Unverified Commit b6f506e5 authored by Kroese's avatar Kroese Committed by GitHub
Browse files

fix: Allow TPM without Secure Boot (#468)

parent 95234fd8
Loading
Loading
Loading
Loading
+29 −29
Original line number Diff line number Diff line
@@ -2,7 +2,7 @@
set -Eeuo pipefail

# Docker environment variables
: "${TPM:="Y"}"         # Enable TPM
: "${TPM:="N"}"         # Disable TPM
: "${BOOT_MODE:="legacy"}"  # Boot mode

SECURE=""
@@ -17,7 +17,12 @@ case "${BOOT_MODE,,}" in
    ROM="OVMF_CODE_4M.secboot.fd"
    VARS="OVMF_VARS_4M.secboot.fd"
    ;;
  windows | windows_plain | windows_secure)
  windows | windows_plain)
    ROM="OVMF_CODE_4M.ms.fd"
    VARS="OVMF_VARS_4M.ms.fd"
    ;;
  windows_secure)
    TPM="Y"
    ROM="OVMF_CODE_4M.ms.fd"
    VARS="OVMF_VARS_4M.ms.fd"
    ;;
@@ -51,14 +56,13 @@ if [[ "${BOOT_MODE,,}" != "legacy" ]] && [[ "${BOOT_MODE,,}" != "windows_legacy"
  if [[ "${BOOT_MODE,,}" == "secure" ]] || [[ "${BOOT_MODE,,}" == "windows_secure" ]]; then
    SECURE=",smm=on"
    BOOT_OPTS="$BOOT_OPTS -global driver=cfi.pflash01,property=secure,value=on"
    [[ "${BOOT_MODE,,}" == "windows_secure" ]] && BOOT_OPTS="$BOOT_OPTS -global ICH9-LPC.disable_s3=1"
  fi

  BOOT_OPTS="$BOOT_OPTS -drive file=$DEST.rom,if=pflash,unit=0,format=raw,readonly=on"
  BOOT_OPTS="$BOOT_OPTS -drive file=$DEST.vars,if=pflash,unit=1,format=raw"

  if [[ "${BOOT_MODE,,}" == "windows_secure" ]]; then

    BOOT_OPTS="$BOOT_OPTS -global ICH9-LPC.disable_s3=1"
fi

if [[ "$TPM" == [Yy1]* ]]; then

@@ -84,7 +88,6 @@ if [[ "${BOOT_MODE,,}" != "legacy" ]] && [[ "${BOOT_MODE,,}" != "windows_legacy"
  done

  if [ ! -S "/run/swtpm-sock" ]; then
        TPM="N"
    error "TPM socket not found? Disabling TPM support..."
  else
    BOOT_OPTS="$BOOT_OPTS -chardev socket,id=chrtpm,path=/run/swtpm-sock"
@@ -92,8 +95,5 @@ if [[ "${BOOT_MODE,,}" != "legacy" ]] && [[ "${BOOT_MODE,,}" != "windows_legacy"
  fi

fi
  fi

fi

return 0