From 080d439758c529e17bf7a967a69a462777c91231 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Wed, 11 Jan 2023 13:52:50 -0500 Subject: [PATCH] qemu-coreboot-tpm boards: usage optimizations - ROOT_DISK_IMG is now dynamic (ROOT_DISK_IMG=/path/to/existing/provisioned/disk.img can be reused across run statements) - Addition of missing boards to cover all use cases - All TPM1 boards rely on common config/coreboot-qemu-tpm1.config - boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md has been generalized - all other boards are softlinked to the above for usage --- .../qemu-coreboot-fbwhiptail-tpm1-hotp.config | 6 +- .../qemu-coreboot-fbwhiptail-tpm1-hotp.md | 18 ++- .../qemu-coreboot-fbwhiptail-tpm1.config | 151 +++++++++++++++++ .../qemu-coreboot-fbwhiptail-tpm1.md | 1 + .../qemu-coreboot-whiptail-tpm1-hotp.config | 153 ++++++++++++++++++ .../qemu-coreboot-whiptail-tpm1-hotp.md | 1 + .../qemu-coreboot-whiptail-tpm1.config | 4 +- .../qemu-coreboot-whiptail-tpm1.md | 1 + ...-tpm1.config => coreboot-qemu-tpm1.config} | 0 9 files changed, 326 insertions(+), 9 deletions(-) create mode 100644 boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config create mode 120000 boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.md create mode 100644 boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config create mode 120000 boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.md create mode 120000 boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.md rename config/{coreboot-qemu-whiptail-tpm1.config => coreboot-qemu-tpm1.config} (100%) diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config index 28be73ef..f2301d88 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config @@ -1,5 +1,5 @@ # Configuration for building a coreboot ROM that works in -# the qemu emulator in GUI mode thanks to FBWhiptail +# the qemu emulator in console mode thanks to Whiptail # # TPM can be used with a qemu software TPM (TIS, 1.2). A Librem Key or # Nitrokey Pro can also be used by forwarding the USB device from the host to @@ -8,7 +8,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.13 export CONFIG_LINUX_VERSION=5.10.5 -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-fbwhiptail-tpm1-hotp.config +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1.config CONFIG_LINUX_CONFIG=config/linux-qemu.config ifeq "$(CONFIG_UROOT)" "y" @@ -77,7 +77,7 @@ $(TPMDIR)/.manufacture: mkdir -p "$(TPMDIR)" swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2 +ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 # Default to 20G disk QEMU_DISK_SIZE?=20G $(ROOT_DISK_IMG): diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md index 3a7f14c8..43f2a7d0 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md +++ b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md @@ -1,8 +1,8 @@ -qemu-coreboot-fbwhiptal-tpm1-hotp +qemu-coreboot-(fb)whiptal-tpm1-(hotp) board === -The `qemu-coreboot-fbwhiptail-tpm1-hotp` configuration permits testing of most features of Heads. It - requires a supported USB token (which will be reset for use with the VM, do not use a token needed for a +The `qemu-coreboot-fbwhiptail-tpm1-hotp` configuration (and their variants) permits testing of most features of Heads. + It requires a supported USB token (which will be reset for use with the VM, do not use a token needed for a real machine). With KVM acceleration, speed is comparable to a real machine. If KVM is unavailable, lightweight desktops are still usable. @@ -10,7 +10,7 @@ Heads is currently unable to reflash firmware within qemu, which means that OEM cannot be fully performed within the VM. Instead, a GPG key can be injected in the Heads image from the host during the build. -The TPM and disks for this configuration are persisted in the build/qemu-coreboot-fbwhiptail-tpm1-hotp/ directory. +The TPM and disks for this configuration are persisted in the build/qemu-coreboot-fbwhiptail-tpm1-hotp/ directory by default. Bootstrapping a working system === @@ -49,6 +49,16 @@ Bootstrapping a working system 7. Initialize the TPM - select "Reset the TPM" at the TOTP error prompt and follow prompts 8. Select "Default boot" and follow prompts to sign /boot for the first time and set a default boot option +You can reuse an already created ROOT_DISK_IMG by passing its path at runtime. +Ex: `make BOARD=qemu-coreboot-fbwhiptail-tpm1 PUBKEY_ASC=~/pub_key_counterpart_of_usb_dongle.asc USB_TOKEN=NitrokeyStorage ROOT_DISK_IMG=~/heads/build/x86/qemu-coreboot-fbwhiptail-tpm1-hotp/root.qcow2 run` + +On a daily development cycle, usage looks like: +1. `make BOARD=qemu-coreboot-fbwhiptail-tpm1 PUBKEY_ASC=~/pub_key_counterpart_of_usb_dongle.asc USB_TOKEN=NitrokeyStorage ROOT_DISK_IMG=~/heads/build/x86/qemu-coreboot-fbwhiptail-tpm1-hotp/root.qcow2 inject_gpg` +2. `make BOARD=qemu-coreboot-fbwhiptail-tpm1 PUBKEY_ASC=~/pub_key_counterpart_of_usb_dongle.asc USB_TOKEN=NitrokeyStorage ROOT_DISK_IMG=~/heads/build/x86/qemu-coreboot-fbwhiptail-tpm1-hotp/root.qcow2 run` + +The first command builds latest uncommited/unsigned changes and injects the public key inside of the rom to be ran by the second command. +To test across all qemu variants, one only has to change BOARD name and run the two previous commands, adapting `QEMU_MEMORY_SIZE=1G` or modifying the file directly under build dir to adapt to host resources. + swtpm on Debian Bullseye === diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config new file mode 100644 index 00000000..f5793221 --- /dev/null +++ b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config @@ -0,0 +1,151 @@ +# Configuration for building a coreboot ROM that works in +# the qemu emulator in console mode thanks to Whiptail +# +# TPM can be used with a qemu software TPM (TIS, 1.2). +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.13 +export CONFIG_LINUX_VERSION=5.10.5 + +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + +ifeq "$(CONFIG_UROOT)" "y" +CONFIG_BUSYBOX=n +else +CONFIG_KEXEC=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +CONFIG_POPT=y +CONFIG_FLASHTOOLS=y +CONFIG_FLASHROM=y +CONFIG_PCIUTILS=y +CONFIG_UTIL_LINUX=y +CONFIG_CRYPTSETUP2=y +CONFIG_GPG2=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_DROPBEAR=y +CONFIG_MSRTOOLS=y +#CONFIG_HOTPKEY=y + +#Uncomment only one of the following block +#Required for graphical gui-init (FBWhiptail) +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y +# +#text-based init (generic-init and gui-init) +#CONFIG_NEWT=y +#CONFIG_SLANG=y + +endif + +export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y + +#Uncomment only one BOOTSCRIPT: +#Whiptail-based init (text-based or FBWhiptail) +export CONFIG_BOOTSCRIPT=/bin/gui-init +# +#text-based original init: +#export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" +export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" +export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" + +export CONFIG_TPM=y + +export CONFIG_BOOT_DEV="/dev/vda1" +export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1" + +# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG +# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested +# that way without a GPG key. +ifneq "$(PUBKEY_ASC)" "" +QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) +else +QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) +endif + +#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh +TPMDIR=$(build)/$(BOARD)/vtpm +$(TPMDIR)/.manufacture: + mkdir -p "$(TPMDIR)" + swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram + touch "$(TPMDIR)/.manufacture" +ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 +# Default to 20G disk +QEMU_DISK_SIZE?=20G +$(ROOT_DISK_IMG): + qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) +# Remember the amount of memory so it doesn't have to be specified every time. +# Default to 4G, most bootable OSes are not usable with less. +QEMU_MEMORY_SIZE?=4G +MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory +$(MEMORY_SIZE_FILE): + @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" +USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw +$(USB_FD_IMG): + dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=128 + # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even + # though it is meaningful to use mkfs.vfat (etc.) as non-root + MKFS_VFAT=mkfs.vfat; \ + [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ + "$$MKFS_VFAT" "$(USB_FD_IMG)" +# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead +# of the temporary flash drive for exporting GPG keys. +ifneq "$(INSTALL_IMG)" "" +QEMU_USB_FD_IMG := $(INSTALL_IMG) +else +QEMU_USB_FD_IMG := $(USB_FD_IMG) +endif +# To forward a USB token, set USB_TOKEN to one of the following: +# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID +# - LibremKey - forwards a Librem Key by VID:PID +# - - Provide the QEMU usb-host parameters, such as +# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' +ifeq "$(USB_TOKEN)" "NitrokeyPro" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 +else ifeq "$(USB_TOKEN)" "NitrokeyStorage" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 +else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 +else ifeq "$(USB_TOKEN)" "LibremKey" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 +else ifneq "$(USB_TOKEN)" "" +QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" +endif + +run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) + swtpm socket \ + --tpmstate dir="$(TPMDIR)" \ + --flags "startup-clear" \ + --terminate \ + --ctrl type=unixio,path="$(TPMDIR)/sock" & + sleep 0.5 + + -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ + --machine q35,accel=kvm:tcg \ + -rtc base=utc \ + -smp "$$(nproc)" \ + -vga virtio \ + -full-screen \ + -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ + -serial stdio \ + --bios "$(QEMU_BOOT_ROM)" \ + -object rng-random,filename=/dev/urandom,id=rng0 \ + -device virtio-rng-pci,rng=rng0 \ + -netdev user,id=u1 -device e1000,netdev=u1 \ + -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ + -tpmdev emulator,id=tpm0,chardev=chrtpm \ + -device tpm-tis,tpmdev=tpm0 \ + -device qemu-xhci,id=usb \ + -device usb-tablet \ + -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ + -device usb-storage,bus=usb.0,drive=usb-fd-drive \ + $(QEMU_USB_TOKEN_DEV) \ + + stty sane + @echo diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.md b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.md new file mode 120000 index 00000000..a9ee0493 --- /dev/null +++ b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.md @@ -0,0 +1 @@ +../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config new file mode 100644 index 00000000..3a9dbb03 --- /dev/null +++ b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config @@ -0,0 +1,153 @@ +# Configuration for building a coreboot ROM that works in +# the qemu emulator in console mode thanks to Whiptail +# +# TPM can be used with a qemu software TPM (TIS, 1.2). A Librem Key or +# Nitrokey Pro can also be used by forwarding the USB device from the host to +# the VM. +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.13 +export CONFIG_LINUX_VERSION=5.10.5 + +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + +ifeq "$(CONFIG_UROOT)" "y" +CONFIG_BUSYBOX=n +else +CONFIG_KEXEC=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +CONFIG_POPT=y +CONFIG_FLASHTOOLS=y +CONFIG_FLASHROM=y +CONFIG_PCIUTILS=y +CONFIG_UTIL_LINUX=y +CONFIG_CRYPTSETUP2=y +CONFIG_GPG2=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_DROPBEAR=y +CONFIG_MSRTOOLS=y +CONFIG_HOTPKEY=y + +#Uncomment only one of the following block +#Required for graphical gui-init (FBWhiptail) +#CONFIG_CAIRO=y +#CONFIG_FBWHIPTAIL=y +# +#text-based init (generic-init and gui-init) +CONFIG_NEWT=y +CONFIG_SLANG=y + +endif + +export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y + +#Uncomment only one BOOTSCRIPT: +#Whiptail-based init (text-based or FBWhiptail) +export CONFIG_BOOTSCRIPT=/bin/gui-init +# +#text-based original init: +#export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" +export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" +export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" + +export CONFIG_TPM=y + +export CONFIG_BOOT_DEV="/dev/vda1" +export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1-hotp" + +# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG +# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested +# that way without a GPG key. +ifneq "$(PUBKEY_ASC)" "" +QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) +else +QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) +endif + +#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh +TPMDIR=$(build)/$(BOARD)/vtpm +$(TPMDIR)/.manufacture: + mkdir -p "$(TPMDIR)" + swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram + touch "$(TPMDIR)/.manufacture" +ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 +# Default to 20G disk +QEMU_DISK_SIZE?=20G +$(ROOT_DISK_IMG): + qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) +# Remember the amount of memory so it doesn't have to be specified every time. +# Default to 4G, most bootable OSes are not usable with less. +QEMU_MEMORY_SIZE?=4G +MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory +$(MEMORY_SIZE_FILE): + @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" +USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw +$(USB_FD_IMG): + dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=128 + # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even + # though it is meaningful to use mkfs.vfat (etc.) as non-root + MKFS_VFAT=mkfs.vfat; \ + [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ + "$$MKFS_VFAT" "$(USB_FD_IMG)" +# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead +# of the temporary flash drive for exporting GPG keys. +ifneq "$(INSTALL_IMG)" "" +QEMU_USB_FD_IMG := $(INSTALL_IMG) +else +QEMU_USB_FD_IMG := $(USB_FD_IMG) +endif +# To forward a USB token, set USB_TOKEN to one of the following: +# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID +# - LibremKey - forwards a Librem Key by VID:PID +# - - Provide the QEMU usb-host parameters, such as +# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' +ifeq "$(USB_TOKEN)" "NitrokeyPro" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 +else ifeq "$(USB_TOKEN)" "NitrokeyStorage" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 +else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 +else ifeq "$(USB_TOKEN)" "LibremKey" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 +else ifneq "$(USB_TOKEN)" "" +QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" +endif + +run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) + swtpm socket \ + --tpmstate dir="$(TPMDIR)" \ + --flags "startup-clear" \ + --terminate \ + --ctrl type=unixio,path="$(TPMDIR)/sock" & + sleep 0.5 + + -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ + --machine q35,accel=kvm:tcg \ + -rtc base=utc \ + -smp "$$(nproc)" \ + -vga virtio \ + -full-screen \ + -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ + -serial stdio \ + --bios "$(QEMU_BOOT_ROM)" \ + -object rng-random,filename=/dev/urandom,id=rng0 \ + -device virtio-rng-pci,rng=rng0 \ + -netdev user,id=u1 -device e1000,netdev=u1 \ + -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ + -tpmdev emulator,id=tpm0,chardev=chrtpm \ + -device tpm-tis,tpmdev=tpm0 \ + -device qemu-xhci,id=usb \ + -device usb-tablet \ + -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ + -device usb-storage,bus=usb.0,drive=usb-fd-drive \ + $(QEMU_USB_TOKEN_DEV) \ + + stty sane + @echo diff --git a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.md b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.md new file mode 120000 index 00000000..a9ee0493 --- /dev/null +++ b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.md @@ -0,0 +1 @@ +../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config index 7aa28f40..b15625e5 100644 --- a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config +++ b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config @@ -6,7 +6,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.13 export CONFIG_LINUX_VERSION=5.10.5 -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-whiptail-tpm1.config +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1.config CONFIG_LINUX_CONFIG=config/linux-qemu.config ifeq "$(CONFIG_UROOT)" "y" @@ -75,7 +75,7 @@ $(TPMDIR)/.manufacture: mkdir -p "$(TPMDIR)" swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2 +ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 # Default to 20G disk QEMU_DISK_SIZE?=20G $(ROOT_DISK_IMG): diff --git a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.md b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.md new file mode 120000 index 00000000..a9ee0493 --- /dev/null +++ b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.md @@ -0,0 +1 @@ +../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/config/coreboot-qemu-whiptail-tpm1.config b/config/coreboot-qemu-tpm1.config similarity index 100% rename from config/coreboot-qemu-whiptail-tpm1.config rename to config/coreboot-qemu-tpm1.config