chore(qemu): enable secure boot
This commit is contained in:
parent
1fcccfcd7c
commit
3dec49b2e4
1 changed files with 5 additions and 2 deletions
|
|
@ -12,7 +12,7 @@ pkgs.writeShellApplication {
|
|||
|
||||
text =
|
||||
let
|
||||
tpmOVMF = pkgs.OVMF.override { tpmSupport = true; };
|
||||
tpmOVMF = pkgs.OVMF.override { tpmSupport = true; secureBoot = true; };
|
||||
in
|
||||
''
|
||||
set -ex
|
||||
|
|
@ -26,6 +26,9 @@ pkgs.writeShellApplication {
|
|||
--tpm2 \
|
||||
--log file="$state/swtpm.log",level=20
|
||||
|
||||
cp ${tpmOVMF.variables} "$state"
|
||||
chmod 700 "$state/OVMF_VARS.fd"
|
||||
|
||||
qemu-system-x86_64 \
|
||||
-enable-kvm \
|
||||
-machine q35,accel=kvm \
|
||||
|
|
@ -37,7 +40,7 @@ pkgs.writeShellApplication {
|
|||
-serial chardev:char0 \
|
||||
-mon chardev=char0 \
|
||||
-drive "if=pflash,format=raw,unit=0,readonly=on,file=${tpmOVMF.firmware}" \
|
||||
-drive "if=pflash,format=raw,unit=1,readonly=on,file=${tpmOVMF.variables}" \
|
||||
-drive "if=pflash,format=raw,unit=1,file=$state/OVMF_VARS.fd" \
|
||||
-chardev socket,id=chrtpm,path="$state/swtpm-sock" \
|
||||
-tpmdev emulator,id=tpm0,chardev=chrtpm \
|
||||
-device tpm-tis,tpmdev=tpm0 \
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue