From 06396ed5e7ebe798d8ec9e645cdebc209b4f4f10 Mon Sep 17 00:00:00 2001
From: Jed Lejosne <jed@redhat.com>
Date: Mon, 9 Sep 2024 08:55:50 -0400
Subject: [PATCH 1/3] Windows 11: enable TPM and EFI persistence

The Windows 11 template enables TPM and EFI, since both a required.
However, they were both non-persistent by default, which means bitlocker won't work.
Also, in recent versions of Windows 11, bitlocker requires both TPM and EFI to be persistent.
This enables persistent EFI and TPM, which requires a RWO FS storage class to be present.

Signed-off-by: Jed Lejosne <jed@redhat.com>
---
 templates/windows11.tpl.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/templates/windows11.tpl.yaml b/templates/windows11.tpl.yaml
index ec60e0f8..4da2bb7a 100644
--- a/templates/windows11.tpl.yaml
+++ b/templates/windows11.tpl.yaml
@@ -154,6 +154,7 @@ objects:
             bootloader:
               efi:
                 secureBoot: true
+                persistent: true
           devices:
 {% if item.multiqueue and item.cpus > 1 %}
             networkInterfaceMultiqueue: True
@@ -180,7 +181,8 @@ objects:
                 bus: usb
                 name: tablet
 {% endif %}
-            tpm: {}
+            tpm:
+              persistent: true
         terminationGracePeriodSeconds: 3600
         volumes:
         - dataVolume:

From cf958e61747996dc0865132d81f29acd840bbc6b Mon Sep 17 00:00:00 2001
From: Jed Lejosne <jed@redhat.com>
Date: Wed, 11 Sep 2024 09:32:47 -0400
Subject: [PATCH 2/3] Windows 2k22: enable TPM and EFI persistence

Signed-off-by: Jed Lejosne <jed@redhat.com>
---
 templates/windows2k22.tpl.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/templates/windows2k22.tpl.yaml b/templates/windows2k22.tpl.yaml
index 97ac3b91..2e04a238 100644
--- a/templates/windows2k22.tpl.yaml
+++ b/templates/windows2k22.tpl.yaml
@@ -148,6 +148,7 @@ objects:
             bootloader:
               efi:
                 secureBoot: true
+                persistent: true
           devices:
 {% if item.multiqueue and item.cpus > 1 %}
             networkInterfaceMultiqueue: True
@@ -174,7 +175,8 @@ objects:
                 bus: usb
                 name: tablet
 {% endif %}
-            tpm: {}
+            tpm:
+              persistent: true
         terminationGracePeriodSeconds: 3600
         volumes:
         - dataVolume:

From 41f63085b1a57474954c806795347a0ec3fd7116 Mon Sep 17 00:00:00 2001
From: Jed Lejosne <jed@redhat.com>
Date: Fri, 13 Sep 2024 08:43:48 -0400
Subject: [PATCH 3/3] test.sh: add VMPersistentState feature gate

Signed-off-by: Jed Lejosne <jed@redhat.com>
---
 automation/test.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/automation/test.sh b/automation/test.sh
index 46956d54..3205277f 100755
--- a/automation/test.sh
+++ b/automation/test.sh
@@ -144,7 +144,7 @@ timeout=300
 # Waiting for kubevirt cr to report available
 oc wait --for=condition=Available --timeout=${timeout}s kubevirt/kubevirt -n $namespace
 
-oc patch kubevirt kubevirt -n $namespace --type merge -p '{"spec":{"configuration":{"developerConfiguration":{"featureGates": ["DataVolumes", "CPUManager", "NUMA", "DownwardMetrics"]}}}}'
+oc patch kubevirt kubevirt -n $namespace --type merge -p '{"spec":{"configuration":{"developerConfiguration":{"featureGates": ["DataVolumes", "CPUManager", "NUMA", "DownwardMetrics", "VMPersistentState"]}}}}'
 
 key="/tmp/secrets/accessKeyId"
 token="/tmp/secrets/secretKey"