MatheMatrix · zstack-robot-1 · Apr 1, 2026 · coderabbitai · Apr 1, 2026
diff --git a/compute/src/main/java/org/zstack/compute/vm/VmGlobalConfig.java b/compute/src/main/java/org/zstack/compute/vm/VmGlobalConfig.java
@@ -139,4 +139,8 @@ public class VmGlobalConfig {
     @GlobalConfigValidation(validValues = {"true", "false"})
     @BindResourceConfig(value = {VmInstanceVO.class, ClusterVO.class})
     public static GlobalConfig RESET_TPM_AFTER_VM_CLONE = new GlobalConfig(CATEGORY, "reset.tpm.after.vm.clone");
+
+    @GlobalConfigDef(defaultValue = "false", type = Boolean.class, description = "allowed TPM VM start without KMS")
+    @GlobalConfigValidation(validValues = {"true", "false"})
+    public static GlobalConfig ALLOWED_TPM_VM_WITHOUT_KMS = new GlobalConfig(CATEGORY, "allowed.tpm.vm.without.kms");
 }
diff --git a/plugin/kvm/src/main/java/org/zstack/kvm/tpm/KvmTpmExtensions.java b/plugin/kvm/src/main/java/org/zstack/kvm/tpm/KvmTpmExtensions.java
@@ -2,6 +2,7 @@
 
 import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.zstack.compute.vm.VmGlobalConfig;
 import org.zstack.compute.vm.devices.TpmEncryptedResourceKeyBackend;
 import org.zstack.core.Platform;
 import org.zstack.core.cloudbus.CloudBus;
@@ -171,7 +172,12 @@ public void fail(ErrorCode errorCode) {
 
             @Override
             public boolean skip(Map data) {
-                return false;
+                boolean shouldSkip = VmGlobalConfig.ALLOWED_TPM_VM_WITHOUT_KMS.value(Boolean.class) &&
+                        (StringUtils.isBlank(context.providerUuid) || StringUtils.isBlank(context.providerName));
+                if (shouldSkip) {
+                    logger.info("skip create-dek: allowed.tpm.vm.without.kms is enabled and no KMS provider bound");
+                }
+                return shouldSkip;
             }
 
             @Override