Merge pull request #120 from harvester/mergify/bp/release-harvester-v1.5/pr-117

feat: add support for persistent TPM in VMs (backport #117)

pkg/harvester/config/feature-flags.js

@@ -47,7 +47,8 @@ const featuresV142 = [
 
 // TODO: add v1.5.0 official release note
 const featuresV150 = [
-  ...featuresV142
+  ...featuresV142,
+  'tpmPersistentState'
 ];
 
 export const RELEASE_FEATURES = {

pkg/harvester/edit/harvesterhci.io.virtualmachinetemplateversion.vue

@@ -465,6 +465,15 @@ export default {
           :mode="mode"
         />
 
+        <Checkbox
+          v-if="value.tpmPersistentStateFeatureEnabled && tpmEnabled"
+          v-model:value="tpmPersistentStateEnabled"
+          class="check"
+          type="checkbox"
+          :label="t('harvester.virtualMachine.advancedOptions.tpmPersistentState')"
+          :mode="mode"
+        />
+
         <Checkbox
           v-model:value="efiEnabled"
           class="check"

pkg/harvester/edit/kubevirt.io.virtualmachine/index.vue

@@ -873,6 +873,15 @@ export default {
           :mode="mode"
         />
 
+        <Checkbox
+          v-if="value.tpmPersistentStateFeatureEnabled && tpmEnabled"
+          v-model:value="tpmPersistentStateEnabled"
+          class="check"
+          type="checkbox"
+          :label="t('harvester.virtualMachine.advancedOptions.tpmPersistentState')"
+          :mode="mode"
+        />
+
         <Checkbox
           v-model:value="efiEnabled"
           class="check"
@@ -889,6 +898,7 @@ export default {
           :label="t('harvester.virtualMachine.secureBoot')"
           :mode="mode"
         />
+
         <Banner
           v-if="showCpuPinningBanner"
           color="warning"

pkg/harvester/l10n/en-us.yaml

@@ -594,6 +594,7 @@ harvester:
     enableUsb: Enable USB Tablet
     advancedOptions:
       tpm: Enable TPM
+      tpmPersistentState: TPM Persistent State
       cpuManager:
         prefix: You must enable CPU Manager for at least one node in
         middle: 'host page'

pkg/harvester/mixins/harvester-vm/impl.js

@@ -137,7 +137,11 @@ export default {
     },
 
     isTpmEnabled(spec) {
-      return !!spec?.template?.spec?.domain?.devices?.tpm ;
+      return !!spec?.template?.spec?.domain?.devices?.tpm;
+    },
+
+    isTPMPersistentStateEnabled(spec) {
+      return !!spec?.template?.spec?.domain?.devices?.tpm?.persistent;
     },
 
     isSecureBoot(spec) {

pkg/harvester/mixins/harvester-vm/index.js

@@ -164,6 +164,7 @@ export default {
       accessCredentials:             [],
       efiEnabled:                    false,
       tpmEnabled:                    false,
+      tpmPersistentStateEnabled:     false,
       secureBoot:                    false,
       userDataTemplateId:            '',
       saveUserDataAsClearText:       false,
@@ -367,6 +368,7 @@ export default {
       const installAgent = this.hasInstallAgent(userData, osType, true);
       const efiEnabled = this.isEfiEnabled(spec);
       const tpmEnabled = this.isTpmEnabled(spec);
+      const tpmPersistentStateEnabled = this.isTPMPersistentStateEnabled(spec);
       const secureBoot = this.isSecureBoot(spec);
       const cpuPinning = this.isCpuPinning(spec);
 
@@ -399,6 +401,7 @@ export default {
       this['installUSBTablet'] = installUSBTablet;
       this['efiEnabled'] = efiEnabled;
       this['tpmEnabled'] = tpmEnabled;
+      this['tpmPersistentStateEnabled'] = tpmPersistentStateEnabled;
       this['secureBoot'] = secureBoot;
       this['cpuPinning'] = cpuPinning;
 
@@ -1421,6 +1424,14 @@ export default {
       }
     },
 
+    setTPMPersistentStateEnabled(tpmPersistentStateEnabled) {
+      if (tpmPersistentStateEnabled) {
+        set(this.spec.template.spec.domain.devices, 'tpm', { persistent: true });
+      } else {
+        set(this.spec.template.spec.domain.devices, 'tpm', {});
+      }
+    },
+
     deleteSSHFromUserData(ssh = []) {
       const sshAuthorizedKeys = this.getSSHFromUserData(this.userScript);
 
@@ -1544,6 +1555,10 @@ export default {
       this.setTPM(val);
     },
 
+    tpmPersistentStateEnabled(val) {
+      this.setTPMPersistentStateEnabled(val);
+    },
+
     installAgent: {
       /**
        * rules

pkg/harvester/models/harvesterhci.io.virtualmachinetemplateversion.js

@@ -276,4 +276,8 @@ export default class HciVmTemplateVersion extends HarvesterResource {
 
     this.spec.vm.spec.template.metadata['labels'] = { ...wasIgnored, ...val };
   }
+
+  get tpmPersistentStateFeatureEnabled() {
+    return this.$rootGetters['harvester-common/getFeatureEnabled']('tpmPersistentState');
+  }
 }

pkg/harvester/models/kubevirt.io.virtualmachine.js

@@ -1175,6 +1175,10 @@ export default class VirtVm extends HarvesterResource {
     return this.$rootGetters['harvester-common/getFeatureEnabled']('volumeEncryption');
   }
 
+  get tpmPersistentStateFeatureEnabled() {
+    return this.$rootGetters['harvester-common/getFeatureEnabled']('tpmPersistentState');
+  }
+
   setInstanceLabels(val) {
     if ( !this.spec?.template?.metadata?.labels ) {
       set(this, 'spec.template.metadata.labels', {});