Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixing release CI failures and adding frozen 1.1 ROM #1809

Merged
merged 3 commits into from
Nov 25, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 12 additions & 6 deletions .github/workflows/fpga.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@ on:
hw-version:
default: "latest"
type: string
rom-version:
default: "latest"
type: string
workflow_call:
description: 'Set true for workflow_call'
default: true
Expand Down Expand Up @@ -161,6 +164,9 @@ jobs:
run: |
export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER="aarch64-linux-gnu-gcc"
export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUSTFLAGS="-C link-arg=--sysroot=$FARGO_SYSROOT"
if [ "${{ inputs.rom-version }}" != "latest" ]; then
export CPTRA_CI_ROM_VERSION="${{ inputs.rom-version }}"
fi

if [ "${{ inputs.workflow_call }}" ]; then
FEATURES=fpga_realtime,${{ inputs.extra-features }}
Expand Down Expand Up @@ -420,11 +426,6 @@ jobs:
TEST_BIN=/tmp/caliptra-test-binaries
VARS="CPTRA_UIO_NUM=4 CALIPTRA_PREBUILT_FW_DIR=/tmp/caliptra-test-firmware CALIPTRA_IMAGE_NO_GIT_REVISION=1"

if [[ "${{ inputs.workflow_call }}" && "${{ inputs.hw-version }}" != "latest" ]]; then
nquarton marked this conversation as resolved.
Show resolved Hide resolved
VARS+=" FIPS_TEST_HW_EXP_VERSION=1_0_0"
VARS+=" FIPS_TEST_ROM_EXP_VERSION=1_0_1"
fi

if [ "${{ inputs.rom-logging }}" == "true" ] || [ -z "${{ inputs.rom-logging }}" ]; then
VARS+=" CPTRA_ROM_TYPE=ROM_WITH_UART"
elif [ "${{ inputs.rom-logging }}" == false ]; then
Expand All @@ -433,7 +434,12 @@ jobs:
echo "Unexpected inputs.rom-logging: ${{ inputs.rom-logging }}"
exit 1
fi
echo CPTRA_ROM_TYPE=${CPTRA_ROM_TYPE}

if [[ "${{ inputs.workflow_call }}" && "${{ inputs.rom-version }}" != "latest" ]]; then
VARS+=" CPTRA_CI_ROM_VERSION="${{ inputs.rom-version }}""
fi

echo VARS=${VARS}

COMMON_ARGS=(
--cargo-metadata="${TEST_BIN}/target/nextest/cargo-metadata.json"
Expand Down
11 changes: 6 additions & 5 deletions .github/workflows/fw-test-emu.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@ on:
rom-logging:
default: true
type: boolean
rom-version:
default: "latest"
type: string

jobs:
build_and_test:
Expand Down Expand Up @@ -57,6 +60,9 @@ jobs:
- name: Run tests
run: |
export CALIPTRA_PREBUILT_FW_DIR=/tmp/caliptra-test-firmware
if [ "${{ inputs.rom-version }}" != "latest" ]; then
export CPTRA_CI_ROM_VERSION="${{ inputs.rom-version }}"
fi

if [ "${{ inputs.rom-logging }}" == "true" ] || [ -z "${{ inputs.rom-logging }}" ]; then
export CPTRA_ROM_TYPE=ROM_WITH_UART
Expand All @@ -67,11 +73,6 @@ jobs:
exit 1
fi

if [[ ${{ inputs.extra-features }} == *"hw-1.0"* ]]; then
export FIPS_TEST_HW_EXP_VERSION=1_0_0
export FIPS_TEST_ROM_EXP_VERSION=1_0_1
fi

# Workaround https://github.com/nextest-rs/nextest/issues/267
export LD_LIBRARY_PATH=$(rustc --print sysroot)/lib

Expand Down
107 changes: 105 additions & 2 deletions .github/workflows/nightly-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ jobs:
- uses: actions/checkout@v3
with:
submodules: 'true'
ref: 'main'
fetch-depth: 0

- name: Find latest release
Expand Down Expand Up @@ -66,6 +65,7 @@ jobs:
artifact-suffix: -fpga-realtime-hw-1.0-etrng-log
extra-features: slow_tests
hw-version: "1.0"
rom-version: "1.0"
rom-logging: true
fpga-itrng: false

Expand All @@ -78,6 +78,7 @@ jobs:
artifact-suffix: -fpga-realtime-hw-1.0-etrng-nolog
extra-features: slow_tests
hw-version: "1.0"
rom-version: "1.0"
rom-logging: false
fpga-itrng: false

Expand All @@ -90,6 +91,7 @@ jobs:
artifact-suffix: -fpga-realtime-hw-1.0-itrng-log
extra-features: slow_tests,itrng
hw-version: "1.0"
rom-version: "1.0"
rom-logging: true
fpga-itrng: true

Expand All @@ -102,6 +104,59 @@ jobs:
artifact-suffix: -fpga-realtime-hw-1.0-itrng-nolog
extra-features: slow_tests,itrng
hw-version: "1.0"
rom-version: "1.0"
rom-logging: false
fpga-itrng: true

fpga-1_1-full-suite-etrng-log:
name: FPGA Suite (1.1, etrng, log)
needs: find-latest-release
if: needs.find-latest-release.outputs.create_release
uses: ./.github/workflows/fpga.yml
with:
artifact-suffix: -fpga-realtime-rom-1.1-etrng-log
extra-features: slow_tests
hw-version: "latest"
rom-version: "1.1"
rom-logging: true
fpga-itrng: false

fpga-1_1-full-suite-etrng-nolog:
name: FPGA Suite (1.1, etrng, nolog)
needs: find-latest-release
if: needs.find-latest-release.outputs.create_release
uses: ./.github/workflows/fpga.yml
with:
artifact-suffix: -fpga-realtime-rom-1.1-etrng-nolog
extra-features: slow_tests
hw-version: "latest"
rom-version: "1.1"
rom-logging: false
fpga-itrng: false

fpga-1_1-full-suite-itrng-log:
name: FPGA Suite (1.1, itrng, log)
needs: find-latest-release
if: needs.find-latest-release.outputs.create_release
uses: ./.github/workflows/fpga.yml
with:
artifact-suffix: -fpga-realtime-rom-1.1-itrng-log
extra-features: slow_tests,itrng
hw-version: "latest"
rom-version: "1.1"
rom-logging: true
fpga-itrng: true

fpga-1_1-full-suite-itrng-nolog:
name: FPGA Suite (1.1, itrng, nolog)
needs: find-latest-release
if: needs.find-latest-release.outputs.create_release
uses: ./.github/workflows/fpga.yml
with:
artifact-suffix: -fpga-realtime-rom-1.1-itrng-nolog
extra-features: slow_tests,itrng
hw-version: "latest"
rom-version: "1.1"
rom-logging: false
fpga-itrng: true

Expand Down Expand Up @@ -149,7 +204,7 @@ jobs:
with:
artifact-suffix: -fpga-realtime-latest-itrng-nolog
extra-features: slow_tests,itrng
hw-version: latest
hw-version: "latest"
rom-logging: false
fpga-itrng: true

Expand Down Expand Up @@ -193,6 +248,50 @@ jobs:
extra-features: slow_tests,itrng
rom-logging: false

sw-emulator-rom-1_1-full-suite-etrng-log:
name: sw-emulator Suite (etrng, log)
needs: find-latest-release
if: needs.find-latest-release.outputs.create_release
uses: ./.github/workflows/fw-test-emu.yml
with:
artifact-suffix: -sw-emulator-hw-1.1-etrng-log
extra-features: slow_tests
rom-logging: true
rom-version: "1.1"

sw-emulator-rom-1_1-full-suite-etrng-nolog:
name: sw-emulator Suite (etrng, nolog)
needs: find-latest-release
if: needs.find-latest-release.outputs.create_release
uses: ./.github/workflows/fw-test-emu.yml
with:
artifact-suffix: -sw-emulator-hw-1.1-etrng-nolog
extra-features: slow_tests
rom-logging: false
rom-version: "1.1"

sw-emulator-rom-1_1-full-suite-itrng-log:
name: sw-emulator Suite (itrng, log)
needs: find-latest-release
if: needs.find-latest-release.outputs.create_release
uses: ./.github/workflows/fw-test-emu.yml
with:
artifact-suffix: -sw-emulator-hw-1.1-itrng-log
extra-features: slow_tests,itrng
rom-logging: true
rom-version: "1.1"

sw-emulator-rom-1_1-full-suite-itrng-nolog:
name: sw-emulator Suite (itrng, nolog)
needs: find-latest-release
if: needs.find-latest-release.outputs.create_release
uses: ./.github/workflows/fw-test-emu.yml
with:
artifact-suffix: -sw-emulator-hw-1.1-itrng-nolog
extra-features: slow_tests,itrng
rom-logging: false
rom-version: "1.1"

sw-emulator-hw-1_0-full-suite-etrng-log:
name: sw-emulator Suite (etrng, log)
needs: find-latest-release
Expand All @@ -202,6 +301,7 @@ jobs:
artifact-suffix: -sw-emulator-hw-1.0-etrng-log
extra-features: hw-1.0,slow_tests
rom-logging: true
rom-version: "1.0"

sw-emulator-hw-1_0-full-suite-etrng-nolog:
name: sw-emulator Suite (etrng, nolog)
Expand All @@ -212,6 +312,7 @@ jobs:
artifact-suffix: -sw-emulator-hw-1.0-etrng-nolog
extra-features: hw-1.0,slow_tests
rom-logging: false
rom-version: "1.0"

sw-emulator-hw-1_0-full-suite-itrng-log:
name: sw-emulator Suite (itrng, log)
Expand All @@ -222,6 +323,7 @@ jobs:
artifact-suffix: -sw-emulator-hw-1.0-itrng-log
extra-features: hw-1.0,slow_tests,itrng
rom-logging: true
rom-version: "1.0"

sw-emulator-hw-1_0-full-suite-itrng-nolog:
name: sw-emulator Suite (itrng, nolog)
Expand All @@ -232,6 +334,7 @@ jobs:
artifact-suffix: -sw-emulator-hw-1.0-itrng-nolog
extra-features: hw-1.0,slow_tests,itrng
rom-logging: false
rom-version: "1.0"

create-release:
name: Create New Release
Expand Down
73 changes: 56 additions & 17 deletions builder/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,13 @@ use once_cell::sync::Lazy;

pub const THIS_WORKSPACE_DIR: &str = concat!(env!("CARGO_MANIFEST_DIR"), "/..");

#[derive(Debug, PartialEq)]
pub enum CiRomVersion {
Rom1_0,
Rom1_1,
Latest,
}

fn other_err(e: impl Into<Box<dyn std::error::Error + Send + Sync>>) -> io::Error {
io::Error::new(ErrorKind::Other, e)
}
Expand Down Expand Up @@ -362,28 +369,60 @@ pub fn build_firmware_elf(id: &FwId<'static>) -> io::Result<Arc<Vec<u8>>> {
Ok(result)
}

// Returns the ROM version to be used for CI testing specified in the environment variable "CPTRA_CI_ROM_VERSION"
// Default is Latest
pub fn get_ci_rom_version() -> CiRomVersion {
match std::env::var("CPTRA_CI_ROM_VERSION").as_deref() {
Ok("1.0") => CiRomVersion::Rom1_0,
Ok("1.1") => CiRomVersion::Rom1_1,
Ok(version) => panic!("Unknown CI ROM version \'{}\'", version),
Err(_) => CiRomVersion::Latest,
}
}

/// Returns the most appropriate ROM for use when testing non-ROM code against
/// a particular hardware version. DO NOT USE this for ROM-only tests.
pub fn rom_for_fw_integration_tests() -> io::Result<Cow<'static, [u8]>> {
let rom_from_env = firmware::rom_from_env();
if cfg!(feature = "hw-1.0") {
if rom_from_env == &firmware::ROM {
Ok(
include_bytes!("../../hw/1.0/caliptra-rom-1.0.1-9342687.bin")
.as_slice()
.into(),
)
} else if rom_from_env == &firmware::ROM_WITH_UART {
Ok(
include_bytes!("../../hw/1.0/caliptra-rom-with-log-1.0.1-9342687.bin")
.as_slice()
.into(),
)
} else {
Err(other_err(format!("Unexpected ROM fwid {rom_from_env:?}")))
if cfg!(feature = "hw-1.0") && get_ci_rom_version() != CiRomVersion::Rom1_0 {
panic!("CPTRA_CI_ROM_VERSION of \'1.0\' is expected for hw-1.0");
}
match get_ci_rom_version() {
CiRomVersion::Rom1_0 => {
if rom_from_env == &firmware::ROM {
Ok(
include_bytes!("../../rom/ci_frozen_rom/1.0/caliptra-rom-1.0.3-e8e23d9.bin")
.as_slice()
.into(),
)
} else if rom_from_env == &firmware::ROM_WITH_UART {
Ok(include_bytes!(
"../../rom/ci_frozen_rom/1.0/caliptra-rom-with-log-1.0.3-e8e23d9.bin"
)
.as_slice()
.into())
} else {
Err(other_err(format!("Unexpected ROM fwid {rom_from_env:?}")))
}
}
} else {
Ok(build_firmware_rom(rom_from_env)?.into())
CiRomVersion::Rom1_1 => {
if rom_from_env == &firmware::ROM {
Ok(
include_bytes!("../../rom/ci_frozen_rom/1.1/caliptra-rom-1.1.0-51ff0a8.bin")
.as_slice()
.into(),
)
} else if rom_from_env == &firmware::ROM_WITH_UART {
Ok(include_bytes!(
"../../rom/ci_frozen_rom/1.1/caliptra-rom-with-log-1.1.0-51ff0a8.bin"
)
.as_slice()
.into())
} else {
Err(other_err(format!("Unexpected ROM fwid {rom_from_env:?}")))
}
}
CiRomVersion::Latest => Ok(build_firmware_rom(rom_from_env)?.into()),
}
}

Expand Down
7 changes: 5 additions & 2 deletions fmc/tests/fmc_integration_tests/test_rtalias.rs
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
// Licensed under the Apache-2.0 license
use caliptra_builder::{
firmware::{self, runtime_tests::MOCK_RT_INTERACTIVE, FMC_WITH_UART},
ImageOptions,
get_ci_rom_version, CiRomVersion, ImageOptions,
};
use caliptra_common::RomBootStatus::*;

Expand Down Expand Up @@ -91,7 +91,10 @@ fn test_fht_info() {
let data = hw.mailbox_execute(TEST_CMD_READ_FHT, &[]).unwrap().unwrap();
let fht = FirmwareHandoffTable::read_from_prefix(data.as_bytes()).unwrap();
assert_eq!(fht.ldevid_tbs_size, 552);
assert_eq!(fht.fmcalias_tbs_size, 753);
match get_ci_rom_version() {
CiRomVersion::Rom1_0 | CiRomVersion::Rom1_1 => assert_eq!(fht.fmcalias_tbs_size, 786),
_ => assert_eq!(fht.fmcalias_tbs_size, 753),
};
assert_eq!(fht.ldevid_tbs_addr, 0x50003C00);
assert_eq!(fht.fmcalias_tbs_addr, 0x50004000);
assert_eq!(fht.pcr_log_addr, 0x50004800);
Expand Down
Binary file removed hw/1.0/caliptra-rom-1.0.1-9342687.bin
Binary file not shown.
Binary file removed hw/1.0/caliptra-rom-with-log-1.0.1-9342687.bin
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
2 changes: 1 addition & 1 deletion runtime/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -64,4 +64,4 @@ fips_self_test=[]
no-cfi = ["caliptra-image-verify/no-cfi", "caliptra-drivers/no-cfi"]
fpga_realtime = ["caliptra-drivers/fpga_realtime"]
"hw-1.0" = ["caliptra-builder/hw-1.0", "caliptra-drivers/hw-1.0", "caliptra-registers/hw-1.0", "caliptra-kat/hw-1.0","caliptra-cpu/hw-1.0"]
fips-test-hooks = ["caliptra-drivers/fips-test-hooks"]
fips-test-hooks = ["caliptra-drivers/fips-test-hooks"]
Loading
Loading