Skip to content

Commit

Permalink
add flake check that builds a EIF
Browse files Browse the repository at this point in the history
  • Loading branch information
@cottand
cottand committed Feb 23, 2024
1 parent a820c5f commit dbb5676
Showing 1 changed file with 29 additions and 0 deletions.
29 changes: 29 additions & 0 deletions flake.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,35 @@
checks = {
# make sure we can build the eif-cli
inherit (packages) eif-cli;

# build a simple (non-bootable) EIF image for ARM64 as part of checks
test-make-eif = lib.mkEif {
name = "test";
ramdisks = [
(lib.mkSysRamdisk { init = self.lib.aarch64-linux.blobs.init; nsmKo = self.lib.aarch64-linux.blobs.nsmKo; })
(lib.mkUserRamdisk { entrypoint = "none"; env = ""; rootfs = pkgs.writeTextDir "etc/file" "hello world!"; })
];
kernel = self.lib.aarch64-linux.blobs.kernel;
kernelConfig = self.lib.aarch64-linux.blobs.kernelConfig;
};

# check the PCR for this simple EIF is reproduced
test-eif-PCRs-match = pkgs.stdenvNoCC.mkDerivation {
buildInputs = [ pkgs.jq ];
name = "test-eif-PCRs-match";
src = checks.test-make-eif;
dontBuild = true;
doCheck = true;
checkPhase = ''
PCR0=$(jq -r < ./pcr.json ' .PCR0 ')
if echo "$PCR0" | grep -qv 'a15c9d65991e44f63827e506d519b9107cc81844a8745a315a1d543b8788ea58254c7b17bc0003d2fa7322142a47e007'
then
echo "PCR0 did not match, got instead:" $PCR0
exit -1
fi
'';
installPhase = "mkdir $out";
};
};
}
))
Expand Down

0 comments on commit dbb5676

Please sign in to comment.