From c08b45704c442704850fd5233cf742d6996a0b2d Mon Sep 17 00:00:00 2001
From: Kyle Isom <kyle@imap.cc>
Date: Fri, 14 Apr 2023 11:17:36 -0700
Subject: [PATCH] add TPM tooling for tpm-enabled machines

---
 roles/development/tasks/main.yml |  1 +
 roles/tpm/tasks/main.yml         | 15 +++++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 roles/tpm/tasks/main.yml

diff --git a/roles/development/tasks/main.yml b/roles/development/tasks/main.yml
index dbd0d02..62c5086 100644
--- a/roles/development/tasks/main.yml
+++ b/roles/development/tasks/main.yml
@@ -120,6 +120,7 @@
     - syslinux
     - syslinux-efi
     - syslinux-utils
+    - vboot-utils
     - whois
 
 - name: install container and virtualisation management
diff --git a/roles/tpm/tasks/main.yml b/roles/tpm/tasks/main.yml
new file mode 100644
index 0000000..7e988df
--- /dev/null
+++ b/roles/tpm/tasks/main.yml
@@ -0,0 +1,15 @@
+- name: check whether the TPM is available
+  ansible.builtin.stat:
+    path: /dev/tpm0
+  register: tpm_available
+
+- name: install TPM tooling
+  when: tpm_available
+  become: true
+  ansible.builtin.apt: name={{ item }} state=exists
+  with_items:
+    - clevis-tpm2
+    - tpm2-initramfs-tool
+    - tpm2-openssl
+    - tpm2-tools
+    - tss2