feat: add Ubuntu 22.04 FIPS VHDs #7721
Merged
+196
−16
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Update vhd-scanning.sh Update vhd-scanning.sh Revert "try another sku with lower core counts" This reverts commit a5094f0.
mxj220
requested review from
AbelHu,
Devinwong,
awesomenix,
cameronmeissner,
djsly,
ganeshkumarashok,
juan-lee,
junjiezhang1997,
lilypan26,
phealy,
r2k1,
timmy-wright and
zachary-bailey
as code owners
awesomenix
approved these changes
Jan 22, 2026
djsly
reviewed
Jan 23, 2026
djsly
reviewed
Jan 23, 2026
djsly
reviewed
Jan 23, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
This PR enables the creation of Ubuntu 22.04 FIPS VHDs by implementing support for FIPS 140-3 encryption through Azure REST API calls. Previously blocked due to the need for FIPS 140-3 encryption (which requires subscription feature registration), this implementation follows the Microsoft documentation for Azure VM extensions with FIPS support.
Changes:
- Added new
fips-helper.shscript with functions to register the FIPS 140-3 compliance feature and create VMs via REST API with FIPS encryption enabled - Modified
vhd-scanning.shto detect Ubuntu 22.04 FIPS scenarios and route VM creation through the new REST API approach instead of standardaz vm create - Updated Go datamodel to use the dynamic
LinuxSIGImageVersionfor Ubuntu 22.04 FIPS images instead of hardcoded placeholder versions - Enabled Ubuntu 22.04 FIPS builds in the release pipeline by setting default values to
true
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| vhdbuilder/packer/fips-helper.sh | New helper script containing functions for FIPS 140-3 feature registration and REST API-based VM creation |
| vhdbuilder/packer/vhd-scanning.sh | Modified to detect Ubuntu 22.04 FIPS scenario and invoke the new FIPS helper functions; refactored VM_SIZE into a variable for reusability |
| pkg/agent/datamodel/sig_config.go | Updated version field from hardcoded placeholder to dynamic LinuxSIGImageVersion for both 2204 FIPS image templates |
| pkg/agent/datamodel/sig_config_test.go | Added test expectations for the two new Ubuntu 22.04 FIPS distros |
| .pipelines/.vsts-vhd-builder-release.yaml | Enabled Ubuntu 22.04 FIPS builds by changing defaults from false to true |
awesomenix
approved these changes
Jan 23, 2026
awesomenix
approved these changes
Jan 26, 2026
awesomenix
approved these changes
Jan 26, 2026
Copilot AI
pushed a commit
that referenced
this pull request
Jan 27, 2026
Co-authored-by: Calvin Shum <calvin197@ymail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Enable creation of Ubuntu 22.04 FIPS VHD. This was blocked by the need for FIPS 140-3 encryption, which is only supported through Azure REST API calls.
Implements instructions listed here https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/agent-linux-fips
Which issue(s) this PR fixes:
Fixes #