \
+#   \
+#     -drive file=/Volumes/Cache/vms/image/win11-arm64/win11/root.img,format=raw \
+#   \
+#   -device virtio-scsi-pci,id=scsi0 \
+#   -drive file=/Volumes/Cache/downloads/win11arm64.iso,if=none,media=cdrom,id=cd0 \
+#   -device scsi-cd,drive=cd0,bus=scsi0.0,bootindex=1 \
+#   -device ramfb \
+#   -device usb-kbd,bus=xhci.0,port=1 \
+#   -device usb-tablet,bus=xhci.0,port=2 \
+#   -netdev user,id=net0,hostfwd=tcp::35890-:3589 \
+#   -device virtio-net-pci,netdev=net0 \
+#   -chardev socket,id=chrtpm,path=/Users/artur/Downloads/tpm/tpm.sock \
+#   -tpmdev emulator,id=tpm0,chardev=chrtpm \
+#   -device tpm-tis-device,tpmdev=tpm0 \
+#   -monitor stdio
 
 
 # in Shell
@@ -46,4 +60,163 @@ qemu-system-aarch64 \
 
 
 # Disk driver: https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/
-# Used: https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.271-1/
\ No newline at end of file
+# Used: https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.271-1/
+
+
+
+
+
+
+
+
+# Attempt 1
+# qemu-system-aarch64 \
+#   -machine virt,accel=hvf \
+#   -cpu host -smp 6 -m 8G \
+#   --boot order=d,menu=on \
+#   -drive if=pflash,format=raw,file=/Volumes/Cache/vms/image/win11-arm64/win11/code.fd,readonly=on \
+#   -drive if=pflash,format=raw,file=/Volumes/Cache/vms/image/win11-arm64/win11/vars.fd \
+#   -drive file=/Volumes/Cache/vms/image/win11-arm64/win11/root.img,if=none,format=raw,id=drv0 \
+#    -device nvme,drive=drv0,serial=nvme0 \
+#   -device virtio-scsi-pci,id=scsi0 \
+#   -drive file=/Volumes/Cache/downloads/win11arm64.iso,if=none,media=cdrom,id=cd0 \
+#   -device scsi-cd,drive=cd0,bus=scsi0.0,bootindex=1 \
+#   -device ramfb \
+#   -device qemu-xhci,id=xhci \
+#   -device usb-kbd,bus=xhci.0,port=1 \
+#   -device usb-tablet,bus=xhci.0,port=2 \
+#   -netdev user,id=net0,hostfwd=tcp::33890-:3389 \
+#   -device virtio-net-pci,netdev=net0 \
+#   -chardev socket,id=chrtpm,path=/Users/artur/Downloads/tpm/tpm.sock \
+#   -tpmdev emulator,id=tpm0,chardev=chrtpm \
+#   -device tpm-tis-device,tpmdev=tpm0 \
+#   -monitor stdio
+
+
+# Attempt 2
+# qemu-system-aarch64 \
+#   -machine virt,accel=hvf \
+#   -cpu host -smp 6 -m 8G \
+#   --boot order=d,menu=on \
+#   -drive if=pflash,format=raw,file=/Volumes/Cache/vms/image/win11-arm64/win11/code.fd,readonly=on \
+#   -drive if=pflash,format=raw,file=/Volumes/Cache/vms/image/win11-arm64/win11/vars.fd \
+#   -drive file=/Volumes/Cache/vms/image/win11-arm64/win11/root.img,if=none,format=raw,id=drv0 \
+#     -device ich9-ahci,id=ahci0 \
+#     -device ide-hd,drive=drv0,bus=ahci0.0 \
+#   -device virtio-scsi-pci,id=scsi0 \
+#   -drive file=/Volumes/Cache/downloads/win11arm64.iso,if=none,media=cdrom,id=cd0 \
+#   -device scsi-cd,drive=cd0,bus=scsi0.0,bootindex=1 \
+#   -device ramfb \
+#   -device qemu-xhci,id=xhci \
+#   -device usb-kbd,bus=xhci.0,port=1 \
+#   -device usb-tablet,bus=xhci.0,port=2 \
+#   -netdev user,id=net0,hostfwd=tcp::33890-:3389 \
+#   -device virtio-net-pci,netdev=net0 \
+#   -chardev socket,id=chrtpm,path=/Users/artur/Downloads/tpm/tpm.sock \
+#   -tpmdev emulator,id=tpm0,chardev=chrtpm \
+#   -device tpm-tis-device,tpmdev=tpm0 \
+#   -monitor stdio
+
+
+
+
+
+
+
+
+
+# Attempt 3
+# qemu-system-aarch64 \
+#   -machine virt,accel=hvf \
+#   -cpu host -smp 6 -m 8G \
+#   --boot menu=on \
+#   \
+#   -drive if=pflash,format=raw,readonly=on,file=/Volumes/Cache/vms/image/win11-arm64/win11/code.fd \
+#   -drive if=pflash,format=raw,file=/Volumes/Cache/vms/image/win11-arm64/win11/vars.fd \
+#   \
+#   -drive if=none,file=/Volumes/Cache/vms/image/win11-arm64/win11/root.qcow2,format=qcow2,id=drv0 \
+#   -device nvme,drive=drv0,serial=nvme-1 \
+#   \
+#   -device qemu-xhci,id=xhci \
+#   -drive if=none,id=winiso,media=cdrom,readonly=on,file=/Volumes/Cache/downloads/win11arm64.iso \
+#   -device usb-storage,drive=winiso,bootindex=1 \
+#   \
+#   -device ramfb \
+#   -device usb-kbd \
+#   -device usb-tablet \
+#   -netdev user,id=net0,hostfwd=tcp::33890-:3389 \
+#   -device virtio-net-pci,netdev=net0 \
+#   \
+#   -chardev socket,id=chrtpm,path=/Users/artur/Downloads/tpm/tpm.sock \
+#   -tpmdev emulator,id=tpm0,chardev=chrtpm \
+#   -device tpm-tis-device,tpmdev=tpm0 
+  
+  
+  
+#  -serial mon:stdio
+
+# File: bypass.reg
+# Windows Registry Editor Version 5.00
+
+# [HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig]
+# "BypassTPMCheck"=dword:00000001
+# "BypassSecureBootCheck"=dword:00000001
+# "BypassCPUCheck"=dword:00000001
+# "BypassRAMCheck"=dword:00000001
+
+# hdiutil makehybrid -iso -joliet -o bypass.iso bypass.reg
+
+# Shift+F10
+# reg import D:\bypass.reg
+
+
+## Build EDK2
+# brew install nasm iasl python@3 openssl pkg-config
+# brew install llvm acpica nasm
+# git clone https://github.com/tianocore/edk2.git
+# cd edk2
+# git submodule update --init
+# make -C BaseTools
+# source ./edksetup.sh
+# export PATH="/opt/homebrew/opt/llvm/bin:$PATH"
+# build -a X64 \
+#       -t XCODE5 \
+#       -p OvmfPkg/OvmfPkgX64.dsc \
+#       -D SECURE_BOOT_ENABLE=TRUE
+# build -a AARCH64 \
+#       -t XCODE5 \
+#       -p ArmVirtPkg/ArmVirtQemu.dsc \
+#       -D SECURE_BOOT_ENABLE=TRUE
+
+# build -a AARCH64 \
+#       -t CLANGDWARF \
+#       -p ArmVirtPkg/ArmVirtQemu.dsc \
+#       -D SECURE_BOOT_ENABLE=TRUE \
+#       -b DEBUG
+# Steps moved to /bin/recipes/make-edk2
+
+# Attempt 4
+qemu-system-aarch64 \
+  -machine virt,accel=hvf \
+  -cpu host -smp 6 -m 8G \
+  --boot menu=on \
+  \
+  -drive if=pflash,format=raw,readonly=on,file=/Volumes/Cache/vms/image/win11-arm64/win11/QEMU_EFI-pflash.raw \
+  -drive if=pflash,format=raw,file=/Volumes/Cache/vms/image/win11-arm64/win11/QEMU_VARS-pflash.raw \
+  \
+  -drive if=none,file=/Volumes/Cache/vms/image/win11-arm64/win11/root.qcow2,format=qcow2,id=drv0 \
+  -device nvme,drive=drv0,serial=nvme-1 \
+  \
+  -device qemu-xhci,id=xhci \
+  -drive if=none,id=winiso,media=cdrom,readonly=on,file=/Volumes/Cache/downloads/win11arm64.iso \
+  -device usb-storage,drive=winiso,bootindex=1 \
+  \
+  -device ramfb \
+  -device usb-kbd \
+  -device usb-tablet \
+  -netdev user,id=net0,hostfwd=tcp::33890-:3389 \
+  -device virtio-net-pci,netdev=net0 \
+  \
+  -chardev socket,id=chrtpm,path=/Users/artur/Downloads/tpm/tpm.sock \
+  -tpmdev emulator,id=tpm0,chardev=chrtpm \
+  -device tpm-tis-device,tpmdev=tpm0 
\ No newline at end of file
diff --git a/lib/virtual-machine.rb b/lib/virtual-machine.rb
index 20c2ca7..898c54f 100644
--- a/lib/virtual-machine.rb
+++ b/lib/virtual-machine.rb
@@ -123,7 +123,7 @@ module VirtualMachine
 
         get_cdrom_image(options) do |path|
             disk_img_path = root_img_path(options)
-            create_disk_image(disk_img_path, 64000)
+            create_disk_image(disk_img_path, 64000 * 4)
             
             Qemu.launch(
                 options[:arch],