Skip to content

Commit

Permalink
Fixing release CI failures and adding frozen 1.1 ROM (#1809)
Browse files Browse the repository at this point in the history
* Fixing release CI failures and adding frozen 1.1 ROM

* Changing CI ROM version from rust feature to environment variable

* Removing reference to main branch in release flow

Prevents a release being made from main when tests were actuall run
on a different branch/commit
  • Loading branch information
nquarton authored Nov 25, 2024
1 parent 873c3c2 commit 5daf1b4
Show file tree
Hide file tree
Showing 22 changed files with 387 additions and 61 deletions.
18 changes: 12 additions & 6 deletions .github/workflows/fpga.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@ on:
hw-version:
default: "latest"
type: string
rom-version:
default: "latest"
type: string
workflow_call:
description: 'Set true for workflow_call'
default: true
Expand Down Expand Up @@ -161,6 +164,9 @@ jobs:
run: |
export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER="aarch64-linux-gnu-gcc"
export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUSTFLAGS="-C link-arg=--sysroot=$FARGO_SYSROOT"
if [ "${{ inputs.rom-version }}" != "latest" ]; then
export CPTRA_CI_ROM_VERSION="${{ inputs.rom-version }}"
fi
if [ "${{ inputs.workflow_call }}" ]; then
FEATURES=fpga_realtime,${{ inputs.extra-features }}
Expand Down Expand Up @@ -420,11 +426,6 @@ jobs:
TEST_BIN=/tmp/caliptra-test-binaries
VARS="CPTRA_UIO_NUM=4 CALIPTRA_PREBUILT_FW_DIR=/tmp/caliptra-test-firmware CALIPTRA_IMAGE_NO_GIT_REVISION=1"
if [[ "${{ inputs.workflow_call }}" && "${{ inputs.hw-version }}" != "latest" ]]; then
VARS+=" FIPS_TEST_HW_EXP_VERSION=1_0_0"
VARS+=" FIPS_TEST_ROM_EXP_VERSION=1_0_1"
fi
if [ "${{ inputs.rom-logging }}" == "true" ] || [ -z "${{ inputs.rom-logging }}" ]; then
VARS+=" CPTRA_ROM_TYPE=ROM_WITH_UART"
elif [ "${{ inputs.rom-logging }}" == false ]; then
Expand All @@ -433,7 +434,12 @@ jobs:
echo "Unexpected inputs.rom-logging: ${{ inputs.rom-logging }}"
exit 1
fi
echo CPTRA_ROM_TYPE=${CPTRA_ROM_TYPE}
if [[ "${{ inputs.workflow_call }}" && "${{ inputs.rom-version }}" != "latest" ]]; then
VARS+=" CPTRA_CI_ROM_VERSION="${{ inputs.rom-version }}""
fi
echo VARS=${VARS}
COMMON_ARGS=(
--cargo-metadata="${TEST_BIN}/target/nextest/cargo-metadata.json"
Expand Down
11 changes: 6 additions & 5 deletions .github/workflows/fw-test-emu.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@ on:
rom-logging:
default: true
type: boolean
rom-version:
default: "latest"
type: string

jobs:
build_and_test:
Expand Down Expand Up @@ -57,6 +60,9 @@ jobs:
- name: Run tests
run: |
export CALIPTRA_PREBUILT_FW_DIR=/tmp/caliptra-test-firmware
if [ "${{ inputs.rom-version }}" != "latest" ]; then
export CPTRA_CI_ROM_VERSION="${{ inputs.rom-version }}"
fi
if [ "${{ inputs.rom-logging }}" == "true" ] || [ -z "${{ inputs.rom-logging }}" ]; then
export CPTRA_ROM_TYPE=ROM_WITH_UART
Expand All @@ -67,11 +73,6 @@ jobs:
exit 1
fi
if [[ ${{ inputs.extra-features }} == *"hw-1.0"* ]]; then
export FIPS_TEST_HW_EXP_VERSION=1_0_0
export FIPS_TEST_ROM_EXP_VERSION=1_0_1
fi
# Workaround https://github.com/nextest-rs/nextest/issues/267
export LD_LIBRARY_PATH=$(rustc --print sysroot)/lib
Expand Down
107 changes: 105 additions & 2 deletions .github/workflows/nightly-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ jobs:
- uses: actions/checkout@v3
with:
submodules: 'true'
ref: 'main'
fetch-depth: 0

- name: Find latest release
Expand Down Expand Up @@ -66,6 +65,7 @@ jobs:
artifact-suffix: -fpga-realtime-hw-1.0-etrng-log
extra-features: slow_tests
hw-version: "1.0"
rom-version: "1.0"
rom-logging: true
fpga-itrng: false

Expand All @@ -78,6 +78,7 @@ jobs:
artifact-suffix: -fpga-realtime-hw-1.0-etrng-nolog
extra-features: slow_tests
hw-version: "1.0"
rom-version: "1.0"
rom-logging: false
fpga-itrng: false

Expand All @@ -90,6 +91,7 @@ jobs:
artifact-suffix: -fpga-realtime-hw-1.0-itrng-log
extra-features: slow_tests,itrng
hw-version: "1.0"
rom-version: "1.0"
rom-logging: true
fpga-itrng: true

Expand All @@ -102,6 +104,59 @@ jobs:
artifact-suffix: -fpga-realtime-hw-1.0-itrng-nolog
extra-features: slow_tests,itrng
hw-version: "1.0"
rom-version: "1.0"
rom-logging: false
fpga-itrng: true

fpga-1_1-full-suite-etrng-log:
name: FPGA Suite (1.1, etrng, log)
needs: find-latest-release
if: needs.find-latest-release.outputs.create_release
uses: ./.github/workflows/fpga.yml
with:
artifact-suffix: -fpga-realtime-rom-1.1-etrng-log
extra-features: slow_tests
hw-version: "latest"
rom-version: "1.1"
rom-logging: true
fpga-itrng: false

fpga-1_1-full-suite-etrng-nolog:
name: FPGA Suite (1.1, etrng, nolog)
needs: find-latest-release
if: needs.find-latest-release.outputs.create_release
uses: ./.github/workflows/fpga.yml
with:
artifact-suffix: -fpga-realtime-rom-1.1-etrng-nolog
extra-features: slow_tests
hw-version: "latest"
rom-version: "1.1"
rom-logging: false
fpga-itrng: false

fpga-1_1-full-suite-itrng-log:
name: FPGA Suite (1.1, itrng, log)
needs: find-latest-release
if: needs.find-latest-release.outputs.create_release
uses: ./.github/workflows/fpga.yml
with:
artifact-suffix: -fpga-realtime-rom-1.1-itrng-log
extra-features: slow_tests,itrng
hw-version: "latest"
rom-version: "1.1"
rom-logging: true
fpga-itrng: true

fpga-1_1-full-suite-itrng-nolog:
name: FPGA Suite (1.1, itrng, nolog)
needs: find-latest-release
if: needs.find-latest-release.outputs.create_release
uses: ./.github/workflows/fpga.yml
with:
artifact-suffix: -fpga-realtime-rom-1.1-itrng-nolog
extra-features: slow_tests,itrng
hw-version: "latest"
rom-version: "1.1"
rom-logging: false
fpga-itrng: true

Expand Down Expand Up @@ -149,7 +204,7 @@ jobs:
with:
artifact-suffix: -fpga-realtime-latest-itrng-nolog
extra-features: slow_tests,itrng
hw-version: latest
hw-version: "latest"
rom-logging: false
fpga-itrng: true

Expand Down Expand Up @@ -193,6 +248,50 @@ jobs:
extra-features: slow_tests,itrng
rom-logging: false

sw-emulator-rom-1_1-full-suite-etrng-log:
name: sw-emulator Suite (etrng, log)
needs: find-latest-release
if: needs.find-latest-release.outputs.create_release
uses: ./.github/workflows/fw-test-emu.yml
with:
artifact-suffix: -sw-emulator-hw-1.1-etrng-log
extra-features: slow_tests
rom-logging: true
rom-version: "1.1"

sw-emulator-rom-1_1-full-suite-etrng-nolog:
name: sw-emulator Suite (etrng, nolog)
needs: find-latest-release
if: needs.find-latest-release.outputs.create_release
uses: ./.github/workflows/fw-test-emu.yml
with:
artifact-suffix: -sw-emulator-hw-1.1-etrng-nolog
extra-features: slow_tests
rom-logging: false
rom-version: "1.1"

sw-emulator-rom-1_1-full-suite-itrng-log:
name: sw-emulator Suite (itrng, log)
needs: find-latest-release
if: needs.find-latest-release.outputs.create_release
uses: ./.github/workflows/fw-test-emu.yml
with:
artifact-suffix: -sw-emulator-hw-1.1-itrng-log
extra-features: slow_tests,itrng
rom-logging: true
rom-version: "1.1"

sw-emulator-rom-1_1-full-suite-itrng-nolog:
name: sw-emulator Suite (itrng, nolog)
needs: find-latest-release
if: needs.find-latest-release.outputs.create_release
uses: ./.github/workflows/fw-test-emu.yml
with:
artifact-suffix: -sw-emulator-hw-1.1-itrng-nolog
extra-features: slow_tests,itrng
rom-logging: false
rom-version: "1.1"

sw-emulator-hw-1_0-full-suite-etrng-log:
name: sw-emulator Suite (etrng, log)
needs: find-latest-release
Expand All @@ -202,6 +301,7 @@ jobs:
artifact-suffix: -sw-emulator-hw-1.0-etrng-log
extra-features: hw-1.0,slow_tests
rom-logging: true
rom-version: "1.0"

sw-emulator-hw-1_0-full-suite-etrng-nolog:
name: sw-emulator Suite (etrng, nolog)
Expand All @@ -212,6 +312,7 @@ jobs:
artifact-suffix: -sw-emulator-hw-1.0-etrng-nolog
extra-features: hw-1.0,slow_tests
rom-logging: false
rom-version: "1.0"

sw-emulator-hw-1_0-full-suite-itrng-log:
name: sw-emulator Suite (itrng, log)
Expand All @@ -222,6 +323,7 @@ jobs:
artifact-suffix: -sw-emulator-hw-1.0-itrng-log
extra-features: hw-1.0,slow_tests,itrng
rom-logging: true
rom-version: "1.0"

sw-emulator-hw-1_0-full-suite-itrng-nolog:
name: sw-emulator Suite (itrng, nolog)
Expand All @@ -232,6 +334,7 @@ jobs:
artifact-suffix: -sw-emulator-hw-1.0-itrng-nolog
extra-features: hw-1.0,slow_tests,itrng
rom-logging: false
rom-version: "1.0"

create-release:
name: Create New Release
Expand Down
73 changes: 56 additions & 17 deletions builder/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,13 @@ use once_cell::sync::Lazy;

pub const THIS_WORKSPACE_DIR: &str = concat!(env!("CARGO_MANIFEST_DIR"), "/..");

#[derive(Debug, PartialEq)]
pub enum CiRomVersion {
Rom1_0,
Rom1_1,
Latest,
}

fn other_err(e: impl Into<Box<dyn std::error::Error + Send + Sync>>) -> io::Error {
io::Error::new(ErrorKind::Other, e)
}
Expand Down Expand Up @@ -362,28 +369,60 @@ pub fn build_firmware_elf(id: &FwId<'static>) -> io::Result<Arc<Vec<u8>>> {
Ok(result)
}

// Returns the ROM version to be used for CI testing specified in the environment variable "CPTRA_CI_ROM_VERSION"
// Default is Latest
pub fn get_ci_rom_version() -> CiRomVersion {
match std::env::var("CPTRA_CI_ROM_VERSION").as_deref() {
Ok("1.0") => CiRomVersion::Rom1_0,
Ok("1.1") => CiRomVersion::Rom1_1,
Ok(version) => panic!("Unknown CI ROM version \'{}\'", version),
Err(_) => CiRomVersion::Latest,
}
}

/// Returns the most appropriate ROM for use when testing non-ROM code against
/// a particular hardware version. DO NOT USE this for ROM-only tests.
pub fn rom_for_fw_integration_tests() -> io::Result<Cow<'static, [u8]>> {
let rom_from_env = firmware::rom_from_env();
if cfg!(feature = "hw-1.0") {
if rom_from_env == &firmware::ROM {
Ok(
include_bytes!("../../hw/1.0/caliptra-rom-1.0.1-9342687.bin")
.as_slice()
.into(),
)
} else if rom_from_env == &firmware::ROM_WITH_UART {
Ok(
include_bytes!("../../hw/1.0/caliptra-rom-with-log-1.0.1-9342687.bin")
.as_slice()
.into(),
)
} else {
Err(other_err(format!("Unexpected ROM fwid {rom_from_env:?}")))
if cfg!(feature = "hw-1.0") && get_ci_rom_version() != CiRomVersion::Rom1_0 {
panic!("CPTRA_CI_ROM_VERSION of \'1.0\' is expected for hw-1.0");
}
match get_ci_rom_version() {
CiRomVersion::Rom1_0 => {
if rom_from_env == &firmware::ROM {
Ok(
include_bytes!("../../rom/ci_frozen_rom/1.0/caliptra-rom-1.0.3-e8e23d9.bin")
.as_slice()
.into(),
)
} else if rom_from_env == &firmware::ROM_WITH_UART {
Ok(include_bytes!(
"../../rom/ci_frozen_rom/1.0/caliptra-rom-with-log-1.0.3-e8e23d9.bin"
)
.as_slice()
.into())
} else {
Err(other_err(format!("Unexpected ROM fwid {rom_from_env:?}")))
}
}
} else {
Ok(build_firmware_rom(rom_from_env)?.into())
CiRomVersion::Rom1_1 => {
if rom_from_env == &firmware::ROM {
Ok(
include_bytes!("../../rom/ci_frozen_rom/1.1/caliptra-rom-1.1.0-51ff0a8.bin")
.as_slice()
.into(),
)
} else if rom_from_env == &firmware::ROM_WITH_UART {
Ok(include_bytes!(
"../../rom/ci_frozen_rom/1.1/caliptra-rom-with-log-1.1.0-51ff0a8.bin"
)
.as_slice()
.into())
} else {
Err(other_err(format!("Unexpected ROM fwid {rom_from_env:?}")))
}
}
CiRomVersion::Latest => Ok(build_firmware_rom(rom_from_env)?.into()),
}
}

Expand Down
7 changes: 5 additions & 2 deletions fmc/tests/fmc_integration_tests/test_rtalias.rs
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
// Licensed under the Apache-2.0 license
use caliptra_builder::{
firmware::{self, runtime_tests::MOCK_RT_INTERACTIVE, FMC_WITH_UART},
ImageOptions,
get_ci_rom_version, CiRomVersion, ImageOptions,
};
use caliptra_common::RomBootStatus::*;

Expand Down Expand Up @@ -91,7 +91,10 @@ fn test_fht_info() {
let data = hw.mailbox_execute(TEST_CMD_READ_FHT, &[]).unwrap().unwrap();
let fht = FirmwareHandoffTable::read_from_prefix(data.as_bytes()).unwrap();
assert_eq!(fht.ldevid_tbs_size, 552);
assert_eq!(fht.fmcalias_tbs_size, 753);
match get_ci_rom_version() {
CiRomVersion::Rom1_0 | CiRomVersion::Rom1_1 => assert_eq!(fht.fmcalias_tbs_size, 786),
_ => assert_eq!(fht.fmcalias_tbs_size, 753),
};
assert_eq!(fht.ldevid_tbs_addr, 0x50003C00);
assert_eq!(fht.fmcalias_tbs_addr, 0x50004000);
assert_eq!(fht.pcr_log_addr, 0x50004800);
Expand Down
Binary file removed hw/1.0/caliptra-rom-1.0.1-9342687.bin
Binary file not shown.
Binary file removed hw/1.0/caliptra-rom-with-log-1.0.1-9342687.bin
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
2 changes: 1 addition & 1 deletion runtime/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -64,4 +64,4 @@ fips_self_test=[]
no-cfi = ["caliptra-image-verify/no-cfi", "caliptra-drivers/no-cfi"]
fpga_realtime = ["caliptra-drivers/fpga_realtime"]
"hw-1.0" = ["caliptra-builder/hw-1.0", "caliptra-drivers/hw-1.0", "caliptra-registers/hw-1.0", "caliptra-kat/hw-1.0","caliptra-cpu/hw-1.0"]
fips-test-hooks = ["caliptra-drivers/fips-test-hooks"]
fips-test-hooks = ["caliptra-drivers/fips-test-hooks"]
Loading

0 comments on commit 5daf1b4

Please sign in to comment.