diff --git a/cmd/kola/options.go b/cmd/kola/options.go index cae014b54..ae100048e 100644 --- a/cmd/kola/options.go +++ b/cmd/kola/options.go @@ -119,7 +119,7 @@ func init() { sv(&kola.AzureOptions.Sku, "azure-sku", "alpha", "Azure image sku/channel (default \"alpha\"") sv(&kola.AzureOptions.Version, "azure-version", "", "Azure image version") sv(&kola.AzureOptions.Location, "azure-location", "westus", "Azure location (default \"westus\"") - sv(&kola.AzureOptions.Size, "azure-size", "Standard_DS2_v2", "Azure machine size (default \"Standard_DS2_v2\")") + sv(&kola.AzureOptions.Size, "azure-size", "Standard_D2s_v5", "Azure machine size") sv(&kola.AzureOptions.HyperVGeneration, "azure-hyper-v-generation", "V1", "Azure Hyper-V Generation (\"V1\" or \"V2\")") sv(&kola.AzureOptions.VnetSubnetName, "azure-vnet-subnet-name", "", "Use a pre-existing virtual network for created instances. Specify as vnet-name/subnet-name. If subnet name is omitted then \"default\" is assumed") bv(&kola.AzureOptions.UseGallery, "azure-use-gallery", false, "Use gallery image instead of managed image") @@ -129,6 +129,7 @@ func init() { sv(&kola.AzureOptions.ResourceGroupBasename, "azure-resource-group-basename", "kola-cluster", "Prefix used for creating new resource groups") sv(&kola.AzureOptions.AvailabilitySet, "azure-availability-set", "", "Deploy instances with an existing availibity set") sv(&kola.AzureOptions.KolaVnet, "azure-kola-vnet", "", "Pass the vnet/subnet that kola is being ran from to restrict network access to created storage accounts") + bv(&kola.AzureOptions.EnableTPM, "azure-enable-tpm", true, "Enable the vTPM feature for test VMs. Can be \"true\" or \"false\".") sv(&kola.AzureOptions.VMIdentity, "azure-vm-identity", "", "Assign a managed identity to the VM by name (will be looked up for its ID)") // do-specific options diff --git a/kola/tests/misc/tpm.go b/kola/tests/misc/tpm.go index 56ab5a562..841b0cf57 100644 --- a/kola/tests/misc/tpm.go +++ b/kola/tests/misc/tpm.go @@ -250,7 +250,7 @@ func init() { register.Register(®ister.Test{ Run: runRootTPMCryptenroll, ClusterSize: 0, - Platforms: []string{"qemu"}, + Platforms: []string{"qemu", "azure"}, Name: "cl.tpm.root-cryptenroll", Distros: []string{"cl"}, MinVersion: semver.Version{Major: 3913, Minor: 0, Patch: 1}, @@ -261,7 +261,7 @@ func init() { register.Register(®ister.Test{ Run: runRootTPMCryptenrollPcrNoUpdate, ClusterSize: 0, - Platforms: []string{"qemu"}, + Platforms: []string{"qemu", "azure"}, Name: "cl.tpm.root-cryptenroll-pcr-noupdate", Distros: []string{"cl"}, MinVersion: semver.Version{Major: 3913, Minor: 0, Patch: 1}, @@ -272,7 +272,7 @@ func init() { register.Register(®ister.Test{ Run: runRootTPMCryptenrollPcrWithUpdate, ClusterSize: 0, - Platforms: []string{"qemu"}, + Platforms: []string{"qemu", "azure"}, Name: "cl.tpm.root-cryptenroll-pcr-withupdate", Distros: []string{"cl"}, MinVersion: semver.Version{Major: 3913, Minor: 0, Patch: 1}, @@ -284,7 +284,7 @@ func init() { register.Register(®ister.Test{ Run: runRootTPM, ClusterSize: 0, - Platforms: []string{"qemu"}, + Platforms: []string{"qemu", "azure"}, Name: "cl.tpm.root", Distros: []string{"cl"}, MinVersion: semver.Version{Major: 3913, Minor: 0, Patch: 1}, @@ -296,7 +296,7 @@ func init() { register.Register(®ister.Test{ Run: runNonRootTPM, ClusterSize: 0, - Platforms: []string{"qemu"}, + Platforms: []string{"qemu", "azure"}, Name: "cl.tpm.nonroot", Distros: []string{"cl"}, MinVersion: semver.Version{Major: 3913, Minor: 0, Patch: 1}, @@ -305,7 +305,7 @@ func init() { register.Register(®ister.Test{ Run: eventLogTest, ClusterSize: 0, - Platforms: []string{"qemu"}, + Platforms: []string{"qemu", "azure"}, Name: "cl.tpm.eventlog", Distros: []string{"cl"}, MinVersion: semver.Version{Major: 4082}, diff --git a/platform/api/azure/instance.go b/platform/api/azure/instance.go index 4f94e594d..6296bcc20 100644 --- a/platform/api/azure/instance.go +++ b/platform/api/azure/instance.go @@ -165,6 +165,11 @@ func (a *API) getVMParameters(name, sshkey string, userdata *conf.Conf, ip *armn }, }, }, + SecurityProfile: &armcompute.SecurityProfile{ + UefiSettings: &armcompute.UefiSettings{ + VTpmEnabled: &a.Opts.EnableTPM, + }, + }, DiagnosticsProfile: &armcompute.DiagnosticsProfile{ BootDiagnostics: &armcompute.BootDiagnostics{ Enabled: to.Ptr(true), diff --git a/platform/api/azure/options.go b/platform/api/azure/options.go index eac868786..3afb6fe94 100644 --- a/platform/api/azure/options.go +++ b/platform/api/azure/options.go @@ -63,6 +63,9 @@ type Options struct { ResourceGroupBasename string // AvailabilitySet is an existing availability set to deploy the instance in. AvailabilitySet string + // Enable vTPM feature for TPM / SecureBoot / Trusted Boot related tests. + // The field name mirrors the QEMU config. + EnableTPM bool // VMIdentity is the name of a managed identity to assign to the VM. VMIdentity string }