diff mbox series

[isar-cip-core,RFC,4/5] start-qemu: If swtpm is available create a tpm2 device

Message ID 20230130150204.697758-5-Quirin.Gylstorff@siemens.com (mailing list archive)
State Superseded
Headers show
Series Encrypt Partition in initramfs | expand

Commit Message

Quirin Gylstorff Jan. 30, 2023, 3:02 p.m. UTC 
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

This allows testing the tpm2 encryption with qemu.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 start-qemu.sh | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)
diff mbox series

Patch

diff --git a/start-qemu.sh b/start-qemu.sh
index dd16aed..3ef2acc 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -139,11 +139,24 @@  QEMU_COMMON_OPTIONS=" \
 	-m 1G \
 	-serial mon:stdio \
 	-netdev user,id=net,hostfwd=tcp:127.0.0.1:22222-:22 \
-	${QEMU_EXTRA_ARGS}"
+	"
 
 if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then
 	case "${arch}" in
 		x86|x86_64|amd64)
+			if [ -x /usr/bin/swtpm ]; then
+				swtpm_dir="/tmp/qemu-swtpm"
+				mkdir -p ${swtpm_dir}
+                rm ${swtpm_dir}/*
+				if swtpm socket -d --tpmstate dir=${swtpm_dir} \
+						 --ctrl type=unixio,path=${swtpm_dir}/sock \
+						 --tpm2; then
+					QEMU_EXTRA_ARGS="${QEMU_EXTRA_ARGS} \
+                            -chardev socket,id=chrtpm,path=${swtpm_dir}/sock \
+					 		-tpmdev emulator,id=tpm0,chardev=chrtpm \
+					 		-device tpm-tis,tpmdev=tpm0"
+				fi
+			fi
 			if [ -n "${SECURE_BOOT}" ]; then
 				ovmf_code=${OVMF_CODE:-./build/tmp/deploy/images/qemu-amd64/OVMF/OVMF_CODE_4M.secboot.fd}
 				ovmf_vars=${OVMF_VARS:-./build/tmp/deploy/images/qemu-amd64/OVMF/OVMF_VARS_4M.snakeoil.fd}
@@ -154,14 +167,14 @@  if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then
 					-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
 					-drive if=pflash,format=raw,file=${ovmf_vars} \
 					-drive file=${IMAGE_PREFIX}.wic,discard=unmap,if=none,id=disk,format=raw \
-					${QEMU_COMMON_OPTIONS} "$@"
+					${QEMU_COMMON_OPTIONS} ${QEMU_EXTRA_ARGS} "$@"
 			else
 				ovmf_code=${OVMF_CODE:-./build/tmp/deploy/images/qemu-amd64/OVMF/OVMF_CODE_4M.fd}
 
 				${QEMU_PATH}${QEMU} \
 					-drive file=${IMAGE_PREFIX}.wic,discard=unmap,if=none,id=disk,format=raw \
 					-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
-					${QEMU_COMMON_OPTIONS} "$@"
+					${QEMU_COMMON_OPTIONS} ${QEMU_EXTRA_ARGS} "$@"
 			fi
 			;;
 		arm64|aarch64|arm|armhf)
@@ -170,7 +183,7 @@  if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then
 			${QEMU_PATH}${QEMU} \
 				-drive file=${IMAGE_PREFIX}.wic,discard=unmap,if=none,id=disk,format=raw \
 				-bios ${u_boot_bin} \
-				${QEMU_COMMON_OPTIONS} "$@"
+				${QEMU_COMMON_OPTIONS} ${QEMU_EXTRA_ARGS} "$@"
 			;;
 		*)
 			echo "Unsupported architecture: ${arch}"
@@ -187,5 +200,5 @@  else
 			-drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \
 			-kernel ${KERNEL_FILE} -append "${KERNEL_CMDLINE}" \
 			-initrd ${INITRD_FILE} \
-			${QEMU_COMMON_OPTIONS} "$@"
+			${QEMU_COMMON_OPTIONS} ${QEMU_EXTRA_ARGS} "$@"
 fi