#!/bin/sh
# Script for provisioning and running the swtpm emulator. This script can only be run by a user with
# sudo privileges.
set -e

# The name of the virtual TPM device. This will determine the name of the device under /dev.
TPM_NAME=vtpm0
# The path to the directory where the TPM's state will be stored.
export TPM_PATH=/tmp/$TPM_NAME
# The name of the user to run swtpm as.
TPM_USER=tss
# The file where swtpm's pid will be stored.
TPM_PID=$TPM_PATH/swtpm.pid

setup() {
    mkdir -p $TPM_PATH
    swtpm_setup --config swtpm_setup.conf --tpm-state dir://$TPM_PATH \
        --tpm2 --ecc --createek --display
}

start() {
    if [ ! -d $TPM_PATH ]; then
        setup
    fi
    if [ -f $TPM_PID ]; then
        echo "swtpm is already running with PID $(cat $TPM_PID)."
        exit 1
    fi
    sudo swtpm cuse --name $TPM_NAME --tpm2 --log file=$TPM_PATH/log.txt,level=5 \
        --flags not-need-init,startup-clear --pid file=$TPM_PID \
        --runas $TPM_USER --tpmstate dir=$TPM_PATH
    sudo chown :$TPM_USER /dev/$TPM_NAME
    sudo chmod 0660 /dev/$TPM_NAME
}

stop() {
    if [ ! -f $TPM_PID ]; then
        echo "swtpm is not running."
        exit 1
    fi
    pid=$(cat $TPM_PID)
    sudo rm $TPM_PID
    sudo kill -SIGTERM $pid
}

usage() {
    echo "${0} <start|stop>"
}

if [ "${1}" = start ]; then
    start
elif [ "${1}" = stop ]; then
    stop
else
    usage
fi