Skip to content

Commit

Permalink
platform/api/azure: Enable TPM for Gen2 instances
Browse files Browse the repository at this point in the history 
Now that our gallery images are created with trusted launch support, we
can enable trusted launch and TPM on the instance. At some point we'll
be able to pass custom secure boot keys too.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
  • Loading branch information
@jepio
jepio committed Apr 12, 2024
1 parent 697c022 commit 661f09c
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions platform/api/azure/instance.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,16 @@ func (a *API) getVMParameters(name, userdata, sshkey, storageAccountURI string,
},
}

if a.Opts.HyperVGeneration == string(compute.HyperVGenerationTypeV2) && a.Opts.UseGallery {
vm.SecurityProfile = &compute.SecurityProfile{
SecurityType: compute.SecurityTypesTrustedLaunch,
UefiSettings: &compute.UefiSettings{
SecureBootEnabled: util.BoolToPtr(false),
VTpmEnabled: util.BoolToPtr(true),
},
}
}

switch a.Opts.DiskController {
case "nvme":
vm.VirtualMachineProperties.StorageProfile.DiskControllerType = compute.NVMe
Expand Down

0 comments on commit 661f09c

Please sign in to comment.