From 6ebceb8ee2aef970f0bbea56dbdf43702d0c2575 Mon Sep 17 00:00:00 2001
From: Sandwich <sandwich@archworks.co>
Date: Sun, 22 Feb 2026 02:22:37 +0100
Subject: [PATCH] fix(virtualization): add vTPM2 result validation before
 VMware power-on

---
 roles/virtualization/tasks/vmware.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/roles/virtualization/tasks/vmware.yml b/roles/virtualization/tasks/vmware.yml
index 5b05f24..fd5c0a2 100644
--- a/roles/virtualization/tasks/vmware.yml
+++ b/roles/virtualization/tasks/vmware.yml
@@ -100,6 +100,17 @@
         name: "{{ hostname }}"
         state: present
       no_log: true
+      register: virtualization_vmware_tpm2_result
+
+    - name: Validate vTPM2 was added successfully
+      when:
+        - virtualization_tpm2_enabled | bool
+        - virtualization_vmware_tpm2_result is defined
+      ansible.builtin.assert:
+        that:
+          - virtualization_vmware_tpm2_result is not failed
+        fail_msg: "Failed to add vTPM2 to VM '{{ hostname }}'. LUKS with TPM2 requires a virtual TPM device."
+        quiet: true
 
     # vmware.vmware: modern collection for power operations
     - name: Start VM in vCenter