| Hendrik Hofstadt | 0d7c91e | 2019-10-23 21:44:47 +0200 | [diff] [blame] | 1 | genrule( |
| 2 | name = "image", |
| 3 | srcs = [ |
| 4 | "@//core/cmd/mkimage", |
| 5 | "@//core/build/linux_kernel:image", |
| 6 | ], |
| 7 | outs = [ |
| 8 | "smalltown.img", |
| 9 | ], |
| 10 | cmd = """ |
| 11 | $(location @//core/cmd/mkimage) $(location @//core/build/linux_kernel:image) $@ |
| 12 | """, |
| 13 | visibility = ["//visibility:public"], |
| 14 | ) |
| 15 | |
| 16 | genrule( |
| 17 | name = "swtpm_data", |
| 18 | outs = [ |
| 19 | "tpm/tpm2-00.permall", |
| 20 | "tpm/signkey.pem", |
| 21 | "tpm/issuercert.pem", |
| 22 | ], |
| 23 | cmd = """ |
| 24 | mkdir -p tpm/ca |
| 25 | |
| 26 | cat <<EOF > tpm/swtpm.conf |
| 27 | create_certs_tool= /usr/share/swtpm/swtpm-localca |
| 28 | create_certs_tool_config = tpm/swtpm-localca.conf |
| 29 | create_certs_tool_options = /etc/swtpm-localca.options |
| 30 | EOF |
| 31 | |
| 32 | cat <<EOF > tpm/swtpm-localca.conf |
| 33 | statedir = tpm/ca |
| 34 | signingkey = tpm/ca/signkey.pem |
| 35 | issuercert = tpm/ca/issuercert.pem |
| 36 | certserial = tpm/ca/certserial |
| 37 | EOF |
| 38 | |
| 39 | swtpm_setup \ |
| 40 | --tpmstate tpm \ |
| 41 | --create-ek-cert \ |
| 42 | --create-platform-cert \ |
| 43 | --allow-signing \ |
| 44 | --tpm2 \ |
| 45 | --display \ |
| 46 | --pcr-banks sha1,sha256,sha384,sha512 \ |
| 47 | --config tpm/swtpm.conf |
| 48 | |
| 49 | cp tpm/tpm2-00.permall $(location tpm/tpm2-00.permall) |
| 50 | cp tpm/ca/issuercert.pem $(location tpm/issuercert.pem) |
| 51 | cp tpm/ca/signkey.pem $(location tpm/signkey.pem) |
| 52 | """, |
| 53 | visibility = ["//visibility:public"], |
| 54 | ) |