52 lines
1.6 KiB
Nix
52 lines
1.6 KiB
Nix
{
|
|
pkgs,
|
|
...
|
|
}:
|
|
pkgs.writeShellApplication {
|
|
name = "qemu-aarch64-uefi-tpm";
|
|
|
|
runtimeInputs = with pkgs; [
|
|
qemu
|
|
swtpm
|
|
];
|
|
|
|
text =
|
|
''
|
|
set -ex
|
|
state="/tmp/patos-qemu-$USER"
|
|
rm -rf "$state"
|
|
mkdir -m 700 "$state"
|
|
qemu-img create -f qcow2 -F raw -b "$(readlink -e "$1")" "$state/disk.qcow2" 2G
|
|
|
|
OVMF_FD=$(nix-build '<nixpkgs>' --no-out-link -A OVMF.fd --system aarch64-linux)
|
|
cp "$OVMF_FD/AAVMF/vars-template-pflash.raw" "$state/vars-pflash.raw"
|
|
chmod u+w "$state/vars-pflash.raw"
|
|
|
|
swtpm socket -d --tpmstate dir="$state" \
|
|
--ctrl type=unixio,path="$state/swtpm-sock" \
|
|
--tpm2 \
|
|
--log file="$state/swtpm.log",level=20
|
|
|
|
qemu-system-aarch64 \
|
|
-machine virt,gic-version=max \
|
|
-cpu max \
|
|
-smp 8 \
|
|
-m 4G \
|
|
-display none \
|
|
-chardev "stdio,id=char0,mux=on,logfile=$state/console.log,signal=off" \
|
|
-serial chardev:char0 \
|
|
-mon chardev=char0 \
|
|
-chardev socket,id=chrtpm,path="$state/swtpm-sock" \
|
|
-tpmdev emulator,id=tpm0,chardev=chrtpm \
|
|
-device tpm-tis-device,tpmdev=tpm0 \
|
|
-drive "if=pflash,format=raw,unit=0,readonly=on,file=$OVMF_FD/AAVMF/QEMU_EFI-pflash.raw" \
|
|
-drive "if=pflash,format=raw,unit=1,file=$state/vars-pflash.raw" \
|
|
-device virtio-gpu-pci \
|
|
-device virtio-net-pci,netdev=wan \
|
|
-netdev user,id=wan \
|
|
-device virtio-rng-pci,rng=rng0 \
|
|
-object rng-random,filename=/dev/urandom,id=rng0 \
|
|
-device virtio-serial-pci \
|
|
-drive "format=qcow2,if=virtio,file=$state/disk.qcow2"
|
|
'';
|
|
}
|