diff --git a/default.conf.tmpl b/default.conf.tmpl
index 298a5d8..cb92a99 100644
--- a/default.conf.tmpl
+++ b/default.conf.tmpl
@@ -1,4 +1,4 @@
 -netdev tap,id=net0,br=$BR_NAME,ifname=$TAP_NAME,script=no,downscript=no
--device rtl8139,netdev=net0
+-device e1000,netdev=net0
 -audiodev pa,id=snd0,server=unix:/run/user/$MYUID/pulse/native
 -device intel-hda -device hda-duplex,audiodev=snd0
diff --git a/hardware.conf.tmpl b/hardware.conf.tmpl
index 783aaae..a3cea2e 100644
--- a/hardware.conf.tmpl
+++ b/hardware.conf.tmpl
@@ -5,6 +5,9 @@
 -device usb-host,hostbus=1,hostport=11.4
 -device vfio-pci,host=$GPU_ID,multifunction=on,id=gpu,romfile=$GPU_ROM
 -device vfio-pci,host=$AUDIO_ID,id=audio
+-chardev socket,id=chrtpm,path=$TPM_PATH/swtpm-sock
+-tpmdev emulator,id=tpm0,chardev=chrtpm
+-device tpm-tis,tpmdev=tpm0
 -object input-linux,id=kbd11,evdev=/dev/input/by-id/usb-Wooting_WootingTwo_WOOT_001_A01B1852W021H00067-event-if04
 -object input-linux,id=kbd12,evdev=/dev/input/by-id/usb-Wooting_WootingTwo_WOOT_001_A01B1852W021H00067-if03-event-kbd,grab_all=on,repeat=on
 -object input-linux,id=mouse11,evdev=/dev/input/by-id/usb-Mad_Catz_Global_MADCATZ_R.A.T._8+_gaming_mouse-event-if01
diff --git a/hardware.sh b/hardware.sh
index 73ef72f..1874851 100755
--- a/hardware.sh
+++ b/hardware.sh
@@ -4,3 +4,7 @@ export GPU_ROM=/opt/vm/1080ti_asus.rom
 export GPU_ID='0000:65:00.0'
 export AUDIO_ID='0000:65:00.1'
 
+export TPM_PATH="/opt/vm/tpm/"
+mkdir -p "$TPM_PATH$(mktemp --directory)"
+swtpm socket --tpm2 --tpmstate dir="$TPM_PATH" --ctrl type=unixio,path="$TPM_PATH/swtpm-sock" &
+disown -h "$!"
diff --git a/net b/net
index 3805a0e..d143abf 100755
--- a/net
+++ b/net
@@ -7,7 +7,7 @@ BASE_BRIDGE_NAME=br-q
 BASE_TAP_NAME=tap-q
 
 randstr() {
-    dd if=/dev/urandom count=1 bs=4 2>/dev/null | xxd -p -g 0
+    dd if=/dev/urandom count=1 bs=3 2>/dev/null | xxd -p -g 0
 }
 
 default_route() {
@@ -114,6 +114,31 @@ nft_rev() {
     nft "$@"
 }
 
+
+get_bridge_name() {
+    for i in {1..255}; do
+        br_name="br$i"
+	link_names="$(ip link list | awk -F:\  '/^[0-9]+: br.*/ {print $2}')"
+	if [[ -z "$link_names" ]] || echo "$link_names" | grep -vq "$br_name"; then
+            echo "$br_name"
+	    return 0
+	fi
+    done
+    return 1
+}
+
+get_tap_name() {
+    for i in {1..255}; do
+        tap_name="tap$i"
+	link_names="$(ip link list | awk -F:\  '/^[0-9]+: tap.*/ {print $2}')"
+	if [[ -z "$link_names" ]] || echo "$link_names" | grep -vq "$tap_name"; then
+            echo "$tap_name"
+	    return 0
+	fi
+    done
+    return 1
+}
+
 create() {
     local next_subnet
 
@@ -124,46 +149,53 @@ create() {
     local dnsmasq_pid
 
     next_subnet="$(find_next_subnet)"
-    dhcp_subnet="$next_subnet.0.1/16"
-    dhcp_range="$next_subnet.0.2,$next_subnet.255.254"
+    dhcp_subnet="$next_subnet.0.1/24"
+    dhcp_range="$next_subnet.0.100,$next_subnet.0.200"
 
-    bridge_name="$BASE_BRIDGE_NAME-$(randstr)"
-    tap_name="$BASE_TAP_NAME-$(randstr)"
+    bridge_name="$(get_bridge_name)"
+    tap_name="$(get_tap_name)"
+    echo "$bridge_name"
+    echo "$tap_name"
 
     echo > "$NET_CONF_FILE"
 
-    ip link add name "$bridge_name" type bridge
-    echo "bridge_name='$bridge_name'" >> "$NET_CONF_FILE"
-    ip addr add "$dhcp_subnet" dev "$bridge_name"
-    ip link set dev "$bridge_name" up
-    ip tuntap add "$tap_name" mode tap
-    echo "tap_name='$tap_name'" >> "$NET_CONF_FILE"
-    ip link set "$tap_name" up
-    ip link set dev "$tap_name" master "$bridge_name"
-    dnsmasq -k --interface="$bridge_name" --bind-interface \
-        --dhcp-range="$dhcp_range" &
+    set -x
+    modprobe tun tap
+    ip link add "$bridge_name" type bridge && sleep .1
+    ip tuntap add dev "$tap_name" mode tap && sleep .1
+    ip link set dev "$tap_name" master "$bridge_name" && sleep .1
+    ip link set dev "$bridge_name" up && sleep .1
+    ip link set dev "$tap_name" up && sleep .1
+    ip addr add "$dhcp_subnet" dev "$bridge_name" && sleep .1
+    ip link set dev "$bridge_name" up && sleep .1
+    ip link set dev "$tap_name" up && sleep .1
+    set +x
+    ip addr
+    dnsmasq -d --interface="$bridge_name" --bind-interface --dhcp-range="$dhcp_range" &
     dnsmasq_pid="$!"
+    echo "bridge_name='$bridge_name'" >> "$NET_CONF_FILE"
+    echo "tap_name='$tap_name'" >> "$NET_CONF_FILE"
     echo "dnsmasq_pid='$dnsmasq_pid'" >> "$NET_CONF_FILE"
     disown -h "$dnsmasq_pid"
 
     echo "nft_ruleset='$(nft -s list ruleset)'" >> "$NET_CONF_FILE"
 
     # dhcp
-    nft_rev add rule ip filter INPUT udp dport 67 accept
-    nft_rev add rule ip filter INPUT tcp dport 67 accept
+    nft_rev add rule ip filter input udp dport 67 accept
+    nft_rev add rule ip filter input tcp dport 67 accept
     # dns
-    nft_rev add rule ip filter INPUT udp dport 53 accept
-    nft_rev add rule ip filter INPUT tcp dport 53 accept
+    nft_rev add rule ip filter input udp dport 53 accept
+    nft_rev add rule ip filter input tcp dport 53 accept
     # scream
-    nft_rev add rule ip filter INPUT udp dport 4010 accept
-    nft_rev add rule ip filter INPUT tcp dport 4010 accept
+    nft_rev add rule ip filter input udp dport 4010 accept
+    nft_rev add rule ip filter input tcp dport 4010 accept
 
     # forward bridge
-    nft_rev add rule ip filter FORWARD iifname "$bridge_name" \
+    nft_rev add rule ip filter forward iifname "$bridge_name" \
         counter packets 0 bytes 0 accept
-    nft_rev add rule ip filter FORWARD oifname "$bridge_name" \
+    nft_rev add rule ip filter forward oifname "$bridge_name" \
         counter packets 0 bytes 0 accept
-    nft_rev add rule ip nat POSTROUTING oifname "$(default_route)" \
+    nft_rev add rule ip nat postrouting oifname "$(default_route)" \
         counter masquerade
 }
 
diff --git a/start b/start
index 0f6bd13..0cc2431 100755
--- a/start
+++ b/start
@@ -61,7 +61,7 @@ IFS="$old_IFS"
 # efi variables
 EFI_VARS="$(mktemp)"
 cp /usr/share/ovmf/x64/OVMF_VARS.fd "$EFI_VARS"
-EFI_FIRMWARE=/usr/share/ovmf/x64/OVMF_CODE.fd
+EFI_FIRMWARE=/usr/share/ovmf/x64/OVMF_CODE.secboot.fd
 
 source config.conf
 
@@ -132,6 +132,7 @@ read -ra specific_arguments -d '' < "$o_specific_path" || true
 
 # preven host from using vm cpus
 
+set -x
 $SUDO qemu-system-x86_64 \
     -name "$VMNAME,process=VMNAME,debug-threads=on" \
     -daemonize -pidfile "$PIDFILE" \
@@ -142,6 +143,7 @@ $SUDO qemu-system-x86_64 \
     "${default_arguments[@]}" \
     "${hardware_arguments[@]}" \
     "${specific_arguments[@]}" || true
+set +x
 $SUDO cat "$PIDFILE"
 $SUDO qemu-affinity \
     -k $(./cpus decompress_seq "$(./cpus compute_vm $NUM_PROCESSORS)") \