diff --git a/Containerfile b/Containerfile index a087621..85b6ee9 100644 --- a/Containerfile +++ b/Containerfile @@ -1,4 +1,3 @@ -## Build FROM stagex/busybox:sx2024.08.1@sha256:8cb9360041cd17e8df33c5cbc6c223875045c0c249254367ed7e0eb445720757 AS busybox FROM stagex/musl:sx2024.08.1@sha256:f888fcf45fabaaae3d0268bcec902ceb94edba7bf8d09ef6966ebb20e00b7127 AS musl FROM stagex/xorriso:sx2024.08.1@sha256:9ab45852aee077b68ea101173025be6e1cdbde93692efa4ee198e1960f02ab52 AS xorriso @@ -7,25 +6,6 @@ FROM stagex/cpio:sx2024.08.1@sha256:25afad810fbb9b1d02762030c3e43e07259a79627dbe FROM stagex/xz:sx2024.08.1@sha256:f6ca72fc9096ef5f694b6b7f9b7ad323a571d9447eb5cc790042f72e69b9aad8 AS xz FROM stagex/grub:sx2024.08.1@sha256:5f382615881470e0cf9c670bead785507545a2b829b391247313f516c63355e3 AS grub FROM stagex/mtools:sx2024.08.1@sha256:b6202dc29906ea8d7594bce604cb676f5335cc51e75e3f12b5f619e8fc27cc28 AS mtools - -## Development -FROM stagex/gcc AS gcc -FROM stagex/glib AS glib -FROM stagex/alsa-lib AS alsa-lib -FROM stagex/lzo AS lzo -FROM stagex/dtc AS dtc -FROM stagex/zlib AS zlib -FROM stagex/numactl AS numactl -FROM stagex/libaio AS libaio -FROM stagex/libseccomp AS libseccomp -FROM stagex/libzstd AS libzstd -FROM stagex/libffi AS libffi -FROM stagex/libslirp AS libslirp -FROM stagex/seabios AS seabios -FROM stagex/ipxe AS ipxe -FROM stagex/qemu AS qemu - -## Target FROM stagex/linux-airgap:sx2024.08.1@sha256:a4fac3ca7795e171a4d1b3b634fdae1790d4f8d076f3c1ac8a38f3ece72e1ec5 AS linux-airgap FROM stagex/eudev:sx2024.08.1@sha256:66020d28246af1d1e5f8fe3b5bca3da3cbfbd1f89cc1c616b7f8d13f61419026 AS eudev FROM stagex/ccid:sx2024.08.1@sha256:0f50ff4441d8b20ff73babab652fc0a563bce46385100240de4ae587012c9505 AS ccid @@ -53,6 +33,24 @@ FROM stagex/flashtools:sx2024.08.1@sha256:e2ac807475e66201ad50eee09bf9625ad0e97d FROM stagex/libqrencode:sx2024.08.1@sha256:1927d17aaf1ad6a9910380714f0dd12c72c69f9ee1b19668bf4cc5f89cbc2b2d AS libqrencode FROM stagex/util-linux:sx2024.08.1@sha256:41525597d1f5648dc2318da7779e3c5194b4e6d24cb07f2f616ac539bb094d04 AS util-linux FROM stagex/opensc:sx2024.08.1@sha256:8da704d0078d445d3af0338764b9f3a87ba4841744c396c8eddef15466366553 AS opensc +FROM stagex/gcc AS gcc +FROM stagex/glib AS glib +FROM stagex/alsa-lib AS alsa-lib +FROM stagex/lzo AS lzo +FROM stagex/dtc AS dtc +FROM stagex/zlib AS zlib +FROM stagex/numactl AS numactl +FROM stagex/libaio AS libaio +FROM stagex/libseccomp AS libseccomp +FROM stagex/libzstd AS libzstd +FROM stagex/libffi AS libffi +FROM stagex/libslirp AS libslirp +FROM stagex/seabios AS seabios +FROM stagex/ipxe AS ipxe +FROM stagex/qemu AS qemu +FROM stagex/libtpms AS libtpms +FROM stagex/swtpm AS swtpm +FROM stagex/curl AS curl FROM scratch AS base ARG VERSION development @@ -67,6 +65,7 @@ COPY --from=cpio . / COPY --from=mtools . / COPY --from=xz . / COPY --from=grub . / +COPY --from=util-linux . / FROM base as dev COPY --from=gcc . / @@ -84,6 +83,12 @@ COPY --from=libslirp . / COPY --from=seabios . / COPY --from=ipxe . / COPY --from=qemu . / +COPY --from=swtpm . / +COPY --from=openssl . / +COPY --from=curl . / +COPY --from=libtpms . / +COPY --from=tpm2-tss . / +COPY --from=tpm2-tools . / FROM base AS build @@ -107,6 +112,7 @@ COPY --from=jq . initramfs COPY --from=yq . initramfs COPY --from=bc . initramfs COPY --from=flashtools . initramfs +COPY --from=curl . initramfs COPY --from=tpm2-tools . initramfs COPY --from=tpm2-tss . initramfs COPY --from=openssl . initramfs @@ -190,8 +196,6 @@ COPY --from=syslinux \ ## Build Hybrid EFI/BIOS ISO FROM build AS install ENV SOURCE_DATE_EPOCH=1 -# --set_all_file_dates='1' -# --modification-date='1970010100000000' \ RUN <<-EOF set -eux find iso -exec touch -hcd "@0" "{}" + @@ -214,13 +218,8 @@ RUN <<-EOF -isohybrid-gpt-basdat \ -follow-links \ iso/ -EOF -# Need sfdisk from util-linux -COPY --from=util-linux . . -RUN <<-EOF - set -eux - # Increase the size of the ISO by 512 MB to create space for the third partition + # Increase ISO size by 512 MB to create space for the third partition dd if=/dev/zero bs=1M count=512 >> airgap.iso # Append a new partition that uses the additional space @@ -230,8 +229,8 @@ RUN <<-EOF sfdisk --part-type airgap.iso 3 b # Calculate the byte offset of the third partition - # This is done by finding the end of the first partition using fdisk, adding 1 sector, - # and multiplying by 512 (since each sector is 512 bytes). + # This is done by finding the end of the first partition using fdisk, + # adding 1 sector, and multiplying by 512 (since each sector is 512 bytes). OFFSET=$(fdisk -l airgap.iso | awk '/^airgap.iso1/ {print ($4 + 1) * 512}') # Format the third partition as FAT32 and label it 'USER' diff --git a/Makefile b/Makefile index 00ca0a7..3b26b96 100644 --- a/Makefile +++ b/Makefile @@ -49,18 +49,26 @@ shell: out/dev-shell.digest .PHONY: vm vm: out/dev-shell.digest out/airgap.iso out/sdcard.img - docker run -it -v ./out:/out $(shell cat $<) \ - qemu-system-x86_64 \ - -m 4G \ - -machine pc \ - -usb \ - -device sdhci-pci \ - -device sd-card,drive=external \ - -drive id=external,if=none,format=raw,file=out/sdcard.img \ - -device usb-storage,drive=usbdrive \ - -drive id=usbdrive,if=none,format=raw,file=out/airgap.iso \ - -boot order=c \ - -nographic + docker run -it -v ./out:/out $(shell cat $<) sh -c "\ + swtpm socket \ + --tpmstate dir=. \ + --ctrl type=unixio,path=vtpm-sock \ + --tpm2 & \ + qemu-system-x86_64 \ + -m 4G \ + -machine pc \ + -chardev socket,id=chrtpm,path=vtpm-sock \ + -tpmdev emulator,id=tpm0,chardev=chrtpm \ + -device tpm-tis,tpmdev=tpm0 \ + -usb \ + -device sdhci-pci \ + -device sd-card,drive=external \ + -drive id=external,if=none,format=raw,file=out/sdcard.img \ + -device usb-storage,drive=usbdrive \ + -drive id=usbdrive,if=none,format=raw,file=out/airgap.iso \ + -boot order=c \ + -nographic; \ + " ## Signing, Verification, and Release Targets