diff mbox series

[isar-cip-core,v3,15/15] start-qemu.sh: Support encrypted rootfs

Message ID 20240409130638.559398-16-Quirin.Gylstorff@siemens.com (mailing list archive)
State Superseded
Headers show
Series Rework disk encryption | expand

Commit Message

Gylstorff Quirin April 9, 2024, 1:05 p.m. UTC 
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 start-qemu.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/start-qemu.sh b/start-qemu.sh
index 9ec0f1c..83d1274 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -21,6 +21,7 @@  usage()
 	echo "  QEMU_PATH         use a locally built QEMU version"
 	echo "  SWUPDATE_BOOT     boot swupdate image"
 	echo "  SECURE_BOOT       start a secure boot environment"
+	echo "  TPM2_ENCRYPTION   starts swtpm to encrypt the disk partitions"
 	echo "  DISTRO_RELEASE    select a specific Debian release"
 	echo "  TARGET_IMAGE      select a specific image type"
 	exit 1
@@ -35,6 +36,10 @@  if grep -s -q "IMAGE_DATA_ENCRYPTION: true" .config.yaml; then
 	TPM2_ENCRYPTION="true"
 fi
 
+if grep -s -q "IMAGE_ROOTFS_ENCRYPTION: true" .config.yaml; then
+	TPM2_ENCRYPTION="true"
+fi
+
 if [ -n "${QEMU_PATH}" ]; then
 	QEMU_PATH="${QEMU_PATH}/"
 fi
@@ -187,7 +192,7 @@  QEMU_COMMON_OPTIONS=" \
 	${QEMU_EXTRA_ARGS} \
 	"
 
-if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then
+if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}${TPM2_ENCRYPTION}" ]; then
 	case "${arch}" in
 		x86|x86_64|amd64)
 			if [ -n "${SECURE_BOOT}" ]; then