From d6da7844135fdec48a8f1d7b54bd2e4424292717 Mon Sep 17 00:00:00 2001 From: Jed Lejosne Date: Mon, 9 Sep 2024 08:55:50 -0400 Subject: [PATCH 1/3] Windows 11: enable TPM and EFI persistence The Windows 11 template enables TPM and EFI, since both a required. However, they were both non-persistent by default, which means bitlocker won't work. Also, in recent versions of Windows 11, bitlocker requires both TPM and EFI to be persistent. This enables persistent EFI and TPM, which requires a RWO FS storage class to be present. Signed-off-by: Jed Lejosne --- templates/windows11.tpl.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/windows11.tpl.yaml b/templates/windows11.tpl.yaml index 097c3f91..8f1bd1cc 100644 --- a/templates/windows11.tpl.yaml +++ b/templates/windows11.tpl.yaml @@ -154,6 +154,7 @@ objects: bootloader: efi: secureBoot: true + persistent: true devices: {% if item.multiqueue and item.cpus > 1 %} networkInterfaceMultiqueue: True @@ -180,7 +181,8 @@ objects: bus: usb name: tablet {% endif %} - tpm: {} + tpm: + persistent: true terminationGracePeriodSeconds: 3600 volumes: - dataVolume: From 3422f0ffefd11ce095a0d6230b8c262cf5a7b1f1 Mon Sep 17 00:00:00 2001 From: Jed Lejosne Date: Wed, 11 Sep 2024 09:32:47 -0400 Subject: [PATCH 2/3] Windows 2k22: enable TPM and EFI persistence Signed-off-by: Jed Lejosne --- templates/windows2k22.tpl.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/windows2k22.tpl.yaml b/templates/windows2k22.tpl.yaml index 8ef5ce8c..316fe91b 100644 --- a/templates/windows2k22.tpl.yaml +++ b/templates/windows2k22.tpl.yaml @@ -148,6 +148,7 @@ objects: bootloader: efi: secureBoot: true + persistent: true devices: {% if item.multiqueue and item.cpus > 1 %} networkInterfaceMultiqueue: True @@ -174,7 +175,8 @@ objects: bus: usb name: tablet {% endif %} - tpm: {} + tpm: + persistent: true terminationGracePeriodSeconds: 3600 volumes: - dataVolume: From 64e27308db6198c2ecbd2175e25eadbd4c3c99aa Mon Sep 17 00:00:00 2001 From: Jed Lejosne Date: Fri, 13 Sep 2024 08:43:48 -0400 Subject: [PATCH 3/3] test.sh: add VMPersistentState feature gate Signed-off-by: Jed Lejosne --- automation/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automation/test.sh b/automation/test.sh index b94f3b79..dbe1cfdd 100755 --- a/automation/test.sh +++ b/automation/test.sh @@ -151,7 +151,7 @@ timeout=600 # Waiting for kubevirt cr to report available oc wait --for=condition=Available --timeout=${timeout}s kubevirt/kubevirt -n $namespace -oc patch kubevirt kubevirt -n $namespace --type merge -p '{"spec":{"configuration":{"developerConfiguration":{"featureGates": ["DataVolumes", "CPUManager", "NUMA", "DownwardMetrics"]}}}}' +oc patch kubevirt kubevirt -n $namespace --type merge -p '{"spec":{"configuration":{"developerConfiguration":{"featureGates": ["DataVolumes", "CPUManager", "NUMA", "DownwardMetrics", "VMPersistentState"]}}}}' key="/tmp/secrets/accessKeyId" token="/tmp/secrets/secretKey"