make trusted launch opt-in

cmd/kola/options.go

@@ -126,6 +126,7 @@ func init() {
 	sv(&kola.AzureOptions.DiskController, "azure-disk-controller", "default", "Use a specific disk-controller for storage (default \"default\", also \"nvme\" and \"scsi\")")
 	sv(&kola.AzureOptions.ResourceGroup, "azure-resource-group", "", "Deploy resources in an existing resource group")
 	sv(&kola.AzureOptions.AvailabilitySet, "azure-availability-set", "", "Deploy instances with an existing availibity set")
+	bv(&kola.AzureOptions.TrustedLaunch, "azure-trusted-launch", false, "Enable trusted launch for VMs (default \"false\")")
 
 	// do-specific options
 	sv(&kola.DOOptions.ConfigPath, "do-config-file", "", "DigitalOcean config file (default \"~/"+auth.DOConfigPath+"\")")

platform/api/azure/instance.go

@@ -21,7 +21,6 @@ import (
 	"io"
 	"io/ioutil"
 	"regexp"
-	"strings"
 	"time"
 
 	"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2022-08-01/compute"
@@ -153,9 +152,13 @@ func (a *API) getVMParameters(name, userdata, sshkey, storageAccountURI string,
 		},
 	}
 
-	if a.Opts.HyperVGeneration == string(compute.HyperVGenerationTypeV2) &&
-		(a.Opts.UseGallery || strings.Contains(a.Opts.DiskURI, "galleries")) &&
-		a.Opts.Board == "amd64-usr" {
+	if a.Opts.TrustedLaunch {
+		if a.Opts.HyperVGeneration != string(compute.HyperVGenerationTypeV2) {
+			plog.Warningf("TrustedLaunch is only supported for HyperVGeneration v2; ignoring")
+		}
+		if a.Opts.Board != "amd64-usr" {
+			plog.Warningf("TrustedLaunch is only supported for amd64-usr; ignoring")
+		}
 		vm.SecurityProfile = &compute.SecurityProfile{
 			SecurityType: compute.SecurityTypesTrustedLaunch,
 			UefiSettings: &compute.UefiSettings{

platform/api/azure/options.go

@@ -39,6 +39,7 @@ type Options struct {
 	UseGallery       bool
 	UseIdentity      bool
 	UsePrivateIPs    bool
+	TrustedLaunch    bool
 
 	DiskController string