tpm2vm #8
|
@ -1,4 +1,3 @@
|
|||
## Build
|
||||
FROM stagex/busybox:sx2024.08.1@sha256:8cb9360041cd17e8df33c5cbc6c223875045c0c249254367ed7e0eb445720757 AS busybox
|
||||
FROM stagex/musl:sx2024.08.1@sha256:f888fcf45fabaaae3d0268bcec902ceb94edba7bf8d09ef6966ebb20e00b7127 AS musl
|
||||
FROM stagex/xorriso:sx2024.08.1@sha256:9ab45852aee077b68ea101173025be6e1cdbde93692efa4ee198e1960f02ab52 AS xorriso
|
||||
|
@ -7,25 +6,6 @@ FROM stagex/cpio:sx2024.08.1@sha256:25afad810fbb9b1d02762030c3e43e07259a79627dbe
|
|||
FROM stagex/xz:sx2024.08.1@sha256:f6ca72fc9096ef5f694b6b7f9b7ad323a571d9447eb5cc790042f72e69b9aad8 AS xz
|
||||
FROM stagex/grub:sx2024.08.1@sha256:5f382615881470e0cf9c670bead785507545a2b829b391247313f516c63355e3 AS grub
|
||||
FROM stagex/mtools:sx2024.08.1@sha256:b6202dc29906ea8d7594bce604cb676f5335cc51e75e3f12b5f619e8fc27cc28 AS mtools
|
||||
|
||||
## Development
|
||||
FROM stagex/gcc AS gcc
|
||||
FROM stagex/glib AS glib
|
||||
FROM stagex/alsa-lib AS alsa-lib
|
||||
FROM stagex/lzo AS lzo
|
||||
FROM stagex/dtc AS dtc
|
||||
FROM stagex/zlib AS zlib
|
||||
FROM stagex/numactl AS numactl
|
||||
FROM stagex/libaio AS libaio
|
||||
FROM stagex/libseccomp AS libseccomp
|
||||
FROM stagex/libzstd AS libzstd
|
||||
FROM stagex/libffi AS libffi
|
||||
FROM stagex/libslirp AS libslirp
|
||||
FROM stagex/seabios AS seabios
|
||||
FROM stagex/ipxe AS ipxe
|
||||
FROM stagex/qemu AS qemu
|
||||
|
||||
## Target
|
||||
FROM stagex/linux-airgap:sx2024.08.1@sha256:a4fac3ca7795e171a4d1b3b634fdae1790d4f8d076f3c1ac8a38f3ece72e1ec5 AS linux-airgap
|
||||
FROM stagex/eudev:sx2024.08.1@sha256:66020d28246af1d1e5f8fe3b5bca3da3cbfbd1f89cc1c616b7f8d13f61419026 AS eudev
|
||||
FROM stagex/ccid:sx2024.08.1@sha256:0f50ff4441d8b20ff73babab652fc0a563bce46385100240de4ae587012c9505 AS ccid
|
||||
|
@ -53,6 +33,24 @@ FROM stagex/flashtools:sx2024.08.1@sha256:e2ac807475e66201ad50eee09bf9625ad0e97d
|
|||
FROM stagex/libqrencode:sx2024.08.1@sha256:1927d17aaf1ad6a9910380714f0dd12c72c69f9ee1b19668bf4cc5f89cbc2b2d AS libqrencode
|
||||
FROM stagex/util-linux:sx2024.08.1@sha256:41525597d1f5648dc2318da7779e3c5194b4e6d24cb07f2f616ac539bb094d04 AS util-linux
|
||||
FROM stagex/opensc:sx2024.08.1@sha256:8da704d0078d445d3af0338764b9f3a87ba4841744c396c8eddef15466366553 AS opensc
|
||||
FROM stagex/gcc AS gcc
|
||||
FROM stagex/glib AS glib
|
||||
FROM stagex/alsa-lib AS alsa-lib
|
||||
FROM stagex/lzo AS lzo
|
||||
FROM stagex/dtc AS dtc
|
||||
FROM stagex/zlib AS zlib
|
||||
FROM stagex/numactl AS numactl
|
||||
FROM stagex/libaio AS libaio
|
||||
FROM stagex/libseccomp AS libseccomp
|
||||
FROM stagex/libzstd AS libzstd
|
||||
FROM stagex/libffi AS libffi
|
||||
FROM stagex/libslirp AS libslirp
|
||||
FROM stagex/seabios AS seabios
|
||||
FROM stagex/ipxe AS ipxe
|
||||
FROM stagex/qemu AS qemu
|
||||
FROM stagex/libtpms AS libtpms
|
||||
FROM stagex/swtpm AS swtpm
|
||||
FROM stagex/curl AS curl
|
||||
|
||||
FROM scratch AS base
|
||||
ARG VERSION development
|
||||
|
@ -67,6 +65,7 @@ COPY --from=cpio . /
|
|||
COPY --from=mtools . /
|
||||
COPY --from=xz . /
|
||||
COPY --from=grub . /
|
||||
COPY --from=util-linux . /
|
||||
|
||||
FROM base as dev
|
||||
COPY --from=gcc . /
|
||||
|
@ -84,6 +83,12 @@ COPY --from=libslirp . /
|
|||
COPY --from=seabios . /
|
||||
COPY --from=ipxe . /
|
||||
COPY --from=qemu . /
|
||||
COPY --from=swtpm . /
|
||||
COPY --from=openssl . /
|
||||
COPY --from=curl . /
|
||||
COPY --from=libtpms . /
|
||||
COPY --from=tpm2-tss . /
|
||||
COPY --from=tpm2-tools . /
|
||||
|
||||
FROM base AS build
|
||||
|
||||
|
@ -107,6 +112,7 @@ COPY --from=jq . initramfs
|
|||
COPY --from=yq . initramfs
|
||||
COPY --from=bc . initramfs
|
||||
COPY --from=flashtools . initramfs
|
||||
COPY --from=curl . initramfs
|
||||
COPY --from=tpm2-tools . initramfs
|
||||
COPY --from=tpm2-tss . initramfs
|
||||
COPY --from=openssl . initramfs
|
||||
|
@ -190,8 +196,6 @@ COPY --from=syslinux \
|
|||
## Build Hybrid EFI/BIOS ISO
|
||||
FROM build AS install
|
||||
ENV SOURCE_DATE_EPOCH=1
|
||||
# --set_all_file_dates='1'
|
||||
# --modification-date='1970010100000000' \
|
||||
RUN <<-EOF
|
||||
set -eux
|
||||
find iso -exec touch -hcd "@0" "{}" +
|
||||
|
@ -214,13 +218,8 @@ RUN <<-EOF
|
|||
-isohybrid-gpt-basdat \
|
||||
-follow-links \
|
||||
iso/
|
||||
EOF
|
||||
|
||||
# Need sfdisk from util-linux
|
||||
COPY --from=util-linux . .
|
||||
RUN <<-EOF
|
||||
set -eux
|
||||
# Increase the size of the ISO by 512 MB to create space for the third partition
|
||||
# Increase ISO size by 512 MB to create space for the third partition
|
||||
dd if=/dev/zero bs=1M count=512 >> airgap.iso
|
||||
|
||||
# Append a new partition that uses the additional space
|
||||
|
@ -230,8 +229,8 @@ RUN <<-EOF
|
|||
sfdisk --part-type airgap.iso 3 b
|
||||
|
||||
# Calculate the byte offset of the third partition
|
||||
# This is done by finding the end of the first partition using fdisk, adding 1 sector,
|
||||
# and multiplying by 512 (since each sector is 512 bytes).
|
||||
# This is done by finding the end of the first partition using fdisk,
|
||||
# adding 1 sector, and multiplying by 512 (since each sector is 512 bytes).
|
||||
OFFSET=$(fdisk -l airgap.iso | awk '/^airgap.iso1/ {print ($4 + 1) * 512}')
|
||||
|
||||
# Format the third partition as FAT32 and label it 'USER'
|
||||
|
|
12
Makefile
12
Makefile
|
@ -49,10 +49,17 @@ shell: out/dev-shell.digest
|
|||
|
||||
.PHONY: vm
|
||||
vm: out/dev-shell.digest out/airgap.iso out/sdcard.img
|
||||
docker run -it -v ./out:/out $(shell cat $<) \
|
||||
docker run -it -v ./out:/out $(shell cat $<) sh -c "\
|
||||
swtpm socket \
|
||||
--tpmstate dir=. \
|
||||
--ctrl type=unixio,path=vtpm-sock \
|
||||
--tpm2 & \
|
||||
qemu-system-x86_64 \
|
||||
-m 4G \
|
||||
-machine pc \
|
||||
-chardev socket,id=chrtpm,path=vtpm-sock \
|
||||
-tpmdev emulator,id=tpm0,chardev=chrtpm \
|
||||
-device tpm-tis,tpmdev=tpm0 \
|
||||
-usb \
|
||||
-device sdhci-pci \
|
||||
-device sd-card,drive=external \
|
||||
|
@ -60,7 +67,8 @@ vm: out/dev-shell.digest out/airgap.iso out/sdcard.img
|
|||
-device usb-storage,drive=usbdrive \
|
||||
-drive id=usbdrive,if=none,format=raw,file=out/airgap.iso \
|
||||
-boot order=c \
|
||||
-nographic
|
||||
-nographic; \
|
||||
"
|
||||
|
||||
## Signing, Verification, and Release Targets
|
||||
|
||||
|
|
Loading…
Reference in New Issue