qemu*tpm2*: Manufacture TPM2

Invoke swtpm_setup --create-config-files skip-if-exist to create local CA files under the current user account, so user does not need read/write access to /var/lib/swtpm-localca. Pass --tpm2 to manufacture a TPM2 instead of TPM1.2. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2025-01-18 02:39:59 +00:00 · 2023-02-22 10:42:32 -05:00 · 2023-02-22 10:42:32 -05:00 · ff8ec2fd5b
commit ff8ec2fd5b
parent 7ea606524b
4 changed files with 8 additions and 4 deletions
--- a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config
+++ b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config
@ -79,7 +79,8 @@ endif
 TPMDIR=$(build)/$(BOARD)/vtpm
 $(TPMDIR)/.manufacture:
 	mkdir -p "$(TPMDIR)"
-	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram
+	swtpm_setup --create-config-files skip-if-exist
+	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2
 	touch "$(TPMDIR)/.manufacture"
 ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2
 # Default to 20G disk
--- a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config
+++ b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config
@ -78,7 +78,8 @@ endif
 TPMDIR=$(build)/$(BOARD)/vtpm
 $(TPMDIR)/.manufacture:
 	mkdir -p "$(TPMDIR)"
-	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram
+	swtpm_setup --create-config-files skip-if-exist
+	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2
 	touch "$(TPMDIR)/.manufacture"
 ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2
 # Default to 20G disk
--- a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config
+++ b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config
@ -79,7 +79,8 @@ endif
 TPMDIR=$(build)/$(BOARD)/vtpm
 $(TPMDIR)/.manufacture:
 	mkdir -p "$(TPMDIR)"
-	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram
+	swtpm_setup --create-config-files skip-if-exist
+	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2
 	touch "$(TPMDIR)/.manufacture"
 ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2
 # Default to 20G disk
--- a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config
+++ b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config
@ -78,7 +78,8 @@ endif
 TPMDIR=$(build)/$(BOARD)/vtpm
 $(TPMDIR)/.manufacture:
 	mkdir -p "$(TPMDIR)"
-	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram
+	swtpm_setup --create-config-files skip-if-exist
+	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2
 	touch "$(TPMDIR)/.manufacture"
 ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2
 # Default to 20G disk