lukehinds/vtpm-setup.sh

## vtpm-setup.sh
#!/bin/bash

# This script has only been tested on Fedora 29 &>

if [[ $EUID -ne 0 ]]; then
   echo -e "Please run as the root user"
   exit 1
fi

read -p "Name for vtpm vm: " vm_name

echo -e "Turn off SELinux for now"
setenforce 0

echo -e "Updating Packages"
dnf update -y

echo -e "Install virtualization package group and deps"
dnf install -y @virtualization
dnf -y install make \
                libguestfs-tools-c \
                libseccomp-devel \
                wget \
                libtasn1-devel \
                expect \
                socat \
                python3-twisted \
                fuse-devel glib2-devel \
                gnutls \
                gnutls-devel \
                gnutls-utils \
                tpm-tools \
                tpm2-tools \
                openssl-devel \
                git \
                libtool \
                autoconf

echo -e "Starting / Enabling Libvirt virtualization package group"
systemctl start libvirtd
systemctl enable libvirt

echo -e "Clone and build libtmpms"
git clone https://github.com/stefanberger/libtpms
cd libtpms/
./bootstrap.sh
./configure --prefix=/usr --with-openssl --with-tpm2
make
make install

echo -e "Clone and build swtpm"
cd ../
git clone https://github.com/stefanberger/swtpm
cd swtpm/
./autogen.sh --with-openssl --prefix=/usr
make -j4
make -j4 check
make install

echo -e "setting up vtpm socket"
swtpm socket --tpmstate dir=/tmp/mytpm1 --ctrl type=unixio,path=/tmp/tpm0/swtpm-sock --log level=20 &

echo -e "Grabbing qcow2 image"

wget -c https://download.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2 -O /var/lib/libvirt/images/fedora30.qcow2

echo -e "Setting machine password"
password=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1)

cd /var/lib/libvirt/images

qemu-img create -f qcow2 -b fedora30.qcow2 ${vm_name}.qcow2
virt-customize -a ${vm_name}.qcow2 --root-password password:${password} --uninstall cloud-init
virt-customize -a ${vm_name}.qcow2 --run-command 'sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config'

echo -e "root password is : ${password}"

echo -e "Installing ${vm_name}"

virt-install --ram 2048 --vcpus 2 --os-variant rhel7.0 \
     --disk path=/var/lib/libvirt/images/${vm_name}.qcow2,format=qcow2,bus=virtio,cache=none,device=disk \
     --import --noautoconsole --vnc --network network:default --name ${vm_name}

sleep 5

echo -e "Injecting tpm2 to libvirt xml"

virt-xml ${vm_name} --add-device --tpm emulator,model=tpm-tis,version=2.0

echo -e "Reboot for changes to take effect"

virsh reboot vtpm ${vm_name}

echo -e "To login to the vm run: virsh console ${vm_name}"

echo -e "Please then complete the following steps:"
echo -e "# dhclient should get an address for the vm"
echo -e "# dnf install tpm2-tools tpm2-tss tpm2-abrmd"
echo -e "Then run the abrmd as root:"
echo -e "# /usr/sbin/tpm2-abrmd --allow-root &"

echo -e "You should now be able to query the tpm with a command such as tpm2_pcrlist"
	#!/bin/bash

	# This script has only been tested on Fedora 29 &>

	if [[ $EUID -ne 0 ]]; then
	echo -e "Please run as the root user"
	exit 1
	fi

	read -p "Name for vtpm vm: " vm_name

	echo -e "Turn off SELinux for now"
	setenforce 0

	echo -e "Updating Packages"
	dnf update -y

	echo -e "Install virtualization package group and deps"
	dnf install -y @virtualization
	dnf -y install make \
	libguestfs-tools-c \
	libseccomp-devel \
	wget \
	libtasn1-devel \
	expect \
	socat \
	python3-twisted \
	fuse-devel glib2-devel \
	gnutls \
	gnutls-devel \
	gnutls-utils \
	tpm-tools \
	tpm2-tools \
	openssl-devel \
	git \
	libtool \
	autoconf

	echo -e "Starting / Enabling Libvirt virtualization package group"
	systemctl start libvirtd
	systemctl enable libvirt

	echo -e "Clone and build libtmpms"
	git clone https://github.com/stefanberger/libtpms
	cd libtpms/
	./bootstrap.sh
	./configure --prefix=/usr --with-openssl --with-tpm2
	make
	make install

	echo -e "Clone and build swtpm"
	cd ../
	git clone https://github.com/stefanberger/swtpm
	cd swtpm/
	./autogen.sh --with-openssl --prefix=/usr
	make -j4
	make -j4 check
	make install

	echo -e "setting up vtpm socket"
	swtpm socket --tpmstate dir=/tmp/mytpm1 --ctrl type=unixio,path=/tmp/tpm0/swtpm-sock --log level=20 &

	echo -e "Grabbing qcow2 image"

	wget -c https://download.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2 -O /var/lib/libvirt/images/fedora30.qcow2

	echo -e "Setting machine password"
	password=$(tr -cd '[:alnum:]' < /dev/urandom \| fold -w30 \| head -n1)

	cd /var/lib/libvirt/images

	qemu-img create -f qcow2 -b fedora30.qcow2 ${vm_name}.qcow2
	virt-customize -a ${vm_name}.qcow2 --root-password password:${password} --uninstall cloud-init
	virt-customize -a ${vm_name}.qcow2 --run-command 'sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config'

	echo -e "root password is : ${password}"

	echo -e "Installing ${vm_name}"

	virt-install --ram 2048 --vcpus 2 --os-variant rhel7.0 \
	--disk path=/var/lib/libvirt/images/${vm_name}.qcow2,format=qcow2,bus=virtio,cache=none,device=disk \
	--import --noautoconsole --vnc --network network:default --name ${vm_name}

	sleep 5

	echo -e "Injecting tpm2 to libvirt xml"

	virt-xml ${vm_name} --add-device --tpm emulator,model=tpm-tis,version=2.0

	echo -e "Reboot for changes to take effect"

	virsh reboot vtpm ${vm_name}

	echo -e "To login to the vm run: virsh console ${vm_name}"

	echo -e "Please then complete the following steps:"
	echo -e "# dhclient should get an address for the vm"
	echo -e "# dnf install tpm2-tools tpm2-tss tpm2-abrmd"
	echo -e "Then run the abrmd as root:"
	echo -e "# /usr/sbin/tpm2-abrmd --allow-root &"

	echo -e "You should now be able to query the tpm with a command such as tpm2_pcrlist"