From: Daan De Meyer Date: Wed, 31 May 2023 13:51:09 +0000 (+0200) Subject: Add QemuSwtpm option X-Git-Tag: v15~137 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=09dd508290fcfaad42775f1c15de210d4befa593;p=thirdparty%2Fmkosi.git Add QemuSwtpm option --- diff --git a/mkosi.md b/mkosi.md index de4048dbb..c3daae112 100644 --- a/mkosi.md +++ b/mkosi.md @@ -1018,6 +1018,12 @@ a boolean argument: either "1", "yes", or "true" to enable, or "0", : When used with the `qemu` verb, this option specifies whether QEMU should be configured with a vsock. Takes a boolean value or `auto`. Defaults to `auto`. +`QemuSwtpm=`, `--qemu-swtpm=` + +: When used with the `qemu` verb, this option specified whether to start an instance of swtpm to be used as a + TPM with qemu. This requires swtpm to be installed on the host. Takes a boolean value or `auto`. Defaults + to `auto`. + `QemuArgs=` : Space-delimited list of additional arguments to pass when invoking diff --git a/mkosi/config.py b/mkosi/config.py index 75cd4e3a0..391513713 100644 --- a/mkosi/config.py +++ b/mkosi/config.py @@ -670,6 +670,7 @@ class MkosiConfig: qemu_mem: str qemu_kvm: ConfigFeature qemu_vsock: ConfigFeature + qemu_swtpm: ConfigFeature qemu_args: Sequence[str] passphrase: Optional[Path] @@ -1191,6 +1192,11 @@ class MkosiConfigParser: section="Host", parse=config_parse_feature, ), + MkosiConfigSetting( + dest="qemu_swtpm", + section="Host", + parse=config_parse_feature, + ), MkosiConfigSetting( dest="qemu_args", section="Host", @@ -1910,6 +1916,13 @@ class MkosiConfigParser: nargs="?", action=action, ) + group.add_argument( + "--qemu-swtpm", + metavar="FEATURE", + help="Configure whether to use qemu with swtpm or not", + nargs="?", + action=action, + ) group.add_argument( "--qemu-args", metavar="ARGS", @@ -2245,6 +2258,9 @@ def load_config(args: argparse.Namespace) -> MkosiConfig: if args.qemu_vsock == ConfigFeature.enabled and not qemu_check_vsock_support(log=False): die("Sorry, the host machine does not support vsock") + if args.qemu_swtpm == ConfigFeature.enabled and not shutil.which("swtpm"): + die("swtpm is requested but not found in PATH") + if args.repositories and not (is_dnf_distribution(args.distribution) or is_apt_distribution(args.distribution)): die("Sorry, the --repositories option is only supported on DNF/Debian based distributions") diff --git a/mkosi/qemu.py b/mkosi/qemu.py index d8bb4aa61..d7167d632 100644 --- a/mkosi/qemu.py +++ b/mkosi/qemu.py @@ -135,27 +135,15 @@ def find_ovmf_vars(config: MkosiConfig) -> Path: @contextlib.contextmanager def start_swtpm() -> Iterator[Optional[Path]]: - - if not shutil.which("swtpm"): - yield None - return - - with tempfile.TemporaryDirectory() as swtpm_state: - swtpm_sock = Path(swtpm_state) / Path("sock") - - cmd = ["swtpm", - "socket", - "--tpm2", - "--tpmstate", f"dir={swtpm_state}", - "--ctrl", f"type=unixio,path={swtpm_sock}", - ] - - swtpm_proc = spawn(cmd) + with tempfile.TemporaryDirectory() as state: + sock = Path(state) / Path("sock") + proc = spawn(["swtpm", "socket", "--tpm2", "--tpmstate", f"dir={state}", "--ctrl", f"type=unixio,path={sock}"]) try: - yield swtpm_sock + yield sock finally: - swtpm_proc.wait() + proc.terminate() + proc.wait() @contextlib.contextmanager @@ -288,9 +276,9 @@ def run_qemu(args: MkosiArgs, config: MkosiConfig) -> None: "-device", "virtio-scsi-pci,id=scsi", "-device", "scsi-hd,drive=hd,bootindex=1"] - swtpm_socket = stack.enter_context(start_swtpm()) - if swtpm_socket is not None: - cmdline += ["-chardev", f"socket,id=chrtpm,path={swtpm_socket}", + if config.qemu_swtpm != ConfigFeature.disabled and shutil.which("swtpm") is not None: + sock = stack.enter_context(start_swtpm()) + cmdline += ["-chardev", f"socket,id=chrtpm,path={sock}", "-tpmdev", "emulator,id=tpm0,chardev=chrtpm"] if config.architecture == Architecture.x86_64: