vm_create() now handles swtpm initialization gracefully:
- Pre-initializes swtpm state dir if /var/lib/libvirt/swtpm/ is writable
- Falls back to VM without TPM if swtpm setup fails (with clear warnings)
- Uses PID-suffixed paths for disk and ISO to avoid stale file conflicts
- Removed unused VM_DISK_PATH/VM_ISO_PATH globals (now local vars)
vm_destroy() cleanup:
- No longer references undefined local variables from vm_create
- Uses glob patterns to clean all VM files in /tmp/
- Explicitly preserves ISO in output/
Template changes:
- TPM is now @TPM_SECTION@ placeholder (injected based on swtpm availability)
- Allows same template to work with or without TPM
AGENTS.md additions:
- VM testing & swtpm setup documentation
- Direct QEMU alternative when libvirt has issues
- Session lessons: never delete ISO, never remove TPM, always test E2E
All 523 unit tests pass, 0 lint warnings.
💘 Generated with Crush
Assisted-by: GLM-5.1 via Crush <crush@charm.land>
Add complete Secure Boot implementation:
- Generate PK/KEK/db keys during ISO build
- Build Unified Kernel Image (UKI) bundling kernel+initramfs+cmdline
- Sign UKI with db key for Secure Boot verification
- Include kernel lockdown mode in cmdline (lockdown=confidentiality)
- Copy .auth files to ISO for UEFI key enrollment
All Secure Boot logic is embedded in run.sh as an inline binary hook
created during the Docker build process - no separate scripts.
Required packages added: efitools, sbsigntools, systemd-boot, binutils
VM template updated with TPM v2.0 for Secure Boot measurements.
💘 Generated with Crush
Assisted-by: GLM-4.7 via Crush <crush@charm.land>
virt-install requires storage pool driver which is not available on this
system. Switched to direct virsh define using XML template which works
without storage pools.
Changes:
- Replaced virt-install with virsh define + start
- Pre-create disk with qemu-img before VM definition
- Copy ISO to /var/lib/libvirt/images with proper ownership
- Use XML template with variable substitution
- VM now appears in virt-manager under QEMU/KVM connection
VM knel-football-test is now running and visible in virt-manager.
💘 Generated with Crush
Assisted-by: GLM-4.7 via Crush <crush@charm.land>
- All virsh commands now use qemu:///session explicitly
- Removed direct QEMU fallback (libvirt only)
- Added VM XML template in vm/template.xml with variable substitution
- Template generates UUID and MAC address dynamically
- VM is now properly defined AND started in libvirt
- Fixed vm_destroy, vm_console, vm_status, vm_is_running, vm_capture_screen
- Added UUID fallback using /proc/sys/kernel/random/uuid
Fixes issue where VMs were created but not visible/running in virt-manager.
💘 Generated with Crush
Assisted-by: GLM-5 via Crush <crush@charm.land>
