: When used with the `qemu` verb, this option specifies whether QEMU should be configured with a vsock. Takes
a boolean value or `auto`. Defaults to `auto`.
+`QemuSwtpm=`, `--qemu-swtpm=`
+
+: When used with the `qemu` verb, this option specified whether to start an instance of swtpm to be used as a
+ TPM with qemu. This requires swtpm to be installed on the host. Takes a boolean value or `auto`. Defaults
+ to `auto`.
+
`QemuArgs=`
: Space-delimited list of additional arguments to pass when invoking
qemu_mem: str
qemu_kvm: ConfigFeature
qemu_vsock: ConfigFeature
+ qemu_swtpm: ConfigFeature
qemu_args: Sequence[str]
passphrase: Optional[Path]
section="Host",
parse=config_parse_feature,
),
+ MkosiConfigSetting(
+ dest="qemu_swtpm",
+ section="Host",
+ parse=config_parse_feature,
+ ),
MkosiConfigSetting(
dest="qemu_args",
section="Host",
nargs="?",
action=action,
)
+ group.add_argument(
+ "--qemu-swtpm",
+ metavar="FEATURE",
+ help="Configure whether to use qemu with swtpm or not",
+ nargs="?",
+ action=action,
+ )
group.add_argument(
"--qemu-args",
metavar="ARGS",
if args.qemu_vsock == ConfigFeature.enabled and not qemu_check_vsock_support(log=False):
die("Sorry, the host machine does not support vsock")
+ if args.qemu_swtpm == ConfigFeature.enabled and not shutil.which("swtpm"):
+ die("swtpm is requested but not found in PATH")
+
if args.repositories and not (is_dnf_distribution(args.distribution) or is_apt_distribution(args.distribution)):
die("Sorry, the --repositories option is only supported on DNF/Debian based distributions")
@contextlib.contextmanager
def start_swtpm() -> Iterator[Optional[Path]]:
-
- if not shutil.which("swtpm"):
- yield None
- return
-
- with tempfile.TemporaryDirectory() as swtpm_state:
- swtpm_sock = Path(swtpm_state) / Path("sock")
-
- cmd = ["swtpm",
- "socket",
- "--tpm2",
- "--tpmstate", f"dir={swtpm_state}",
- "--ctrl", f"type=unixio,path={swtpm_sock}",
- ]
-
- swtpm_proc = spawn(cmd)
+ with tempfile.TemporaryDirectory() as state:
+ sock = Path(state) / Path("sock")
+ proc = spawn(["swtpm", "socket", "--tpm2", "--tpmstate", f"dir={state}", "--ctrl", f"type=unixio,path={sock}"])
try:
- yield swtpm_sock
+ yield sock
finally:
- swtpm_proc.wait()
+ proc.terminate()
+ proc.wait()
@contextlib.contextmanager
"-device", "virtio-scsi-pci,id=scsi",
"-device", "scsi-hd,drive=hd,bootindex=1"]
- swtpm_socket = stack.enter_context(start_swtpm())
- if swtpm_socket is not None:
- cmdline += ["-chardev", f"socket,id=chrtpm,path={swtpm_socket}",
+ if config.qemu_swtpm != ConfigFeature.disabled and shutil.which("swtpm") is not None:
+ sock = stack.enter_context(start_swtpm())
+ cmdline += ["-chardev", f"socket,id=chrtpm,path={sock}",
"-tpmdev", "emulator,id=tpm0,chardev=chrtpm"]
if config.architecture == Architecture.x86_64:
projects / thirdparty / mkosi.git / commitdiff
