qemu: Deduplicate Qemu targets/documentation, extract from boards

The 8 qemu-* targets all contained nearly-identical copies of the
targets to prepare the TPM/disk/etc. and then run Qemu.  The only
significant differences were for TPM1/TPM2 (extra swtpm_setup step,
addition of --tpm2 to swtpm_setup and swtpm).  ROOT_DISK_IMG used := or
= differently in some boards, := was kept.

targets/qemu.mk now defines all Qemu targets and is included only for
qemu-* boards (by defining BOARD_TARGETS in each of those boards).

The documentation was moved from qemu-coreboot-fbwhiptail-tpm1-hotp/
qemu-coreboot-fbwhiptail-tpm1-htop.md to targets/qemu.md.  The other 7
qemu boards' symlinks to that file were removed.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>

Author: JonathonHall-Purism

Makefile

@@ -74,6 +74,10 @@ else
 $(error "Unexpected value of $$(CONFIG_TARGET_ARCH): $(CONFIG_TARGET_ARCH)")
 endif
 
+ifneq "$(BOARD_TARGETS)" ""
+include targets/$(BOARD_TARGETS).mk
+endif
+
 # Create directories if they don't already exist
 BUILD_LOG	:= $(shell mkdir -p "$(log_dir)")
 PACKAGES	:= $(shell mkdir -p "$(packages)")

README.md

@@ -81,7 +81,7 @@ QEMU:
 
 OS booting can be tested in QEMU using a software TPM.  HOTP can be tested by forwarding a USB token from the host to the guest.
 
-For more information and setup instructions, refer to the [qemu-coreboot-fbwhiptail-tpm1-hotp documentation](boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md).
+For more information and setup instructions, refer to the [qemu documentation](targets/qemu.md).
 
 coreboot console messages
 ---

boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config

@@ -70,93 +70,4 @@ export CONFIG_TPM=y
 export CONFIG_BOOT_DEV="/dev/vda1"
 export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1-hotp"
 
-# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG
-# keyring in QEMU.  Otherwise use the plain ROM, some things can still be tested
-# that way without a GPG key.
-ifneq "$(PUBKEY_ASC)" ""
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ)
-else
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
-endif
-
-#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh
-TPMDIR=$(build)/$(BOARD)/vtpm
-$(TPMDIR)/.manufacture:
-	mkdir -p "$(TPMDIR)"
-	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram
-	touch "$(TPMDIR)/.manufacture"
-ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2
-# Default to 20G disk
-QEMU_DISK_SIZE?=20G
-$(ROOT_DISK_IMG):
-	qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE)
-# Remember the amount of memory so it doesn't have to be specified every time.
-# Default to 4G, most bootable OSes are not usable with less.
-QEMU_MEMORY_SIZE?=4G
-MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory
-$(MEMORY_SIZE_FILE):
-	@echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)"
-USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw
-$(USB_FD_IMG):
-	dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256
-	# Debian obnoxiously does not include /usr/sbin in PATH for non-root, even
-	# though it is meaningful to use mkfs.vfat (etc.) as non-root
-	MKFS_VFAT=mkfs.vfat; \
-	[ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \
-	"$$MKFS_VFAT" "$(USB_FD_IMG)"
-# Pass INSTALL_IMG=<path_to_img.iso> to attach an installer as a USB flash drive instead
-# of the temporary flash drive for exporting GPG keys.
-ifneq "$(INSTALL_IMG)" ""
-QEMU_USB_FD_IMG := $(INSTALL_IMG)
-else
-QEMU_USB_FD_IMG := $(USB_FD_IMG)
-endif
-# To forward a USB token, set USB_TOKEN to one of the following:
-# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID
-# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID
-# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID
-# - LibremKey - forwards a Librem Key by VID:PID
-# - <other> - Provide the QEMU usb-host parameters, such as
-#   'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>'
-ifeq "$(USB_TOKEN)" "NitrokeyPro"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648
-else ifeq "$(USB_TOKEN)" "NitrokeyStorage"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649
-else ifeq "$(USB_TOKEN)" "Nitrokey3NFC"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074
-else ifeq "$(USB_TOKEN)" "LibremKey"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531
-else ifneq "$(USB_TOKEN)" ""
-QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)"
-endif
-
-run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG)
-	swtpm socket \
-		--tpmstate dir="$(TPMDIR)" \
-		--flags "startup-clear" \
-		--terminate \
-		--ctrl type=unixio,path="$(TPMDIR)/sock" &
-	sleep 0.5
-
-	-qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \
-		--machine q35,accel=kvm:tcg \
-		-rtc base=utc \
-		-smp "$$(nproc)" \
-		-vga std \
-		-m "$$(cat "$(MEMORY_SIZE_FILE)")" \
-		-serial stdio \
-		--bios "$(QEMU_BOOT_ROM)" \
-		-object rng-random,filename=/dev/urandom,id=rng0 \
-		-device virtio-rng-pci,rng=rng0 \
-		-netdev user,id=u1 -device e1000,netdev=u1 \
-		-chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \
-		-tpmdev emulator,id=tpm0,chardev=chrtpm \
-		-device tpm-tis,tpmdev=tpm0 \
-		-device qemu-xhci,id=usb \
-		-device usb-tablet \
-		-drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \
-		-device usb-storage,bus=usb.0,drive=usb-fd-drive \
-		$(QEMU_USB_TOKEN_DEV) \
-
-	stty sane
-	@echo
+BOARD_TARGETS := qemu

boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config

@@ -71,93 +71,4 @@ export CONFIG_TPM=y
 export CONFIG_BOOT_DEV="/dev/vda1"
 export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1"
 
-# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG
-# keyring in QEMU.  Otherwise use the plain ROM, some things can still be tested
-# that way without a GPG key.
-ifneq "$(PUBKEY_ASC)" ""
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ)
-else
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
-endif
-
-#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh
-TPMDIR=$(build)/$(BOARD)/vtpm
-$(TPMDIR)/.manufacture:
-	mkdir -p "$(TPMDIR)"
-	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram
-	touch "$(TPMDIR)/.manufacture"
-ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2
-# Default to 20G disk
-QEMU_DISK_SIZE?=20G
-$(ROOT_DISK_IMG):
-	qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE)
-# Remember the amount of memory so it doesn't have to be specified every time.
-# Default to 4G, most bootable OSes are not usable with less.
-QEMU_MEMORY_SIZE?=4G
-MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory
-$(MEMORY_SIZE_FILE):
-	@echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)"
-USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw
-$(USB_FD_IMG):
-	dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256
-	# Debian obnoxiously does not include /usr/sbin in PATH for non-root, even
-	# though it is meaningful to use mkfs.vfat (etc.) as non-root
-	MKFS_VFAT=mkfs.vfat; \
-	[ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \
-	"$$MKFS_VFAT" "$(USB_FD_IMG)"
-# Pass INSTALL_IMG=<path_to_img.iso> to attach an installer as a USB flash drive instead
-# of the temporary flash drive for exporting GPG keys.
-ifneq "$(INSTALL_IMG)" ""
-QEMU_USB_FD_IMG := $(INSTALL_IMG)
-else
-QEMU_USB_FD_IMG := $(USB_FD_IMG)
-endif
-# To forward a USB token, set USB_TOKEN to one of the following:
-# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID
-# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID
-# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID
-# - LibremKey - forwards a Librem Key by VID:PID
-# - <other> - Provide the QEMU usb-host parameters, such as
-#   'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>'
-ifeq "$(USB_TOKEN)" "NitrokeyPro"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648
-else ifeq "$(USB_TOKEN)" "NitrokeyStorage"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649
-else ifeq "$(USB_TOKEN)" "Nitrokey3NFC"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074
-else ifeq "$(USB_TOKEN)" "LibremKey"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531
-else ifneq "$(USB_TOKEN)" ""
-QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)"
-endif
-
-run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG)
-	swtpm socket \
-		--tpmstate dir="$(TPMDIR)" \
-		--flags "startup-clear" \
-		--terminate \
-		--ctrl type=unixio,path="$(TPMDIR)/sock" &
-	sleep 0.5
-
-	-qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \
-		--machine q35,accel=kvm:tcg \
-		-rtc base=utc \
-		-smp "$$(nproc)" \
-		-vga std \
-		-m "$$(cat "$(MEMORY_SIZE_FILE)")" \
-		-serial stdio \
-		--bios "$(QEMU_BOOT_ROM)" \
-		-object rng-random,filename=/dev/urandom,id=rng0 \
-		-device virtio-rng-pci,rng=rng0 \
-		-netdev user,id=u1 -device e1000,netdev=u1 \
-		-chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \
-		-tpmdev emulator,id=tpm0,chardev=chrtpm \
-		-device tpm-tis,tpmdev=tpm0 \
-		-device qemu-xhci,id=usb \
-		-device usb-tablet \
-		-drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \
-		-device usb-storage,bus=usb.0,drive=usb-fd-drive \
-		$(QEMU_USB_TOKEN_DEV) \
-
-	stty sane
-	@echo
+BOARD_TARGETS := qemu

boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.md

@@ -75,95 +75,4 @@ CONFIG_OPENSSL=y
 export CONFIG_BOOT_DEV="/dev/vda1"
 export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2-hotp"
 
-# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG
-# keyring in QEMU.  Otherwise use the plain ROM, some things can still be tested
-# that way without a GPG key.
-ifneq "$(PUBKEY_ASC)" ""
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ)
-else
-QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
-endif
-
-#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh
-TPMDIR=$(build)/$(BOARD)/vtpm
-$(TPMDIR)/.manufacture:
-	mkdir -p "$(TPMDIR)"
-	swtpm_setup --create-config-files skip-if-exist
-	swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2
-	touch "$(TPMDIR)/.manufacture"
-ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2
-# Default to 20G disk
-QEMU_DISK_SIZE?=20G
-$(ROOT_DISK_IMG):
-	qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE)
-# Remember the amount of memory so it doesn't have to be specified every time.
-# Default to 4G, most bootable OSes are not usable with less.
-QEMU_MEMORY_SIZE?=4G
-MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory
-$(MEMORY_SIZE_FILE):
-	@echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)"
-USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw
-$(USB_FD_IMG):
-	dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256
-	# Debian obnoxiously does not include /usr/sbin in PATH for non-root, even
-	# though it is meaningful to use mkfs.vfat (etc.) as non-root
-	MKFS_VFAT=mkfs.vfat; \
-	[ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \
-	"$$MKFS_VFAT" "$(USB_FD_IMG)"
-# Pass INSTALL_IMG=<path_to_img.iso> to attach an installer as a USB flash drive instead
-# of the temporary flash drive for exporting GPG keys.
-ifneq "$(INSTALL_IMG)" ""
-QEMU_USB_FD_IMG := $(INSTALL_IMG)
-else
-QEMU_USB_FD_IMG := $(USB_FD_IMG)
-endif
-# To forward a USB token, set USB_TOKEN to one of the following:
-# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID
-# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID
-# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID
-# - LibremKey - forwards a Librem Key by VID:PID
-# - <other> - Provide the QEMU usb-host parameters, such as
-#   'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>'
-ifeq "$(USB_TOKEN)" "NitrokeyPro"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648
-else ifeq "$(USB_TOKEN)" "NitrokeyStorage"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649
-else ifeq "$(USB_TOKEN)" "Nitrokey3NFC"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074
-else ifeq "$(USB_TOKEN)" "LibremKey"
-QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531
-else ifneq "$(USB_TOKEN)" ""
-QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)"
-endif
-
-run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG)
-	swtpm socket \
-		--tpm2 \
-		--tpmstate dir="$(TPMDIR)" \
-		--flags "startup-clear" \
-		--terminate \
-		--ctrl type=unixio,path="$(TPMDIR)/sock" &
-	sleep 0.5
-
-	-qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \
-		--machine q35,accel=kvm:tcg \
-		-rtc base=utc \
-		-smp "$$(nproc)" \
-		-vga std \
-		-m "$$(cat "$(MEMORY_SIZE_FILE)")" \
-		-serial stdio \
-		--bios "$(QEMU_BOOT_ROM)" \
-		-object rng-random,filename=/dev/urandom,id=rng0 \
-		-device virtio-rng-pci,rng=rng0 \
-		-netdev user,id=u1 -device e1000,netdev=u1 \
-		-chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \
-		-tpmdev emulator,id=tpm0,chardev=chrtpm \
-		-device tpm-tis,tpmdev=tpm0 \
-		-device qemu-xhci,id=usb \
-		-device usb-tablet \
-		-drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \
-		-device usb-storage,bus=usb.0,drive=usb-fd-drive \
-		$(QEMU_USB_TOKEN_DEV) \
-
-	stty sane
-	@echo
+BOARD_TARGETS := qemu