platform/api/azure: Narrow down trusted launch enablement

Only amd64 instances support trusted launch. When pre-creating a gallery, we also want TL to be used. Signed-off-by: Jeremi Piotrowski <[email protected]>
flatcar · Apr 12, 2024 · 5ef5765 · 5ef5765
1 parent 661f09c
commit 5ef5765
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/platform/api/azure/instance.go b/platform/api/azure/instance.go
@@ -21,6 +21,7 @@ import (
 	"io"
 	"io/ioutil"
 	"regexp"
+	"strings"
 	"time"
 
 	"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2022-08-01/compute"
@@ -152,7 +153,9 @@ func (a *API) getVMParameters(name, userdata, sshkey, storageAccountURI string,
 		},
 	}
 
-	if a.Opts.HyperVGeneration == string(compute.HyperVGenerationTypeV2) && a.Opts.UseGallery {
+	if a.Opts.HyperVGeneration == string(compute.HyperVGenerationTypeV2) &&
+	        (a.Opts.UseGallery || strings.Contains(a.Opts.DiskURI, "galleries")) &&
+	        a.Opts.Board == "amd64-usr" {
 		vm.SecurityProfile = &compute.SecurityProfile{
 			SecurityType: compute.SecurityTypesTrustedLaunch,
 			UefiSettings: &compute.UefiSettings{