feat: Add TPM emulator (#344)

qemus · Jan 18, 2024 · 9f565e1 · 9f565e1
1 parent 02238af
commit 9f565e1
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -11,6 +11,7 @@ RUN apt-get update \
         ovmf \
 	socat \
  	nginx \
+        swtpm \
 	procps \
 	iptables \
 	iproute2 \
@@ -21,13 +22,13 @@ RUN apt-get update \
 	ca-certificates \
 	netcat-openbsd \
 	qemu-system-x86 \
+    && apt-get clean \
     && novnc="1.4.0" \
+    && mkdir -p /usr/share/novnc \
     && wget https://github.com/novnc/noVNC/archive/refs/tags/v"$novnc".tar.gz -O /tmp/novnc.tar.gz -q \
     && tar -xf /tmp/novnc.tar.gz -C /tmp/ \
     && cd /tmp/noVNC-"$novnc" \
-    && mkdir -p /usr/share/novnc \    
     && mv app core vendor package.json *.html /usr/share/novnc \
-    && apt-get clean \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 COPY ./src /run/

diff --git a/src/boot.sh b/src/boot.sh
@@ -54,6 +54,16 @@ if [[ "${BOOT_MODE,,}" != "legacy" ]]; then
   BOOT_OPTS="$BOOT_OPTS -drive file=$DEST.rom,if=pflash,unit=0,format=raw,readonly=on"
   BOOT_OPTS="$BOOT_OPTS -drive file=$DEST.vars,if=pflash,unit=1,format=raw"
 
+  if [[ "${BOOT_MODE,,}" == "windows" ]]; then
+
+    BOOT_OPTS="$BOOT_OPTS -chardev socket,id=chrtpm,path=/dev/shm/tpm/swtpm-sock"
+    BOOT_OPTS="$BOOT_OPTS -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0"
+
+    mkdir -p /dev/shm/tpm
+    swtpm socket -t -d --tpmstate dir=/dev/shm/tpm --ctrl type=unixio,path=/dev/shm/tpm/swtpm-sock --log level=1 --tpm2
+
+  fi
+
 fi
 
 return 0