{
  pkgs,
  ...
}:
pkgs.writeShellApplication {
  name = "qemu-uefi-tpm";

  runtimeInputs = with pkgs; [
    qemu
    swtpm
  ];

  text =
    let
      tpmOVMF = pkgs.OVMF.override { tpmSupport = true; };
    in
    ''
      set -ex
      # state="/tmp/patos-qemu-$USER"
      # rm -rf "$state"
      # mkdir -m 700 "$state"
      # qemu-img create -f qcow2 -F raw -b "$(readlink -e "$1")" "$state/disk.qcow2" 10G
      #
      # swtpm socket -d --tpmstate dir="$state" \
      #   --ctrl type=unixio,path="$state/swtpm-sock" \
      #   --tpm2 \
      #   --log level=20

      qemu-system-x86_64 \
        -enable-kvm \
        -machine q35,accel=kvm \
        -cpu host \
        -smp 8 \
        -m 4G \
        -display none \
        -nographic \
        -drive "if=pflash,format=raw,unit=0,readonly=on,file=${tpmOVMF.firmware}" \
        -drive "if=pflash,format=raw,unit=1,readonly=on,file=${tpmOVMF.variables}" \
        -netdev id=net00,type=user,hostfwd=tcp::2222-:22 \
        -device virtio-net-pci,netdev=net00 \
        -drive file=fat:rw:patos/,format=raw
    '';
}