Skip to content

enable default_boot_always_attempt for non-TL VMs (#2436) #2459

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: release/2411
Choose a base branch
from
Open

enable default_boot_always_attempt for non-TL VMs (#2436) #2459

wants to merge 1 commit into from

Conversation

@tjones60
Copy link
Contributor

@tjones60 tjones60 commented Nov 19, 2025

Always enable default boot always attempt for non-Trusted Launch VMs. This is roughly equivalent to not having secure boot or TPM enabled. This is necessary because the VMGS is not swapped with the OS disk for these VMs in Azure (and in any case on-prem), causing the VM to fail to boot after an OS swap.

Backport of #2436

@tjones60 tjones60 requested a review from a team as a code owner November 19, 2025 22:59
Copilot AI review requested due to automatic review settings November 19, 2025 22:59
@github-actions github-actions bot added the release_2411 Targets the release/2411 branch. label Nov 19, 2025
Copilot finished reviewing on behalf of tjones60 November 19, 2025 23:01
Copilot AI reviewed Nov 19, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR backports a temporary workaround that enables the default_boot_always_attempt flag for non-Trusted Launch isolated VMs. This is necessary to allow VMs to boot successfully after OS disk swaps in Azure when the VMGS is not swapped along with the OS disk.

Key changes:

  • Adds conditional logic to enable default_boot_always_attempt for isolated VMs that don't have secure boot or TPM enabled
  • Includes clear documentation explaining the temporary nature and rationale for the workaround

@benhillis
Copy link
Member

benhillis commented Nov 20, 2025

Do we need a 2411 version of this patch?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

release_2411 Targets the release/2411 branch.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tjones60 @benhillis