Forum Discussion
Source image is not created for trusted boot but it is turned on the VM.
Hi
New to Bicep and learning it by deploying a mini environment in my lab. I am using the same code base as defined here: https://rozemuller.com/avd-automation-cocktail-avd-with-bicep-and-azure-cli/#azure-compute-gallery but I have made some alterations to it as I am trying to create a gen2 Trusted Launch VM to be used instead of a standard SecurityType defined in this blog.
- I create my initial image version of Windows 11 using Securitytype trusted launch. This was just a standard Microsoft gallery image, which I then sysprep and generalise. That all seem to well and my base image has the security Type that I want. Defined in my BICEP file under
resource vm 'Microsoft.Compute/virtualMachines@2023-03-01' = { // Security profile properties... securityProfile: { uefiSettings: { secureBootEnabled: true vTpmEnabled: true } securityType: 'TrustedLaunch' } diagnosticsProfile: { bootDiagnostics: { enabled: true } } }
When I come to run the main.bicep file alongside the parameters which then pulls the various modules depending on where it is in the build it goes through the process of deploying the gallery image but fails with the error:
The resource write operation failed to complete successfully, because it reached terminal provisioning state 'Failed'. (Code: ResourceDeploymentFailure, Target: /subscriptions/<mysubscriptionID>/resourceGroups/uks-rb81-vdi-avd-hpl-priv-001-01/providers/Microsoft.Compute/galleries/uksbldglbssvgal01/images/uks-img-Windows-desktop-11-gen2-22h2-priv-tl-001/versions/2023.09.26) The source 'subscriptions/<mysubscriptionID>/resourceGroups/rg-Win11-template/providers/Microsoft.Compute/virtualMachines/i4xsd3rrtnobm-vm' has security type 'TrustedLaunch' and cannot be used as a source for an image definition with SecurityType feature set to 'None'. (Code: Conflict)
I am really confused where I need to set this, I thought it would be under the bicep file deploy-shared-image-gallery.bicep but then when I declare the params and resource as
Thanks
Thought I would add, managed to resolve in the end. I needed to add features into the deploy-shared-image-gallery.bicep file
features: [
{
name: 'SecurityType'
value: 'TrustedLaunch'
}
]at the point when it creates the resource galleryDefinition after it declares the hyperVGeneration. What I found is its not well documented at the moment.
- isotonic_ukBrass Contributor
Thought I would add, managed to resolve in the end. I needed to add features into the deploy-shared-image-gallery.bicep file
features: [
{
name: 'SecurityType'
value: 'TrustedLaunch'
}
]at the point when it creates the resource galleryDefinition after it declares the hyperVGeneration. What I found is its not well documented at the moment.