Skip to content

Commit

Permalink
Adding UefiSettings and SecurityType for Trusted/Confidential VMs (#1…
Browse files Browse the repository at this point in the history 
…1441)
  • Loading branch information
@ms-saypaul
ms-saypaul authored Nov 23, 2020
1 parent 184b8f7 commit a0abdf2
Show file tree
Hide file tree
Showing 3 changed files with 442 additions and 0 deletions.
34 changes: 34 additions & 0 deletions specification/compute/resource-manager/Microsoft.Compute/stable/2020-12-01/compute.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3052,6 +3052,9 @@
},
"Create a vm with Application Profile.": {
"$ref": "./examples/CreateAVmWithApplicationProfile.json"
},
"Create a VM with Uefi Settings of secureBoot and vTPM.": {
"$ref": "./examples/CreateAVmWithUefiSettings.json"
}
}
},
Expand Down Expand Up @@ -4086,6 +4089,9 @@
},
"Create a scale set with Application Profile": {
"$ref": "./examples/CreateAScaleSetWithApplicationProfile.json"
},
"Create a scale set with Uefi Settings of secureBoot and vTPM.": {
"$ref": "./examples/CreateAScaleSetWithUefiSettings.json"
}
}
},
Expand Down Expand Up @@ -8689,11 +8695,39 @@
},
"description": "Contains the list of gallery applications that should be made available to the VM/VMSS"
},
"UefiSettings": {
"properties": {
"secureBootEnabled": {
"type": "boolean",
"description": "Specifies whether secure boot should be enabled on the virtual machine. <br><br>Minimum api-version: 2020-12-01"
},
"vTpmEnabled": {
"type": "boolean",
"description": "Specifies whether vTPM should be enabled on the virtual machine. <br><br>Minimum api-version: 2020-12-01"
}
},
"description": "Specifies the security settings like secure boot and vTPM used while creating the virtual machine. <br><br>Minimum api-version: 2020-12-01"
},
"SecurityProfile": {
"properties": {
"uefiSettings": {
"$ref": "#/definitions/UefiSettings",
"description": "Specifies the security settings like secure boot and vTPM used while creating the virtual machine. <br><br>Minimum api-version: 2020-12-01"
},
"encryptionAtHost": {
"type": "boolean",
"description": "This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. <br><br> Default: The Encryption at host will be disabled unless this property is set to true for the resource."
},
"securityType": {
"type": "string",
"description": "Specifies the SecurityType of the virtual machine. It is set as SecureBoot to enable UefiSettings. <br><br> Default: UefiSettings will not be enabled unless this property is set as SecureBoot.",
"enum": [
"SecureBoot"
],
"x-ms-enum": {
"name": "SecurityTypes",
"modelAsString": false
}
}
},
"description": "Specifies the Security profile settings for the virtual machine or virtual machine scale set."
Expand Down
235 changes: 235 additions & 0 deletions ...manager/Microsoft.Compute/stable/2020-12-01/examples/CreateAScaleSetWithUefiSettings.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,235 @@
{
"parameters": {
"subscriptionId": "{subscription-id}",
"resourceGroupName": "myResourceGroup",
"vmScaleSetName": "{vmss-name}",
"api-version": "2020-12-01",
"parameters": {
"sku": {
"tier": "Standard",
"capacity": 3,
"name": "Standard_D2s_v3"
},
"properties": {
"overprovision": true,
"virtualMachineProfile": {
"storageProfile": {
"imageReference": {
"sku": "windows10-tvm",
"publisher": "MicrosoftWindowsServer",
"version": "18363.592.2001092016",
"offer": "windowsserver-gen2preview-preview"
},
"osDisk": {
"caching": "ReadOnly",
"managedDisk": {
"storageAccountType": "StandardSSD_LRS"
},
"createOption": "FromImage"
}
},
"securityProfile": {
"uefiSettings": {
"secureBootEnabled": true,
"vTpmEnabled": true
}
},
"osProfile": {
"computerNamePrefix": "{vmss-name}",
"adminUsername": "{your-username}",
"adminPassword": "{your-password}"
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"primary": true,
"enableIPForwarding": true,
"ipConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"
}
}
}
]
}
}
]
}
},
"upgradePolicy": {
"mode": "Manual"
}
},
"location": "westus"
}
},
"responses": {
"200": {
"body": {
"sku": {
"tier": "Standard",
"capacity": 3,
"name": "Standard_D2s_v3"
},
"name": "{vmss-name}",
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/{vmss-name}",
"type": "Microsoft.Compute/virtualMachineScaleSets",
"properties": {
"singlePlacementGroup": true,
"overprovision": true,
"uniqueId": "b9e23088-6ffc-46e0-9e02-b0a6eeef47db",
"virtualMachineProfile": {
"storageProfile": {
"imageReference": {
"sku": "windows10-tvm",
"publisher": "MicrosoftWindowsServer",
"version": "18363.592.2001092016",
"offer": "windowsserver-gen2preview-preview"
},
"osDisk": {
"caching": "ReadOnly",
"managedDisk": {
"storageAccountType": "StandardSSD_LRS"
},
"createOption": "FromImage"
}
},
"securityProfile": {
"uefiSettings": {
"secureBootEnabled": true,
"vTpmEnabled": true
},
"securityType": "SecureBoot"
},
"osProfile": {
"computerNamePrefix": "{vmss-name}",
"adminUsername": "{your-username}",
"secrets": [],
"windowsConfiguration": {
"provisionVMAgent": true,
"enableAutomaticUpdates": true
}
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"dnsSettings": {
"dnsServers": []
},
"primary": true,
"enableIPForwarding": true,
"ipConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/nsgExistingVnet/subnets/nsgExistingSubnet"
},
"privateIPAddressVersion": "IPv4"
}
}
],
"enableAcceleratedNetworking": false
}
}
]
}
},
"upgradePolicy": {
"mode": "Manual"
},
"provisioningState": "Creating"
},
"location": "westus"
}
},
"201": {
"body": {
"sku": {
"tier": "Standard",
"capacity": 3,
"name": "Standard_D2s_v3"
},
"name": "{vmss-name}",
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/{vmss-name}",
"type": "Microsoft.Compute/virtualMachineScaleSets",
"properties": {
"singlePlacementGroup": true,
"overprovision": true,
"uniqueId": "b9e23088-6ffc-46e0-9e02-b0a6eeef47db",
"virtualMachineProfile": {
"storageProfile": {
"imageReference": {
"sku": "windows10-tvm",
"publisher": "MicrosoftWindowsServer",
"version": "18363.592.2001092016",
"offer": "windowsserver-gen2preview-preview"
},
"osDisk": {
"caching": "ReadOnly",
"managedDisk": {
"storageAccountType": "StandardSSD_LRS"
},
"createOption": "FromImage"
}
},
"securityProfile": {
"uefiSettings": {
"secureBootEnabled": true,
"vTpmEnabled": true
},
"securityType": "SecureBoot"
},
"osProfile": {
"computerNamePrefix": "{vmss-name}",
"adminUsername": "{your-username}",
"secrets": [],
"windowsConfiguration": {
"provisionVMAgent": true,
"enableAutomaticUpdates": true
}
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"dnsSettings": {
"dnsServers": []
},
"primary": true,
"enableIPForwarding": true,
"ipConfigurations": [
{
"name": "{vmss-name}",
"properties": {
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/nsgExistingVnet/subnets/nsgExistingSubnet"
},
"privateIPAddressVersion": "IPv4"
}
}
],
"enableAcceleratedNetworking": false
}
}
]
}
},
"upgradePolicy": {
"mode": "Manual"
},
"provisioningState": "Creating"
},
"location": "westus"
}
}
}
}
Loading

0 comments on commit a0abdf2

Please sign in to comment.