Hi, Im I correct to assume that the when using emulate-tpm, the tpmhash is bound to the built iso? No tpm support in my current vcenter so testing emulation. Booting multiple vms from same iso has the same hash, hence only one entry in mchineinventory.

yes, at least that’s also how I got it. same setup here. different ISO for each VM, or at least a different config within the ISO

Yes, unfortunately the emulated TPM is aligned with the tpm seed, so it would be the same for all machines. You can workaround by deploying one instance, then editing the registration to change the tpm seed and deploying the next one. Not ideal, but currently tpm emulaattion was added for Dev purposes. There is plans in the future to make this more flexible with other types of seed, but nothing in the pipeline currently

@ripe-mechanic-63260 thats good to hear. care to elaborate a bit about what you mean by editing the registration?

Yes, just after deploying one node, you can kubectl edit the machine registration and set the value of emulated-tpm-seed which is 1 by default to a different number and save the resource. That will generate a new tpm hash on the next machine registration as the seed is different

Hmm. tried the workaround and it does'nt seem to work. elemental-operator 1.0.2 (rancher 2.7.0) On first node boot:

registration:

emulate-tpm: true

On second node boot:

registration:

emulate-tpm: true

emulated-tpm-seed: 2

Still the same tpmhash

Hey, a bit late but on latest dev we have improved this. Now you only need to set the emulated-tpm-hash value to

-1

and all your machines will get a random tpm-hash which allows to deploy more than one machine with tpm-emulation !