Add TPM support.

This commit is contained in:
Martin Wimpress 2021-10-06 11:01:33 +01:00
parent 042634a801
commit 023185291e
No known key found for this signature in database
GPG key ID: 61DF940515E06DA3
3 changed files with 48 additions and 10 deletions

View file

@ -38,6 +38,7 @@ We have a Discord for this project: [![Discord](https://img.shields.io/discord/7
* [util-linux](https://github.com/karelzak/util-linux) * [util-linux](https://github.com/karelzak/util-linux)
* [sed](https://www.gnu.org/software/sed/) * [sed](https://www.gnu.org/software/sed/)
* [spicy](https://gitlab.freedesktop.org/spice/spice-gtk) * [spicy](https://gitlab.freedesktop.org/spice/spice-gtk)
* [swtpm](https://github.com/stefanberger/swtpm)
* [Wget](https://www.gnu.org/software/wget/) * [Wget](https://www.gnu.org/software/wget/)
* [xdg-user-dirs](https://www.freedesktop.org/wiki/Software/xdg-user-dirs/) * [xdg-user-dirs](https://www.freedesktop.org/wiki/Software/xdg-user-dirs/)
* [xrandr](https://gitlab.freedesktop.org/xorg/app/xrandr) * [xrandr](https://gitlab.freedesktop.org/xorg/app/xrandr)
@ -192,7 +193,7 @@ There are some considerations when running macOS via Quickemu.
* UHCI (USB 2.0) on macOS Catalina and earlier. * UHCI (USB 2.0) on macOS Catalina and earlier.
* XHCI (USB 3.0) on macOS Big Sur. * XHCI (USB 3.0) on macOS Big Sur.
* Display resolution can only be changed via macOS System Preferences. * Display resolution can only be changed via macOS System Preferences.
* Full Duplex audio works on macOS High Sierra, Mojave and Catalina is previous releases. * Full Duplex audio works on macOS High Sierra, Mojave and Catalina.
* **macOS Big Sur has no audio at all**. * **macOS Big Sur has no audio at all**.
* File sharing between guest and host is available via [virtio-9p](https://wiki.qemu.org/Documentation/9psetup). * File sharing between guest and host is available via [virtio-9p](https://wiki.qemu.org/Documentation/9psetup).
* **SPICE has limited support on macOS**: * **SPICE has limited support on macOS**:
@ -209,11 +210,11 @@ along with the [VirtIO drivers for Windows](https://fedorapeople.org/groups/virt
and creates a virtual machine configuration. and creates a virtual machine configuration.
```bash ```bash
quickget windows 10 quickget windows 11
quickemu --vm windows-10.conf quickemu --vm windows-11.conf
``` ```
* During the Windows 10 install you will be asked *"Where do you want to install Windows?"* * During the Windows install you will be asked *"Where do you want to install Windows?"*
* Click **Load driver** and **OK** the the dialogue box that pops up. * Click **Load driver** and **OK** the the dialogue box that pops up.
* Select `VirtIO SCSI controller (E:\amd64\w10\viostor.inf)` from the list and click **Next**. * Select `VirtIO SCSI controller (E:\amd64\w10\viostor.inf)` from the list and click **Next**.
* The disk will now be available for partitioning and formatting. * The disk will now be available for partitioning and formatting.
@ -232,20 +233,22 @@ By default `quickget` will download the *"English International"* release, but
you can optionally specify one of the supported languages: For example: you can optionally specify one of the supported languages: For example:
```bash ```bash
quickget windows 10 "Chinese (Traditional)" quickget windows 11 "Chinese (Traditional)"
``` ```
The default Windows 10 configuration looks like this: The default Windows 11 configuration looks like this:
```bash ```bash
guest_os="windows" guest_os="windows"
disk_img="windows-10/disk.qcow2" disk_img="windows-11/disk.qcow2"
iso="windows-10/Win10_21H1_English_x64.iso" iso="windows-11/Win11_EnglishInternational_x64.iso"
fixed_iso="windows-10/virtio-win.iso" fixed_iso="windows-11/virtio-win.iso"
tpm="on"
``` ```
* The `guest_os="windows"` line instructs `quickemu` to optimise for Windows. * The `guest_os="windows"` line instructs `quickemu` to optimise for Windows.
* The `fixed_iso=` line specifies the ISO image that provides VirtIO drivers. * The `fixed_iso=` line specifies the ISO image that provides VirtIO drivers.
* The `tpm="on"` line instucts `quickemu` to create a software emulated TPM device using `swtpm`.
# SPICE # SPICE
@ -283,7 +286,6 @@ Add additional lines to your virtual machine configuration:
* `ram="4G"` - Specify the amount of RAM to allocate to the VM * `ram="4G"` - Specify the amount of RAM to allocate to the VM
* `disk_size="16G"` - Specify the size of the virtual disk allocated to the VM * `disk_size="16G"` - Specify the size of the virtual disk allocated to the VM
## Disk preallocation ## Disk preallocation
Preallocation mode (allowed values: `off`, `metadata` (default), `falloc`, `full`). Preallocation mode (allowed values: `off`, `metadata` (default), `falloc`, `full`).
@ -357,6 +359,12 @@ commands to modify the USB device(s) access permissions, like this:
ERROR! USB permission changes are required 👆 ERROR! USB permission changes are required 👆
``` ```
# TPM
Since Quickemu 2.2.0 a software emulated TPM device can be added to guest
virtual machines. Just add `tpm="on"` to your VM configuration. `quickget` will
automatically add this line to Windows 11 virtual machines.
# All the options # All the options
Here are the usage instructions: Here are the usage instructions:
@ -462,6 +470,9 @@ Useful reference that assisted the development of Quickemu.
* <https://frontpagelinux.com/tutorials/how-to-use-linux-kvm-to-optimize-your-windows-10-virtual-machine/> * <https://frontpagelinux.com/tutorials/how-to-use-linux-kvm-to-optimize-your-windows-10-virtual-machine/>
* <https://turlucode.com/qemu-command-line-args/> * <https://turlucode.com/qemu-command-line-args/>
* <https://github.com/pbatard/Fido> * <https://github.com/pbatard/Fido>
* TPM
* <https://qemu-project.gitlab.io/qemu/specs/tpm.html>
* <https://www.tecklyfe.com/how-to-create-a-windows-11-virtual-machine-in-qemu/> * <https://www.tecklyfe.com/how-to-create-a-windows-11-virtual-machine-in-qemu/>
* 9p & virtiofs * 9p & virtiofs

View file

@ -422,6 +422,20 @@ function vm_boot() {
echo " - CD-ROM: ${fixed_iso}" echo " - CD-ROM: ${fixed_iso}"
fi fi
# Enable TPM
if [ "${tpm}" == "on" ]; then
if which swtpm > /dev/null; then
swtpm socket \
--ctrl type=unixio,path="${VMDIR}/${VMNAME}.swtpm-sock" \
--terminate \
--tpmstate dir="${VMDIR}" \
--tpm2 &
echo " - TPM: ${VMDIR}/${VMNAME}.swtpm-sock (${!})"
else
echo " - TPM: swtpm is not installed, TPM not available!"
fi
fi
local X_RES=1152 local X_RES=1152
local Y_RES=648 local Y_RES=648
if [ "${XDG_SESSION_TYPE}" == "x11" ]; then if [ "${XDG_SESSION_TYPE}" == "x11" ]; then
@ -685,6 +699,13 @@ function vm_boot() {
${USB_PASSTHROUGH}) ${USB_PASSTHROUGH})
fi fi
if [ "${tpm}" == "on" ] && [ -S "${VMDIR}/${VMNAME}.swtpm-sock" ]; then
# shellcheck disable=SC2054
args+=(-chardev socket,id=chrtpm,path="${VMDIR}/${VMNAME}.swtpm-sock"
-tpmdev emulator,id=tpm0,chardev=chrtpm
-device tpm-tis,tpmdev=tpm0)
fi
# The OSK parameter contains parenthesis, they need to be escaped in the shell scripts # The OSK parameter contains parenthesis, they need to be escaped in the shell scripts
# The vendor name, Wimpys World, contains a space. It needs to be double-quoted. # The vendor name, Wimpys World, contains a space. It needs to be double-quoted.
SHELL_ARGS="${args[*]}" SHELL_ARGS="${args[*]}"
@ -756,6 +777,7 @@ macos_release=""
port_forwards=() port_forwards=()
preallocation="metadata" preallocation="metadata"
ram="" ram=""
tpm="off"
usb_devices=() usb_devices=()

View file

@ -153,6 +153,11 @@ EOF
if [ "${OS}" == "macos" ]; then if [ "${OS}" == "macos" ]; then
echo "macos_release=\"${RELEASE}\"" >> "${OS}-${RELEASE}.conf" echo "macos_release=\"${RELEASE}\"" >> "${OS}-${RELEASE}.conf"
fi fi
# Enable TPM for Windows 11
if [ "${OS}" == "windows" ] && [ ${RELEASE} -ge 11 ]; then
echo "tpm=\"on\"" >> "${OS}-${RELEASE}.conf"
fi
fi fi
} }