Merge branch 'camjjack-enable-tpm'

builder/hyperv/common/config.go

@@ -121,6 +121,9 @@ type CommonConfig struct {
 	// disable dynamic memory and have at least 4GB of RAM assigned to the
 	// virtual machine.
 	EnableVirtualizationExtensions bool `mapstructure:"enable_virtualization_extensions" required:"false"`
+	// If true enable a virtual TPM for the
+	// virtual machine. This defaults to false.
+	EnableTPM bool `mapstructure:"enable_tpm" required:"false"`
 	// The location under which Packer will create a directory to house all the
 	// VM files and folders during the build. By default `%TEMP%` is used
 	// which, for most systems, will evaluate to

builder/hyperv/common/driver.go

@@ -100,6 +100,8 @@ type Driver interface {
 
 	SetVirtualMachineVirtualizationExtensions(string, bool) error
 
+	SetVirtualMachineTPM(string, bool) error
+
 	EnableVirtualMachineIntegrationService(string, string) error
 
 	ExportVirtualMachine(string, string) error

builder/hyperv/common/driver_mock.go

@@ -193,6 +193,11 @@ type DriverMock struct {
 	SetVirtualMachineVirtualizationExtensions_Enable bool
 	SetVirtualMachineVirtualizationExtensions_Err    error
 
+	SetVirtualMachineTPM_Called bool
+	SetVirtualMachineTPM_VmName string
+	SetVirtualMachineTPM_Enable bool
+	SetVirtualMachineTPM_Err    error
+
 	EnableVirtualMachineIntegrationService_Called                 bool
 	EnableVirtualMachineIntegrationService_VmName                 string
 	EnableVirtualMachineIntegrationService_IntegrationServiceName string
@@ -535,6 +540,13 @@ func (d *DriverMock) SetVirtualMachineVirtualizationExtensions(vmName string, en
 	return d.SetVirtualMachineVirtualizationExtensions_Err
 }
 
+func (d *DriverMock) SetVirtualMachineTPM(vmName string, enable bool) error {
+	d.SetVirtualMachineTPM_Called = true
+	d.SetVirtualMachineTPM_VmName = vmName
+	d.SetVirtualMachineTPM_Enable = enable
+	return d.SetVirtualMachineTPM_Err
+}
+
 func (d *DriverMock) EnableVirtualMachineIntegrationService(vmName string, integrationServiceName string) error {
 	d.EnableVirtualMachineIntegrationService_Called = true
 	d.EnableVirtualMachineIntegrationService_VmName = vmName

builder/hyperv/common/driver_ps_4.go

@@ -235,6 +235,10 @@ func (d *HypervPS4Driver) SetVirtualMachineVirtualizationExtensions(vmName strin
 	return hyperv.SetVirtualMachineVirtualizationExtensions(vmName, enable)
 }
 
+func (d *HypervPS4Driver) SetVirtualMachineTPM(vmName string, enable bool) error {
+	return hyperv.SetVirtualMachineTPM(vmName, enable)
+}
+
 func (d *HypervPS4Driver) EnableVirtualMachineIntegrationService(vmName string,
 	integrationServiceName string) error {
 	return hyperv.EnableVirtualMachineIntegrationService(vmName, integrationServiceName)

builder/hyperv/common/powershell/hyperv/hyperv.go

@@ -742,6 +742,25 @@ if ($cmdlet.Parameters.SecureBootTemplate) {
 	return err
 }
 
+func SetVirtualMachineTPM(vmName string, enableTPM bool) error {
+	var script = `
+param([string]$vmName)
+Hyper-V\Disable-VMTPM -VMName $vmName
+`
+	if enableTPM {
+		script = `
+param([string]$vmName)
+Hyper-V\Set-VMKeyProtector -VMName $vmName -NewLocalKeyProtector
+Hyper-V\Enable-VMTPM -VMName $vmName
+`
+	}
+
+	var ps powershell.PowerShellCmd
+
+	err := ps.Run(script, vmName)
+	return err
+}
+
 func DeleteVirtualMachine(vmName string) error {
 
 	var script = `
@@ -797,6 +816,7 @@ if (Test-Path -Path ([IO.Path]::Combine($path, $vmName, 'Virtual Machines', '*.V
   </boot>
   <secure_boot_enabled type="bool">False</secure_boot_enabled>
   <secure_boot_template type="string">MicrosoftWindows</secure_boot_template>
+  <tpm_enabled type="bool">False</tpm_enabled>
   <notes type="string">$($vm.Notes)</notes>
   <vm-controllers/>
 </configuration>
@@ -823,6 +843,10 @@ if (Test-Path -Path ([IO.Path]::Combine($path, $vmName, 'Virtual Machines', '*.V
     {
       $config.configuration.secure_boot_enabled.'#text' = 'False'
 	}
+    if ((Hyper-V\Get-VMSecurity -VM $vm).TpmEnabled -eq [Microsoft.HyperV.PowerShell.OnOffState]::On)
+    {
+	  $config.configuration.tpm_enabled.'#text' = 'True'
+	}
   }
 
   $vm_controllers | ForEach {

builder/hyperv/common/step_clone_vm.go

@@ -33,6 +33,7 @@ type StepCloneVM struct {
 	EnableSecureBoot               bool
 	SecureBootTemplate             string
 	EnableVirtualizationExtensions bool
+	EnableTPM                      bool
 	MacAddress                     string
 	KeepRegistered                 bool
 	AdditionalDiskSize             []uint
@@ -117,6 +118,16 @@ func (s *StepCloneVM) Run(ctx context.Context, state multistep.StateBag) multist
 			ui.Error(err.Error())
 			return multistep.ActionHalt
 		}
+
+		if s.EnableTPM {
+			err = driver.SetVirtualMachineTPM(s.VMName, s.EnableTPM)
+			if err != nil {
+				err := fmt.Errorf("Error enabling TPM: %s", err)
+				state.Put("error", err)
+				ui.Error(err.Error())
+				return multistep.ActionHalt
+			}
+		}
 	}
 
 	if s.EnableVirtualizationExtensions {

builder/hyperv/common/step_create_vm.go

@@ -33,6 +33,7 @@ type StepCreateVM struct {
 	EnableSecureBoot               bool
 	SecureBootTemplate             string
 	EnableVirtualizationExtensions bool
+	EnableTPM                      bool
 	AdditionalDiskSize             []uint
 	DifferencingDisk               bool
 	MacAddress                     string
@@ -130,6 +131,15 @@ func (s *StepCreateVM) Run(ctx context.Context, state multistep.StateBag) multis
 			ui.Error(err.Error())
 			return multistep.ActionHalt
 		}
+		if s.EnableTPM {
+			err = driver.SetVirtualMachineTPM(s.VMName, s.EnableTPM)
+			if err != nil {
+				err := fmt.Errorf("Error enabling TPM: %s", err)
+				state.Put("error", err)
+				ui.Error(err.Error())
+				return multistep.ActionHalt
+			}
+		}
 	}
 
 	if s.EnableVirtualizationExtensions {

builder/hyperv/iso/builder.go

@@ -238,6 +238,7 @@ func (b *Builder) Run(ctx context.Context, ui packersdk.Ui, hook packersdk.Hook)
 			EnableSecureBoot:               b.config.EnableSecureBoot,
 			SecureBootTemplate:             b.config.SecureBootTemplate,
 			EnableVirtualizationExtensions: b.config.EnableVirtualizationExtensions,
+			EnableTPM:                      b.config.EnableTPM,
 			UseLegacyNetworkAdapter:        b.config.UseLegacyNetworkAdapter,
 			AdditionalDiskSize:             b.config.AdditionalDiskSize,
 			DifferencingDisk:               b.config.DifferencingDisk,

builder/hyperv/vmcx/builder.go

@@ -281,6 +281,7 @@ func (b *Builder) Run(ctx context.Context, ui packersdk.Ui, hook packersdk.Hook)
 			EnableSecureBoot:               b.config.EnableSecureBoot,
 			SecureBootTemplate:             b.config.SecureBootTemplate,
 			EnableVirtualizationExtensions: b.config.EnableVirtualizationExtensions,
+			EnableTPM:                      b.config.EnableTPM,
 			MacAddress:                     b.config.MacAddress,
 			KeepRegistered:                 b.config.KeepRegistered,
 			AdditionalDiskSize:             b.config.AdditionalDiskSize,

docs-partials/builder/hyperv/common/CommonConfig-not-required.mdx

@@ -79,6 +79,9 @@
   disable dynamic memory and have at least 4GB of RAM assigned to the
   virtual machine.
 
+- `enable_tpm` (bool) - If true enable a virtual TPM for the
+  virtual machine. This defaults to false.
+
 - `temp_path` (string) - The location under which Packer will create a directory to house all the
   VM files and folders during the build. By default `%TEMP%` is used
   which, for most systems, will evaluate to