mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
55 lines
1.6 KiB
Plaintext
55 lines
1.6 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * virt/managing_vms/virt-using-vtpm-devices.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="virt-adding-vtpm-to-vm_{context}"]
|
|
= Adding a vTPM device to a virtual machine
|
|
|
|
[role="_abstract"]
|
|
Adding a virtual Trusted Platform Module (vTPM) device to a virtual machine
|
|
(VM) allows you to run a VM created from a Windows 11 image without a physical
|
|
TPM device. A vTPM device also stores secrets for that VM.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
When you add a virtual Trusted Platform Module (vTPM) device to a Windows VM, it is important to make the vTPM device persistent. The BitLocker Drive is encrypted successfully and the encryption system check passes even if the vTPM device is not persistent. If the vTPM device is not persistent, it is discarded on shutdown.
|
|
====
|
|
|
|
.Prerequisites
|
|
* You have installed the OpenShift CLI (`oc`).
|
|
|
|
.Procedure
|
|
|
|
. Run the following command to update the VM configuration:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc edit vm <vm_name> -n <namespace>
|
|
----
|
|
|
|
. Edit the VM specification to add the vTPM device. For example:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: kubevirt.io/v1
|
|
kind: VirtualMachine
|
|
metadata:
|
|
name: example-vm
|
|
spec:
|
|
template:
|
|
spec:
|
|
domain:
|
|
devices:
|
|
tpm: <1>
|
|
persistent: true <2>
|
|
# ...
|
|
----
|
|
<1> Adds the vTPM device to the VM.
|
|
<2> Specifies that the vTPM device state persists after the VM is shut down. The default value is `false`.
|
|
|
|
. To apply your changes, save and exit the editor.
|
|
|
|
. Optional: If you edited a running virtual machine, you must restart it for
|
|
the changes to take effect.
|