https://rancher.com/ logo
Title
s

silly-airline-38945

12/05/2022, 9:32 AM
Hi, Im I correct to assume that the when using emulate-tpm, the tpmhash is bound to the built iso? No tpm support in my current vcenter so testing emulation. Booting multiple vms from same iso has the same hash, hence only one entry in mchineinventory.
n

nice-monkey-30580

12/05/2022, 9:45 AM
yes, at least that’s also how I got it. same setup here. different ISO for each VM, or at least a different config within the ISO
r

ripe-mechanic-63260

12/05/2022, 10:01 AM
Yes, unfortunately the emulated TPM is aligned with the tpm seed, so it would be the same for all machines. You can workaround by deploying one instance, then editing the registration to change the tpm seed and deploying the next one. Not ideal, but currently tpm emulaattion was added for Dev purposes. There is plans in the future to make this more flexible with other types of seed, but nothing in the pipeline currently
s

silly-airline-38945

12/05/2022, 1:17 PM
@ripe-mechanic-63260 thats good to hear. care to elaborate a bit about what you mean by editing the registration?
r

ripe-mechanic-63260

12/05/2022, 1:23 PM
Yes, just after deploying one node, you can kubectl edit the machine registration and set the value of emulated-tpm-seed which is 1 by default to a different number and save the resource. That will generate a new tpm hash on the next machine registration as the seed is different
In reality the tpm is not bound to the iso but to the registration seed, as it will be generated based on that seed. So you can still use the same iso with this workaround
s

silly-airline-38945

12/06/2022, 7:50 AM
Hmm. tried the workaround and it does'nt seem to work. elemental-operator 1.0.2 (rancher 2.7.0) On first node boot:
registration:
emulate-tpm: true
On second node boot:
registration:
emulate-tpm: true
emulated-tpm-seed: 2
Still the same tpmhash
r

ripe-mechanic-63260

12/27/2022, 8:45 AM
Hey, a bit late but on latest dev we have improved this. Now you only need to set the emulated-tpm-hash value to
-1
and all your machines will get a random tpm-hash which allows to deploy more than one machine with tpm-emulation !
You will need to get the iso from the Dev channel for this to work