I was having problems with the Windows Update of a virtualized Windows 11 machine, running on Linux Fedora 37 with QEMU/KVM.
Many of the updates were installed fine, but some important security updates were not being installed, they gave the error 0x800f0922.
The cause is related to the
UEFI Firmware version.
I was using this in my VM definition:
<os> <type arch="x86_64" machine="pc-q35-7.0">hvm</type> <loader readonly="yes" secure="yes" type="pflash">/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/win11_VARS.fd</nvram> <boot dev="hd"/> </os>
The VM references the Open Virtual Machine Firmware (OVMF) in the loader, to enable UEFI support.
For some reason, the UEFI version above (added by default) doesn't work well with Windows Update.
The fix is to replace this:
The '4m' version happens to work. After powering off and restarting the machine, all security updates were completed successfully.
Some further discussions here.
Update 11/Jan/2023: I went through this process again, and I was getting this error message:
Error starting domain: operation failed: unable to find any master var store for loader
Or, sometimes the VM was not starting, it was just giving a black screen.
What I did to solve: I deleted the file
/var/lib/libvirt/qemu/nvram/win11_VARS.fd (after doing a backup), and I copied the file
OVMF_VARS_4M.ms.fd from this package (download here) into that folder
/var/lib/libvirt/qemu/nvram/. Then fixed the reference in the XML config (
<nvram>). The VM booted normally after that.