Windows 11 on KVM/QEMU with Virt‑Manager (2025 Edition): A Complete, Copy‑Paste Guide

This post walks you through a clean Windows 11 install on a Linux host using KVM/QEMU + libvirt + virt‑manager, with UEFI + Secure Boot + TPM 2.0, all the right VirtIO drivers, and practical performance tuning. CLI lovers get a full virt-install one‑liner too. No Proxmox required.

Why run Windows 11 on KVM?

• Performance: Near‑native CPU performance with paravirtualized VirtIO drivers; excellent I/O throughput.
• Clean integration: Uses upstream Linux virtualization stack (libvirt) — portable across Ubuntu, Fedora, Arch, Debian, openSUSE.
• Modern security: UEFI, Secure Boot capability, and TPM 2.0 via swtpm.
• Flexibility: Smooth snapshots/backups (qcow2), SPICE/RDP remoting, optional GPU passthrough for gaming/3D.

Prerequisites (host)

1) Hardware features

• A recent Intel/AMD CPU with virtualization extensions (VT‑x/SVM). Optional for passthrough: IOMMU (VT‑d/AMD‑Vi).
• Enable virtualization in firmware (UEFI/BIOS).

Quick checks (any distro):

# CPU virtualization flags (vmx for Intel, svm for AMD)
lscpu | grep -i virtualization || egrep -i "(vmx|svm)" /proc/cpuinfo | head

# KVM kernel modules present
lsmod | grep -E "kvm(_amd|_intel)?" || true

# Your user is in libvirt group (log out/in after adding)
groups $USER

2) Packages you’ll need

Pick your distro and run the matching block.

Ubuntu / Debian

sudo apt update
sudo apt install -y qemu-kvm libvirt-daemon-system libvirt-clients virtinst virt-manager ovmf swtpm swtpm-tools bridge-utils
sudo usermod -aG libvirt $USER
sudo systemctl enable --now libvirtd

Fedora / RHEL / Alma / Rocky

# Fedora Workstation/Server
dnf -y groupinstall "Virtualization"
dnf -y install virt-install virt-manager edk2-ovmf swtpm
systemctl enable --now libvirtd
usermod -aG libvirt $USER

Arch / Manjaro

sudo pacman -S --needed qemu-full libvirt virt-manager virt-install edk2-ovmf swtpm
sudo systemctl enable --now libvirtd
sudo usermod -aG libvirt $USER

openSUSE Leap/Tumbleweed

sudo zypper install -y qemu-kvm libvirt virt-manager virt-install ovmf swtpm
sudo systemctl enable --now libvirtd
sudo usermod -aG libvirt $USER

Log out/in (or reboot) so your user’s new libvirt group membership takes effect.

Download the ISOs you’ll mount

• Windows 11 ISO (official) — download from Microsoft: https://www.microsoft.com/software-download/windows11
• VirtIO driver ISO (“virtio-win”) — official builds: https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/

Save both ISOs to a convenient folder, e.g. ~/iso/.

Create the VM in virt‑manager (GUI path)

1. Launch virt‑manager → Create a new virtual machine → Local install media (ISO) → point to your Windows 11 ISO.
2. Choose OS: If offered, select Windows 11 (or Windows 10 if your osinfo DB is older). Either works.
3. Firmware & machine type

• Firmware: UEFI x86_64 (OVMF). In many distros it’s shown as UEFI in virt‑manager.
• Enable Secure Boot (checkbox) if available.
• Chipset/Machine type: Q35.

4. CPU & Memory

• CPUs: start with 4 vCPUs (adjust to your host). In Overview → CPUs, set Copy host CPU configuration (aka host‑passthrough).
• RAM: 8 GB minimum recommended for a smooth desktop (4 GB absolute minimum).
• (Optional) CPU topology: 1 socket × N cores × 1 thread keeps things simple.

5. Storage (fast + TRIM‑friendly)

• Create a disk: 64 GB+ qcow2.
• Disk bus: SCSI.
• Controller: VirtIO SCSI.
• Cache mode: None (O_DIRECT); IO mode: native/io_uring when available.
• (Optional) Add an iothread (can be done later via XML).

6. Attach the VirtIO driver ISO

• After finishing the wizard but before first boot, open VM Details → Add Hardware → Storage, choose CDROM, and attach the virtio‑win ISO.

7. Network

• NIC model: virtio (a.k.a. VirtIO (paravirtualized)). Default NAT works; bridge if you need LAN presence.

8. Display & integration

• Display server: SPICE (default) is fine for setup/desktop use.
• Video: QXL or Virtio. For Windows guests, QXL is typically the safe choice unless you specifically need virtio‑gpu testing.
• Add Channel → QEMU Guest Agent now (Details → Add Hardware → Channel → org.qemu.guest_agent.0).

9. TPM 2.0

• Details → Add Hardware → TPM → emulator backend → TPM 2.0. (This uses swtpm.)

10. Boot & install

• Start the VM.
• When the Windows installer reaches the “Where do you want to install Windows?” screen, no disk may appear yet. Click Load driver → browse to the VirtIO ISO → open vioscsi → w11 → amd64 → Next. Your disk appears → select it → Next.

11. First login & drivers

• Open the VirtIO CD in Explorer and run virtio-win-guest-tools.exe (or virtio-win-gt-x64) to install the full driver set (storage/network/balloon/GPU), QEMU Guest Agent, and optional SPICE guest tools.
• Reboot the VM when prompted.

12. Verify security requirements

• Press Win + R → tpm.msc → confirm TPM 2.0 present.
• Press Win + R → msinfo32 → Secure Boot state: On (or at least “Supported”).

13. Quality‑of‑life tweaks

• Power plan: High performance.
• Enable RDP (Settings → System → Remote Desktop) if you prefer remoting via RDP.
• Windows Update → install everything, including Feature on Demand packs you need.

CLI alternative: one‑shot virt-install

Adjust paths, CPU/memory, and bridge name. This example creates UEFI+Secure Boot+TPM2, VirtIO‑SCSI storage, and attaches both ISOs.

VMNAME=win11-kvm
ISO_WIN=~/iso/Win11_24H2_English_x64.iso
ISO_VIRTIO=~/iso/virtio-win.iso
DISK=~/vms/$VMNAME.qcow2

qemu-img create -f qcow2 "$DISK" 100G

sudo virt-install \
  --name "$VMNAME" \
  --memory 8192 --vcpus 4 \
  --cpu host-passthrough \
  --machine q35 \
  --os-variant win11 \
  --graphics spice \
  --video qxl \
  --controller type=scsi,model=virtio-scsi \
  --disk path="$DISK",bus=scsi,format=qcow2,cache=none,discard=unmap,detect-zeroes=unmap \
  --cdrom "$ISO_WIN" \
  --disk path="$ISO_VIRTIO",device=cdrom \
  --network network=default,model=virtio \
  --rng /dev/urandom \
  --tpm backend=emulator,model=tpm2 \
  --boot uefi,secureboot=on

If your distro doesn’t support the secureboot=on flag, enable Secure Boot from virt‑manager after creation: Overview → Firmware → Enable Secure Boot.

Performance & reliability tuning (post‑install)

• CPU model: Keep host‑passthrough for best performance and feature exposure.
• Disk: Use VirtIO‑SCSI with discard=unmap to allow TRIM from the guest. In Windows, confirm TRIM: open Admin PowerShell → Optimize-Volume -DriveLetter C -ReTrim -Verbose
• VirtIO Balloon: Installed by guest tools; allows the host to reclaim memory under pressure.
• QEMU Guest Agent: Ensure the Windows service is Running (services.msc) — improves shutdown, IP reporting, freeze/thaw for snapshots.
• RNG device: Add a VirtIO RNG (virtio-rng) in virt‑manager (Add Hardware → RNG) to speed up crypto/initialization.
• Backups: Prefer qcow2 images for internal snapshots; for external backups, shut down the VM or use host‑level snapshotting (LVM/ZFS/btrfs) plus guest agent quiesce.

Folder sharing options

• SPICE WebDAV (easy): install spice‑guest‑tools in Windows (download: https://www.spice-space.org/download.html), then in your SPICE client map a shared folder (you should see a new network drive).
• virtio‑fs (faster): new shared‑folder method with a Windows driver built on WinFsp. Add a virtiofs device in libvirt and install the Windows virtiofs driver/service: https://virtio-fs.gitlab.io/howto-windows.html

Optional: GPU passthrough (VFIO)

For gaming/3D/CUDA, pass a physical GPU into the VM using VFIO and OVMF (UEFI). High‑level checklist:

1. Enable IOMMU in kernel args; reboot and verify groups.
2. Bind the target GPU (and its audio function) to vfio‑pci.
3. Add GPU and audio PCI devices to the VM; set video to none or a minimal display; plug your monitor into the passed‑through GPU.
4. Install the vendor driver inside Windows.

This warrants its own article, but the above outline gets you pointed in the right direction.

Troubleshooting

• Windows installer sees no disk → Click Load driver and select vioscsi/w11/amd64 on the VirtIO ISO.
• “This PC can’t run Windows 11” → Ensure the VM has TPM 2.0, UEFI, and (ideally) Secure Boot enabled. Confirm in tpm.msc and msinfo32.
• Mouse/clipboard/file‑share integration missing → Install spice‑guest‑tools and ensure the QEMU Guest Agent service is running.
• Poor 3D performance → That’s expected without GPU passthrough. For desktop use, SPICE/QXL is fine; for games, use VFIO.
• VirtualBox conflict (AMD‑V/VT‑x busy) → Don’t run VirtualBox VMs while KVM is active. If you must run VirtualBox, stop libvirt or unload KVM modules temporarily; otherwise stick with KVM.
• Secure Boot shows “Unsupported” → Many Windows 11 builds require only capability, but it’s best to enable it. In virt‑manager → Overview → Firmware, tick Enable Secure Boot and reboot.

Frequently asked: QXL vs Virtio‑GPU on Windows

For general Windows desktop use over SPICE, QXL still tends to be the pragmatic choice. Virtio‑GPU on Windows is improving, but it’s not a drop‑in 3D acceleration replacement for a real GPU. If you need serious 3D, use GPU passthrough.

If you found this useful, share it — and if you hit a snag, drop a comment and we’ll help you figure it out.

Mohammad Dahamshi

Mohammad Dahamshi is a skilled Embedded Software Engineer and web developer. With experience in C/C++, Linux, WordPress, and DevOps tools, he helps businesses solve technical challenges and build reliable digital solutions. Fluent in Arabic, Hebrew, and English, he also runs Saratec, offering web design and digital marketing services.