From da89b4d6317876a670929d7010a80dac5dccbc8f Mon Sep 17 00:00:00 2001
From: Jed Lejosne <jed@redhat.com>
Date: Mon, 9 Sep 2024 08:55:50 -0400
Subject: [PATCH 1/3] Windows 11: enable TPM and EFI persistence

The Windows 11 template enables TPM and EFI, since both a required.
However, they were both non-persistent by default, which means bitlocker won't work.
Also, in recent versions of Windows 11, bitlocker requires both TPM and EFI to be persistent.
This enables persistent EFI and TPM, which requires a RWO FS storage class to be present.

Signed-off-by: Jed Lejosne <jed@redhat.com>
---
 templates/windows11.tpl.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/templates/windows11.tpl.yaml b/templates/windows11.tpl.yaml
index 154f62a4..3428e928 100644
--- a/templates/windows11.tpl.yaml
+++ b/templates/windows11.tpl.yaml
@@ -153,6 +153,7 @@ objects:
             bootloader:
               efi:
                 secureBoot: true
+                persistent: true
           devices:
 {% if item.multiqueue %}
             networkInterfaceMultiqueue: True
@@ -179,7 +180,8 @@ objects:
                 bus: usb
                 name: tablet
 {% endif %}
-            tpm: {}
+            tpm:
+              persistent: true
         terminationGracePeriodSeconds: 3600
         volumes:
         - dataVolume:

From 31aba14040f0153333a3d9cc81c7bc5bac39e7b6 Mon Sep 17 00:00:00 2001
From: Jed Lejosne <jed@redhat.com>
Date: Wed, 11 Sep 2024 09:32:47 -0400
Subject: [PATCH 2/3] Windows 2k22: enable TPM and EFI persistence

Signed-off-by: Jed Lejosne <jed@redhat.com>
---
 templates/windows2k22.tpl.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/templates/windows2k22.tpl.yaml b/templates/windows2k22.tpl.yaml
index c0a35723..30bbd0c0 100644
--- a/templates/windows2k22.tpl.yaml
+++ b/templates/windows2k22.tpl.yaml
@@ -147,6 +147,7 @@ objects:
             bootloader:
               efi:
                 secureBoot: true
+                persistent: true
           devices:
 {% if item.multiqueue %}
             networkInterfaceMultiqueue: True
@@ -173,7 +174,8 @@ objects:
                 bus: usb
                 name: tablet
 {% endif %}
-            tpm: {}
+            tpm:
+              persistent: true
         terminationGracePeriodSeconds: 3600
         volumes:
         - dataVolume:

From 5a42b021c9a99c1c14002115ed3e0bc1935e2e76 Mon Sep 17 00:00:00 2001
From: Jed Lejosne <jed@redhat.com>
Date: Fri, 13 Sep 2024 08:43:48 -0400
Subject: [PATCH 3/3] test.sh: add VMPersistentState feature gate

Signed-off-by: Jed Lejosne <jed@redhat.com>
---
 automation/test.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/automation/test.sh b/automation/test.sh
index 46956d54..3205277f 100755
--- a/automation/test.sh
+++ b/automation/test.sh
@@ -144,7 +144,7 @@ timeout=300
 # Waiting for kubevirt cr to report available
 oc wait --for=condition=Available --timeout=${timeout}s kubevirt/kubevirt -n $namespace
 
-oc patch kubevirt kubevirt -n $namespace --type merge -p '{"spec":{"configuration":{"developerConfiguration":{"featureGates": ["DataVolumes", "CPUManager", "NUMA", "DownwardMetrics"]}}}}'
+oc patch kubevirt kubevirt -n $namespace --type merge -p '{"spec":{"configuration":{"developerConfiguration":{"featureGates": ["DataVolumes", "CPUManager", "NUMA", "DownwardMetrics", "VMPersistentState"]}}}}'
 
 key="/tmp/secrets/accessKeyId"
 token="/tmp/secrets/secretKey"