nixos/tests: adopt newest TPM support in test infra

1 files changed, 24 insertions, 37 deletions

diff --git a/nixos/tests/systemd-cryptenroll.nix b/nixos/tests/systemd-cryptenroll.nix
index 055ae7d1681f2..034aae1d5e955 100644
--- a/nixos/tests/systemd-cryptenroll.nix
+++ b/nixos/tests/systemd-cryptenroll.nix
@@ -8,47 +8,34 @@ import ./make-test-python.nix ({ pkgs, ... }: {
     environment.systemPackages = [ pkgs.cryptsetup ];
     virtualisation = {
       emptyDiskImages = [ 512 ];
-      qemu.options = [
-        "-chardev socket,id=chrtpm,path=/tmp/swtpm-sock"
-        "-tpmdev emulator,id=tpm0,chardev=chrtpm"
-        "-device tpm-tis,tpmdev=tpm0"
-      ];
+      tpm.enable = true;
     };
   };
 
   testScript = ''
-    import subprocess
-    import tempfile
-
-    def start_swtpm(tpmstate):
-        subprocess.Popen(["${pkgs.swtpm}/bin/swtpm", "socket", "--tpmstate", "dir="+tpmstate, "--ctrl", "type=unixio,path=/tmp/swtpm-sock", "--log", "level=0", "--tpm2"])
-
-    with tempfile.TemporaryDirectory() as tpmstate:
-        start_swtpm(tpmstate)
-        machine.start()
-
-        # Verify the TPM device is available and accessible by systemd-cryptenroll
-        machine.succeed("test -e /dev/tpm0")
-        machine.succeed("test -e /dev/tpmrm0")
-        machine.succeed("systemd-cryptenroll --tpm2-device=list")
-
-        # Create LUKS partition
-        machine.succeed("echo -n lukspass | cryptsetup luksFormat -q /dev/vdb -")
-        # Enroll new LUKS key and bind it to Secure Boot state
-        # For more details on PASSWORD variable, check the following issue:
-        # https://github.com/systemd/systemd/issues/20955
-        machine.succeed("PASSWORD=lukspass systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/vdb")
-        # Add LUKS partition to /etc/crypttab to test auto unlock
-        machine.succeed("echo 'luks /dev/vdb - tpm2-device=auto' >> /etc/crypttab")
-        machine.shutdown()
-
-        start_swtpm(tpmstate)
-        machine.start()
-
-        # Test LUKS partition automatic unlock on boot
-        machine.wait_for_unit("systemd-cryptsetup@luks.service")
-        # Wipe TPM2 slot
-        machine.succeed("systemd-cryptenroll --wipe-slot=tpm2 /dev/vdb")
+    machine.start()
+
+    # Verify the TPM device is available and accessible by systemd-cryptenroll
+    machine.succeed("test -e /dev/tpm0")
+    machine.succeed("test -e /dev/tpmrm0")
+    machine.succeed("systemd-cryptenroll --tpm2-device=list")
+
+    # Create LUKS partition
+    machine.succeed("echo -n lukspass | cryptsetup luksFormat -q /dev/vdb -")
+    # Enroll new LUKS key and bind it to Secure Boot state
+    # For more details on PASSWORD variable, check the following issue:
+    # https://github.com/systemd/systemd/issues/20955
+    machine.succeed("PASSWORD=lukspass systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/vdb")
+    # Add LUKS partition to /etc/crypttab to test auto unlock
+    machine.succeed("echo 'luks /dev/vdb - tpm2-device=auto' >> /etc/crypttab")
+
+    machine.shutdown()
+    machine.start()
+
+    # Test LUKS partition automatic unlock on boot
+    machine.wait_for_unit("systemd-cryptsetup@luks.service")
+    # Wipe TPM2 slot
+    machine.succeed("systemd-cryptenroll --wipe-slot=tpm2 /dev/vdb")
   '';
 })