From 023185291ec9e850a2d53e37592f5f24cbb0e1c7 Mon Sep 17 00:00:00 2001 From: Martin Wimpress Date: Wed, 6 Oct 2021 11:01:33 +0100 Subject: [PATCH] Add TPM support. --- README.md | 31 +++++++++++++++++++++---------- quickemu | 22 ++++++++++++++++++++++ quickget | 5 +++++ 3 files changed, 48 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index c58e06e..986d948 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,7 @@ We have a Discord for this project: [![Discord](https://img.shields.io/discord/7 * [util-linux](https://github.com/karelzak/util-linux) * [sed](https://www.gnu.org/software/sed/) * [spicy](https://gitlab.freedesktop.org/spice/spice-gtk) + * [swtpm](https://github.com/stefanberger/swtpm) * [Wget](https://www.gnu.org/software/wget/) * [xdg-user-dirs](https://www.freedesktop.org/wiki/Software/xdg-user-dirs/) * [xrandr](https://gitlab.freedesktop.org/xorg/app/xrandr) @@ -192,7 +193,7 @@ There are some considerations when running macOS via Quickemu. * UHCI (USB 2.0) on macOS Catalina and earlier. * XHCI (USB 3.0) on macOS Big Sur. * Display resolution can only be changed via macOS System Preferences. - * Full Duplex audio works on macOS High Sierra, Mojave and Catalina is previous releases. + * Full Duplex audio works on macOS High Sierra, Mojave and Catalina. * **macOS Big Sur has no audio at all**. * File sharing between guest and host is available via [virtio-9p](https://wiki.qemu.org/Documentation/9psetup). * **SPICE has limited support on macOS**: @@ -209,11 +210,11 @@ along with the [VirtIO drivers for Windows](https://fedorapeople.org/groups/virt and creates a virtual machine configuration. ```bash -quickget windows 10 -quickemu --vm windows-10.conf +quickget windows 11 +quickemu --vm windows-11.conf ``` - * During the Windows 10 install you will be asked *"Where do you want to install Windows?"* + * During the Windows install you will be asked *"Where do you want to install Windows?"* * Click **Load driver** and **OK** the the dialogue box that pops up. * Select `VirtIO SCSI controller (E:\amd64\w10\viostor.inf)` from the list and click **Next**. * The disk will now be available for partitioning and formatting. @@ -232,20 +233,22 @@ By default `quickget` will download the *"English International"* release, but you can optionally specify one of the supported languages: For example: ```bash -quickget windows 10 "Chinese (Traditional)" +quickget windows 11 "Chinese (Traditional)" ``` -The default Windows 10 configuration looks like this: +The default Windows 11 configuration looks like this: ```bash guest_os="windows" -disk_img="windows-10/disk.qcow2" -iso="windows-10/Win10_21H1_English_x64.iso" -fixed_iso="windows-10/virtio-win.iso" +disk_img="windows-11/disk.qcow2" +iso="windows-11/Win11_EnglishInternational_x64.iso" +fixed_iso="windows-11/virtio-win.iso" +tpm="on" ``` * The `guest_os="windows"` line instructs `quickemu` to optimise for Windows. * The `fixed_iso=` line specifies the ISO image that provides VirtIO drivers. + * The `tpm="on"` line instucts `quickemu` to create a software emulated TPM device using `swtpm`. # SPICE @@ -283,7 +286,6 @@ Add additional lines to your virtual machine configuration: * `ram="4G"` - Specify the amount of RAM to allocate to the VM * `disk_size="16G"` - Specify the size of the virtual disk allocated to the VM - ## Disk preallocation Preallocation mode (allowed values: `off`, `metadata` (default), `falloc`, `full`). @@ -357,6 +359,12 @@ commands to modify the USB device(s) access permissions, like this: ERROR! USB permission changes are required 👆 ``` +# TPM + +Since Quickemu 2.2.0 a software emulated TPM device can be added to guest +virtual machines. Just add `tpm="on"` to your VM configuration. `quickget` will +automatically add this line to Windows 11 virtual machines. + # All the options Here are the usage instructions: @@ -462,6 +470,9 @@ Useful reference that assisted the development of Quickemu. * * * + + * TPM + * * * 9p & virtiofs diff --git a/quickemu b/quickemu index f80804c..84032e9 100755 --- a/quickemu +++ b/quickemu @@ -422,6 +422,20 @@ function vm_boot() { echo " - CD-ROM: ${fixed_iso}" fi + # Enable TPM + if [ "${tpm}" == "on" ]; then + if which swtpm > /dev/null; then + swtpm socket \ + --ctrl type=unixio,path="${VMDIR}/${VMNAME}.swtpm-sock" \ + --terminate \ + --tpmstate dir="${VMDIR}" \ + --tpm2 & + echo " - TPM: ${VMDIR}/${VMNAME}.swtpm-sock (${!})" + else + echo " - TPM: swtpm is not installed, TPM not available!" + fi + fi + local X_RES=1152 local Y_RES=648 if [ "${XDG_SESSION_TYPE}" == "x11" ]; then @@ -685,6 +699,13 @@ function vm_boot() { ${USB_PASSTHROUGH}) fi + if [ "${tpm}" == "on" ] && [ -S "${VMDIR}/${VMNAME}.swtpm-sock" ]; then + # shellcheck disable=SC2054 + args+=(-chardev socket,id=chrtpm,path="${VMDIR}/${VMNAME}.swtpm-sock" + -tpmdev emulator,id=tpm0,chardev=chrtpm + -device tpm-tis,tpmdev=tpm0) + fi + # The OSK parameter contains parenthesis, they need to be escaped in the shell scripts # The vendor name, Wimpys World, contains a space. It needs to be double-quoted. SHELL_ARGS="${args[*]}" @@ -756,6 +777,7 @@ macos_release="" port_forwards=() preallocation="metadata" ram="" +tpm="off" usb_devices=() diff --git a/quickget b/quickget index 8cfef4a..0e449a5 100755 --- a/quickget +++ b/quickget @@ -153,6 +153,11 @@ EOF if [ "${OS}" == "macos" ]; then echo "macos_release=\"${RELEASE}\"" >> "${OS}-${RELEASE}.conf" fi + + # Enable TPM for Windows 11 + if [ "${OS}" == "windows" ] && [ ${RELEASE} -ge 11 ]; then + echo "tpm=\"on\"" >> "${OS}-${RELEASE}.conf" + fi fi }