diff --git a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/compute.json b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/compute.json index acaa570c5b3c..bab8ce773892 100644 --- a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/compute.json +++ b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/compute.json @@ -3151,6 +3151,12 @@ }, "Create a VM from a shared gallery image": { "$ref": "./examples/compute/CreateAVmFromASharedGalleryImage.json" + }, + "Create a VM with securityType ConfidentialVM with Platform Managed Keys": { + "$ref": "./examples/compute/CreateAVmWithSecurityTypeConfidentialVM.json" + }, + "Create a VM with securityType ConfidentialVM with Customer Managed Keys": { + "$ref": "./examples/compute/CreateAVmWithSecurityTypeConfidentialVMWithCustomerManagedKeys.json" } } }, @@ -5425,6 +5431,9 @@ }, "Create a scale set with spot restore policy": { "$ref": "./examples/compute/CreateAScaleSetWithSpotRestorePolicy.json" + }, + "Create a scale set with SecurityType as ConfidentialVM": { + "$ref": "./examples/compute/CreateAScaleSetWithSecurityTypeConfidentialVM.json" } } }, @@ -10629,6 +10638,28 @@ ], "description": "Describes the parameter of customer managed disk encryption set resource id that can be specified for disk.

NOTE: The disk encryption set resource id can only be specified for managed disk. Please refer https://aka.ms/mdssewithcmkoverview for more details." }, + "VMDiskSecurityProfile": { + "type": "object", + "properties": { + "securityEncryptionType": { + "type": "string", + "description": "Specifies the EncryptionType of the managed disk.
It is set to DiskWithVMGuestState for encryption of the managed disk along with VMGuestState blob, and VMGuestStateOnly for encryption of just the VMGuestState blob.

NOTE: It can be set for only Confidential VMs.", + "enum": [ + "VMGuestStateOnly", + "DiskWithVMGuestState" + ], + "x-ms-enum": { + "name": "securityEncryptionTypes", + "modelAsString": true + } + }, + "diskEncryptionSet": { + "$ref": "#/definitions/DiskEncryptionSetParameters", + "description": "Specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob." + } + }, + "description": "Specifies the security profile settings for the managed disk.

NOTE: It can only be set for Confidential VMs" + }, "KeyVaultKeyReference": { "properties": { "keyUrl": { @@ -10782,6 +10813,10 @@ "diskEncryptionSet": { "$ref": "#/definitions/DiskEncryptionSetParameters", "description": "Specifies the customer managed disk encryption set resource id for the managed disk." + }, + "securityProfile": { + "$ref": "#/definitions/VMDiskSecurityProfile", + "description": "Specifies the security profile for the managed disk." } }, "allOf": [ @@ -10982,9 +11017,10 @@ }, "securityType": { "type": "string", - "description": "Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings.

Default: UefiSettings will not be enabled unless this property is set as TrustedLaunch.", + "description": "Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings.

Default: UefiSettings will not be enabled unless this property is set.", "enum": [ - "TrustedLaunch" + "TrustedLaunch", + "ConfidentialVM" ], "x-ms-enum": { "name": "SecurityTypes", @@ -12623,6 +12659,10 @@ "diskEncryptionSet": { "$ref": "#/definitions/DiskEncryptionSetParameters", "description": "Specifies the customer managed disk encryption set resource id for the managed disk." + }, + "securityProfile": { + "$ref": "#/definitions/VMDiskSecurityProfile", + "description": "Specifies the security profile for the managed disk." } }, "description": "Describes the parameters of a ScaleSet managed disk." diff --git a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/CreateAScaleSetWithSecurityTypeConfidentialVM.json b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/CreateAScaleSetWithSecurityTypeConfidentialVM.json new file mode 100644 index 000000000000..77eb3bb298a2 --- /dev/null +++ b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/CreateAScaleSetWithSecurityTypeConfidentialVM.json @@ -0,0 +1,245 @@ +{ + "parameters": { + "subscriptionId": "{subscription-id}", + "resourceGroupName": "myResourceGroup", + "vmScaleSetName": "{vmss-name}", + "api-version": "2021-11-01", + "parameters": { + "sku": { + "tier": "Standard", + "capacity": 3, + "name": "Standard_DC2as_v5" + }, + "properties": { + "overprovision": true, + "virtualMachineProfile": { + "storageProfile": { + "imageReference": { + "sku": "windows-cvm", + "publisher": "MicrosoftWindowsServer", + "version": "17763.2183.2109130127", + "offer": "2019-datacenter-cvm" + }, + "osDisk": { + "caching": "ReadOnly", + "managedDisk": { + "storageAccountType": "StandardSSD_LRS", + "securityProfile": { + "securityEncryptionType": "VMGuestStateOnly" + } + }, + "createOption": "FromImage" + } + }, + "securityProfile": { + "uefiSettings": { + "secureBootEnabled": true, + "vTpmEnabled": true + }, + "securityType": "ConfidentialVM" + }, + "osProfile": { + "computerNamePrefix": "{vmss-name}", + "adminUsername": "{your-username}", + "adminPassword": "{your-password}" + }, + "networkProfile": { + "networkInterfaceConfigurations": [ + { + "name": "{vmss-name}", + "properties": { + "primary": true, + "enableIPForwarding": true, + "ipConfigurations": [ + { + "name": "{vmss-name}", + "properties": { + "subnet": { + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}" + } + } + } + ] + } + } + ] + } + }, + "upgradePolicy": { + "mode": "Manual" + } + }, + "location": "westus" + } + }, + "responses": { + "200": { + "body": { + "sku": { + "tier": "Standard", + "capacity": 3, + "name": "Standard_DC2as_v5" + }, + "name": "{vmss-name}", + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/{vmss-name}", + "type": "Microsoft.Compute/virtualMachineScaleSets", + "properties": { + "singlePlacementGroup": true, + "overprovision": true, + "uniqueId": "b9e23088-6ffc-46e0-9e02-b0a6eeef47db", + "virtualMachineProfile": { + "storageProfile": { + "imageReference": { + "sku": "windows-cvm", + "publisher": "MicrosoftWindowsServer", + "version": "17763.2183.2109130127", + "offer": "2019-datacenter-cvm" + }, + "osDisk": { + "caching": "ReadOnly", + "managedDisk": { + "storageAccountType": "StandardSSD_LRS", + "securityProfile": { + "securityEncryptionType": "VMGuestStateOnly" + } + }, + "createOption": "FromImage" + } + }, + "securityProfile": { + "uefiSettings": { + "secureBootEnabled": true, + "vTpmEnabled": true + }, + "securityType": "ConfidentialVM" + }, + "osProfile": { + "computerNamePrefix": "{vmss-name}", + "adminUsername": "{your-username}", + "secrets": [], + "windowsConfiguration": { + "provisionVMAgent": true, + "enableAutomaticUpdates": true + } + }, + "networkProfile": { + "networkInterfaceConfigurations": [ + { + "name": "{vmss-name}", + "properties": { + "dnsSettings": { + "dnsServers": [] + }, + "primary": true, + "enableIPForwarding": true, + "ipConfigurations": [ + { + "name": "{vmss-name}", + "properties": { + "subnet": { + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/nsgExistingVnet/subnets/nsgExistingSubnet" + }, + "privateIPAddressVersion": "IPv4" + } + } + ], + "enableAcceleratedNetworking": false + } + } + ] + } + }, + "upgradePolicy": { + "mode": "Manual" + }, + "provisioningState": "Creating" + }, + "location": "westus" + } + }, + "201": { + "body": { + "sku": { + "tier": "Standard", + "capacity": 3, + "name": "Standard_DC2as_v5" + }, + "name": "{vmss-name}", + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/{vmss-name}", + "type": "Microsoft.Compute/virtualMachineScaleSets", + "properties": { + "singlePlacementGroup": true, + "overprovision": true, + "uniqueId": "b9e23088-6ffc-46e0-9e02-b0a6eeef47db", + "virtualMachineProfile": { + "storageProfile": { + "imageReference": { + "sku": "windows-cvm", + "publisher": "MicrosoftWindowsServer", + "version": "17763.2183.2109130127", + "offer": "2019-datacenter-cvm" + }, + "osDisk": { + "caching": "ReadOnly", + "managedDisk": { + "storageAccountType": "StandardSSD_LRS", + "securityProfile": { + "securityEncryptionType": "VMGuestStateOnly" + } + }, + "createOption": "FromImage" + } + }, + "securityProfile": { + "uefiSettings": { + "secureBootEnabled": true, + "vTpmEnabled": true + }, + "securityType": "ConfidentialVM" + }, + "osProfile": { + "computerNamePrefix": "{vmss-name}", + "adminUsername": "{your-username}", + "secrets": [], + "windowsConfiguration": { + "provisionVMAgent": true, + "enableAutomaticUpdates": true + } + }, + "networkProfile": { + "networkInterfaceConfigurations": [ + { + "name": "{vmss-name}", + "properties": { + "dnsSettings": { + "dnsServers": [] + }, + "primary": true, + "enableIPForwarding": true, + "ipConfigurations": [ + { + "name": "{vmss-name}", + "properties": { + "subnet": { + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/nsgExistingVnet/subnets/nsgExistingSubnet" + }, + "privateIPAddressVersion": "IPv4" + } + } + ], + "enableAcceleratedNetworking": false + } + } + ] + } + }, + "upgradePolicy": { + "mode": "Manual" + }, + "provisioningState": "Creating" + }, + "location": "westus" + } + } + } +} diff --git a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/CreateAVmWithSecurityTypeConfidentialVM.json b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/CreateAVmWithSecurityTypeConfidentialVM.json new file mode 100644 index 000000000000..f7cbe46e03b5 --- /dev/null +++ b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/CreateAVmWithSecurityTypeConfidentialVM.json @@ -0,0 +1,181 @@ +{ + "parameters": { + "subscriptionId": "{subscription-id}", + "resourceGroupName": "myResourceGroup", + "vmName": "myVM", + "api-version": "2021-11-01", + "parameters": { + "location": "westus", + "properties": { + "hardwareProfile": { + "vmSize": "Standard_DC2as_v5" + }, + "securityProfile": { + "uefiSettings": { + "secureBootEnabled": true, + "vTpmEnabled": true + }, + "securityType": "ConfidentialVM" + }, + "storageProfile": { + "imageReference": { + "sku": "windows-cvm", + "publisher": "MicrosoftWindowsServer", + "version": "17763.2183.2109130127", + "offer": "2019-datacenter-cvm" + }, + "osDisk": { + "caching": "ReadOnly", + "managedDisk": { + "storageAccountType": "StandardSSD_LRS", + "securityProfile": { + "securityEncryptionType": "DiskWithVMGuestState" + } + }, + "createOption": "FromImage", + "name": "myVMosdisk" + } + }, + "osProfile": { + "adminUsername": "{your-username}", + "computerName": "myVM", + "adminPassword": "{your-password}" + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}", + "properties": { + "primary": true + } + } + ] + } + } + } + }, + "responses": { + "200": { + "body": { + "name": "myVM", + "properties": { + "osProfile": { + "adminUsername": "{your-username}", + "secrets": [], + "computerName": "myVM", + "windowsConfiguration": { + "provisionVMAgent": true, + "enableAutomaticUpdates": true + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/nsgExistingNic", + "properties": { + "primary": true + } + } + ] + }, + "storageProfile": { + "imageReference": { + "sku": "windows-cvm", + "publisher": "MicrosoftWindowsServer", + "version": "17763.2183.2109130127", + "offer": "2019-datacenter-cvm" + }, + "osDisk": { + "caching": "ReadOnly", + "managedDisk": { + "storageAccountType": "StandardSSD_LRS", + "securityProfile": { + "securityEncryptionType": "DiskWithVMGuestState" + } + }, + "createOption": "FromImage", + "name": "myVMosdisk" + }, + "dataDisks": [] + }, + "securityProfile": { + "uefiSettings": { + "secureBootEnabled": true, + "vTpmEnabled": true + }, + "securityType": "ConfidentialVM" + }, + "vmId": "5c0d55a7-c407-4ed6-bf7d-ddb810267c85", + "hardwareProfile": { + "vmSize": "Standard_DC2as_v5" + }, + "provisioningState": "Creating" + }, + "type": "Microsoft.Compute/virtualMachines", + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM", + "location": "westus" + } + }, + "201": { + "body": { + "name": "myVM", + "properties": { + "osProfile": { + "adminUsername": "{your-username}", + "secrets": [], + "computerName": "myVM", + "windowsConfiguration": { + "provisionVMAgent": true, + "enableAutomaticUpdates": true + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/nsgExistingNic", + "properties": { + "primary": true + } + } + ] + }, + "storageProfile": { + "imageReference": { + "sku": "windows-cvm", + "publisher": "MicrosoftWindowsServer", + "version": "17763.2183.2109130127", + "offer": "2019-datacenter-cvm" + }, + "osDisk": { + "caching": "ReadOnly", + "managedDisk": { + "storageAccountType": "StandardSSD_LRS", + "securityProfile": { + "securityEncryptionType": "DiskWithVMGuestState" + } + }, + "createOption": "FromImage", + "name": "myVMosdisk" + }, + "dataDisks": [] + }, + "securityProfile": { + "uefiSettings": { + "secureBootEnabled": true, + "vTpmEnabled": true + }, + "securityType": "ConfidentialVM" + }, + "vmId": "5c0d55a7-c407-4ed6-bf7d-ddb810267c85", + "hardwareProfile": { + "vmSize": "Standard_DC2as_v5" + }, + "provisioningState": "Creating" + }, + "type": "Microsoft.Compute/virtualMachines", + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM", + "location": "westus" + } + } + } +} diff --git a/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/CreateAVmWithSecurityTypeConfidentialVMWithCustomerManagedKeys.json b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/CreateAVmWithSecurityTypeConfidentialVMWithCustomerManagedKeys.json new file mode 100644 index 000000000000..0e6b1bc476bd --- /dev/null +++ b/specification/compute/resource-manager/Microsoft.Compute/stable/2021-11-01/examples/compute/CreateAVmWithSecurityTypeConfidentialVMWithCustomerManagedKeys.json @@ -0,0 +1,190 @@ +{ + "parameters": { + "subscriptionId": "{subscription-id}", + "resourceGroupName": "myResourceGroup", + "vmName": "myVM", + "api-version": "2021-11-01", + "parameters": { + "location": "westus", + "properties": { + "hardwareProfile": { + "vmSize": "Standard_DC2as_v5" + }, + "securityProfile": { + "uefiSettings": { + "secureBootEnabled": true, + "vTpmEnabled": true + }, + "securityType": "ConfidentialVM" + }, + "storageProfile": { + "imageReference": { + "sku": "windows-cvm", + "publisher": "MicrosoftWindowsServer", + "version": "17763.2183.2109130127", + "offer": "2019-datacenter-cvm" + }, + "osDisk": { + "caching": "ReadOnly", + "managedDisk": { + "storageAccountType": "StandardSSD_LRS", + "securityProfile": { + "securityEncryptionType": "DiskWithVMGuestState", + "diskEncryptionSet": { + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/{existing-diskEncryptionSet-name}" + } + } + }, + "createOption": "FromImage", + "name": "myVMosdisk" + } + }, + "osProfile": { + "adminUsername": "{your-username}", + "computerName": "myVM", + "adminPassword": "{your-password}" + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}", + "properties": { + "primary": true + } + } + ] + } + } + } + }, + "responses": { + "200": { + "body": { + "name": "myVM", + "properties": { + "osProfile": { + "adminUsername": "{your-username}", + "secrets": [], + "computerName": "myVM", + "windowsConfiguration": { + "provisionVMAgent": true, + "enableAutomaticUpdates": true + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/nsgExistingNic", + "properties": { + "primary": true + } + } + ] + }, + "storageProfile": { + "imageReference": { + "sku": "windows-cvm", + "publisher": "MicrosoftWindowsServer", + "version": "17763.2183.2109130127", + "offer": "2019-datacenter-cvm" + }, + "osDisk": { + "caching": "ReadOnly", + "managedDisk": { + "storageAccountType": "StandardSSD_LRS", + "securityProfile": { + "securityEncryptionType": "DiskWithVMGuestState", + "diskEncryptionSet": { + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/{existing-diskEncryptionSet-name}" + } + } + }, + "createOption": "FromImage", + "name": "myVMosdisk" + }, + "dataDisks": [] + }, + "securityProfile": { + "uefiSettings": { + "secureBootEnabled": true, + "vTpmEnabled": true + }, + "securityType": "ConfidentialVM" + }, + "vmId": "5c0d55a7-c407-4ed6-bf7d-ddb810267c85", + "hardwareProfile": { + "vmSize": "Standard_DC2as_v5" + }, + "provisioningState": "Creating" + }, + "type": "Microsoft.Compute/virtualMachines", + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM", + "location": "westus" + } + }, + "201": { + "body": { + "name": "myVM", + "properties": { + "osProfile": { + "adminUsername": "{your-username}", + "secrets": [], + "computerName": "myVM", + "windowsConfiguration": { + "provisionVMAgent": true, + "enableAutomaticUpdates": true + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/nsgExistingNic", + "properties": { + "primary": true + } + } + ] + }, + "storageProfile": { + "imageReference": { + "sku": "windows-cvm", + "publisher": "MicrosoftWindowsServer", + "version": "17763.2183.2109130127", + "offer": "2019-datacenter-cvm" + }, + "osDisk": { + "caching": "ReadOnly", + "managedDisk": { + "storageAccountType": "StandardSSD_LRS", + "securityProfile": { + "securityEncryptionType": "DiskWithVMGuestState", + "diskEncryptionSet": { + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/{existing-diskEncryptionSet-name}" + } + } + }, + "createOption": "FromImage", + "name": "myVMosdisk" + }, + "dataDisks": [] + }, + "securityProfile": { + "uefiSettings": { + "secureBootEnabled": true, + "vTpmEnabled": true + }, + "securityType": "ConfidentialVM" + }, + "vmId": "5c0d55a7-c407-4ed6-bf7d-ddb810267c85", + "hardwareProfile": { + "vmSize": "Standard_DC2as_v5" + }, + "provisioningState": "Creating" + }, + "type": "Microsoft.Compute/virtualMachines", + "id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM", + "location": "westus" + } + } + } +}