feat: Make TPM state persistent

qemus · Oct 1, 2024 · 9c3c389 · 9c3c389
1 parent 3169e88
commit 9c3c389
Showing 1 changed file with 16 additions and 18 deletions.
diff --git a/src/boot.sh b/src/boot.sh
@@ -89,32 +89,30 @@ esac
 
 if [[ "$TPM" == [Yy1]* ]]; then
 
-  rm -rf /run/shm/tpm
   rm -f /var/run/tpm.pid
-  mkdir -p /run/shm/tpm
-  chmod 755 /run/shm/tpm
 
-  if ! swtpm socket -t -d --tpmstate dir=/run/shm/tpm --ctrl type=unixio,path=/run/swtpm-sock --pid file=/var/run/tpm.pid --tpm2; then
-    error "Failed to start TPM emulator, reason: $?" && exit 19
-  fi
+  if ! swtpm socket -t -d --tpmstate "backend-uri=file://$STORAGE/${BOOT_MODE,,}.tpm" --ctrl type=unixio,path=/run/swtpm-sock --pid file=/var/run/tpm.pid --tpm2; then
+    error "Failed to start TPM emulator, reason: $?"
+  else
 
-  for (( i = 1; i < 20; i++ )); do
+    for (( i = 1; i < 20; i++ )); do
 
-    [ -S "/run/swtpm-sock" ] && break
+      [ -S "/run/swtpm-sock" ] && break
 
-    if (( i % 10 == 0 )); then
-      echo "Waiting for TPM emulator to become available..."
-    fi
+      if (( i % 10 == 0 )); then
+        echo "Waiting for TPM emulator to become available..."
+      fi
 
-    sleep 0.1
+      sleep 0.1
 
-  done
+    done
 
-  if [ ! -S "/run/swtpm-sock" ]; then
-    error "TPM socket not found? Disabling TPM module..."
-  else
-    BOOT_OPTS+=" -chardev socket,id=chrtpm,path=/run/swtpm-sock"
-    BOOT_OPTS+=" -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0"
+    if [ ! -S "/run/swtpm-sock" ]; then
+      error "TPM socket not found? Disabling TPM module..."
+    else
+      BOOT_OPTS+=" -chardev socket,id=chrtpm,path=/run/swtpm-sock"
+      BOOT_OPTS+=" -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0"
+    fi
   fi
 
 fi