@@ -28,6 +28,9 @@ if grep -s -q "IMAGE_SECURE_BOOT: true" .config.yaml; then
elif grep -s -q "IMAGE_SWUPDATE: true" .config.yaml; then
SWUPDATE_BOOT="true"
fi
+if grep -s -q "IMAGE_DATA_ENCRYPTION: true" .config.yaml; then
+ TPM2_ENCRYPTION="true"
+fi
if [ -n "${QEMU_PATH}" ]; then
QEMU_PATH="${QEMU_PATH}/"
@@ -129,7 +132,8 @@ case "${arch}" in
;;
esac
-IMAGE_PREFIX="$(dirname $0)/build/tmp/deploy/images/qemu-${QEMU_ARCH}/${TARGET_IMAGE}-cip-core-${DISTRO_RELEASE}-qemu-${QEMU_ARCH}${TEST_IMAGE}"
+BASE_DIR=$(readlink -f $(dirname $0))
+IMAGE_PREFIX="${BASE_DIR}/build/tmp/deploy/images/qemu-${QEMU_ARCH}/${TARGET_IMAGE}-cip-core-${DISTRO_RELEASE}-qemu-${QEMU_ARCH}${TEST_IMAGE}"
if [ -z "${DISPLAY}" ]; then
QEMU_EXTRA_ARGS="${QEMU_EXTRA_ARGS} -nographic"
@@ -143,7 +147,20 @@ QEMU_COMMON_OPTIONS=" \
-m 1G \
-serial mon:stdio \
-netdev user,id=net,hostfwd=tcp:127.0.0.1:22222-:22 \
- ${QEMU_EXTRA_ARGS}"
+ "
+
+if [ "$TPM2_ENCRYPTION" = "true" ] && [ -x /usr/bin/swtpm ]; then
+ SWTPM_DIR="${IMAGE_PREFIX}.swtpm"
+ mkdir -p "${SWTPM_DIR}"
+ if swtpm socket -d --tpmstate dir="${SWTPM_DIR}" \
+ --ctrl type=unixio,path=/tmp/qemu-swtpm.sock \
+ --tpm2; then
+ QEMU_EXTRA_ARGS="${QEMU_EXTRA_ARGS} \
+ -chardev socket,id=chrtpm,path=/tmp/qemu-swtpm.sock \
+ -tpmdev emulator,id=tpm0,chardev=chrtpm \
+ -device tpm-tis,tpmdev=tpm0"
+ fi
+fi
if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then
case "${arch}" in
@@ -158,14 +175,14 @@ if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then
-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
-drive if=pflash,format=raw,file=${ovmf_vars} \
-drive file=${IMAGE_PREFIX}.wic,discard=unmap,if=none,id=disk,format=raw \
- ${QEMU_COMMON_OPTIONS} "$@"
+ ${QEMU_COMMON_OPTIONS} ${QEMU_EXTRA_ARGS} "$@"
else
ovmf_code=${OVMF_CODE:-./build/tmp/deploy/images/qemu-amd64/OVMF/OVMF_CODE_4M.fd}
${QEMU_PATH}${QEMU} \
-drive file=${IMAGE_PREFIX}.wic,discard=unmap,if=none,id=disk,format=raw \
-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
- ${QEMU_COMMON_OPTIONS} "$@"
+ ${QEMU_COMMON_OPTIONS} ${QEMU_EXTRA_ARGS} "$@"
fi
;;
arm64|aarch64|arm|armhf)
@@ -174,7 +191,7 @@ if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then
${QEMU_PATH}${QEMU} \
-drive file=${IMAGE_PREFIX}.wic,discard=unmap,if=none,id=disk,format=raw \
-bios ${u_boot_bin} \
- ${QEMU_COMMON_OPTIONS} "$@"
+ ${QEMU_COMMON_OPTIONS} ${QEMU_EXTRA_ARGS} "$@"
;;
rv64|riscv64)
opensbi_bin=${FIRMWARE_BIN:-./build/tmp/deploy/images/qemu-${QEMU_ARCH}/fw_payload.bin}
@@ -199,5 +216,5 @@ else
-drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \
-kernel ${KERNEL_FILE} -append "${KERNEL_CMDLINE}" \
-initrd ${INITRD_FILE} \
- ${QEMU_COMMON_OPTIONS} "$@"
+ ${QEMU_COMMON_OPTIONS} ${QEMU_EXTRA_ARGS} "$@"
fi