chore: add qemu script to launch aarch64 image

2025-06-13 10:26:57 +02:00 · 2025-06-13 10:26:57 +02:00 · 217ff2d4a8
commit 217ff2d4a8
parent 52a38d60c0
2 changed files with 55 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -38,6 +38,7 @@
          image-aarch64 = pkgsCross.callPackage ./pkgs/image { inherit version updateUrl secureBoot; };

          qemu-uefi-tpm = pkgs.callPackage ./utils/qemu-uefi-tpm.nix { };
+          qemu-aarch64-uefi-tpm = pkgs.callPackage ./utils/qemu-aarch64-uefi-tpm.nix { };

          firewall-sysext = pkgs.callPackage ./lib/make-sysext.nix {
            name = "firewall-tools";
--- a/utils/qemu-aarch64-uefi-tpm.nix
+++ b/utils/qemu-aarch64-uefi-tpm.nix
@ -0,0 +1,54 @@
+{
+  pkgs,
+  ...
+}:
+pkgs.writeShellApplication {
+  name = "qemu-aarch64-uefi-tpm";
+
+  runtimeInputs = with pkgs; [
+    qemu
+    swtpm
+  ];
+
+  text =
+    let
+      tpmOVMF = pkgs.OVMF.override {
+        tpmSupport = true;
+        secureBoot = true;
+      };
+    in
+    ''
+      set -ex
+      state="/tmp/patos-qemu-$USER"
+      rm -rf "$state"
+      mkdir -m 700 "$state"
+      qemu-img create -f qcow2 -F raw -b "$(readlink -e "$1")" "$state/disk.qcow2" 2G
+
+      OVMF_FD=$(nix-build '<nixpkgs>' --no-out-link -A OVMF.fd --system aarch64-linux)
+      cp "$OVMF_FD/AAVMF/vars-template-pflash.raw" "$state/vars-pflash.raw"
+      chmod u+w "$state/vars-pflash.raw"
+
+      # swtpm socket -d --tpmstate dir="$state" \
+      #   --ctrl type=unixio,path="$state/swtpm-sock" \
+      #   --tpm2 \
+      #   --log file="$state/swtpm.log",level=20
+
+      qemu-system-aarch64 \
+        -machine virt,gic-version=max \
+        -cpu max \
+        -smp 8 \
+        -m 4G \
+        -display none \
+        -serial stdio \
+        -drive "if=pflash,format=raw,unit=0,readonly=on,file=$OVMF_FD/AAVMF/QEMU_EFI-pflash.raw" \
+        -drive "if=pflash,format=raw,unit=1,file=$state/vars-pflash.raw" \
+        -device virtio-scsi-pci \
+        -device virtio-gpu-pci \
+        -device virtio-net-pci,netdev=wan \
+        -netdev user,id=wan \
+        -device virtio-rng-pci,rng=rng0 \
+        -object rng-random,filename=/dev/urandom,id=rng0 \
+        -device virtio-serial-pci \
+        -drive "format=qcow2,file=$state/disk.qcow2"
+    '';
+}