Merge pull request #765 from sarthurdev/tpm_luks

2025-10-01 20:28:40 +02:00 · 2024-09-17 20:04:04 +02:00 · 2024-09-17 20:04:04 +02:00 · 2a53f210ee
commit 2a53f210ee
parent be867edddc 983e4ffd97
2 changed files with 10 additions and 24 deletions
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -87,7 +87,8 @@ RUN apt-get update && apt-get install -y \
      gosu \
      po4a \
      openssh-client \
-      jq
+      jq \
+      socat

 # Packages needed for vyos-build
 RUN apt-get update && apt-get install -y \
--- a/scripts/check-qemu-install
+++ b/scripts/check-qemu-install
@ -360,11 +360,15 @@ if args.qemu_cmd:
 test_timeout = 3 *3600 # 3 hours (in seconds)
 tpm_process = None
 try:
+    # Start TPM emulator
+    if args.tpmtest:
+        tpm_process = start_swtpm()
+
    #################################################
    # Installing image to disk
    #################################################
    log.info('Installing system')
-    cmd = get_qemu_cmd(qemu_name, args.uefi, args.disk, raid=diskname_raid, iso_img=args.iso, vnc_enabled=args.vnc, secure_boot=args.sbtest)
+    cmd = get_qemu_cmd(qemu_name, args.uefi, args.disk, raid=diskname_raid, tpm=args.tpmtest, iso_img=args.iso, vnc_enabled=args.vnc, secure_boot=args.sbtest)
    log.debug(f'Executing command: {cmd}')
    c = pexpect.spawn(cmd, logfile=stl, timeout=60)

@ -488,12 +492,6 @@ try:
    log.info('eject installation media')
    os.system(f'echo "eject -f drive-cd1" | socat - unix-connect:/tmp/qemu-monitor-socket-{args.disk}')

-    #################################################
-    # Powering down installer
-    #################################################
-    if args.tpmtest:
-        tpm_process = start_swtpm()
-
    #################################################
    # Booting installed system
    #################################################
@ -569,7 +567,7 @@ try:
        tpm_timeout = 600 # Give it 10 mins to encrypt

        # Verify TPM is loaded
-        c.sendline('ls /dev/tpm0')
+        c.sendline('find /dev -name tpm0')
        c.expect('/dev/tpm0')
        c.expect(op_mode_prompt)

@ -608,21 +606,8 @@ try:
        c.sendline('exit')
        c.expect(op_mode_prompt)

-        # Shutdown VM
-        shutdownVM(c, log, 'Shutdown VM after TPM encryption')
-
-        # Shutdown kills swtpm
-        tpm_process.join()
-        tpm_process.close()
-
-        # Start emulator again
-        tpm_process = start_swtpm()
-
-        # Booting back into VM
-        log.info('Booting TPM-backed system')
-        cmd = get_qemu_cmd(qemu_name, args.uefi, args.disk, raid=diskname_raid, tpm=args.tpmtest, vnc_enabled=args.vnc)
-        log.debug(f'Executing command: {cmd}')
-        c = pexpect.spawn(cmd, logfile=stl)
+        log.info('system installed, rebooting')
+        c.sendline('reboot now')

        try:
            c.expect('The highlighted entry will be executed automatically in', timeout=10)