qemu: Deduplicate Qemu targets/documentation, extract from boards

The 8 qemu-* targets all contained nearly-identical copies of the targets to prepare the TPM/disk/etc. and then run Qemu. The only significant differences were for TPM1/TPM2 (extra swtpm_setup step, addition of --tpm2 to swtpm_setup and swtpm). ROOT_DISK_IMG used := or = differently in some boards, := was kept. targets/qemu.mk now defines all Qemu targets and is included only for qemu-* boards (by defining BOARD_TARGETS in each of those boards). The documentation was moved from qemu-coreboot-fbwhiptail-tpm1-hotp/ qemu-coreboot-fbwhiptail-tpm1-htop.md to targets/qemu.md. The other 7 qemu boards' symlinks to that file were removed. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-12-18 20:47:55 +00:00 · 2023-12-18 15:24:21 -05:00 · 2023-12-18 15:24:21 -05:00 · c8e114166c
commit c8e114166c
parent 4a57c615e9
19 changed files with 122 additions and 736 deletions
--- a/4
+++ b/4
@ -74,6 +74,10 @@ else
 $(error "Unexpected value of $$(CONFIG_TARGET_ARCH): $(CONFIG_TARGET_ARCH)")
 endif

+ifneq "$(BOARD_TARGETS)" ""
+include targets/$(BOARD_TARGETS).mk
+endif
+
 # Create directories if they don't already exist
 BUILD_LOG	:= $(shell mkdir -p "$(log_dir)")
 PACKAGES	:= $(shell mkdir -p "$(packages)")
--- a/README.md
+++ b/README.md
@ -81,7 +81,7 @@ QEMU:

 OS booting can be tested in QEMU using a software TPM.  HOTP can be tested by forwarding a USB token from the host to the guest.

-For more information and setup instructions, refer to the [qemu-coreboot-fbwhiptail-tpm1-hotp documentation](boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md).
+For more information and setup instructions, refer to the [qemu documentation](targets/qemu.md).

 coreboot console messages
 ---
--- a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config
+++ b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config
@ -70,93 +70,4 @@ export CONFIG_TPM=y
 export CONFIG_BOOT_DEV="/dev/vda1"
 export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1-hotp"

-# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG
-# keyring in QEMU.  Otherwise use the plain ROM, some things can still be tested
-# that way without a GPG key.
-ifneq "$(PUBKEY_ASC)" ""
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ)
-else
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
-endif
-
-#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh
-TPMDIR=$(build)/$(BOARD)/vtpm
-$(TPMDIR)/.manufacture:
-	mkdir -p "$(TPMDIR)"
-	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram
-	touch "$(TPMDIR)/.manufacture"
-ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2
-# Default to 20G disk
-QEMU_DISK_SIZE?=20G
-$(ROOT_DISK_IMG):
-	qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE)
-# Remember the amount of memory so it doesn't have to be specified every time.
-# Default to 4G, most bootable OSes are not usable with less.
-QEMU_MEMORY_SIZE?=4G
-MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory
-$(MEMORY_SIZE_FILE):
-	@echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)"
-USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw
-$(USB_FD_IMG):
-	dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256
-	# Debian obnoxiously does not include /usr/sbin in PATH for non-root, even
-	# though it is meaningful to use mkfs.vfat (etc.) as non-root
-	MKFS_VFAT=mkfs.vfat; \
-	[ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \
-	"$$MKFS_VFAT" "$(USB_FD_IMG)"
-# Pass INSTALL_IMG=<path_to_img.iso> to attach an installer as a USB flash drive instead
-# of the temporary flash drive for exporting GPG keys.
-ifneq "$(INSTALL_IMG)" ""
-QEMU_USB_FD_IMG := $(INSTALL_IMG)
-else
-QEMU_USB_FD_IMG := $(USB_FD_IMG)
-endif
-# To forward a USB token, set USB_TOKEN to one of the following:
-# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID
-# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID
-# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID
-# - LibremKey - forwards a Librem Key by VID:PID
-# - <other> - Provide the QEMU usb-host parameters, such as
-#   'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>'
-ifeq "$(USB_TOKEN)" "NitrokeyPro"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648
-else ifeq "$(USB_TOKEN)" "NitrokeyStorage"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649
-else ifeq "$(USB_TOKEN)" "Nitrokey3NFC"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074
-else ifeq "$(USB_TOKEN)" "LibremKey"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531
-else ifneq "$(USB_TOKEN)" ""
-QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)"
-endif
-
-run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG)
-	swtpm socket \
-		--tpmstate dir="$(TPMDIR)" \
-		--flags "startup-clear" \
-		--terminate \
-		--ctrl type=unixio,path="$(TPMDIR)/sock" &
-	sleep 0.5
-
-	-qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \
-		--machine q35,accel=kvm:tcg \
-		-rtc base=utc \
-		-smp "$$(nproc)" \
-		-vga std \
-		-m "$$(cat "$(MEMORY_SIZE_FILE)")" \
-		-serial stdio \
-		--bios "$(QEMU_BOOT_ROM)" \
-		-object rng-random,filename=/dev/urandom,id=rng0 \
-		-device virtio-rng-pci,rng=rng0 \
-		-netdev user,id=u1 -device e1000,netdev=u1 \
-		-chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \
-		-tpmdev emulator,id=tpm0,chardev=chrtpm \
-		-device tpm-tis,tpmdev=tpm0 \
-		-device qemu-xhci,id=usb \
-		-device usb-tablet \
-		-drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \
-		-device usb-storage,bus=usb.0,drive=usb-fd-drive \
-		$(QEMU_USB_TOKEN_DEV) \
-
-	stty sane
-	@echo
+BOARD_TARGETS := qemu
--- a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config
+++ b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config
@ -71,93 +71,4 @@ export CONFIG_TPM=y
 export CONFIG_BOOT_DEV="/dev/vda1"
 export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1"

-# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG
-# keyring in QEMU.  Otherwise use the plain ROM, some things can still be tested
-# that way without a GPG key.
-ifneq "$(PUBKEY_ASC)" ""
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ)
-else
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
-endif
-
-#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh
-TPMDIR=$(build)/$(BOARD)/vtpm
-$(TPMDIR)/.manufacture:
-	mkdir -p "$(TPMDIR)"
-	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram
-	touch "$(TPMDIR)/.manufacture"
-ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2
-# Default to 20G disk
-QEMU_DISK_SIZE?=20G
-$(ROOT_DISK_IMG):
-	qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE)
-# Remember the amount of memory so it doesn't have to be specified every time.
-# Default to 4G, most bootable OSes are not usable with less.
-QEMU_MEMORY_SIZE?=4G
-MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory
-$(MEMORY_SIZE_FILE):
-	@echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)"
-USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw
-$(USB_FD_IMG):
-	dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256
-	# Debian obnoxiously does not include /usr/sbin in PATH for non-root, even
-	# though it is meaningful to use mkfs.vfat (etc.) as non-root
-	MKFS_VFAT=mkfs.vfat; \
-	[ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \
-	"$$MKFS_VFAT" "$(USB_FD_IMG)"
-# Pass INSTALL_IMG=<path_to_img.iso> to attach an installer as a USB flash drive instead
-# of the temporary flash drive for exporting GPG keys.
-ifneq "$(INSTALL_IMG)" ""
-QEMU_USB_FD_IMG := $(INSTALL_IMG)
-else
-QEMU_USB_FD_IMG := $(USB_FD_IMG)
-endif
-# To forward a USB token, set USB_TOKEN to one of the following:
-# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID
-# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID
-# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID
-# - LibremKey - forwards a Librem Key by VID:PID
-# - <other> - Provide the QEMU usb-host parameters, such as
-#   'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>'
-ifeq "$(USB_TOKEN)" "NitrokeyPro"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648
-else ifeq "$(USB_TOKEN)" "NitrokeyStorage"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649
-else ifeq "$(USB_TOKEN)" "Nitrokey3NFC"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074
-else ifeq "$(USB_TOKEN)" "LibremKey"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531
-else ifneq "$(USB_TOKEN)" ""
-QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)"
-endif
-
-run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG)
-	swtpm socket \
-		--tpmstate dir="$(TPMDIR)" \
-		--flags "startup-clear" \
-		--terminate \
-		--ctrl type=unixio,path="$(TPMDIR)/sock" &
-	sleep 0.5
-
-	-qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \
-		--machine q35,accel=kvm:tcg \
-		-rtc base=utc \
-		-smp "$$(nproc)" \
-		-vga std \
-		-m "$$(cat "$(MEMORY_SIZE_FILE)")" \
-		-serial stdio \
-		--bios "$(QEMU_BOOT_ROM)" \
-		-object rng-random,filename=/dev/urandom,id=rng0 \
-		-device virtio-rng-pci,rng=rng0 \
-		-netdev user,id=u1 -device e1000,netdev=u1 \
-		-chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \
-		-tpmdev emulator,id=tpm0,chardev=chrtpm \
-		-device tpm-tis,tpmdev=tpm0 \
-		-device qemu-xhci,id=usb \
-		-device usb-tablet \
-		-drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \
-		-device usb-storage,bus=usb.0,drive=usb-fd-drive \
-		$(QEMU_USB_TOKEN_DEV) \
-
-	stty sane
-	@echo
+BOARD_TARGETS := qemu
--- a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.md
+++ b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.md
@ -1 +0,0 @@
-../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md
--- a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config
+++ b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config
@ -75,95 +75,4 @@ CONFIG_OPENSSL=y
 export CONFIG_BOOT_DEV="/dev/vda1"
 export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2-hotp"

-# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG
-# keyring in QEMU.  Otherwise use the plain ROM, some things can still be tested
-# that way without a GPG key.
-ifneq "$(PUBKEY_ASC)" ""
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ)
-else
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
-endif
-
-#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh
-TPMDIR=$(build)/$(BOARD)/vtpm
-$(TPMDIR)/.manufacture:
-	mkdir -p "$(TPMDIR)"
-	swtpm_setup --create-config-files skip-if-exist
-	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2
-	touch "$(TPMDIR)/.manufacture"
-ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2
-# Default to 20G disk
-QEMU_DISK_SIZE?=20G
-$(ROOT_DISK_IMG):
-	qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE)
-# Remember the amount of memory so it doesn't have to be specified every time.
-# Default to 4G, most bootable OSes are not usable with less.
-QEMU_MEMORY_SIZE?=4G
-MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory
-$(MEMORY_SIZE_FILE):
-	@echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)"
-USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw
-$(USB_FD_IMG):
-	dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256
-	# Debian obnoxiously does not include /usr/sbin in PATH for non-root, even
-	# though it is meaningful to use mkfs.vfat (etc.) as non-root
-	MKFS_VFAT=mkfs.vfat; \
-	[ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \
-	"$$MKFS_VFAT" "$(USB_FD_IMG)"
-# Pass INSTALL_IMG=<path_to_img.iso> to attach an installer as a USB flash drive instead
-# of the temporary flash drive for exporting GPG keys.
-ifneq "$(INSTALL_IMG)" ""
-QEMU_USB_FD_IMG := $(INSTALL_IMG)
-else
-QEMU_USB_FD_IMG := $(USB_FD_IMG)
-endif
-# To forward a USB token, set USB_TOKEN to one of the following:
-# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID
-# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID
-# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID
-# - LibremKey - forwards a Librem Key by VID:PID
-# - <other> - Provide the QEMU usb-host parameters, such as
-#   'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>'
-ifeq "$(USB_TOKEN)" "NitrokeyPro"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648
-else ifeq "$(USB_TOKEN)" "NitrokeyStorage"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649
-else ifeq "$(USB_TOKEN)" "Nitrokey3NFC"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074
-else ifeq "$(USB_TOKEN)" "LibremKey"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531
-else ifneq "$(USB_TOKEN)" ""
-QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)"
-endif
-
-run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG)
-	swtpm socket \
-		--tpm2 \
-		--tpmstate dir="$(TPMDIR)" \
-		--flags "startup-clear" \
-		--terminate \
-		--ctrl type=unixio,path="$(TPMDIR)/sock" &
-	sleep 0.5
-
-	-qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \
-		--machine q35,accel=kvm:tcg \
-		-rtc base=utc \
-		-smp "$$(nproc)" \
-		-vga std \
-		-m "$$(cat "$(MEMORY_SIZE_FILE)")" \
-		-serial stdio \
-		--bios "$(QEMU_BOOT_ROM)" \
-		-object rng-random,filename=/dev/urandom,id=rng0 \
-		-device virtio-rng-pci,rng=rng0 \
-		-netdev user,id=u1 -device e1000,netdev=u1 \
-		-chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \
-		-tpmdev emulator,id=tpm0,chardev=chrtpm \
-		-device tpm-tis,tpmdev=tpm0 \
-		-device qemu-xhci,id=usb \
-		-device usb-tablet \
-		-drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \
-		-device usb-storage,bus=usb.0,drive=usb-fd-drive \
-		$(QEMU_USB_TOKEN_DEV) \
-
-	stty sane
-	@echo
+BOARD_TARGETS := qemu
--- a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.md
+++ b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.md
@ -1 +0,0 @@
-../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md
--- a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config
+++ b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config
@ -77,95 +77,4 @@ CONFIG_OPENSSL=y
 export CONFIG_BOOT_DEV="/dev/vda1"
 export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2"

-# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG
-# keyring in QEMU.  Otherwise use the plain ROM, some things can still be tested
-# that way without a GPG key.
-ifneq "$(PUBKEY_ASC)" ""
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ)
-else
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
-endif
-
-#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh
-TPMDIR=$(build)/$(BOARD)/vtpm
-$(TPMDIR)/.manufacture:
-	mkdir -p "$(TPMDIR)"
-	swtpm_setup --create-config-files skip-if-exist
-	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2
-	touch "$(TPMDIR)/.manufacture"
-ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2
-# Default to 20G disk
-QEMU_DISK_SIZE?=20G
-$(ROOT_DISK_IMG):
-	qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE)
-# Remember the amount of memory so it doesn't have to be specified every time.
-# Default to 4G, most bootable OSes are not usable with less.
-QEMU_MEMORY_SIZE?=4G
-MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory
-$(MEMORY_SIZE_FILE):
-	@echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)"
-USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw
-$(USB_FD_IMG):
-	dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256
-	# Debian obnoxiously does not include /usr/sbin in PATH for non-root, even
-	# though it is meaningful to use mkfs.vfat (etc.) as non-root
-	MKFS_VFAT=mkfs.vfat; \
-	[ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \
-	"$$MKFS_VFAT" "$(USB_FD_IMG)"
-# Pass INSTALL_IMG=<path_to_img.iso> to attach an installer as a USB flash drive instead
-# of the temporary flash drive for exporting GPG keys.
-ifneq "$(INSTALL_IMG)" ""
-QEMU_USB_FD_IMG := $(INSTALL_IMG)
-else
-QEMU_USB_FD_IMG := $(USB_FD_IMG)
-endif
-# To forward a USB token, set USB_TOKEN to one of the following:
-# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID
-# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID
-# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID
-# - LibremKey - forwards a Librem Key by VID:PID
-# - <other> - Provide the QEMU usb-host parameters, such as
-#   'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>'
-ifeq "$(USB_TOKEN)" "NitrokeyPro"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648
-else ifeq "$(USB_TOKEN)" "NitrokeyStorage"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649
-else ifeq "$(USB_TOKEN)" "Nitrokey3NFC"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074
-else ifeq "$(USB_TOKEN)" "LibremKey"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531
-else ifneq "$(USB_TOKEN)" ""
-QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)"
-endif
-
-run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG)
-	swtpm socket \
-		--tpm2 \
-		--tpmstate dir="$(TPMDIR)" \
-		--flags "startup-clear" \
-		--terminate \
-		--ctrl type=unixio,path="$(TPMDIR)/sock" &
-	sleep 0.5
-
-	-qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \
-		--machine q35,accel=kvm:tcg \
-		-rtc base=utc \
-		-smp "$$(nproc)" \
-		-vga std \
-		-m "$$(cat "$(MEMORY_SIZE_FILE)")" \
-		-serial stdio \
-		--bios "$(QEMU_BOOT_ROM)" \
-		-object rng-random,filename=/dev/urandom,id=rng0 \
-		-device virtio-rng-pci,rng=rng0 \
-		-netdev user,id=u1 -device e1000,netdev=u1 \
-		-chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \
-		-tpmdev emulator,id=tpm0,chardev=chrtpm \
-		-device tpm-tis,tpmdev=tpm0 \
-		-device qemu-xhci,id=usb \
-		-device usb-tablet \
-		-drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \
-		-device usb-storage,bus=usb.0,drive=usb-fd-drive \
-		$(QEMU_USB_TOKEN_DEV) \
-
-	stty sane
-	@echo
+BOARD_TARGETS := qemu
--- a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.md
+++ b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.md
@ -1 +0,0 @@
-../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md
--- a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config
+++ b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config
@ -70,93 +70,4 @@ export CONFIG_TPM=y
 export CONFIG_BOOT_DEV="/dev/vda1"
 export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1-hotp"

-# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG
-# keyring in QEMU.  Otherwise use the plain ROM, some things can still be tested
-# that way without a GPG key.
-ifneq "$(PUBKEY_ASC)" ""
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ)
-else
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
-endif
-
-#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh
-TPMDIR=$(build)/$(BOARD)/vtpm
-$(TPMDIR)/.manufacture:
-	mkdir -p "$(TPMDIR)"
-	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram
-	touch "$(TPMDIR)/.manufacture"
-ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2
-# Default to 20G disk
-QEMU_DISK_SIZE?=20G
-$(ROOT_DISK_IMG):
-	qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE)
-# Remember the amount of memory so it doesn't have to be specified every time.
-# Default to 4G, most bootable OSes are not usable with less.
-QEMU_MEMORY_SIZE?=4G
-MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory
-$(MEMORY_SIZE_FILE):
-	@echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)"
-USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw
-$(USB_FD_IMG):
-	dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256
-	# Debian obnoxiously does not include /usr/sbin in PATH for non-root, even
-	# though it is meaningful to use mkfs.vfat (etc.) as non-root
-	MKFS_VFAT=mkfs.vfat; \
-	[ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \
-	"$$MKFS_VFAT" "$(USB_FD_IMG)"
-# Pass INSTALL_IMG=<path_to_img.iso> to attach an installer as a USB flash drive instead
-# of the temporary flash drive for exporting GPG keys.
-ifneq "$(INSTALL_IMG)" ""
-QEMU_USB_FD_IMG := $(INSTALL_IMG)
-else
-QEMU_USB_FD_IMG := $(USB_FD_IMG)
-endif
-# To forward a USB token, set USB_TOKEN to one of the following:
-# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID
-# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID
-# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID
-# - LibremKey - forwards a Librem Key by VID:PID
-# - <other> - Provide the QEMU usb-host parameters, such as
-#   'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>'
-ifeq "$(USB_TOKEN)" "NitrokeyPro"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648
-else ifeq "$(USB_TOKEN)" "NitrokeyStorage"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649
-else ifeq "$(USB_TOKEN)" "Nitrokey3NFC"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074
-else ifeq "$(USB_TOKEN)" "LibremKey"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531
-else ifneq "$(USB_TOKEN)" ""
-QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)"
-endif
-
-run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG)
-	swtpm socket \
-		--tpmstate dir="$(TPMDIR)" \
-		--flags "startup-clear" \
-		--terminate \
-		--ctrl type=unixio,path="$(TPMDIR)/sock" &
-	sleep 0.5
-
-	-qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \
-		--machine q35,accel=kvm:tcg \
-		-rtc base=utc \
-		-smp "$$(nproc)" \
-		-vga std \
-		-m "$$(cat "$(MEMORY_SIZE_FILE)")" \
-		-serial stdio \
-		--bios "$(QEMU_BOOT_ROM)" \
-		-object rng-random,filename=/dev/urandom,id=rng0 \
-		-device virtio-rng-pci,rng=rng0 \
-		-netdev user,id=u1 -device e1000,netdev=u1 \
-		-chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \
-		-tpmdev emulator,id=tpm0,chardev=chrtpm \
-		-device tpm-tis,tpmdev=tpm0 \
-		-device qemu-xhci,id=usb \
-		-device usb-tablet \
-		-drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \
-		-device usb-storage,bus=usb.0,drive=usb-fd-drive \
-		$(QEMU_USB_TOKEN_DEV) \
-
-	stty sane
-	@echo
+BOARD_TARGETS := qemu
--- a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.md
+++ b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.md
@ -1 +0,0 @@
-../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md
--- a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config
+++ b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config
@ -71,93 +71,4 @@ export CONFIG_TPM=y
 export CONFIG_BOOT_DEV="/dev/vda1"
 export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1"

-# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG
-# keyring in QEMU.  Otherwise use the plain ROM, some things can still be tested
-# that way without a GPG key.
-ifneq "$(PUBKEY_ASC)" ""
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ)
-else
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
-endif
-
-#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh
-TPMDIR=$(build)/$(BOARD)/vtpm
-$(TPMDIR)/.manufacture:
-	mkdir -p "$(TPMDIR)"
-	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram
-	touch "$(TPMDIR)/.manufacture"
-ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2
-# Default to 20G disk
-QEMU_DISK_SIZE?=20G
-$(ROOT_DISK_IMG):
-	qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE)
-# Remember the amount of memory so it doesn't have to be specified every time.
-# Default to 4G, most bootable OSes are not usable with less.
-QEMU_MEMORY_SIZE?=4G
-MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory
-$(MEMORY_SIZE_FILE):
-	@echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)"
-USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw
-$(USB_FD_IMG):
-	dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256
-	# Debian obnoxiously does not include /usr/sbin in PATH for non-root, even
-	# though it is meaningful to use mkfs.vfat (etc.) as non-root
-	MKFS_VFAT=mkfs.vfat; \
-	[ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \
-	"$$MKFS_VFAT" "$(USB_FD_IMG)"
-# Pass INSTALL_IMG=<path_to_img.iso> to attach an installer as a USB flash drive instead
-# of the temporary flash drive for exporting GPG keys.
-ifneq "$(INSTALL_IMG)" ""
-QEMU_USB_FD_IMG := $(INSTALL_IMG)
-else
-QEMU_USB_FD_IMG := $(USB_FD_IMG)
-endif
-# To forward a USB token, set USB_TOKEN to one of the following:
-# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID
-# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID
-# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID
-# - LibremKey - forwards a Librem Key by VID:PID
-# - <other> - Provide the QEMU usb-host parameters, such as
-#   'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>'
-ifeq "$(USB_TOKEN)" "NitrokeyPro"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648
-else ifeq "$(USB_TOKEN)" "NitrokeyStorage"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649
-else ifeq "$(USB_TOKEN)" "Nitrokey3NFC"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074
-else ifeq "$(USB_TOKEN)" "LibremKey"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531
-else ifneq "$(USB_TOKEN)" ""
-QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)"
-endif
-
-run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG)
-	swtpm socket \
-		--tpmstate dir="$(TPMDIR)" \
-		--flags "startup-clear" \
-		--terminate \
-		--ctrl type=unixio,path="$(TPMDIR)/sock" &
-	sleep 0.5
-
-	-qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \
-		--machine q35,accel=kvm:tcg \
-		-rtc base=utc \
-		-smp "$$(nproc)" \
-		-vga std \
-		-m "$$(cat "$(MEMORY_SIZE_FILE)")" \
-		-serial stdio \
-		--bios "$(QEMU_BOOT_ROM)" \
-		-object rng-random,filename=/dev/urandom,id=rng0 \
-		-device virtio-rng-pci,rng=rng0 \
-		-netdev user,id=u1 -device e1000,netdev=u1 \
-		-chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \
-		-tpmdev emulator,id=tpm0,chardev=chrtpm \
-		-device tpm-tis,tpmdev=tpm0 \
-		-device qemu-xhci,id=usb \
-		-device usb-tablet \
-		-drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \
-		-device usb-storage,bus=usb.0,drive=usb-fd-drive \
-		$(QEMU_USB_TOKEN_DEV) \
-
-	stty sane
-	@echo
+BOARD_TARGETS := qemu
--- a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.md
+++ b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.md
@ -1 +0,0 @@
-../qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.md
--- a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config
+++ b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config
@ -75,95 +75,4 @@ CONFIG_OPENSSL=y
 export CONFIG_BOOT_DEV="/dev/vda1"
 export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2-hotp"

-# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG
-# keyring in QEMU.  Otherwise use the plain ROM, some things can still be tested
-# that way without a GPG key.
-ifneq "$(PUBKEY_ASC)" ""
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ)
-else
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
-endif
-
-#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh
-TPMDIR=$(build)/$(BOARD)/vtpm
-$(TPMDIR)/.manufacture:
-	mkdir -p "$(TPMDIR)"
-	swtpm_setup --create-config-files skip-if-exist
-	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2
-	touch "$(TPMDIR)/.manufacture"
-ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2
-# Default to 20G disk
-QEMU_DISK_SIZE?=20G
-$(ROOT_DISK_IMG):
-	qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE)
-# Remember the amount of memory so it doesn't have to be specified every time.
-# Default to 4G, most bootable OSes are not usable with less.
-QEMU_MEMORY_SIZE?=4G
-MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory
-$(MEMORY_SIZE_FILE):
-	@echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)"
-USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw
-$(USB_FD_IMG):
-	dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256
-	# Debian obnoxiously does not include /usr/sbin in PATH for non-root, even
-	# though it is meaningful to use mkfs.vfat (etc.) as non-root
-	MKFS_VFAT=mkfs.vfat; \
-	[ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \
-	"$$MKFS_VFAT" "$(USB_FD_IMG)"
-# Pass INSTALL_IMG=<path_to_img.iso> to attach an installer as a USB flash drive instead
-# of the temporary flash drive for exporting GPG keys.
-ifneq "$(INSTALL_IMG)" ""
-QEMU_USB_FD_IMG := $(INSTALL_IMG)
-else
-QEMU_USB_FD_IMG := $(USB_FD_IMG)
-endif
-# To forward a USB token, set USB_TOKEN to one of the following:
-# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID
-# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID
-# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID
-# - LibremKey - forwards a Librem Key by VID:PID
-# - <other> - Provide the QEMU usb-host parameters, such as
-#   'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>'
-ifeq "$(USB_TOKEN)" "NitrokeyPro"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648
-else ifeq "$(USB_TOKEN)" "NitrokeyStorage"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649
-else ifeq "$(USB_TOKEN)" "Nitrokey3NFC"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074
-else ifeq "$(USB_TOKEN)" "LibremKey"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531
-else ifneq "$(USB_TOKEN)" ""
-QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)"
-endif
-
-run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG)
-	swtpm socket \
-		--tpm2 \
-		--tpmstate dir="$(TPMDIR)" \
-		--flags "startup-clear" \
-		--terminate \
-		--ctrl type=unixio,path="$(TPMDIR)/sock" &
-	sleep 0.5
-
-	-qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \
-		--machine q35,accel=kvm:tcg \
-		-rtc base=utc \
-		-smp "$$(nproc)" \
-		-vga std \
-		-m "$$(cat "$(MEMORY_SIZE_FILE)")" \
-		-serial stdio \
-		--bios "$(QEMU_BOOT_ROM)" \
-		-object rng-random,filename=/dev/urandom,id=rng0 \
-		-device virtio-rng-pci,rng=rng0 \
-		-netdev user,id=u1 -device e1000,netdev=u1 \
-		-chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \
-		-tpmdev emulator,id=tpm0,chardev=chrtpm \
-		-device tpm-tis,tpmdev=tpm0 \
-		-device qemu-xhci,id=usb \
-		-device usb-tablet \
-		-drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \
-		-device usb-storage,bus=usb.0,drive=usb-fd-drive \
-		$(QEMU_USB_TOKEN_DEV) \
-
-	stty sane
-	@echo
+BOARD_TARGETS := qemu
--- a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.md
+++ b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.md
@ -1 +0,0 @@
-../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md
--- a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config
+++ b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config
@ -77,95 +77,4 @@ CONFIG_OPENSSL=y
 export CONFIG_BOOT_DEV="/dev/vda1"
 export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2"

-# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG
-# keyring in QEMU.  Otherwise use the plain ROM, some things can still be tested
-# that way without a GPG key.
-ifneq "$(PUBKEY_ASC)" ""
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ)
-else
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
-endif
-
-#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh
-TPMDIR=$(build)/$(BOARD)/vtpm
-$(TPMDIR)/.manufacture:
-	mkdir -p "$(TPMDIR)"
-	swtpm_setup --create-config-files skip-if-exist
-	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2
-	touch "$(TPMDIR)/.manufacture"
-ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2
-# Default to 20G disk
-QEMU_DISK_SIZE?=20G
-$(ROOT_DISK_IMG):
-	qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE)
-# Remember the amount of memory so it doesn't have to be specified every time.
-# Default to 4G, most bootable OSes are not usable with less.
-QEMU_MEMORY_SIZE?=4G
-MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory
-$(MEMORY_SIZE_FILE):
-	@echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)"
-USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw
-$(USB_FD_IMG):
-	dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256
-	# Debian obnoxiously does not include /usr/sbin in PATH for non-root, even
-	# though it is meaningful to use mkfs.vfat (etc.) as non-root
-	MKFS_VFAT=mkfs.vfat; \
-	[ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \
-	"$$MKFS_VFAT" "$(USB_FD_IMG)"
-# Pass INSTALL_IMG=<path_to_img.iso> to attach an installer as a USB flash drive instead
-# of the temporary flash drive for exporting GPG keys.
-ifneq "$(INSTALL_IMG)" ""
-QEMU_USB_FD_IMG := $(INSTALL_IMG)
-else
-QEMU_USB_FD_IMG := $(USB_FD_IMG)
-endif
-# To forward a USB token, set USB_TOKEN to one of the following:
-# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID
-# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID
-# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID
-# - LibremKey - forwards a Librem Key by VID:PID
-# - <other> - Provide the QEMU usb-host parameters, such as
-#   'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>'
-ifeq "$(USB_TOKEN)" "NitrokeyPro"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648
-else ifeq "$(USB_TOKEN)" "NitrokeyStorage"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649
-else ifeq "$(USB_TOKEN)" "Nitrokey3NFC"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074
-else ifeq "$(USB_TOKEN)" "LibremKey"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531
-else ifneq "$(USB_TOKEN)" ""
-QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)"
-endif
-
-run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG)
-	swtpm socket \
-		--tpm2 \
-		--tpmstate dir="$(TPMDIR)" \
-		--flags "startup-clear" \
-		--terminate \
-		--ctrl type=unixio,path="$(TPMDIR)/sock" &
-	sleep 0.5
-
-	-qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \
-		--machine q35,accel=kvm:tcg \
-		-rtc base=utc \
-		-smp "$$(nproc)" \
-		-vga std \
-		-m "$$(cat "$(MEMORY_SIZE_FILE)")" \
-		-serial stdio \
-		--bios "$(QEMU_BOOT_ROM)" \
-		-object rng-random,filename=/dev/urandom,id=rng0 \
-		-device virtio-rng-pci,rng=rng0 \
-		-netdev user,id=u1 -device e1000,netdev=u1 \
-		-chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \
-		-tpmdev emulator,id=tpm0,chardev=chrtpm \
-		-device tpm-tis,tpmdev=tpm0 \
-		-device qemu-xhci,id=usb \
-		-device usb-tablet \
-		-drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \
-		-device usb-storage,bus=usb.0,drive=usb-fd-drive \
-		$(QEMU_USB_TOKEN_DEV) \
-
-	stty sane
-	@echo
+BOARD_TARGETS := qemu
--- a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.md
+++ b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.md
@ -1 +0,0 @@
-../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md
--- a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md
+++ b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md
--- a/targets/qemu.mk
+++ b/targets/qemu.mk
@ -0,0 +1,109 @@
+# Targets for running in qemu, including:
+# * virtual TPM
+# * virtual disk image (configurable size)
+# * virtual USB flash drive
+# * configurable guest memory size
+# * forwarded USB security token
+
+# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG
+# keyring in QEMU.  Otherwise use the plain ROM, some things can still be tested
+# that way without a GPG key.
+ifneq "$(PUBKEY_ASC)" ""
+QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ)
+else
+QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
+endif
+
+ifeq "$(CONFIG_TPM2_TSS)" "y"
+SWTPM_TPMVER := --tpm2
+SWTPM_PRESETUP := swtpm_setup --create-config-files skip-if-exist
+else
+# TPM1 is the default
+SWTPM_TPMVER :=
+# No pre-setup
+SWTPM_PRESETUP := true
+endif
+
+#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh
+TPMDIR=$(build)/$(BOARD)/vtpm
+$(TPMDIR)/.manufacture:
+	mkdir -p "$(TPMDIR)"
+	$(SWTPM_PRESETUP)
+	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram $(SWTPM_TPMVER)
+	touch "$(TPMDIR)/.manufacture"
+ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2
+# Default to 20G disk
+QEMU_DISK_SIZE?=20G
+$(ROOT_DISK_IMG):
+	qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE)
+# Remember the amount of memory so it doesn't have to be specified every time.
+# Default to 4G, most bootable OSes are not usable with less.
+QEMU_MEMORY_SIZE?=4G
+MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory
+$(MEMORY_SIZE_FILE):
+	@echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)"
+USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw
+$(USB_FD_IMG):
+	dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256
+	# Debian obnoxiously does not include /usr/sbin in PATH for non-root, even
+	# though it is meaningful to use mkfs.vfat (etc.) as non-root
+	MKFS_VFAT=mkfs.vfat; \
+	[ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \
+	"$$MKFS_VFAT" "$(USB_FD_IMG)"
+# Pass INSTALL_IMG=<path_to_img.iso> to attach an installer as a USB flash drive instead
+# of the temporary flash drive for exporting GPG keys.
+ifneq "$(INSTALL_IMG)" ""
+QEMU_USB_FD_IMG := $(INSTALL_IMG)
+else
+QEMU_USB_FD_IMG := $(USB_FD_IMG)
+endif
+# To forward a USB token, set USB_TOKEN to one of the following:
+# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID
+# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID
+# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID
+# - LibremKey - forwards a Librem Key by VID:PID
+# - <other> - Provide the QEMU usb-host parameters, such as
+#   'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>'
+ifeq "$(USB_TOKEN)" "NitrokeyPro"
+QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648
+else ifeq "$(USB_TOKEN)" "NitrokeyStorage"
+QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649
+else ifeq "$(USB_TOKEN)" "Nitrokey3NFC"
+QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074
+else ifeq "$(USB_TOKEN)" "LibremKey"
+QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531
+else ifneq "$(USB_TOKEN)" ""
+QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)"
+endif
+
+run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG)
+	swtpm socket \
+		$(SWTPM_TPMVER) \
+		--tpmstate dir="$(TPMDIR)" \
+		--flags "startup-clear" \
+		--terminate \
+		--ctrl type=unixio,path="$(TPMDIR)/sock" &
+	sleep 0.5
+
+	-qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \
+		--machine q35,accel=kvm:tcg \
+		-rtc base=utc \
+		-smp "$$(nproc)" \
+		-vga std \
+		-m "$$(cat "$(MEMORY_SIZE_FILE)")" \
+		-serial stdio \
+		--bios "$(QEMU_BOOT_ROM)" \
+		-object rng-random,filename=/dev/urandom,id=rng0 \
+		-device virtio-rng-pci,rng=rng0 \
+		-netdev user,id=u1 -device e1000,netdev=u1 \
+		-chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \
+		-tpmdev emulator,id=tpm0,chardev=chrtpm \
+		-device tpm-tis,tpmdev=tpm0 \
+		-device qemu-xhci,id=usb \
+		-device usb-tablet \
+		-drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \
+		-device usb-storage,bus=usb.0,drive=usb-fd-drive \
+		$(QEMU_USB_TOKEN_DEV) \
+
+	stty sane
+	@echo
				`@ -1 +0,0 @@`
				`../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md`
				`@ -1 +0,0 @@`
				`../qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.md`