Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Trusted launch VMs] Gen1 VM to Trusted launch upgrade support #29007

Closed
1 task done
AjKundnani opened this issue May 22, 2024 · 3 comments · Fixed by #29655
Closed
1 task done

[Trusted launch VMs] Gen1 VM to Trusted launch upgrade support #29007

AjKundnani opened this issue May 22, 2024 · 3 comments · Fixed by #29655
Assignees
@zhoxing-ms @Jing-song @yanzhudd
Labels
Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team Compute az vm/vmss/image/disk/snapshot feature-request
Milestone
August 2024 (2024...

Comments

@AjKundnani
Copy link

Preconditions

  • No need to upgrade Python SDK or the Python SDK is ready.

Related command

az vm update --security-type

Resource Provider

Microsoft.Compute/virtualMachines

Description of Feature or Work Requested

Azure Gen1 VM to Trusted launch Upgrade

Virtual machine API now supports upgrade of existing Azure Gen1 VMs to Trusted launch in private preview (AFEC Name: Gen1ToTLMigrationPreview).

ASK: Request to unblock az vm update command to set --security-type to TrustedLaunch if VM is Gen1 VM. This will allow customers to upgrade their Gen1 VMs to Trusted launch using CLI.

az vm update

Current behavior Requested behavior
User runs following command:
az vm update -n win2019vm01 -g testrg --security-type TrustedLaunch
User receives following error
Trusted Launch security configuration can be enabled only with Azure Gen2 VMs. Please visit https://learn.microsoft.com/en-us/azure/virtual-machines/trusted-launch for more details		 User runs following command:
az vm update -n win2019vm01 -g testrg --security-type TrustedLaunch
  1. CLI accepts the request.
  2. CLI sets --enable-secure-boot and --enable-vtpm to true by default unless specified by user.
  3. CLI sends VM update with following attributes:
    • securityType: TrustedLaunch
    • SecureBoot: true (or user provided value)
    • vTPM: true (or user provided value)
  4. If required AFEC Gen1ToTLMigrationPreview is registered for subscription, API will execute control plane operation and update following VM properties:
    • HyperVGeneration: v2
    • securityType: TrustedLaunch
    • secureBoot: as per default/user value
    • vTPM: as per default/user value
    Else API returns error response as operation not supported for given subscription.
  5. CLI returns API response and update VM JSON to end user.

NOTE

  • Gen1 to Trusted launch upgrade requires multiple data-plane operations as pre-requisites. Please refer to documentation for more details.
  • AFEC Gen1ToTLMigrationPreview is currently set to private, i.e., engineering team needs to on-board subscription manually. This AFEC will be made public during public preview release.
  • --enable-secure-boot and --enable-vtpm should be set to true by default. User provided values take precedence over defaults.

Minimum API Version Required

2023-07-01

Swagger PR link / SDK link

NA

Request Example

NA

Target Date

2024-06-30

PM Contact

ajkundna

Engineer Contact

poaggar

Additional context

Gen1 to Trusted launch upgrade support is currently in private preview.
Public preview is tentatively targeted for July 2024 release.
@microsoft-github-policy-service microsoft-github-policy-service bot added the Compute az vm/vmss/image/disk/snapshot label May 22, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels May 22, 2024
@yonzhan
Copy link
Collaborator

yonzhan commented May 22, 2024

Thank you for opening this issue, we will look into it.

@yonzhan yonzhan added this to the Backlog milestone May 22, 2024
@yonzhan yonzhan removed the question The issue doesn't require a change to the product in order to be resolved. Most issues start as that label May 22, 2024
@zhoxing-ms
Copy link
Contributor

zhoxing-ms commented May 23, 2024
edited
Loading

Target Date
2024-06-30

@AjKundnani Sorry, as this sprint is already fully planned, could we schedule it in the next sprint? The estimated release time is 08-06, does it meet your expectations?

@AjKundnani
Copy link
Author

Target Date
2024-06-30

@AjKundnani Sorry, as this sprint is already fully planned, could we schedule it in the next sprint? The estimated release time is 08-06, does it meet your expectations?

@zhoxing-ms - That works, thanks.

@Jing-song Jing-song mentioned this issue Aug 6, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zhoxing-ms zhoxing-ms

@Jing-song Jing-song

@yanzhudd yanzhudd

Labels
Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team Compute az vm/vmss/image/disk/snapshot feature-request
Projects
None yet
Milestone
August 2024 (2024-09-03)
Development

Successfully merging a pull request may close this issue.

[Compute] az vm update: Add support of Gen1 VM to trusted launch upgrade Jing-song/azure-cli
5 participants
@zhoxing-ms @AjKundnani @Jing-song @yonzhan @yanzhudd