Windows 11: enable TPM and EFI persistence

The Windows 11 template enables TPM and EFI, since both a required. However, they were both non-persistent by default, which means bitlocker won't work. Also, in recent versions of Windows 11, bitlocker requires both TPM and EFI to be persistent. This enables persistent EFI and TPM, which requires a RWO FS storage class to be present. Signed-off-by: Jed Lejosne <[email protected]>
kubevirt · Sep 13, 2024 · d6da784 · d6da784
1 parent 112da40
commit d6da784
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/templates/windows11.tpl.yaml b/templates/windows11.tpl.yaml
@@ -154,6 +154,7 @@ objects:
             bootloader:
               efi:
                 secureBoot: true
+                persistent: true
           devices:
 {% if item.multiqueue and item.cpus > 1 %}
             networkInterfaceMultiqueue: True
@@ -180,7 +181,8 @@ objects:
                 bus: usb
                 name: tablet
 {% endif %}
-            tpm: {}
+            tpm:
+              persistent: true
         terminationGracePeriodSeconds: 3600
         volumes:
         - dataVolume: