diff options
| author | Raito Bezarius <masterancpp@gmail.com> | 2023-04-30 04:02:15 +0200 |
|---|---|---|
| committer | Raito Bezarius <masterancpp@gmail.com> | 2023-10-22 16:01:37 +0200 |
| commit | 25872524f0ed0e16c382754d8d10ddb44c23c50c (patch) | |
| tree | 4b60e65556125459f588456e5cfd079c453a7f55 | |
| parent | 14cc255189a3862bde6dba8e72685c6c17e91934 (diff) | |
| download | nixpkgs-25872524f0ed0e16c382754d8d10ddb44c23c50c.tar nixpkgs-25872524f0ed0e16c382754d8d10ddb44c23c50c.tar.gz nixpkgs-25872524f0ed0e16c382754d8d10ddb44c23c50c.tar.bz2 nixpkgs-25872524f0ed0e16c382754d8d10ddb44c23c50c.tar.lz nixpkgs-25872524f0ed0e16c382754d8d10ddb44c23c50c.tar.xz nixpkgs-25872524f0ed0e16c382754d8d10ddb44c23c50c.tar.zst nixpkgs-25872524f0ed0e16c382754d8d10ddb44c23c50c.zip | |
nixos/qemu-vm: add `virtualisation.tpm` for running TPM in QEMU infrastructure
| -rw-r--r-- | nixos/modules/virtualisation/qemu-vm.nix | 44 |
1 files changed, 43 insertions, 1 deletions
diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index d0a5ddd87cc..a1606839b6c 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -198,6 +198,16 @@ let fi ''} + ${lib.optionalString cfg.tpm.enable '' + NIX_SWTPM_DIR=$(readlink -f "''${NIX_SWTPM_DIR:-${config.system.name}-swtpm}") + mkdir -p "$NIX_SWTPM_DIR" + ${lib.getExe cfg.tpm.package} \ + socket \ + --tpmstate dir="$NIX_SWTPM_DIR" \ + --ctrl type=unixio,path="$NIX_SWTPM_DIR"/socket \ + "--tpm2" 1>"$NIX_SWTPM_DIR"/stdout 2>"$NIX_SWTPM_DIR"/stderr & + ''} + cd "$TMPDIR" ${lib.optionalString (cfg.emptyDiskImages != []) "idx=0"} @@ -862,6 +872,32 @@ in }; }; + virtualisation.tpm = { + enable = mkEnableOption "a TPM device in the virtual machine with a driver, using swtpm."; + + package = mkPackageOptionMD cfg.host.pkgs "swtpm" { }; + + deviceModel = mkOption { + type = types.str; + default = ({ + "i686-linux" = "tpm-tis"; + "x86_64-linux" = "tpm-tis"; + "ppc64-linux" = "tpm-spapr"; + "armv7-linux" = "tpm-tis-device"; + "aarch64-linux" = "tpm-tis-device"; + }.${pkgs.hostPlatform.system} or (throw "Unsupported system for TPM2 emulation in QEMU")); + defaultText = '' + Based on the guest platform Linux system: + + - `tpm-tis` for (i686, x86_64) + - `tpm-spapr` for ppc64 + - `tpm-tis-device` for (armv7, aarch64) + ''; + example = "tpm-tis-device"; + description = lib.mdDoc "QEMU device model for the TPM, uses the appropriate default based on th guest platform system and the package passed."; + }; + }; + virtualisation.useDefaultFilesystems = mkOption { type = types.bool; @@ -1027,7 +1063,8 @@ in boot.initrd.availableKernelModules = optional cfg.writableStore "overlay" - ++ optional (cfg.qemu.diskInterface == "scsi") "sym53c8xx"; + ++ optional (cfg.qemu.diskInterface == "scsi") "sym53c8xx" + ++ optional (cfg.tpm.enable) "tpm_tis"; virtualisation.additionalPaths = [ config.system.build.toplevel ]; @@ -1098,6 +1135,11 @@ in (mkIf (!cfg.graphics) [ "-nographic" ]) + (mkIf (cfg.tpm.enable) [ + "-chardev socket,id=chrtpm,path=\"$NIX_SWTPM_DIR\"/socket" + "-tpmdev emulator,id=tpm_dev_0,chardev=chrtpm" + "-device ${cfg.tpm.deviceModel},tpmdev=tpm_dev_0" + ]) ]; virtualisation.qemu.drives = mkMerge [ |