Hyper V导入win11虚拟机的时候,会出现key protector program unwrapped error类似的错误信息导致导入失败。这主要是证书问题导致的。
所以在到处虚拟机的时候先运行win11export.ps1,生成两个证书。然后在导入之前,运行win11import.ps1,最后导入虚拟机才能启动。注意导出的时候修改这两个证书的名称为UntrustedGuardian.xxx。
win11export.ps1内容如下:
$CertificatePassword = Read-Host -Prompt 'Please enter a password to secure the certificate files' -AsSecureString
$guardian = Get-HgsGuardian -Name $GuardianName
if (-not $guardian)
{
throw "Guardian '$GuardianName' could not be found on the local system."
}
$encryptionCertificate = Get-Item -Path "Cert:\LocalMachine\Shielded VM Local Certificates\$($guardian.EncryptionCertificate.Thumbprint)"
$signingCertificate = Get-Item -Path "Cert:\LocalMachine\Shielded VM Local Certificates\$($guardian.SigningCertificate.Thumbprint)"
if (-not ($encryptionCertificate.HasPrivateKey -and $signingCertificate.HasPrivateKey))
{
throw 'One or both of the certificates in the guardian do not have private keys. ' + `
'Please ensure the private keys are available on the local system for this guardian.'
}
Export-PfxCertificate -Cert $encryptionCertificate -FilePath ".\$GuardianName-encryption.pfx" -Password $CertificatePassword
Export-PfxCertificate -Cert $signingCertificate -FilePath ".\$GuardianName-signing.pfx" -Password $CertificatePassword
win11import.ps1内容如下:
$CertificatePassword = Read-Host -Prompt 'Please enter the password that was used to secure the certificate files' -AsSecureString
New-HgsGuardian -Name $NameOfGuardian -SigningCertificate ".\$NameOfGuardian-signing.pfx" -SigningCertificatePassword $CertificatePassword -EncryptionCertificate ".\$NameOfGuardian-encryption.pfx" -EncryptionCertificatePassword $CertificatePassword -AllowExpired -AllowUntrustedRoot