tpm2vm #8
|
@ -1,4 +1,3 @@
|
||||||
## Build
|
|
||||||
FROM stagex/busybox:sx2024.08.1@sha256:8cb9360041cd17e8df33c5cbc6c223875045c0c249254367ed7e0eb445720757 AS busybox
|
FROM stagex/busybox:sx2024.08.1@sha256:8cb9360041cd17e8df33c5cbc6c223875045c0c249254367ed7e0eb445720757 AS busybox
|
||||||
FROM stagex/musl:sx2024.08.1@sha256:f888fcf45fabaaae3d0268bcec902ceb94edba7bf8d09ef6966ebb20e00b7127 AS musl
|
FROM stagex/musl:sx2024.08.1@sha256:f888fcf45fabaaae3d0268bcec902ceb94edba7bf8d09ef6966ebb20e00b7127 AS musl
|
||||||
FROM stagex/xorriso:sx2024.08.1@sha256:9ab45852aee077b68ea101173025be6e1cdbde93692efa4ee198e1960f02ab52 AS xorriso
|
FROM stagex/xorriso:sx2024.08.1@sha256:9ab45852aee077b68ea101173025be6e1cdbde93692efa4ee198e1960f02ab52 AS xorriso
|
||||||
|
@ -7,25 +6,6 @@ FROM stagex/cpio:sx2024.08.1@sha256:25afad810fbb9b1d02762030c3e43e07259a79627dbe
|
||||||
FROM stagex/xz:sx2024.08.1@sha256:f6ca72fc9096ef5f694b6b7f9b7ad323a571d9447eb5cc790042f72e69b9aad8 AS xz
|
FROM stagex/xz:sx2024.08.1@sha256:f6ca72fc9096ef5f694b6b7f9b7ad323a571d9447eb5cc790042f72e69b9aad8 AS xz
|
||||||
FROM stagex/grub:sx2024.08.1@sha256:5f382615881470e0cf9c670bead785507545a2b829b391247313f516c63355e3 AS grub
|
FROM stagex/grub:sx2024.08.1@sha256:5f382615881470e0cf9c670bead785507545a2b829b391247313f516c63355e3 AS grub
|
||||||
FROM stagex/mtools:sx2024.08.1@sha256:b6202dc29906ea8d7594bce604cb676f5335cc51e75e3f12b5f619e8fc27cc28 AS mtools
|
FROM stagex/mtools:sx2024.08.1@sha256:b6202dc29906ea8d7594bce604cb676f5335cc51e75e3f12b5f619e8fc27cc28 AS mtools
|
||||||
|
|
||||||
## Development
|
|
||||||
FROM stagex/gcc AS gcc
|
|
||||||
FROM stagex/glib AS glib
|
|
||||||
FROM stagex/alsa-lib AS alsa-lib
|
|
||||||
FROM stagex/lzo AS lzo
|
|
||||||
FROM stagex/dtc AS dtc
|
|
||||||
FROM stagex/zlib AS zlib
|
|
||||||
FROM stagex/numactl AS numactl
|
|
||||||
FROM stagex/libaio AS libaio
|
|
||||||
FROM stagex/libseccomp AS libseccomp
|
|
||||||
FROM stagex/libzstd AS libzstd
|
|
||||||
FROM stagex/libffi AS libffi
|
|
||||||
FROM stagex/libslirp AS libslirp
|
|
||||||
FROM stagex/seabios AS seabios
|
|
||||||
FROM stagex/ipxe AS ipxe
|
|
||||||
FROM stagex/qemu AS qemu
|
|
||||||
|
|
||||||
## Target
|
|
||||||
FROM stagex/linux-airgap:sx2024.08.1@sha256:a4fac3ca7795e171a4d1b3b634fdae1790d4f8d076f3c1ac8a38f3ece72e1ec5 AS linux-airgap
|
FROM stagex/linux-airgap:sx2024.08.1@sha256:a4fac3ca7795e171a4d1b3b634fdae1790d4f8d076f3c1ac8a38f3ece72e1ec5 AS linux-airgap
|
||||||
FROM stagex/eudev:sx2024.08.1@sha256:66020d28246af1d1e5f8fe3b5bca3da3cbfbd1f89cc1c616b7f8d13f61419026 AS eudev
|
FROM stagex/eudev:sx2024.08.1@sha256:66020d28246af1d1e5f8fe3b5bca3da3cbfbd1f89cc1c616b7f8d13f61419026 AS eudev
|
||||||
FROM stagex/ccid:sx2024.08.1@sha256:0f50ff4441d8b20ff73babab652fc0a563bce46385100240de4ae587012c9505 AS ccid
|
FROM stagex/ccid:sx2024.08.1@sha256:0f50ff4441d8b20ff73babab652fc0a563bce46385100240de4ae587012c9505 AS ccid
|
||||||
|
@ -53,6 +33,24 @@ FROM stagex/flashtools:sx2024.08.1@sha256:e2ac807475e66201ad50eee09bf9625ad0e97d
|
||||||
FROM stagex/libqrencode:sx2024.08.1@sha256:1927d17aaf1ad6a9910380714f0dd12c72c69f9ee1b19668bf4cc5f89cbc2b2d AS libqrencode
|
FROM stagex/libqrencode:sx2024.08.1@sha256:1927d17aaf1ad6a9910380714f0dd12c72c69f9ee1b19668bf4cc5f89cbc2b2d AS libqrencode
|
||||||
FROM stagex/util-linux:sx2024.08.1@sha256:41525597d1f5648dc2318da7779e3c5194b4e6d24cb07f2f616ac539bb094d04 AS util-linux
|
FROM stagex/util-linux:sx2024.08.1@sha256:41525597d1f5648dc2318da7779e3c5194b4e6d24cb07f2f616ac539bb094d04 AS util-linux
|
||||||
FROM stagex/opensc:sx2024.08.1@sha256:8da704d0078d445d3af0338764b9f3a87ba4841744c396c8eddef15466366553 AS opensc
|
FROM stagex/opensc:sx2024.08.1@sha256:8da704d0078d445d3af0338764b9f3a87ba4841744c396c8eddef15466366553 AS opensc
|
||||||
|
FROM stagex/gcc AS gcc
|
||||||
|
FROM stagex/glib AS glib
|
||||||
|
FROM stagex/alsa-lib AS alsa-lib
|
||||||
|
FROM stagex/lzo AS lzo
|
||||||
|
FROM stagex/dtc AS dtc
|
||||||
|
FROM stagex/zlib AS zlib
|
||||||
|
FROM stagex/numactl AS numactl
|
||||||
|
FROM stagex/libaio AS libaio
|
||||||
|
FROM stagex/libseccomp AS libseccomp
|
||||||
|
FROM stagex/libzstd AS libzstd
|
||||||
|
FROM stagex/libffi AS libffi
|
||||||
|
FROM stagex/libslirp AS libslirp
|
||||||
|
FROM stagex/seabios AS seabios
|
||||||
|
FROM stagex/ipxe AS ipxe
|
||||||
|
FROM stagex/qemu AS qemu
|
||||||
|
FROM stagex/libtpms AS libtpms
|
||||||
|
FROM stagex/swtpm AS swtpm
|
||||||
|
FROM stagex/curl AS curl
|
||||||
|
|
||||||
FROM scratch AS base
|
FROM scratch AS base
|
||||||
ARG VERSION development
|
ARG VERSION development
|
||||||
|
@ -67,6 +65,7 @@ COPY --from=cpio . /
|
||||||
COPY --from=mtools . /
|
COPY --from=mtools . /
|
||||||
COPY --from=xz . /
|
COPY --from=xz . /
|
||||||
COPY --from=grub . /
|
COPY --from=grub . /
|
||||||
|
COPY --from=util-linux . /
|
||||||
|
|
||||||
FROM base as dev
|
FROM base as dev
|
||||||
COPY --from=gcc . /
|
COPY --from=gcc . /
|
||||||
|
@ -84,6 +83,12 @@ COPY --from=libslirp . /
|
||||||
COPY --from=seabios . /
|
COPY --from=seabios . /
|
||||||
COPY --from=ipxe . /
|
COPY --from=ipxe . /
|
||||||
COPY --from=qemu . /
|
COPY --from=qemu . /
|
||||||
|
COPY --from=swtpm . /
|
||||||
|
COPY --from=openssl . /
|
||||||
|
COPY --from=curl . /
|
||||||
|
COPY --from=libtpms . /
|
||||||
|
COPY --from=tpm2-tss . /
|
||||||
|
COPY --from=tpm2-tools . /
|
||||||
|
|
||||||
FROM base AS build
|
FROM base AS build
|
||||||
|
|
||||||
|
@ -107,6 +112,7 @@ COPY --from=jq . initramfs
|
||||||
COPY --from=yq . initramfs
|
COPY --from=yq . initramfs
|
||||||
COPY --from=bc . initramfs
|
COPY --from=bc . initramfs
|
||||||
COPY --from=flashtools . initramfs
|
COPY --from=flashtools . initramfs
|
||||||
|
COPY --from=curl . initramfs
|
||||||
COPY --from=tpm2-tools . initramfs
|
COPY --from=tpm2-tools . initramfs
|
||||||
COPY --from=tpm2-tss . initramfs
|
COPY --from=tpm2-tss . initramfs
|
||||||
COPY --from=openssl . initramfs
|
COPY --from=openssl . initramfs
|
||||||
|
@ -190,8 +196,6 @@ COPY --from=syslinux \
|
||||||
## Build Hybrid EFI/BIOS ISO
|
## Build Hybrid EFI/BIOS ISO
|
||||||
FROM build AS install
|
FROM build AS install
|
||||||
ENV SOURCE_DATE_EPOCH=1
|
ENV SOURCE_DATE_EPOCH=1
|
||||||
# --set_all_file_dates='1'
|
|
||||||
# --modification-date='1970010100000000' \
|
|
||||||
RUN <<-EOF
|
RUN <<-EOF
|
||||||
set -eux
|
set -eux
|
||||||
find iso -exec touch -hcd "@0" "{}" +
|
find iso -exec touch -hcd "@0" "{}" +
|
||||||
|
@ -214,13 +218,8 @@ RUN <<-EOF
|
||||||
-isohybrid-gpt-basdat \
|
-isohybrid-gpt-basdat \
|
||||||
-follow-links \
|
-follow-links \
|
||||||
iso/
|
iso/
|
||||||
EOF
|
|
||||||
|
|
||||||
# Need sfdisk from util-linux
|
# Increase ISO size by 512 MB to create space for the third partition
|
||||||
COPY --from=util-linux . .
|
|
||||||
RUN <<-EOF
|
|
||||||
set -eux
|
|
||||||
# Increase the size of the ISO by 512 MB to create space for the third partition
|
|
||||||
dd if=/dev/zero bs=1M count=512 >> airgap.iso
|
dd if=/dev/zero bs=1M count=512 >> airgap.iso
|
||||||
|
|
||||||
# Append a new partition that uses the additional space
|
# Append a new partition that uses the additional space
|
||||||
|
@ -230,8 +229,8 @@ RUN <<-EOF
|
||||||
sfdisk --part-type airgap.iso 3 b
|
sfdisk --part-type airgap.iso 3 b
|
||||||
|
|
||||||
# Calculate the byte offset of the third partition
|
# Calculate the byte offset of the third partition
|
||||||
# This is done by finding the end of the first partition using fdisk, adding 1 sector,
|
# This is done by finding the end of the first partition using fdisk,
|
||||||
# and multiplying by 512 (since each sector is 512 bytes).
|
# adding 1 sector, and multiplying by 512 (since each sector is 512 bytes).
|
||||||
OFFSET=$(fdisk -l airgap.iso | awk '/^airgap.iso1/ {print ($4 + 1) * 512}')
|
OFFSET=$(fdisk -l airgap.iso | awk '/^airgap.iso1/ {print ($4 + 1) * 512}')
|
||||||
|
|
||||||
# Format the third partition as FAT32 and label it 'USER'
|
# Format the third partition as FAT32 and label it 'USER'
|
||||||
|
|
32
Makefile
32
Makefile
|
@ -49,18 +49,26 @@ shell: out/dev-shell.digest
|
||||||
|
|
||||||
.PHONY: vm
|
.PHONY: vm
|
||||||
vm: out/dev-shell.digest out/airgap.iso out/sdcard.img
|
vm: out/dev-shell.digest out/airgap.iso out/sdcard.img
|
||||||
docker run -it -v ./out:/out $(shell cat $<) \
|
docker run -it -v ./out:/out $(shell cat $<) sh -c "\
|
||||||
qemu-system-x86_64 \
|
swtpm socket \
|
||||||
-m 4G \
|
--tpmstate dir=. \
|
||||||
-machine pc \
|
--ctrl type=unixio,path=vtpm-sock \
|
||||||
-usb \
|
--tpm2 & \
|
||||||
-device sdhci-pci \
|
qemu-system-x86_64 \
|
||||||
-device sd-card,drive=external \
|
-m 4G \
|
||||||
-drive id=external,if=none,format=raw,file=out/sdcard.img \
|
-machine pc \
|
||||||
-device usb-storage,drive=usbdrive \
|
-chardev socket,id=chrtpm,path=vtpm-sock \
|
||||||
-drive id=usbdrive,if=none,format=raw,file=out/airgap.iso \
|
-tpmdev emulator,id=tpm0,chardev=chrtpm \
|
||||||
-boot order=c \
|
-device tpm-tis,tpmdev=tpm0 \
|
||||||
-nographic
|
-usb \
|
||||||
|
-device sdhci-pci \
|
||||||
|
-device sd-card,drive=external \
|
||||||
|
-drive id=external,if=none,format=raw,file=out/sdcard.img \
|
||||||
|
-device usb-storage,drive=usbdrive \
|
||||||
|
-drive id=usbdrive,if=none,format=raw,file=out/airgap.iso \
|
||||||
|
-boot order=c \
|
||||||
|
-nographic; \
|
||||||
|
"
|
||||||
|
|
||||||
## Signing, Verification, and Release Targets
|
## Signing, Verification, and Release Targets
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue