Merge pull request #120 from harvester/mergify/bp/release-harvester-v1.5/pr-117

feat: add support for persistent TPM in VMs (backport #117)
2025-12-13 21:21:44 +00:00 · 2025-02-11 10:36:45 +08:00 · 2025-02-11 10:36:45 +08:00 · 26d85a7760
commit 26d85a7760
parent 171939e66b 6eb845b46b
8 changed files with 50 additions and 2 deletions
--- a/pkg/harvester/config/feature-flags.js
+++ b/pkg/harvester/config/feature-flags.js
@ -47,7 +47,8 @@ const featuresV142 = [

 // TODO: add v1.5.0 official release note
 const featuresV150 = [
-  ...featuresV142
+  ...featuresV142,
+  'tpmPersistentState'
 ];

 export const RELEASE_FEATURES = {
--- a/pkg/harvester/edit/harvesterhci.io.virtualmachinetemplateversion.vue
+++ b/pkg/harvester/edit/harvesterhci.io.virtualmachinetemplateversion.vue
@ -465,6 +465,15 @@ export default {
          :mode="mode"
        />

+        <Checkbox
+          v-if="value.tpmPersistentStateFeatureEnabled && tpmEnabled"
+          v-model:value="tpmPersistentStateEnabled"
+          class="check"
+          type="checkbox"
+          :label="t('harvester.virtualMachine.advancedOptions.tpmPersistentState')"
+          :mode="mode"
+        />
+
        <Checkbox
          v-model:value="efiEnabled"
          class="check"
--- a/pkg/harvester/edit/kubevirt.io.virtualmachine/index.vue
+++ b/pkg/harvester/edit/kubevirt.io.virtualmachine/index.vue
@ -873,6 +873,15 @@ export default {
          :mode="mode"
        />

+        <Checkbox
+          v-if="value.tpmPersistentStateFeatureEnabled && tpmEnabled"
+          v-model:value="tpmPersistentStateEnabled"
+          class="check"
+          type="checkbox"
+          :label="t('harvester.virtualMachine.advancedOptions.tpmPersistentState')"
+          :mode="mode"
+        />
+
        <Checkbox
          v-model:value="efiEnabled"
          class="check"
@ -889,6 +898,7 @@ export default {
          :label="t('harvester.virtualMachine.secureBoot')"
          :mode="mode"
        />
+
        <Banner
          v-if="showCpuPinningBanner"
          color="warning"
--- a/pkg/harvester/l10n/en-us.yaml
+++ b/pkg/harvester/l10n/en-us.yaml
@ -594,6 +594,7 @@ harvester:
    enableUsb: Enable USB Tablet
    advancedOptions:
      tpm: Enable TPM
+      tpmPersistentState: TPM Persistent State
      cpuManager:
        prefix: You must enable CPU Manager for at least one node in
        middle: 'host page'
--- a/pkg/harvester/mixins/harvester-vm/impl.js
+++ b/pkg/harvester/mixins/harvester-vm/impl.js
@ -140,6 +140,10 @@ export default {
      return !!spec?.template?.spec?.domain?.devices?.tpm;
    },

+    isTPMPersistentStateEnabled(spec) {
+      return !!spec?.template?.spec?.domain?.devices?.tpm?.persistent;
+    },
+
    isSecureBoot(spec) {
      return !!spec?.template?.spec?.domain?.firmware?.bootloader?.efi?.secureBoot;
    },
--- a/pkg/harvester/mixins/harvester-vm/index.js
+++ b/pkg/harvester/mixins/harvester-vm/index.js
@ -164,6 +164,7 @@ export default {
      accessCredentials:             [],
      efiEnabled:                    false,
      tpmEnabled:                    false,
+      tpmPersistentStateEnabled:     false,
      secureBoot:                    false,
      userDataTemplateId:            '',
      saveUserDataAsClearText:       false,
@ -367,6 +368,7 @@ export default {
      const installAgent = this.hasInstallAgent(userData, osType, true);
      const efiEnabled = this.isEfiEnabled(spec);
      const tpmEnabled = this.isTpmEnabled(spec);
+      const tpmPersistentStateEnabled = this.isTPMPersistentStateEnabled(spec);
      const secureBoot = this.isSecureBoot(spec);
      const cpuPinning = this.isCpuPinning(spec);

@ -399,6 +401,7 @@ export default {
      this['installUSBTablet'] = installUSBTablet;
      this['efiEnabled'] = efiEnabled;
      this['tpmEnabled'] = tpmEnabled;
+      this['tpmPersistentStateEnabled'] = tpmPersistentStateEnabled;
      this['secureBoot'] = secureBoot;
      this['cpuPinning'] = cpuPinning;

@ -1421,6 +1424,14 @@ export default {
      }
    },

+    setTPMPersistentStateEnabled(tpmPersistentStateEnabled) {
+      if (tpmPersistentStateEnabled) {
+        set(this.spec.template.spec.domain.devices, 'tpm', { persistent: true });
+      } else {
+        set(this.spec.template.spec.domain.devices, 'tpm', {});
+      }
+    },
+
    deleteSSHFromUserData(ssh = []) {
      const sshAuthorizedKeys = this.getSSHFromUserData(this.userScript);

@ -1544,6 +1555,10 @@ export default {
      this.setTPM(val);
    },

+    tpmPersistentStateEnabled(val) {
+      this.setTPMPersistentStateEnabled(val);
+    },
+
    installAgent: {
      /**
       * rules
--- a/pkg/harvester/models/harvesterhci.io.virtualmachinetemplateversion.js
+++ b/pkg/harvester/models/harvesterhci.io.virtualmachinetemplateversion.js
@ -276,4 +276,8 @@ export default class HciVmTemplateVersion extends HarvesterResource {

    this.spec.vm.spec.template.metadata['labels'] = { ...wasIgnored, ...val };
  }
+
+  get tpmPersistentStateFeatureEnabled() {
+    return this.$rootGetters['harvester-common/getFeatureEnabled']('tpmPersistentState');
+  }
 }
--- a/pkg/harvester/models/kubevirt.io.virtualmachine.js
+++ b/pkg/harvester/models/kubevirt.io.virtualmachine.js
@ -1175,6 +1175,10 @@ export default class VirtVm extends HarvesterResource {
    return this.$rootGetters['harvester-common/getFeatureEnabled']('volumeEncryption');
  }

+  get tpmPersistentStateFeatureEnabled() {
+    return this.$rootGetters['harvester-common/getFeatureEnabled']('tpmPersistentState');
+  }
+
  setInstanceLabels(val) {
    if ( !this.spec?.template?.metadata?.labels ) {
      set(this, 'spec.template.metadata.labels', {});