diff --git a/Makefile b/Makefile index 258911f3..7fbd4976 100644 --- a/Makefile +++ b/Makefile @@ -74,6 +74,10 @@ else $(error "Unexpected value of $$(CONFIG_TARGET_ARCH): $(CONFIG_TARGET_ARCH)") endif +ifneq "$(BOARD_TARGETS)" "" +include targets/$(BOARD_TARGETS).mk +endif + # Create directories if they don't already exist BUILD_LOG := $(shell mkdir -p "$(log_dir)") PACKAGES := $(shell mkdir -p "$(packages)") diff --git a/README.md b/README.md index e6c19bd1..a0819f48 100644 --- a/README.md +++ b/README.md @@ -81,7 +81,7 @@ QEMU: OS booting can be tested in QEMU using a software TPM. HOTP can be tested by forwarding a USB token from the host to the guest. -For more information and setup instructions, refer to the [qemu-coreboot-fbwhiptail-tpm1-hotp documentation](boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md). +For more information and setup instructions, refer to the [qemu documentation](targets/qemu.md). coreboot console messages --- diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config index f710d2fc..677b7ac6 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config @@ -70,93 +70,4 @@ export CONFIG_TPM=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1-hotp" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config index 7dc4ea91..442f06dc 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config @@ -71,93 +71,4 @@ export CONFIG_TPM=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.md b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config index b9eec341..2b622f43 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config @@ -75,95 +75,4 @@ CONFIG_OPENSSL=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2-hotp" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --create-config-files skip-if-exist - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2 - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpm2 \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.md b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config index c286f1a4..fce10e7c 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config @@ -77,95 +77,4 @@ CONFIG_OPENSSL=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --create-config-files skip-if-exist - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2 - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpm2 \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.md b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config index 0c568ff2..dc275271 100644 --- a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config @@ -70,93 +70,4 @@ export CONFIG_TPM=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1-hotp" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.md b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config index e03dc06f..4cdd6eb8 100644 --- a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config +++ b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config @@ -71,93 +71,4 @@ export CONFIG_TPM=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.md b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.md deleted file mode 120000 index e35b1088..00000000 --- a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.md \ No newline at end of file diff --git a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config index 999f8a55..28930477 100644 --- a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config @@ -75,95 +75,4 @@ CONFIG_OPENSSL=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2-hotp" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --create-config-files skip-if-exist - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2 - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpm2 \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.md b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config index ea6f3d36..82349b27 100644 --- a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config +++ b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config @@ -77,95 +77,4 @@ CONFIG_OPENSSL=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --create-config-files skip-if-exist - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2 - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpm2 \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.md b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md b/targets/qemu.md similarity index 100% rename from boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md rename to targets/qemu.md diff --git a/targets/qemu.mk b/targets/qemu.mk new file mode 100644 index 00000000..930afa7b --- /dev/null +++ b/targets/qemu.mk @@ -0,0 +1,109 @@ +# Targets for running in qemu, including: +# * virtual TPM +# * virtual disk image (configurable size) +# * virtual USB flash drive +# * configurable guest memory size +# * forwarded USB security token + +# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG +# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested +# that way without a GPG key. +ifneq "$(PUBKEY_ASC)" "" +QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) +else +QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) +endif + +ifeq "$(CONFIG_TPM2_TSS)" "y" +SWTPM_TPMVER := --tpm2 +SWTPM_PRESETUP := swtpm_setup --create-config-files skip-if-exist +else +# TPM1 is the default +SWTPM_TPMVER := +# No pre-setup +SWTPM_PRESETUP := true +endif + +#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh +TPMDIR=$(build)/$(BOARD)/vtpm +$(TPMDIR)/.manufacture: + mkdir -p "$(TPMDIR)" + $(SWTPM_PRESETUP) + swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram $(SWTPM_TPMVER) + touch "$(TPMDIR)/.manufacture" +ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 +# Default to 20G disk +QEMU_DISK_SIZE?=20G +$(ROOT_DISK_IMG): + qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) +# Remember the amount of memory so it doesn't have to be specified every time. +# Default to 4G, most bootable OSes are not usable with less. +QEMU_MEMORY_SIZE?=4G +MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory +$(MEMORY_SIZE_FILE): + @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" +USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw +$(USB_FD_IMG): + dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 + # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even + # though it is meaningful to use mkfs.vfat (etc.) as non-root + MKFS_VFAT=mkfs.vfat; \ + [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ + "$$MKFS_VFAT" "$(USB_FD_IMG)" +# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead +# of the temporary flash drive for exporting GPG keys. +ifneq "$(INSTALL_IMG)" "" +QEMU_USB_FD_IMG := $(INSTALL_IMG) +else +QEMU_USB_FD_IMG := $(USB_FD_IMG) +endif +# To forward a USB token, set USB_TOKEN to one of the following: +# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID +# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID +# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID +# - LibremKey - forwards a Librem Key by VID:PID +# - - Provide the QEMU usb-host parameters, such as +# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' +ifeq "$(USB_TOKEN)" "NitrokeyPro" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 +else ifeq "$(USB_TOKEN)" "NitrokeyStorage" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 +else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 +else ifeq "$(USB_TOKEN)" "LibremKey" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 +else ifneq "$(USB_TOKEN)" "" +QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" +endif + +run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) + swtpm socket \ + $(SWTPM_TPMVER) \ + --tpmstate dir="$(TPMDIR)" \ + --flags "startup-clear" \ + --terminate \ + --ctrl type=unixio,path="$(TPMDIR)/sock" & + sleep 0.5 + + -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ + --machine q35,accel=kvm:tcg \ + -rtc base=utc \ + -smp "$$(nproc)" \ + -vga std \ + -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ + -serial stdio \ + --bios "$(QEMU_BOOT_ROM)" \ + -object rng-random,filename=/dev/urandom,id=rng0 \ + -device virtio-rng-pci,rng=rng0 \ + -netdev user,id=u1 -device e1000,netdev=u1 \ + -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ + -tpmdev emulator,id=tpm0,chardev=chrtpm \ + -device tpm-tis,tpmdev=tpm0 \ + -device qemu-xhci,id=usb \ + -device usb-tablet \ + -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ + -device usb-storage,bus=usb.0,drive=usb-fd-drive \ + $(QEMU_USB_TOKEN_DEV) \ + + stty sane + @echo