feat: TPM flag (#376)

2024-01-23 02:25:03 +01:00 · 2024-01-23 02:25:03 +01:00 · 78cb302c1b
commit 78cb302c1b
parent 63f1a1ec9f
2 changed files with 27 additions and 22 deletions
--- a/src/boot.sh
+++ b/src/boot.sh
@ -2,7 +2,7 @@
 set -Eeuo pipefail

 # Docker environment variables
-
+: "${TPM:="Y"}"         # Enable TPM
 : "${BOOT_MODE:="legacy"}"  # Boot mode

 SECURE=""
@ -56,14 +56,35 @@ if [[ "${BOOT_MODE,,}" != "legacy" ]]; then

  if [[ "${BOOT_MODE,,}" == "windows" ]]; then

-    BOOT_OPTS="$BOOT_OPTS -chardev socket,id=chrtpm,path=/run/swtpm-sock"
-    BOOT_OPTS="$BOOT_OPTS -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0"
    BOOT_OPTS="$BOOT_OPTS -global kvm-pit.lost_tick_policy=discard -global ICH9-LPC.disable_s3=1"

-    mkdir -p /dev/shm/tpm
-    chmod 755 /dev/shm/tpm
-    swtpm socket -t -d --tpmstate dir=/dev/shm/tpm --ctrl type=unixio,path=/run/swtpm-sock --tpm2
+    if [[ "$TPM" == [Yy1]* ]]; then

+      mkdir -p /dev/shm/tpm
+      chmod 755 /dev/shm/tpm
+      swtpm socket -t -d --tpmstate dir=/dev/shm/tpm --ctrl type=unixio,path=/run/swtpm-sock --tpm2
+
+      for (( i = 1; i < 50; i++ )); do
+
+        [ -S "/run/swtpm-sock" ] && break
+  
+        if (( i % 10 == 0 )); then
+          echo "Waiting for TPM socket to become available..."
+        fi
+
+        sleep 0.1
+
+      done
+
+      if [ ! -S "/run/swtpm-sock" ]; then
+        TPM="N"
+        error "TPM socket not found? Disabling TPM support..."
+      else
+        BOOT_OPTS="$BOOT_OPTS -chardev socket,id=chrtpm,path=/run/swtpm-sock"
+        BOOT_OPTS="$BOOT_OPTS -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0"
+      fi
+
+    fi
  fi

 fi
--- a/src/config.sh
+++ b/src/config.sh
@ -15,22 +15,6 @@ DEV_OPTS="$DEV_OPTS -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pcie.0,addr=0
 ARGS="$DEF_OPTS $CPU_OPTS $RAM_OPTS $MAC_OPTS $DISPLAY_OPTS $MON_OPTS $SERIAL_OPTS $NET_OPTS $DISK_OPTS $BOOT_OPTS $DEV_OPTS $USB_OPTS $ARGUMENTS"
 ARGS=$(echo "$ARGS" | sed 's/\t/ /g' | tr -s ' ')

-if [[ "${BOOT_MODE,,}" == "windows" ]]; then
-
-  for (( i = 0; i < 10; i++ )); do
-
-    [ -S "/run/swtpm-sock" ] && break
-    echo "Waiting for TPM socket to become available..."
-    sleep 1
-
-  done
-
-  if [ ! -S "/run/swtpm-sock" ]; then
-    error "TPM socket not found?" && exit 46
-  fi
-
-fi
-
 if [[ "${DISPLAY,,}" == "web" ]]; then
  rm -f /dev/shm/msg.html
  rm -f /dev/shm/index.html