This message was deleted.
# elementala
adamant-kite-43734
12/05/2022, 9:32 AMThis message was deleted.
n
nice-monkey-30580
12/05/2022, 9:45 AMyes, at least that’s also how I got it. same setup here.
different ISO for each VM, or at least a different config within the ISO
r
ripe-mechanic-63260
12/05/2022, 10:01 AMYes, unfortunately the emulated TPM is aligned with the tpm seed, so it would be the same for all machines. You can workaround by deploying one instance, then editing the registration to change the tpm seed and deploying the next one. Not ideal, but currently tpm emulaattion was added for Dev purposes. There is plans in the future to make this more flexible with other types of seed, but nothing in the pipeline currently
s
silly-airline-38945
12/05/2022, 1:17 PM@ripe-mechanic-63260 thats good to hear. care to elaborate a bit about what you mean by editing the registration?
r
ripe-mechanic-63260
12/05/2022, 1:23 PMYes, just after deploying one node, you can kubectl edit the machine registration and set the value of emulated-tpm-seed which is 1 by default to a different number and save the resource. That will generate a new tpm hash on the next machine registration as the seed is different
ripe-mechanic-63260
12/05/2022, 1:23 PMripe-mechanic-63260
12/05/2022, 1:27 PMIn reality the tpm is not bound to the iso but to the registration seed, as it will be generated based on that seed. So you can still use the same iso with this workaround
s
silly-airline-38945
12/06/2022, 7:50 AMHmm. tried the workaround and it does'nt seem to work. elemental-operator 1.0.2 (rancher 2.7.0)
On first node boot:
registration:emulate-tpm: trueregistration:emulate-tpm: trueemulated-tpm-seed: 2r
ripe-mechanic-63260
12/27/2022, 8:45 AMHey, a bit late but on latest dev we have improved this. Now you only need to set the emulated-tpm-hash value to
-1ripe-mechanic-63260
12/27/2022, 8:45 AMYou will need to get the iso from the Dev channel for this to work
23 Views