xtask: Add support for running QEMU with an emulated TPM device

QEMU doesn't support attaching multiple TPM devices at the same time, so
instead add a `--tpm` arg that accepts either `v1` or `v2`. This allows
QEMU to be run with either an emulated TPM 1.2 device or an emulated TPM
2.0 device.

Author: nicholasbishop

xtask/src/main.rs

@@ -7,6 +7,7 @@ mod opt;
 mod pipe;
 mod platform;
 mod qemu;
+mod tpm;
 mod util;
 
 use crate::opt::TestOpt;

xtask/src/opt.rs

@@ -1,8 +1,14 @@
 use crate::arch::UefiArch;
-use clap::{Parser, Subcommand};
+use clap::{Parser, Subcommand, ValueEnum};
 use std::ops::Deref;
 use std::path::PathBuf;
 
+#[derive(Clone, Copy, Debug, PartialEq, ValueEnum)]
+pub enum TpmVersion {
+    V1,
+    V2,
+}
+
 // Define some common options so that the doc strings don't have to be
 // copy-pasted.
 
@@ -135,6 +141,10 @@ pub struct QemuOpt {
     #[clap(long, action)]
     pub headless: bool,
 
+    /// Attach a software TPM to QEMU.
+    #[clap(long, action)]
+    pub tpm: Option<TpmVersion>,
+
     /// Path of an OVMF code file.
     #[clap(long, action)]
     pub ovmf_code: Option<PathBuf>,

xtask/src/qemu.rs

@@ -2,6 +2,7 @@ use crate::arch::UefiArch;
 use crate::disk::{check_mbr_test_disk, create_mbr_test_disk};
 use crate::opt::QemuOpt;
 use crate::pipe::Pipe;
+use crate::tpm::Swtpm;
 use crate::util::command_to_string;
 use crate::{net, platform};
 use anyhow::{bail, Context, Result};
@@ -539,6 +540,15 @@ pub fn run_qemu(arch: UefiArch, opt: &QemuOpt) -> Result<()> {
         None
     };
 
+    // Set up a software TPM if requested.
+    let _tpm = if let Some(tpm_version) = opt.tpm {
+        let tpm = Swtpm::spawn(tpm_version)?;
+        cmd.args(tpm.qemu_args());
+        Some(tpm)
+    } else {
+        None
+    };
+
     println!("{}", command_to_string(&cmd));
 
     cmd.stdin(Stdio::piped());

xtask/src/tpm.rs

@@ -0,0 +1,69 @@
+use crate::opt::TpmVersion;
+use crate::util::command_to_string;
+use anyhow::Result;
+use std::process::{Child, Command};
+use tempfile::TempDir;
+
+// Adapted from https://qemu.readthedocs.io/en/latest/specs/tpm.html
+
+/// Wrapper for running `swtpm`, a software TPM emulator.
+///
+/// <https://github.com/stefanberger/swtpm>
+///
+/// The process is killed on drop.
+pub struct Swtpm {
+    tmp_dir: TempDir,
+    child: Child,
+}
+
+impl Swtpm {
+    /// Run `swtpm` in a new process.
+    pub fn spawn(version: TpmVersion) -> Result<Self> {
+        let tmp_dir = TempDir::new()?;
+        let tmp_path = tmp_dir.path().to_str().unwrap();
+
+        let mut cmd = Command::new("swtpm");
+        cmd.args(&[
+            "socket",
+            "--tpmstate",
+            &format!("dir={tmp_path}"),
+            "--ctrl",
+            &format!("type=unixio,path={tmp_path}/swtpm-sock"),
+            // Terminate when the connection drops. If for any reason
+            // this fails, the process will be killed on drop.
+            "--terminate",
+            // Hide some log spam.
+            "--log",
+            "file=-",
+        ]);
+
+        if version == TpmVersion::V2 {
+            cmd.arg("--tpm2");
+        }
+
+        println!("{}", command_to_string(&cmd));
+        let child = cmd.spawn()?;
+
+        Ok(Self { tmp_dir, child })
+    }
+
+    /// Get the QEMU args needed to connect to the TPM emulator.
+    pub fn qemu_args(&self) -> Vec<String> {
+        let socket_path = self.tmp_dir.path().join("swtpm-sock");
+        vec![
+            "-chardev".into(),
+            format!("socket,id=chrtpm0,path={}", socket_path.to_str().unwrap()),
+            "-tpmdev".into(),
+            "emulator,id=tpm0,chardev=chrtpm0".into(),
+            "-device".into(),
+            "tpm-tis,tpmdev=tpm0".into(),
+        ]
+    }
+}
+
+impl Drop for Swtpm {
+    fn drop(&mut self) {
+        let _ = self.child.kill();
+        let _ = self.child.wait();
+    }
+}