From 5bdfe191da55a16b954ef76841a79fb3a0d894c2 Mon Sep 17 00:00:00 2001
From: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Date: Fri, 12 Apr 2024 13:14:12 +0000
Subject: [PATCH] platform/api/azure: Narrow down trusted launch enablement

Only amd64 instances support trusted launch. When pre-creating a
gallery, we also want TL to be used.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
---
 platform/api/azure/instance.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/platform/api/azure/instance.go b/platform/api/azure/instance.go
index 67b8d1995..6c5367818 100644
--- a/platform/api/azure/instance.go
+++ b/platform/api/azure/instance.go
@@ -21,6 +21,7 @@ import (
 	"io"
 	"io/ioutil"
 	"regexp"
+	"strings"
 	"time"
 
 	"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2022-08-01/compute"
@@ -152,7 +153,9 @@ func (a *API) getVMParameters(name, userdata, sshkey, storageAccountURI string,
 		},
 	}
 
-	if a.Opts.HyperVGeneration == string(compute.HyperVGenerationTypeV2) && a.Opts.UseGallery {
+	if a.Opts.HyperVGeneration == string(compute.HyperVGenerationTypeV2) &&
+		(a.Opts.UseGallery || strings.Contains(a.Opts.DiskURI, "galleries")) &&
+		a.Opts.Board == "amd64-usr" {
 		vm.SecurityProfile = &compute.SecurityProfile{
 			SecurityType: compute.SecurityTypesTrustedLaunch,
 			UefiSettings: &compute.UefiSettings{