#!/usr/bin/env bash
# Auto-generated by mosaik TDX builder — launch {{CRATE_NAME}} as a TDX guest VM.
#
# Usage: sudo ./launch-tdx.sh
#
# All file paths default to the same directory as this script.
# Override with environment variables if needed.

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

OVMF="${OVMF:-$SCRIPT_DIR/{{CRATE_NAME}}-ovmf.fd}"
if [ ! -f "$OVMF" ]; then
    OVMF="/usr/share/ovmf/OVMF.fd"
fi
KERNEL="${KERNEL:-$SCRIPT_DIR/{{CRATE_NAME}}-vmlinuz}"
INITRD="${INITRD:-$SCRIPT_DIR/{{CRATE_NAME}}-initramfs.cpio.gz}"
MEMORY="${MEMORY:-{{MEMORY}}}"
CPUS="${CPUS:-{{CPUS}}}"
VSOCK_CID="${VSOCK_CID:-auto}"

# Find a free TCP port for SSH forwarding.
find_free_port() {
    python3 -c "import socket; s=socket.socket(); s.bind(('',0)); print(s.getsockname()[1]); s.close()" 2>/dev/null \
    || perl -e 'use IO::Socket::INET; my $s=IO::Socket::INET->new(Listen=>1,LocalAddr=>"127.0.0.1",LocalPort=>0); print $s->sockport(),"\n"; $s->close();' 2>/dev/null \
    || { echo "ERROR: cannot find free port (need python3 or perl)" >&2; exit 1; }
}

# Pick a unique vsock CID (3–0xFFFFFFFF).
pick_vsock_cid() {
    local cid
    cid=$(shuf -i 3-2147483647 -n1 2>/dev/null || awk 'BEGIN{srand(); printf "%d\n", 3+int(rand()*2147483644)}')
    echo "$cid"
}

SSH_PORT="${SSH_PORT:-$(find_free_port)}"
if [ "$VSOCK_CID" = "auto" ]; then
    VSOCK_CID=$(pick_vsock_cid)
fi

for f in "$OVMF" "$KERNEL" "$INITRD"; do
    if [ ! -f "$f" ]; then
        echo "ERROR: File not found: $f" >&2
        echo "       (set the corresponding env var to override)" >&2
        exit 1
    fi
done

TDX_OBJECT='{"qom-type":"tdx-guest","id":"tdx0","sept-ve-disable":true,"quote-generation-socket":{"type":"vsock","cid":"2","port":"4050"}}'
CMDLINE="console=ttyS0 ip=dhcp"

echo "=== Launching TDX Guest ==="
echo "  OVMF:     $OVMF"
echo "  Kernel:   $KERNEL"
echo "  Initrd:   $INITRD"
echo "  Memory:   $MEMORY"
echo "  CPUs:     $CPUS"
echo "  SSH:      localhost:$SSH_PORT"
echo "  CID:     $VSOCK_CID"
echo ""

exec qemu-system-x86_64 \
    -accel kvm \
    -cpu host,pmu=off \
    -smp "$CPUS" \
    -m "$MEMORY" \
    \
    -object "$TDX_OBJECT" \
    -machine q35,kernel-irqchip=split,confidential-guest-support=tdx0 \
    \
    -bios "$OVMF" \
    -kernel "$KERNEL" \
    -initrd "$INITRD" \
    -append "$CMDLINE" \
    \
    -netdev user,id=net0,{{SSH_FWD}} \
    -device virtio-net-pci,netdev=net0 \
    -device vhost-vsock-pci,guest-cid="$VSOCK_CID" \
    \
    -nographic \
    -nodefaults \
    -serial mon:stdio