Add TPM docs

Signed-off-by: futuretea <Hang.Yu@suse.com>

docs/vm/create-vm.md

@@ -157,6 +157,21 @@ If your OS is openSUSE and the version is less than 15.3, please replace `qemu-g
 
 :::
 
+### TPM Device
+
+_Available as of v1.2.0_
+
+The [Trusted Platform Module (TPM)](https://en.wikipedia.org/wiki/Trusted_Platform_Module) is a cryptoprocessor that secures hardware using cryptographic keys.
+
+Referring to [Windows 11 Requirements](https://learn.microsoft.com/en-us/windows/whats-new/windows-11-requirements), the TPM device is a hard requirement of Windows 11.
+
+- In the Harvester UI, you can add an emulated TPM to the VM by selecting the `Enable TPM` option in the **Advanced Options** tab.
+
+:::note
+
+Currently, only non-persistent vTPM is supported, and its state is erased after each VM shutdown. Therefore, [Bitlocker](https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview) should not be enabled.
+
+:::
 
 ## One-time Boot For ISO Installation
 

docs/vm/create-windows-vm.md

@@ -103,6 +103,7 @@ Changing the `Node Scheduling` settings can impact Harvester features, such as d
 2. `Machine Type`: The value `None` is set by default. It's recommended you don't change it. See the [KubeVirt Machine Type](https://kubevirt.io/user-guide/virtual_machines/virtual_hardware/#machine-type) documentation before you change this value.
 3. (Optional) `Hostname`: Set the VM hostname.
 4. (Optional) `Cloud Config`: Both `User Data` and `Network Data` values are set with default values. Currently, these configurations are not applied to Windows-based VMs.
+5. (Optional) `Enable TPM`, `Booting in EFI mode`, `Secure Boot`:  Notablel, both the TPM device and UEFI firmware with SecureBoot are hard requirements for Windows 11.
 
 ![create-windows-vm-advanced](/img/v1.2/vm/create-windows-vm-advanced.png)