From d6da7844135fdec48a8f1d7b54bd2e4424292717 Mon Sep 17 00:00:00 2001
From: Jed Lejosne <jed@redhat.com>
Date: Mon, 9 Sep 2024 08:55:50 -0400
Subject: [PATCH] Windows 11: enable TPM and EFI persistence

The Windows 11 template enables TPM and EFI, since both a required.
However, they were both non-persistent by default, which means bitlocker won't work.
Also, in recent versions of Windows 11, bitlocker requires both TPM and EFI to be persistent.
This enables persistent EFI and TPM, which requires a RWO FS storage class to be present.

Signed-off-by: Jed Lejosne <jed@redhat.com>
---
 templates/windows11.tpl.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/templates/windows11.tpl.yaml b/templates/windows11.tpl.yaml
index 097c3f91..8f1bd1cc 100644
--- a/templates/windows11.tpl.yaml
+++ b/templates/windows11.tpl.yaml
@@ -154,6 +154,7 @@ objects:
             bootloader:
               efi:
                 secureBoot: true
+                persistent: true
           devices:
 {% if item.multiqueue and item.cpus > 1 %}
             networkInterfaceMultiqueue: True
@@ -180,7 +181,8 @@ objects:
                 bus: usb
                 name: tablet
 {% endif %}
-            tpm: {}
+            tpm:
+              persistent: true
         terminationGracePeriodSeconds: 3600
         volumes:
         - dataVolume: