pta: stm32mp: add debug access PTA #7965
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: [push, pull_request] | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ci-${{ github.ref }} # unique per branch | |
| cancel-in-progress: true # cancel previous runs on the same branch | |
| jobs: | |
| code_style: | |
| name: Code style | |
| runs-on: ubuntu-latest | |
| container: jforissier/optee_os_ci | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # full history so checkpatch can check commit IDs in commit messages | |
| - name: Update Git config | |
| run: git config --global --add safe.directory ${GITHUB_WORKSPACE} | |
| - name: Run checkpatch | |
| shell: bash | |
| run: | | |
| # checkpatch task | |
| set -e | |
| pushd . >/dev/null | |
| mkdir -p /tmp/linux/scripts | |
| cd /tmp/linux/scripts | |
| wget --quiet https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/plain/scripts/checkpatch.pl | |
| chmod +x checkpatch.pl | |
| wget --quiet https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/plain/scripts/spelling.txt | |
| echo "invalid.struct.name" >const_structs.checkpatch | |
| export PATH=/tmp/linux/scripts:$PATH | |
| popd >/dev/null | |
| source scripts/checkpatch_inc.sh | |
| function _do() { echo '>>' $*; $*; } | |
| # Run checkpatch.pl: | |
| # - on the tip of the branch only if we're not in a pull request | |
| # - otherwise: | |
| # * on each commit in the development branch that is not in the target (merge to) branch | |
| # * on the global diff if the PR contains more than one commit (useful to check if fixup | |
| # commits do solve previous checkpatch errors) | |
| if [ "${GITHUB_EVENT_NAME}" = "push" ]; then \ | |
| _do checkpatch HEAD || failed=1; \ | |
| else \ | |
| for c in $(git rev-list HEAD^1..HEAD^2); do \ | |
| _do checkpatch $c || failed=1; \ | |
| done; \ | |
| if [ "$(git rev-list --count HEAD^1..HEAD^2)" -gt 1 ]; then \ | |
| _do checkdiff $(git rev-parse HEAD^1) $(git rev-parse HEAD^2) || failed=1; \ | |
| fi; \ | |
| fi | |
| [ -z "$failed" ] | |
| - name: Run pycodestyle | |
| if: success() || failure() | |
| run: | | |
| # pycodestyle task | |
| sudo -E bash -c "apt update -qq -y && apt install -qq -y pycodestyle" | |
| pycodestyle scripts/*.py core/arch/arm/plat-stm32mp1/scripts/stm32image.py | |
| builds: | |
| name: Build (${{ matrix.name }}) | |
| runs-on: ubuntu-latest | |
| container: jforissier/optee_os_ci | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: arm hikey | |
| make_commands: | | |
| _make PLATFORM=hikey | |
| _make PLATFORM=hikey CFG_ARM64_core=y | |
| - name: arm hikey-hikey960 | |
| make_commands: | | |
| _make PLATFORM=hikey-hikey960 | |
| _make PLATFORM=hikey-hikey960 COMPILER=clang | |
| _make PLATFORM=hikey-hikey960 CFG_ARM64_core=y | |
| _make PLATFORM=hikey-hikey960 CFG_ARM64_core=y COMPILER=clang | |
| _make PLATFORM=hikey-hikey960 CFG_SECURE_DATA_PATH=n | |
| - name: arm imx-imx6* 1 | |
| make_commands: | | |
| _make PLATFORM=imx-mx6ulevk | |
| _make PLATFORM=imx-mx6ulevk CFG_NXP_CAAM=y CFG_CRYPTO_DRIVER=y | |
| _make PLATFORM=imx-mx6ul9x9evk | |
| _make PLATFORM=imx-mx6ullevk CFG_WITH_SOFTWARE_PRNG=n CFG_IMX_RNGB=y | |
| _make PLATFORM=imx-mx6ulzevk | |
| _make PLATFORM=imx-mx6slevk | |
| _make PLATFORM=imx-mx6sllevk | |
| _make PLATFORM=imx-mx6sxsabreauto | |
| _make PLATFORM=imx-mx6sxsabresd | |
| _make PLATFORM=imx-mx6sxsabresd CFG_NXP_CAAM=y CFG_CRYPTO_DRIVER=y | |
| _make PLATFORM=imx-mx6solosabresd | |
| _make PLATFORM=imx-mx6solosabreauto | |
| _make PLATFORM=imx-mx6sxsabreauto | |
| - name: arm imx-imx6* 2 | |
| make_commands: | | |
| _make PLATFORM=imx-mx6qsabrelite | |
| _make PLATFORM=imx-mx6qsabresd | |
| _make PLATFORM=imx-mx6qsabresd CFG_RPMB_FS=y | |
| _make PLATFORM=imx-mx6qsabreauto | |
| _make PLATFORM=imx-mx6qsabreauto CFG_NXP_CAAM=y CFG_CRYPTO_DRIVER=y | |
| _make PLATFORM=imx-mx6qpsabreauto | |
| _make PLATFORM=imx-mx6qpsabresd | |
| _make PLATFORM=imx-mx6dlsabresd | |
| _make PLATFORM=imx-mx6dlsabreauto | |
| _make PLATFORM=imx-mx6dapalis | |
| _make PLATFORM=imx-mx6qapalis | |
| - name: arm imx-mx7* | |
| make_commands: | | |
| _make PLATFORM=imx-mx7dsabresd | |
| _make PLATFORM=imx-mx7dsabresd CFG_NXP_CAAM=y CFG_CRYPTO_DRIVER=y | |
| _make PLATFORM=imx-mx7ulpevk | |
| - name: arm imx-mx8* | |
| make_commands: | | |
| _make PLATFORM=imx-mx8mmevk | |
| _make PLATFORM=imx-mx8mmevk CFG_NXP_CAAM=y CFG_CRYPTO_DRIVER=y | |
| _make PLATFORM=imx-mx8mnevk | |
| _make PLATFORM=imx-mx8mqevk | |
| _make PLATFORM=imx-mx8mpevk | |
| _make PLATFORM=imx-mx8qxpmek | |
| _make PLATFORM=imx-mx8dxmek | |
| _make PLATFORM=imx-mx8qmmek | |
| _make PLATFORM=imx-mx8dxlevk | |
| _make PLATFORM=imx-mx8ulpevk | |
| _make PLATFORM=imx-mx8ulpevk CFG_NXP_CAAM=y CFG_CRYPTO_DRIVER=y | |
| - name: arm imx-mx9* | |
| make_commands: | | |
| _make PLATFORM=imx-mx91evk | |
| _make PLATFORM=imx-mx93evk | |
| _make PLATFORM=imx-mx95evk | |
| _make PLATFORM=imx-mx943evk | |
| - name: arm k3 | |
| make_commands: | | |
| _make PLATFORM=k3-j721e | |
| _make PLATFORM=k3-j721e CFG_ARM64_core=y | |
| _make PLATFORM=k3-j784s4 | |
| _make PLATFORM=k3-j784s4 CFG_ARM64_core=y | |
| _make PLATFORM=k3-am65x | |
| _make PLATFORM=k3-am65x CFG_ARM64_core=y | |
| _make PLATFORM=k3-am64x | |
| _make PLATFORM=k3-am64x CFG_ARM64_core=y | |
| _make PLATFORM=k3-am62x | |
| _make PLATFORM=k3-am62x CFG_ARM64_core=y | |
| _make PLATFORM=k3-am62lx | |
| _make PLATFORM=k3-am62lx CFG_ARM64_core=y | |
| - name: arm ls | |
| make_commands: | | |
| _make PLATFORM=ls-ls1043ardb | |
| _make PLATFORM=ls-ls1046ardb | |
| _make PLATFORM=ls-ls1012ardb | |
| _make PLATFORM=ls-ls1028ardb | |
| _make PLATFORM=ls-ls1088ardb | |
| _make PLATFORM=ls-ls2088ardb | |
| _make PLATFORM=ls-lx2160ardb | |
| _make PLATFORM=ls-lx2160aqds | |
| - name: arm marvell | |
| make_commands: | | |
| _make PLATFORM=marvell-armada7k8k | |
| _make PLATFORM=marvell-armada3700 | |
| _make PLATFORM=marvell-otx2t96 | |
| _make PLATFORM=marvell-otx2f95 | |
| _make PLATFORM=marvell-otx2t98 | |
| _make PLATFORM=marvell-cn10ka | |
| _make PLATFORM=marvell-cn10kb | |
| _make PLATFORM=marvell-cnf10ka | |
| _make PLATFORM=marvell-cnf10kb | |
| _make PLATFORM=marvell-cn20ka | |
| - name: arm mediatek | |
| make_commands: | | |
| _make PLATFORM=mediatek-mt8173 | |
| _make PLATFORM=mediatek-mt8175 | |
| _make PLATFORM=mediatek-mt8183 | |
| _make PLATFORM=mediatek-mt8516 | |
| - name: arm misc 1 | |
| make_commands: | | |
| _make PLATFORM=d02 | |
| _make PLATFORM=d02 CFG_ARM64_core=y | |
| _make PLATFORM=poplar | |
| _make PLATFORM=poplar CFG_ARM64_core=y | |
| _make PLATFORM=rcar | |
| _make PLATFORM=rzg | |
| _make PLATFORM=rzg CFG_ARM64_core=y | |
| _make PLATFORM=rpi3 | |
| _make PLATFORM=rpi3 CFG_ARM64_core=y | |
| _make PLATFORM=rpi5 | |
| _make PLATFORM=zynq7k-zc702 | |
| _make PLATFORM=marvell-cnf20ka | |
| _make PLATFORM=synquacer | |
| _make PLATFORM=sunxi-bpi_zero | |
| _make PLATFORM=sunxi-sun50i_a64 | |
| - name: arm misc 2 | |
| make_commands: | | |
| _make PLATFORM=bcm-ns3 CFG_ARM64_core=y | |
| _make PLATFORM=hisilicon-hi3519av100_demo | |
| _make PLATFORM=amlogic | |
| _make PLATFORM=rzn1 | |
| _make PLATFORM=versal CFG_VERSAL_FPGA_DDR_ADDR=0x40000000 | |
| _make PLATFORM=corstone1000 | |
| _make PLATFORM=nuvoton | |
| _make PLATFORM=d06 | |
| _make PLATFORM=d06 CFG_HISILICON_ACC_V3=y | |
| _make PLATFORM=telechips-tcc805x | |
| _make PLATFORM=versal2 | |
| _make PLATFORM=versal2 CFG_AMD_PS_GPIO=y | |
| _make PLATFORM=sprd-sc9860 | |
| _make PLATFORM=sprd-sc9860 CFG_ARM64_core=y | |
| - name: arm Plug and Trust | |
| make_commands: | | |
| function download_plug_and_trust() { mkdir -p $HOME/se050 && git clone --single-branch -b v0.4.2 https://github.com/foundriesio/plug-and-trust $HOME/se050/plug-and-trust || (rm -rf $HOME/se050 ; echo Nervermind); } | |
| download_plug_and_trust | |
| if [ -d $HOME/se050/plug-and-trust ]; then _make PLATFORM=imx-mx6ullevk CFG_NXP_SE05X=y CFG_IMX_I2C=y CFG_STACK_{THREAD,TMP}_EXTRA=8192 CFG_CRYPTO_DRV_{CIPHER,ACIPHER}=y CFG_WITH_SOFTWARE_PRNG=n CFG_NXP_SE05X_{DIEID,RNG,RSA,ECC,CTR}_DRV=y CFG_NXP_SE05X_RSA_DRV_FALLBACK=y CFG_NXP_SE05X_ECC_DRV_FALLBACK=y CFG_NXP_SE05X_PLUG_AND_TRUST=$HOME/se050/plug-and-trust ; fi | |
| if [ -d $HOME/se050/plug-and-trust ]; then _make PLATFORM=imx-mx8mmevk CFG_NXP_CAAM=y CFG_NXP_CAAM_AE_{GCM,CCM}_DRV=y CFG_NXP_CAAM_RNG_DRV=y CFG_NXP_SE05X=y CFG_IMX_I2C=y CFG_STACK_{THREAD,TMP}_EXTRA=8192 CFG_CRYPTO_DRV_{CIPHER,ACIPHER,AUTHENC}=y CFG_NXP_SE05X_RNG_DRV=n CFG_WITH_SOFTWARE_PRNG=n CFG_NXP_SE05X_{DIEID,RSA,ECC,CTR}_DRV=y CFG_NXP_SE05X_RSA_DRV_FALLBACK=y CFG_NXP_SE05X_ECC_DRV_FALLBACK=y CFG_NXP_SE05X_PLUG_AND_TRUST=$HOME/se050/plug-and-trust ; fi | |
| - name: arm qcom | |
| make_commands: | | |
| _make PLATFORM=qcom-kodiak | |
| - name: arm rockchip | |
| make_commands: | | |
| _make PLATFORM=rockchip-rk322x | |
| _make PLATFORM=rockchip-rk3399 | |
| _make PLATFORM=rockchip-rk3588 | |
| - name: arm sam | |
| make_commands: | | |
| _make PLATFORM=sam | |
| _make PLATFORM=sam-sama5d2_xplained | |
| _make PLATFORM=sam-sama5d27_som1_ek | |
| _make PLATFORM=sam-sama5d27_wlsom1_ek | |
| - name: arm SCP firmware | |
| make_commands: | | |
| function download_scp_firmware() { git clone --single-branch https://git.gitlab.arm.com/firmware/SCP-firmware.git $HOME/scp-firmware && git -C $HOME/scp-firmware checkout 0d48080449e3bd3e5218a31c5f24a6068004c5af || (rm -rf $HOME/scp-firmware ; echo Nervermind); } | |
| download_scp_firmware | |
| if [ -d $HOME/scp-firmware ]; then _make PLATFORM=vexpress-qemu_armv8a CFG_SCMI_SCPFW=y CFG_SCP_FIRMWARE=$HOME/scp-firmware; fi | |
| if [ -d $HOME/scp-firmware ]; then _make PLATFORM=stm32mp2 CFG_SCP_FIRMWARE=$HOME/scp-firmware; fi | |
| if [ -d $HOME/scp-firmware ]; then _make PLATFORM=stm32mp2-235F_DK CFG_SCP_FIRMWARE=$HOME/scp-firmware; fi | |
| if [ -d $HOME/scp-firmware ]; then _make PLATFORM=stm32mp2-215F_DK CFG_SCP_FIRMWARE=$HOME/scp-firmware; fi | |
| if [ -d $HOME/scp-firmware ]; then _make PLATFORM=vexpress-fvp CFG_SCMI_SCPFW=y CFG_SCP_FIRMWARE=$HOME/scp-firmware; fi | |
| # if [ -d $HOME/scp-firmware ]; then _make PLATFORM=stm32mp1-157C_DK2 CFG_SCMI_SCPFW=y CFG_SCP_FIRMWARE=$HOME/scp-firmware; fi | |
| - name: arm stm | |
| make_commands: | | |
| _make PLATFORM=stm-b2260 | |
| _make PLATFORM=stm-cannes | |
| - name: arm stm32mp1 | |
| make_commands: | | |
| _make PLATFORM=stm32mp1 | |
| _make PLATFORM=stm32mp1-135F_DK CFG_DRIVERS_CLK_PRINT_TREE=y CFG_DRIVERS_REGULATOR_PRINT_TREE=y | |
| _make PLATFORM=stm32mp1-135F_DK COMPILER=clang | |
| _make PLATFORM=stm32mp1 CFG_STM32MP1_OPTEE_IN_SYSRAM=y CFG_STM32MP_REMOTEPROC=y | |
| - name: arm ti | |
| make_commands: | | |
| _make PLATFORM=ti-dra7xx out/core/tee{,-pager,-pageable}.bin | |
| _make PLATFORM=ti-am57xx | |
| _make PLATFORM=ti-am43xx | |
| - name: arm vexpress-fvp | |
| make_commands: | | |
| _make PLATFORM=vexpress-fvp | |
| _make PLATFORM=vexpress-fvp CFG_ARM64_core=y | |
| _make PLATFORM=vexpress-fvp CFG_ARM64_core=y CFG_CORE_SEL1_SPMC=y CFG_SECURE_PARTITION=y | |
| - name: arm vexpress-juno | |
| make_commands: | | |
| _make PLATFORM=vexpress-juno | |
| _make PLATFORM=vexpress-juno CFG_ARM64_core=y | |
| - name: arm vexpress-qemu_armv8a 1 | |
| make_commands: | | |
| _make PLATFORM=vexpress-qemu_armv8a | |
| _make PLATFORM=vexpress-qemu_armv8a COMPILER=clang | |
| _make PLATFORM=vexpress-qemu_armv8a CFG_TEE_CORE_LOG_LEVEL=0 CFG_TEE_CORE_DEBUG=n CFG_TEE_TA_LOG_LEVEL=0 CFG_DEBUG_INFO=n | |
| _make PLATFORM=vexpress-qemu_armv8a CFG_TEE_CORE_LOG_LEVEL=4 CFG_TEE_CORE_DEBUG=y CFG_TEE_TA_LOG_LEVEL=4 CFG_CC_OPT_LEVEL=0 CFG_DEBUG_INFO=y | |
| _make PLATFORM=vexpress-qemu_armv8a CFG_TEE_CORE_LOG_LEVEL=0 CFG_TEE_CORE_DEBUG=n CFG_TEE_TA_LOG_LEVEL=0 CFG_DEBUG_INFO=n COMPILER=clang | |
| _make PLATFORM=vexpress-qemu_armv8a CFG_WITH_PAGER=y | |
| _make PLATFORM=vexpress-qemu_armv8a CFG_FTRACE_SUPPORT=y CFG_ULIBS_MCOUNT=y CFG_ULIBS_SHARED=y | |
| _make PLATFORM=vexpress-qemu_armv8a CFG_TA_GPROF_SUPPORT=y CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y CFG_ULIBS_MCOUNT=y | |
| _make PLATFORM=vexpress-qemu_armv8a CFG_NS_VIRTUALIZATION=y | |
| - name: arm vexpress-qemu_armv8a 2 | |
| make_commands: | | |
| _make PLATFORM=vexpress-qemu_armv8a CFG_CORE_PREALLOC_EL0_TBLS=y | |
| _make PLATFORM=vexpress-qemu_armv8a CFG_TRANSFER_LIST=y CFG_MAP_EXT_DT_SECURE=y | |
| _make PLATFORM=vexpress-qemu_armv8a CFG_CORE_SEL1_SPMC=y | |
| _make PLATFORM=vexpress-qemu_armv8a CFG_CORE_SEL2_SPMC=y CFG_CORE_PHYS_RELOCATABLE=y CFG_TZDRAM_START=0x0d304000 CFG_TZDRAM_SIZE=0x00cfc000 | |
| _make PLATFORM=vexpress-qemu_armv8a CFG_{ATTESTATION,DEVICE_ENUM,RTC,SCMI,SECSTOR_TA_MGT,VERAISON_ATTESTATION}_PTA=y CFG_WITH_STATS=y CFG_TA_STATS=y | |
| _make PLATFORM=vexpress-qemu_armv8a CFG_CORE_SEL1_SPMC=y CFG_NS_VIRTUALIZATION=y | |
| _make PLATFORM=vexpress-qemu_armv8a CFG_CRYPTO_WITH_CE=y CFG_CRYPTOLIB_NAME=mbedtls CFG_CRYPTOLIB_DIR=lib/libmbedtls | |
| _make PLATFORM=vexpress-qemu_armv8a CFG_CORE_SANITIZE_UNDEFINED=y CFG_TA_SANITIZE_UNDEFINED=y CFG_TEE_RAM_VA_SIZE=0x00400000 | |
| dd if=/dev/urandom of=BL32_AP_MM.fd bs=2621440 count=1 && _make PLATFORM=vexpress-qemu_armv8a CFG_STMM_PATH=BL32_AP_MM.fd CFG_RPMB_FS=y CFG_CORE_HEAP_SIZE=524288 CFG_TEE_RAM_VA_SIZE=0x00400000 | |
| _make PLATFORM=vexpress-qemu_armv8a CFG_SECURE_DATA_PATH=y CFG_CORE_DYN_PROTMEM=y | |
| _make PLATFORM=vexpress-qemu_armv8a CFG_SECURE_DATA_PATH=y CFG_CORE_DYN_PROTMEM=y CFG_CORE_SEL1_SPMC=y | |
| - name: arm vexpress-qemu_sbsa | |
| make_commands: | | |
| _make PLATFORM=vexpress-qemu_sbsa CFG_CORE_SEL1_SPMC=y CFG_TZDRAM_START=0x20002000 CFG_TZDRAM_SIZE=0x1fbcf000 | |
| - name: arm vexpress-qemu_virt 1 | |
| make_commands: | | |
| _make | |
| _make COMPILER=clang | |
| _make CFG_TEE_CORE_LOG_LEVEL=4 CFG_TEE_CORE_DEBUG=y CFG_TEE_TA_LOG_LEVEL=4 CFG_CC_OPT_LEVEL=0 CFG_DEBUG_INFO=y | |
| _make CFG_TEE_CORE_LOG_LEVEL=0 CFG_TEE_CORE_DEBUG=n CFG_TEE_TA_LOG_LEVEL=0 CFG_DEBUG_INFO=n CFG_ENABLE_EMBEDDED_TESTS=n | |
| _make CFG_TEE_CORE_MALLOC_DEBUG=y CFG_CORE_DEBUG_CHECK_STACKS=y | |
| _make CFG_CORE_SANITIZE_KADDRESS=y CFG_CORE_ASLR=n | |
| _make CFG_LOCKDEP=y | |
| _make CFG_CRYPTO=n | |
| _make CFG_CRYPTO_{AES,DES}=n | |
| _make CFG_CRYPTO_{DSA,RSA,DH}=n | |
| - name: arm vexpress-qemu_virt 2 | |
| make_commands: | | |
| _make CFG_CRYPTO_{DSA,RSA,DH,ECC}=n | |
| _make CFG_CRYPTO_{H,C,CBC_}MAC=n | |
| _make CFG_CRYPTO_{G,C}CM=n | |
| _make CFG_CRYPTO_{MD5,SHA{1,224,256,384,512,512_256}}=n | |
| _make CFG_WITH_PAGER=y out/core/tee{,-pager,-pageable}.bin | |
| _make CFG_WITH_PAGER=y CFG_CRYPTOLIB_NAME=mbedtls CFG_CRYPTOLIB_DIR=lib/libmbedtls | |
| _make CFG_WITH_PAGER=y CFG_WITH_LPAE=y | |
| _make CFG_WITH_LPAE=y | |
| _make CFG_CORE_PREALLOC_EL0_TBLS=y | |
| _make CFG_RPMB_FS=y | |
| - name: arm vexpress-qemu_virt 3 | |
| make_commands: | | |
| _make CFG_RPMB_FS=y CFG_RPMB_TESTKEY=y | |
| _make CFG_RPMB_FS=y CFG_RPMB_WRITE_KEY=y | |
| _make CFG_REE_FS=n CFG_RPMB_FS=y | |
| _make CFG_WITH_PAGER=y CFG_WITH_LPAE=y CFG_RPMB_FS=y CFG_DT=y CFG_TEE_CORE_LOG_LEVEL=1 CFG_TEE_CORE_DEBUG=y CFG_CC_OPT_LEVEL=0 CFG_DEBUG_INFO=y | |
| _make CFG_WITH_PAGER=y CFG_WITH_LPAE=y CFG_RPMB_FS=y CFG_DT=y CFG_TEE_CORE_LOG_LEVEL=0 CFG_TEE_CORE_DEBUG=n DEBUG=0 | |
| _make CFG_BUILT_IN_ARGS=y CFG_PAGEABLE_ADDR=0 CFG_NS_ENTRY_ADDR=0 CFG_DT_ADDR=0 CFG_DT=y | |
| _make CFG_FTRACE_SUPPORT=y CFG_ULIBS_MCOUNT=y CFG_ULIBS_SHARED=y | |
| _make CFG_TA_GPROF_SUPPORT=y CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y CFG_ULIBS_MCOUNT=y | |
| _make CFG_SECURE_DATA_PATH=y | |
| _make CFG_REE_FS_TA_BUFFERED=y | |
| _make CFG_WITH_USER_TA=n | |
| _make CFG_{ATTESTATION,DEVICE_ENUM,RTC,SCMI,SECSTOR_TA_MGT,VERAISON_ATTESTATION}_PTA=y CFG_WITH_STATS=y CFG_TA_STATS=y | |
| - name: arm zynqmp | |
| make_commands: | | |
| _make PLATFORM=zynqmp-zcu102 | |
| _make PLATFORM=zynqmp-zcu102 CFG_ARM64_core=y | |
| _make PLATFORM=zynqmp-zcu102 CFG_ARM64_core=y CFG_WITH_SOFTWARE_PRNG=n CFG_XIPHERA_TRNG=y CFG_ZYNQMP_HUK=y | |
| - name: riscv | |
| make_commands: | | |
| export ARCH=riscv | |
| unset CROSS_COMPILE32 | |
| export CROSS_COMPILE64="ccache riscv64-linux-gnu-" | |
| _make PLATFORM=virt | |
| _make PLATFORM=virt CFG_RISCV_PLIC=n CFG_RISCV_APLIC=y | |
| _make PLATFORM=virt CFG_RISCV_PLIC=n CFG_RISCV_APLIC_MSI=y CFG_RISCV_IMSIC=y | |
| _make PLATFORM=sifive | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Update Git config | |
| run: git config --global --add safe.directory ${GITHUB_WORKSPACE} | |
| - name: Generate cache key | |
| run: | | |
| HASH=$(echo -n "${{ matrix.name }}" | sha256sum | cut -c1-16) | |
| echo "CACHE_KEY=builds-cache-${HASH}-${GITHUB_SHA}" >> ${GITHUB_ENV} | |
| echo "CACHE_RESTORE_KEY=builds-cache-${HASH}" >> ${GITHUB_ENV} | |
| - name: Restore build cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /github/home/.cache/ccache | |
| key: ${{ env.CACHE_KEY }} | |
| restore-keys: | | |
| ${{ env.CACHE_RESTORE_KEY }} | |
| - name: Build | |
| shell: bash | |
| env: | |
| MAKE_COMMANDS: ${{ matrix.make_commands }} | |
| run: | | |
| set -e -v | |
| export LC_ALL=C | |
| export PATH=/usr/local/bin:$PATH # clang | |
| export FORCE_UNSAFE_CONFIGURE=1 # Prevent Buildroot error when building as root | |
| export CFG_DEBUG_INFO=n | |
| export CFG_WERROR=y | |
| export CROSS_COMPILE32="ccache arm-linux-gnueabihf-" | |
| export CROSS_COMPILE64="ccache aarch64-linux-gnu-" | |
| function _make() { make -j$(nproc) -s O=out $*; } | |
| ccache -s -v | |
| eval "$MAKE_COMMANDS" | |
| ccache -s -v | |
| QEMUv7_checks_image_build: | |
| name: Build QEMUv7 image | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Host cleanup | |
| run: | | |
| wget https://raw.githubusercontent.com/OP-TEE/optee_os/refs/heads/master/scripts/ci-host-cleanup.sh | |
| bash ci-host-cleanup.sh | |
| - name: Create Dockerfile | |
| run: | | |
| cat > Dockerfile <<'EOF' | |
| FROM jforissier/optee_os_ci:qemu_check | |
| RUN /root/get_optee.sh default /root/optee_repo_qemu | |
| EOF | |
| - name: Build Docker image | |
| run: | | |
| docker build -t qemuv7_image . | |
| docker save qemuv7_image | zstd -T0 -o qemuv7_image.tar.zst | |
| - name: Upload Docker image | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: qemuv7_image | |
| path: qemuv7_image.tar.zst | |
| retention-days: 5 | |
| QEMUv7_checks: | |
| name: Run (QEMUv7) (${{ matrix.name }}) | |
| needs: QEMUv7_checks_image_build | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: 1 | |
| make_commands: | | |
| make -j$(nproc) check CFG_LOCKDEP=y CFG_LOCKDEP_RECORD_STACK=n CFG_IN_TREE_EARLY_TAS=pkcs11/fd02c9da-306c-48c7-a49c-bbd827ae86ee CFG_PKCS11_TA=y CFG_CORE_UNSAFE_MODEXP=y XTEST_ARGS="-x pkcs11_1007" | |
| - name: 2 | |
| make_commands: | | |
| make -j$(nproc) check CFG_CORE_SANITIZE_KADDRESS=y CFG_CORE_ASLR=n CFG_ATTESTATION_PTA=n XTEST_ARGS="n_1001 n_1003 n_1004" | |
| - name: 3 | |
| make_commands: | | |
| make -j$(nproc) check CFG_CORE_SANITIZE_KADDRESS=y CFG_CORE_ASLR=n CFG_ATTESTATION_PTA=n CFG_DYN_CONFIG=n XTEST_ARGS="n_1001 n_1003 n_1004" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Update Git config | |
| run: git config --global --add safe.directory /home/runner/work/optee_os/optee_os | |
| - name: Host cleanup | |
| run: bash /home/runner/work/optee_os/optee_os/scripts/ci-host-cleanup.sh | |
| - name: Download Docker image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: qemuv7_image | |
| path: . | |
| - name: Load Docker image | |
| run: | | |
| zstd -d qemuv7_image.tar.zst -c | docker load | |
| - name: Generate cache key | |
| run: | | |
| HASH=$(echo -n "${{ matrix.name }}" | sha256sum | cut -c1-16) | |
| echo "CACHE_KEY=qemuv7_check-cache-${HASH}-${GITHUB_SHA}" >> $GITHUB_ENV | |
| echo "CACHE_RESTORE_KEY=qemuv7_check-cache-${HASH}" >> ${GITHUB_ENV} | |
| - name: Restore build cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/work/ccache | |
| key: ${{ env.CACHE_KEY }} | |
| restore-keys: | | |
| ${{ env.CACHE_RESTORE_KEY }} | |
| - name: Run 'make check' tasks in container | |
| env: | |
| MAKE_COMMANDS: "${{ matrix.make_commands }}" | |
| run: | | |
| docker run --rm \ | |
| -v /home/runner/work/optee_os/optee_os:/runner/optee_os \ | |
| -v /home/runner/work/ccache:/root/.cache/ccache \ | |
| -w /root \ | |
| -e MAKE_COMMANDS="$MAKE_COMMANDS" \ | |
| qemuv7_image \ | |
| bash -c ' | |
| set -e -v | |
| export BR2_CCACHE_DIR=/root/.cache/ccache | |
| export FORCE_UNSAFE_CONFIGURE=1 | |
| export CFG_TEE_CORE_LOG_LEVEL=2 | |
| TOP=/root/optee_repo_qemu | |
| mv $TOP/optee_os $TOP/optee_os_old | |
| ln -s /runner/optee_os $TOP/optee_os | |
| cd $TOP/build | |
| ccache -s -v | |
| eval "$MAKE_COMMANDS" | |
| ccache -s -v | |
| ' | |
| QEMUv8_checks_image_build: | |
| name: Build QEMUv8 image | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Host cleanup | |
| run: | | |
| wget https://raw.githubusercontent.com/OP-TEE/optee_os/refs/heads/master/scripts/ci-host-cleanup.sh | |
| bash ci-host-cleanup.sh | |
| - name: Create Dockerfile | |
| run: | | |
| cat > Dockerfile <<'EOF' | |
| FROM jforissier/optee_os_ci:qemu_check | |
| RUN /root/get_optee.sh qemu_v8 /root/optee_repo_qemu_v8 | |
| EOF | |
| - name: Build Docker image | |
| run: | | |
| docker build -t qemuv8_image . | |
| docker save qemuv8_image | zstd -T0 -o qemuv8_image.tar.zst | |
| - name: Upload Docker image | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: qemuv8_image | |
| path: qemuv8_image.tar.zst | |
| retention-days: 5 | |
| QEMUv8_checks: | |
| name: Run (QEMUv8) (${{ matrix.name }}) | |
| needs: QEMUv8_checks_image_build | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: BTI+MTE+PAC | |
| make_commands: | | |
| # The BTI-enabled toolchain is aarch64-unknown-linux-uclibc-gcc in /usr/local/bin | |
| export PATH=/usr/local/bin:$PATH | |
| export AARCH64_CROSS_COMPILE=aarch64-unknown-linux-uclibc- | |
| # xtest 1031 is excluded because 1031.4 (C++ exception from shared library) fails with this cross-compiler | |
| # Rust is disabled because of a link error in the examples with this toolchain | |
| make -j$(nproc) CFG_CORE_BTI=y CFG_TA_BTI=y SEL0_SPS=y MEMTAG=y PAUTH=y RUST_ENABLE=n XTEST_ARGS="-x n_1031" check | |
| - name: CE82 | |
| make_commands: | | |
| make -j$(nproc) check CFG_CRYPTO_WITH_CE82=y | |
| - name: Clang | |
| make_commands: | | |
| export COMPILER=clang | |
| make -j$(nproc) check | |
| - name: Clang ULIBS_SHARED=y | |
| make_commands: | | |
| export COMPILER=clang | |
| make -j$(nproc) check CFG_ULIBS_SHARED=y | |
| - name: default | |
| make_commands: | | |
| make -j$(nproc) check | |
| - name: DYN_CONFIG=n | |
| make_commands: | | |
| make -j$(nproc) check CFG_DYN_CONFIG=n | |
| - name: ftrace | |
| make_commands: | | |
| make -j$(nproc) check CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y XTEST_ARGS=regression_1001 RUST_ENABLE=n MEASURED_BOOT_FTPM=n | |
| - name: FW handoff | |
| make_commands: | | |
| make -j$(nproc) check ARM_FIRMWARE_HANDOFF=y | |
| - name: KASAN | |
| make_commands: | | |
| make -j$(nproc) check CFG_CORE_SANITIZE_KADDRESS=y CFG_CORE_ASLR=n CFG_ATTESTATION_PTA=n RUST_ENABLE=n MEASURED_BOOT_FTPM=n XTEST_ARGS="n_1001 n_1003 n_1004" | |
| - name: pager | |
| make_commands: | | |
| make -j$(nproc) check CFG_WITH_PAGER=y MEASURED_BOOT_FTPM=n | |
| - name: PAN=y | |
| make_commands: | | |
| make -j$(nproc) check CFG_PAN=y | |
| - name: SPMC_AT_EL=1 | |
| make_commands: | | |
| make -j$(nproc) check SPMC_AT_EL=1 CFG_SECURE_PARTITION=y CFG_SPMC_TESTS=y | |
| - name: SPMC_AT_EL=2 | |
| make_commands: | | |
| make -j$(nproc) check SPMC_AT_EL=2 XTEST_ARGS="-x n_1034" | |
| - name: SPMC_AT_EL=3 | |
| make_commands: | | |
| make -j$(nproc) check SPMC_AT_EL=3 | |
| - name: ULIBS_SHARED=y | |
| make_commands: | | |
| make -j$(nproc) check CFG_ULIBS_SHARED=y | |
| - name: Xen | |
| make_commands: | | |
| make -j$(nproc) check XEN_BOOT=y | |
| - name: Xen + SPMC_AT_EL=1 | |
| make_commands: | | |
| make -j$(nproc) check XEN_BOOT=y SPMC_AT_EL=1 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Update Git config | |
| run: git config --global --add safe.directory /home/runner/work/optee_os/optee_os | |
| - name: Host cleanup | |
| run: bash /home/runner/work/optee_os/optee_os/scripts/ci-host-cleanup.sh | |
| - name: Download Docker image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: qemuv8_image | |
| path: . | |
| - name: Load Docker image | |
| run: | | |
| zstd -d qemuv8_image.tar.zst -c | docker load | |
| - name: Generate cache key | |
| run: | | |
| HASH=$(echo -n "${{ matrix.name }}" | sha256sum | cut -c1-16) | |
| echo "CACHE_KEY=qemuv8_check-cache-${HASH}-${GITHUB_SHA}" >> $GITHUB_ENV | |
| echo "CACHE_RESTORE_KEY=qemuv8_check-cache-${HASH}" >> ${GITHUB_ENV} | |
| - name: Restore build cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/work/ccache | |
| key: ${{ env.CACHE_KEY }} | |
| restore-keys: | | |
| ${{ env.CACHE_RESTORE_KEY }} | |
| - name: Run 'make check' tasks in container | |
| env: | |
| MAKE_COMMANDS: "${{ matrix.make_commands }}" | |
| run: | | |
| docker run --rm \ | |
| -v /home/runner/work/optee_os/optee_os:/runner/optee_os \ | |
| -v /home/runner/work/ccache:/root/.cache/ccache \ | |
| -w /root \ | |
| -e MAKE_COMMANDS="$MAKE_COMMANDS" \ | |
| qemuv8_image \ | |
| bash -c ' | |
| set -e -v | |
| export BR2_CCACHE_DIR=/root/.cache/ccache | |
| export FORCE_UNSAFE_CONFIGURE=1 | |
| export CFG_TEE_CORE_LOG_LEVEL=2 | |
| export CFG_ATTESTATION_PTA=y | |
| export CFG_ATTESTATION_PTA_KEY_SIZE=1024 | |
| TOP=/root/optee_repo_qemu_v8 | |
| mv $TOP/optee_os $TOP/optee_os_old | |
| ln -s /runner/optee_os $TOP/optee_os | |
| cd $TOP/build | |
| ccache -s -v | |
| eval "$MAKE_COMMANDS" | |
| ccache -s -v | |
| ' | |
| QEMUv8_arm64_image_build: | |
| name: Build QEMUv8 arm64 image | |
| runs-on: ubuntu-24.04-arm | |
| steps: | |
| - name: Host cleanup | |
| run: | | |
| wget https://raw.githubusercontent.com/OP-TEE/optee_os/refs/heads/master/scripts/ci-host-cleanup.sh | |
| bash ci-host-cleanup.sh | |
| - name: Create Dockerfile | |
| run: | | |
| cat > Dockerfile <<'EOF' | |
| FROM jforissier/optee_os_ci:qemu_check_arm64 | |
| RUN /root/get_optee.sh qemu_v8 /root/optee_repo_qemu_v8 | |
| EOF | |
| - name: Build Docker image | |
| run: | | |
| docker build -t qemuv8_arm64_image . | |
| docker save qemuv8_arm64_image | zstd -T0 -o qemuv8_arm64_image.tar.zst | |
| - name: Upload Docker image | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: qemuv8_arm64_image | |
| path: qemuv8_arm64_image.tar.zst | |
| retention-days: 5 | |
| QEMUv8_checks_arm64: | |
| name: Run (QEMUv8 on arm64) (${{ matrix.name }}) | |
| needs: QEMUv8_arm64_image_build | |
| runs-on: ubuntu-24.04-arm | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: CFG_CORE_UNSAFE_MODEXP=y | |
| make_commands: | | |
| # CFG_CORE_UNSAFE_MODEXP=y to speed up regression_4011 | |
| make -j$(nproc) check CFG_CORE_UNSAFE_MODEXP=y | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Update Git config | |
| run: git config --global --add safe.directory /home/runner/work/optee_os/optee_os | |
| - name: Host setup | |
| run: bash /home/runner/work/optee_os/optee_os/scripts/ci-host-cleanup.sh | |
| - name: Download Docker image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: qemuv8_arm64_image | |
| path: . | |
| - name: Load Docker image | |
| run: | | |
| zstd -d qemuv8_arm64_image.tar.zst -c | docker load | |
| - name: Generate cache key | |
| run: | | |
| HASH=$(echo -n "${{ matrix.name }}" | sha256sum | cut -c1-16) | |
| echo "CACHE_KEY=qemuv8_arm64_check-cache-${HASH}-${GITHUB_SHA}" >> ${GITHUB_ENV} | |
| echo "CACHE_RESTORE_KEY=qemuv8_arm64_check-cache-${HASH}" >> ${GITHUB_ENV} | |
| - name: Restore build cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/work/ccache | |
| key: ${{ env.CACHE_KEY }} | |
| restore-keys: | | |
| ${{ env.CACHE_RESTORE_KEY }} | |
| - name: Run 'make check' tasks in container | |
| env: | |
| MAKE_COMMANDS: "${{ matrix.make_commands }}" | |
| run: | | |
| docker run --rm \ | |
| -v /home/runner/work/optee_os/optee_os:/runner/optee_os \ | |
| -v /home/runner/work/ccache:/root/.cache/ccache \ | |
| -w /root \ | |
| -e MAKE_COMMANDS="$MAKE_COMMANDS" \ | |
| qemuv8_arm64_image \ | |
| bash -c ' | |
| set -e -v | |
| export BR2_CCACHE_DIR=/root/.cache/ccache | |
| export FORCE_UNSAFE_CONFIGURE=1 | |
| export CFG_TEE_CORE_LOG_LEVEL=2 | |
| export CFG_ATTESTATION_PTA=y | |
| export CFG_ATTESTATION_PTA_KEY_SIZE=1024 | |
| TOP=/root/optee_repo_qemu_v8 | |
| mv $TOP/optee_os $TOP/optee_os_old | |
| ln -s /runner/optee_os $TOP/optee_os | |
| cd $TOP/build | |
| ccache -s -v | |
| eval "$MAKE_COMMANDS" | |
| ccache -s -v | |
| ' |