[BLOCKED] kola: enable Azure vTPM feature and TPM tests #723
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
t-lo
force-pushed
the
t-lo/azure-enable-tpm-tests
branch
from
a3b1da8 to
f139207
Compare
chewi
approved these changes
Dec 18, 2025
tormath1
reviewed
Dec 18, 2025
cmd/kola/options.go
Outdated
| sv(&kola.AzureOptions.Version, "azure-version", "", "Azure image version") | ||
| sv(&kola.AzureOptions.Location, "azure-location", "westus", "Azure location (default \"westus\"") | ||
| sv(&kola.AzureOptions.Size, "azure-size", "Standard_DS2_v2", "Azure machine size (default \"Standard_DS2_v2\")") | ||
| sv(&kola.AzureOptions.Size, "azure-size", "Standard_DS2_v5", "Azure machine size") |
Contributor
There was a problem hiding this comment.
Is this some kind of typo here? In scripts/ci-automation/ci-config.env we're using:
Standard_D2s_v4
(DS2 vs D2s) ?
Member
Author
There was a problem hiding this comment.
Looks like that typo has been there forever (we always explicitly specify the instance type when running tests). Will fix.
Contributor
There was a problem hiding this comment.
Yeah and we did not detected it because ci-config.env is the source of trust here.
Thanks for confirming, instance types on Azure are confusing me.
Member
There was a problem hiding this comment.
This wasn't a typo - the v2 instances were actually called that way DSX_v2: https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/general-purpose/dsv2-series?tabs=sizebasic.
t-lo
changed the title
This change enables Azure's vTPM feature via a command line flag (defaults to enabled). It also allowlists 6 TPM tests to run on Azure. We also change the default instance family/size to Standard_DS2_v5 as the previously used Standard_DS2_v2 has been deprecated a long time ago. Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
t-lo
force-pushed
the
t-lo/azure-enable-tpm-tests
branch
from
4ea9e6c to
218c461
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
This PR is blocked by secure boot / trusted launch support for Azure. Azure refuses to launch a VM with vTPM if the image does not support trusted launch:
Secure boot support is blocked by CNCF SHIM signing, tracked in https://cncfservicedesk.atlassian.net/servicedesk/customer/portal/1/CNCFSD-2581.
Summary
This change enables Azure's vTPM feature via a command line flag (defaults to enabled). It also allowlists 6 TPM tests to run on Azure. It also updates the default instance type / size to Standard_DS2_v5 as the previously used Standard_DS2_v2 was deprecated some time ago.
This tackles some of the tests from flatcar/Flatcar#1978 but not all.
How to use
Run cl.tpm.* tests on Azure.
Testing done
In progress - running cl.tpm.* tests in Azure.