fix: Remove secure boot (#2)

Dockerfile

@@ -9,7 +9,6 @@ RUN apt-get update \
         tini \
         wget \
         nginx \
-        swtpm \
         procps \
         seabios \        
         iptables \

src/boot.sh

@@ -2,13 +2,11 @@
 set -Eeuo pipefail
 
 # Docker environment variables
-: "${TPM:="Y"}"                 # Enable TPM
 : "${BIOS:=""}"                 # Bios file
 : "${BOOT_MODE:="uefi"}"        # Boot mode
 
-SECURE=""
+BOOT_OPTS=""
 DIR="/usr/share/qemu"
-BOOT_OPTS="-device ramfb"
 
 case "${BOOT_MODE,,}" in
   uefi)
@@ -51,50 +49,7 @@ if [ ! -f "$DEST.vars" ]; then
   cp "$AAVMF/$VARS" "$DEST.vars"
 fi
 
-if [[ "${BOOT_MODE,,}" != "uefi" ]]; then
-  SECURE=",smm=on"
-  BOOT_OPTS="$BOOT_OPTS -global driver=cfi.pflash01,property=secure,value=on"
-fi
-
 BOOT_OPTS="$BOOT_OPTS -drive file=$DEST.rom,if=pflash,unit=0,format=raw,readonly=on"
 BOOT_OPTS="$BOOT_OPTS -drive file=$DEST.vars,if=pflash,unit=1,format=raw"
 
-if [[ "${BOOT_MODE,,}" == "windows" ]]; then
-
-  BOOT_OPTS="$BOOT_OPTS -global kvm-pit.lost_tick_policy=discard -global ICH9-LPC.disable_s3=1"
-
-  if [[ "$TPM" == [Yy1]* ]]; then
-
-    rm -rf /run/shm/tpm
-    rm -f /var/run/tpm.pid
-    mkdir -p /run/shm/tpm
-    chmod 755 /run/shm/tpm
-
-    if ! swtpm socket -t -d --tpmstate dir=/run/shm/tpm --ctrl type=unixio,path=/run/swtpm-sock --pid file=/var/run/tpm.pid --tpm2; then
-      error "Failed to start TPM emulator, reason: $?" && exit 19
-    fi
-
-    for (( i = 1; i < 20; i++ )); do
-
-      [ -S "/run/swtpm-sock" ] && break
-
-      if (( i % 10 == 0 )); then
-        echo "Waiting for TPM socket to become available..."
-      fi
-
-      sleep 0.1
-
-    done
-
-    if [ ! -S "/run/swtpm-sock" ]; then
-      TPM="N"
-      error "TPM socket not found? Disabling TPM support..."
-    else
-      BOOT_OPTS="$BOOT_OPTS -chardev socket,id=chrtpm,path=/run/swtpm-sock"
-      BOOT_OPTS="$BOOT_OPTS -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0"
-    fi
-
-  fi
-fi
-
 return 0

src/config.sh

@@ -11,7 +11,7 @@ MON_OPTS="-monitor $MONITOR"
 USB_OPTS="-device $USB -device usb-kbd -device usb-tablet"
 RAM_OPTS=$(echo "-m $RAM_SIZE" | sed 's/MB/M/g;s/GB/G/g;s/TB/T/g')
 CPU_OPTS="-cpu $CPU_FLAGS -smp $CPU_CORES,sockets=1,dies=1,cores=$CPU_CORES,threads=1"
-MAC_OPTS="-machine type=${MACHINE}${SECURE},graphics=off,dump-guest-core=off,${KVM_OPTS}"
+MAC_OPTS="-machine type=${MACHINE},dump-guest-core=off,${KVM_OPTS}"
 DEV_OPTS="-device virtio-balloon-pci,id=balloon0,bus=pcie.0,addr=0x4"
 DEV_OPTS="$DEV_OPTS -object rng-random,id=objrng0,filename=/dev/urandom"
 DEV_OPTS="$DEV_OPTS -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pcie.0,addr=0x1c"

src/display.sh

@@ -3,8 +3,8 @@ set -Eeuo pipefail
 
 # Docker environment variables
 
-: "${DISPLAY:="web"}"           # Display
+: "${DISPLAY:="web"}"       # Display type
-: "${VGA:="virtio-gpu"}"        # GPU model
+: "${VGA:="virtio-gpu"}"    # VGA adaptor
 
 case "${DISPLAY,,}" in
   vnc)
@@ -13,6 +13,9 @@ case "${DISPLAY,,}" in
   web)
     DISPLAY_OPTS="-display vnc=:0,websocket=5700 -device $VGA"
     ;;
+  ramfb)
+    DISPLAY_OPTS="-display vnc=:0,websocket=5700 -device ramfb"
+    ;;    
   none)
     DISPLAY_OPTS="-display none"
     ;;