Skip to content

Commit

Permalink
Adding GitHub Action for testing TPM features.
Browse files Browse the repository at this point in the history
  • Loading branch information
dgarske committed Aug 16, 2023
1 parent 7d6c49e commit 8d83f6e
Show file tree
Hide file tree
Showing 32 changed files with 734 additions and 65 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/footprint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Footprint test

on:
push:
branches: [master]
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [master]
branches: [ '*' ]

jobs:
footprint_test:
Expand Down
67 changes: 67 additions & 0 deletions .github/workflows/test-build-sim-tpm.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
name: Wolfboot Reusable Build Workflow for TPM with Simulator

on:

workflow_call:
inputs:
arch:
required: true
type: string
config-file:
required: true
type: string
make-args:
required: false
type: string
rot-args:
required: false
type: string

jobs:

build:
runs-on: ubuntu-20.04

steps:
# setup ibmswtpm2
- uses: actions/checkout@master
with:
repository: kgoldman/ibmswtpm2
path: ibmswtpm2
- name: ibmswtpm2 make
working-directory: ./ibmswtpm2/src
run: |
make
./tpm_server &
- uses: actions/checkout@v3
with:
submodules: true

- name: make distclean
run: |
make distclean
- name: Select config
run: |
cp ${{inputs.config-file}} .config
- name: Build tools
run: |
make keytools
- name: Build wolfboot
run: |
make ${{inputs.make-args}}
- name: Build TPM tools
run: |
make tpmtools
- name: Write TPM ROT to TPM
run: |
./tools/tpm/rot -write ${{inputs.rot-args}}
- name: Run wolfBoot
run: |
./wolfboot.elf get_version
4 changes: 2 additions & 2 deletions .github/workflows/test-configs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Test Example Configs

on:
push:
branches: [master]
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [master]
branches: [ '*' ]

jobs:

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test-keytools.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Wolfboot keytools test workflow

on:
push:
branches: [master]
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [master]
branches: [ '*' ]

jobs:

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test-powerfail-simulator.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Power-failure during update - test with simulator target

on:
push:
branches: [master]
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [master]
branches: [ '*' ]

jobs:
powerfail_simulator_tests:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test-renode-fastmath-smallstack.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Renode Automated multi memory configurations

on:
push:
branches: [master]
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [master]
branches: [ '*' ]

jobs:
renode_automated_fastmath_smallstack:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test-renode-fastmath.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Renode Automated multi memory configurations

on:
push:
branches: [master]
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [master]
branches: [ '*' ]

jobs:
renode_automated_fastmath:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test-renode-noasm-smallstack.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Renode Automated multi memory configurations

on:
push:
branches: [master]
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [master]
branches: [ '*' ]

jobs:
renode_automated_noasm_smallstack:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test-renode-noasm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Renode Automated multi memory configurations

on:
push:
branches: [master]
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [master]
branches: [ '*' ]

jobs:
renode_automated_noasm:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test-renode-nrf52.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Renode Automated - Base Tests

on:
push:
branches: [master]
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [master]
branches: [ '*' ]

jobs:
renode_automated_base:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test-renode-sha3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Renode Automated multi SHA algorithms

on:
push:
branches: [master]
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [master]
branches: [ '*' ]

jobs:
renode_automated_multi_sha:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test-renode-sha384.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Renode Automated multi SHA algorithms

on:
push:
branches: [master]
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [master]
branches: [ '*' ]

jobs:
renode_automated_multi_sha:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test-renode-smallstack.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Renode Automated multi memory configurations

on:
push:
branches: [master]
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [master]
branches: [ '*' ]

jobs:
renode_automated_smallstack:
Expand Down
75 changes: 75 additions & 0 deletions .github/workflows/test-tpm.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
name: Test TPM Configs

on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]

jobs:

sim_tpm_ecc256:
uses: ./.github/workflows/test-build-sim-tpm.yml
with:
arch: host
config-file: ./config/examples/sim-tpm.config
make-args: SIGN=ECC256 HASH=SHA256

sim_tpm_ecc384:
uses: ./.github/workflows/test-build-sim-tpm.yml
with:
arch: host
config-file: ./config/examples/sim-tpm.config
make-args: SIGN=ECC384 HASH=SHA384

sim_tpm_rsa2048:
uses: ./.github/workflows/test-build-sim-tpm.yml
with:
arch: host
config-file: ./config/examples/sim-tpm.config
make-args: SIGN=RSA2048 HASH=SHA256


sim_tpm_measure_ecc256:
uses: ./.github/workflows/test-build-sim-tpm.yml
with:
arch: host
config-file: ./config/examples/sim-tpm-measured.config
make-args: SIGN=ECC256 HASH=SHA256

sim_tpm_measure_ecc384:
uses: ./.github/workflows/test-build-sim-tpm.yml
with:
arch: host
config-file: ./config/examples/sim-tpm-measured.config
make-args: SIGN=ECC384 HASH=SHA384

sim_tpm_measure_rsa2048:
uses: ./.github/workflows/test-build-sim-tpm.yml
with:
arch: host
config-file: ./config/examples/sim-tpm-measured.config
make-args: SIGN=RSA2048 HASH=SHA256


sim_tpm_keystore_ecc256:
uses: ./.github/workflows/test-build-sim-tpm.yml
with:
arch: host
config-file: ./config/examples/sim-tpm-keystore.config
make-args: SIGN=ECC256 HASH=SHA256

sim_tpm_keystore_ecc384:
uses: ./.github/workflows/test-build-sim-tpm.yml
with:
arch: host
config-file: ./config/examples/sim-tpm-keystore.config
make-args: SIGN=ECC384 HASH=SHA384
rot-args: -sha384

sim_tpm_keystore_rsa2048:
uses: ./.github/workflows/test-build-sim-tpm.yml
with:
arch: host
config-file: ./config/examples/sim-tpm-keystore.config
make-args: SIGN=RSA2048 HASH=SHA256
4 changes: 2 additions & 2 deletions .github/workflows/test-units.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Unit tests

on:
push:
branches: [master]
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [master]
branches: [ '*' ]

jobs:
unit_tests:
Expand Down
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ tools/uart-flash-server/ufserver
tools/unit-tests/unit-parser
tools/bin-assemble/bin-assemble
tools/elf-parser/elf-parser
tools/tpm/rot
config/*.ld

# Generated confiuguration file
Expand Down
5 changes: 5 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,11 @@ keytools:
@$(MAKE) -C tools/keytools -s clean
@$(MAKE) -C tools/keytools -j

tpmtools:
@echo "Building TPM tools"
@$(MAKE) -C tools/tpm -s clean
@$(MAKE) -C tools/tpm -j

test-app/image_v1_signed.bin: $(BOOT_IMG)
@echo "\t[SIGN] $(BOOT_IMG)"
$(Q)(test $(SIGN) = NONE) || $(SIGN_TOOL) $(SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) 1
Expand Down
9 changes: 7 additions & 2 deletions config/examples/sim-tpm-keystore.config
Original file line number Diff line number Diff line change
@@ -1,11 +1,16 @@
ARCH=sim
TARGET=sim
SIGN?=ECC384
HASH?=SHA384
SIGN?=ECC256
HASH?=SHA256
SPI_FLASH=0
DEBUG=1
WOLFTPM=1

# Measured boot at test PCR index 16
MEASURED_BOOT?=1
MEASURED_PCR_A?=16

# Use NV for TPM based Root of Trust
WOLFBOOT_TPM_KEYSTORE?=1
WOLFBOOT_TPM_KEYSTORE_NV_INDEX?=0x01400200

Expand Down
2 changes: 1 addition & 1 deletion config/examples/sim-tpm-measured.config
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
ARCH=sim
TARGET=sim
SIGN?=ED25519
SIGN?=ECC256
HASH?=SHA256
WOLFBOOT_SMALL_STACK=1
SPI_FLASH=0
Expand Down
4 changes: 2 additions & 2 deletions config/examples/sim-tpm.config
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
ARCH=sim
TARGET=sim
SIGN?=ECC384
HASH?=SHA384
SIGN?=ECC256
HASH?=SHA256
SPI_FLASH=0
DEBUG=1
WOLFTPM=1
Expand Down
2 changes: 1 addition & 1 deletion hal/sim.c
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ void hal_init(void)
ret = mmap_file(EXTERNAL_FLASH_FILE,
(uint8_t*)ARCH_FLASH_OFFSET + 0x10000000, &flash_base);
if (ret != 0) {
fprintf(stderr, "failed to load internal flash file\n");
fprintf(stderr, "failed to load external flash file\n");
exit(-1);
}
#endif /* EXT_FLASH */
Expand Down
Loading

0 comments on commit 8d83f6e

Please sign in to comment.