qemu_template.sh: Add support for attaching a software TPM#1827
Merged
Conversation
ader1990
reviewed
Apr 3, 2024
|
Build action triggered: https://github.com/flatcar/scripts/actions/runs/8549074654 |
When testing multiple images one always has to copy them to the expected file name, and when trying to run two VMs this means one needs to either use separate directories or modify the qemu script. One also needs to modify the qemu script to bump the memory for K8s or for LUKS. Support parameters for the VM image name and the VM memory.
While Flatcar itself runs fine with 1 GB, many workloads do not and having to debug this is time consuming when one forgets to bump the VM memory, e.g., in the Qemu script. Default to 2 GB as known-good setting for things like Kubernetes or setting up LUKS devices.
For testing TPM2-backed rootfs encryption it is handy to have a software TPM option for the qemu script. Add a flag for a software TPM with swtpm like kola also does. The user has to specify a folder for the secret state and this won't be removed because the same store should be able to be passed when booting the VM again after shutdown.
The qemu UEFI and regular qemu script only differ by having a default value for the firmware. If one tries to switch between different firmwares one normally would modify the script. Make it easier to switch boot modes and use custom firmwares by supporting a flag to set the pflash contents.
Member
Author
|
Pushed one more change to also allow setting the pflash contents through a flag to switch between firmwares more easily, e.g., BIOS, UEFI, and UEFI with Secure Boot. Edit: And for the PXE boot script two parameters to set the kernel and initrd files to be used. |
ader1990
reviewed
Apr 4, 2024
For the swtpm version in Ubuntu some init command is required first.
With the PXE script it is easy to boot different versions from one folder without any copies because the kernel and PXE initrd are always "fresh". Instead of only supporting hardcoded file names, support parameters for the kernel and initrd file to be used.
ader1990
approved these changes
Apr 4, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
qemu_template.sh: Add support for attaching a software TPM
For testing TPM2-backed rootfs encryption it is handy to have a software
TPM option for the qemu script.
Add a flag for a software TPM with swtpm like kola also does. The user
has to specify a folder for the secret state and this won't be removed
because the same store should be able to be passed when booting the VM
again after shutdown.
vm_image_util.sh: Bump default VM memory to 2 GB
While Flatcar itself runs fine with 1 GB, many workloads do not and
having to debug this is time consuming when one forgets to bump the VM
memory, e.g., in the Qemu script.
Default to 2 GB as known-good setting for things like Kubernetes or
setting up LUKS devices.
qemu_template.sh: Allow parameters for VM image and memory
When testing multiple images one always has to copy them to the
expected file name, and when trying to run two VMs this means one needs
to either use separate directories or modify the qemu script. One also
needs to modify the qemu script to bump the memory for K8s or for LUKS.
Support parameters for the VM image name and the VM memory.
(Note that the kola tests for qemu and vmware all use 2 GB or slightly more. Thus it makes sense to default to this as well in the release artifacts we provide to the users.)
How to use
Testing done
The above and verified that the swtpm process gets cleaned up even when qemu doesn't start, e.g.,
./flatcar_production_qemu.sh -T swtpm-dir -- -unknown-argDownloaded rendered template and checked that memory and image location settings work.
changelog/directory (user-facing change, bug fix, security fix, update)/bootand/usrsize, packages, list files for any missing binaries, kernel modules, config files, kernel modules, etc.