8282 function _make() { make -j$(nproc) -s O=out $*; }
8383 function download_plug_and_trust() { mkdir -p $HOME/se050 && git clone --single-branch -b v0.4.2 https://github.com/foundriesio/plug-and-trust $HOME/se050/plug-and-trust || (rm -rf $HOME/se050 ; echo Nervermind); }
8484
85- function download_scp_firmware() { git clone --single-branch -b v2.15.0 --depth 1 https://git.gitlab.arm.com/firmware/SCP-firmware.git $HOME/scp-firmware || (rm -rf $HOME/scp-firmware ; echo Nervermind); }
85+ function download_scp_firmware() { git clone --single-branch https://git.gitlab.arm.com/firmware/SCP-firmware.git $HOME/scp-firmware && git -C $HOME/scp-firmware checkout 22aecaa9cee258d707880c5b8823dd7974b66717 || (rm -rf $HOME/scp-firmware ; echo Nervermind); }
8686
8787 ccache -s -v
8888 download_plug_and_trust
@@ -122,7 +122,7 @@ jobs:
122122 _make CFG_SECURE_DATA_PATH=y
123123 _make CFG_REE_FS_TA_BUFFERED=y
124124 _make CFG_WITH_USER_TA=n
125- _make CFG_{ATTESTATION,DEVICE_ENUM,RTC,SCMI,SECSTOR_TA_MGT}_PTA=y CFG_WITH_STATS=y CFG_TA_STATS=y
125+ _make CFG_{ATTESTATION,DEVICE_ENUM,RTC,SCMI,SECSTOR_TA_MGT,VERAISON_ATTESTATION }_PTA=y CFG_WITH_STATS=y CFG_TA_STATS=y
126126 _make PLATFORM=vexpress-qemu_armv8a
127127 _make PLATFORM=vexpress-qemu_armv8a COMPILER=clang
128128 _make PLATFORM=vexpress-qemu_armv8a CFG_TEE_CORE_LOG_LEVEL=0 CFG_TEE_CORE_DEBUG=n CFG_TEE_TA_LOG_LEVEL=0 CFG_DEBUG_INFO=n
@@ -135,7 +135,7 @@ jobs:
135135 _make PLATFORM=vexpress-qemu_armv8a CFG_TRANSFER_LIST=y CFG_MAP_EXT_DT_SECURE=y
136136 _make PLATFORM=vexpress-qemu_armv8a CFG_CORE_SEL1_SPMC=y
137137 _make PLATFORM=vexpress-qemu_armv8a CFG_CORE_SEL2_SPMC=y CFG_CORE_PHYS_RELOCATABLE=y CFG_TZDRAM_START=0x0d304000 CFG_TZDRAM_SIZE=0x00cfc000
138- _make PLATFORM=vexpress-qemu_armv8a CFG_{ATTESTATION,DEVICE_ENUM,RTC,SCMI,SECSTOR_TA_MGT}_PTA=y CFG_WITH_STATS=y CFG_TA_STATS=y
138+ _make PLATFORM=vexpress-qemu_armv8a CFG_{ATTESTATION,DEVICE_ENUM,RTC,SCMI,SECSTOR_TA_MGT,VERAISON_ATTESTATION }_PTA=y CFG_WITH_STATS=y CFG_TA_STATS=y
139139 _make PLATFORM=vexpress-qemu_armv8a CFG_CORE_SEL1_SPMC=y CFG_NS_VIRTUALIZATION=y
140140 _make PLATFORM=vexpress-qemu_armv8a CFG_CRYPTO_WITH_CE=y CFG_CRYPTOLIB_NAME=mbedtls CFG_CRYPTOLIB_DIR=lib/libmbedtls
141141 dd if=/dev/urandom of=BL32_AP_MM.fd bs=2621440 count=1 && _make PLATFORM=vexpress-qemu_armv8a CFG_STMM_PATH=BL32_AP_MM.fd CFG_RPMB_FS=y CFG_CORE_HEAP_SIZE=524288 CFG_TEE_RAM_VA_SIZE=0x00400000
@@ -189,7 +189,7 @@ jobs:
189189 _make PLATFORM=imx-mx7ulpevk
190190 _make PLATFORM=imx-mx8mmevk
191191 _make PLATFORM=imx-mx8mmevk CFG_NXP_CAAM=y CFG_CRYPTO_DRIVER=y
192- if [ -d $HOME/se050/plug-and-trust ]; then _make PLATFORM=imx-mx8mmevk CFG_NXP_CAAM=y CFG_NXP_CAAM_RNG_DRV=y CFG_NXP_SE05X=y CFG_IMX_I2C=y CFG_STACK_{THREAD,TMP}_EXTRA=8192 CFG_CRYPTO_DRV_{CIPHER,ACIPHER}=y CFG_NXP_SE05X_RNG_DRV=n CFG_WITH_SOFTWARE_PRNG=n CFG_NXP_SE05X_{DIEID,RSA,ECC,CTR}_DRV=y CFG_NXP_SE05X_RSA_DRV_FALLBACK=y CFG_NXP_SE05X_ECC_DRV_FALLBACK=y CFG_NXP_SE05X_PLUG_AND_TRUST=$HOME/se050/plug-and-trust ; fi
192+ if [ -d $HOME/se050/plug-and-trust ]; then _make PLATFORM=imx-mx8mmevk CFG_NXP_CAAM=y CFG_NXP_CAAM_AE_{GCM,CCM}_DRV=y CFG_NXP_CAAM_RNG_DRV=y CFG_NXP_SE05X=y CFG_IMX_I2C=y CFG_STACK_{THREAD,TMP}_EXTRA=8192 CFG_CRYPTO_DRV_{CIPHER,ACIPHER,AUTHENC }=y CFG_NXP_SE05X_RNG_DRV=n CFG_WITH_SOFTWARE_PRNG=n CFG_NXP_SE05X_{DIEID,RSA,ECC,CTR}_DRV=y CFG_NXP_SE05X_RSA_DRV_FALLBACK=y CFG_NXP_SE05X_ECC_DRV_FALLBACK=y CFG_NXP_SE05X_PLUG_AND_TRUST=$HOME/se050/plug-and-trust ; fi
193193 _make PLATFORM=imx-mx8mnevk
194194 _make PLATFORM=imx-mx8mqevk
195195 _make PLATFORM=imx-mx8mpevk
@@ -212,6 +212,8 @@ jobs:
212212 _make PLATFORM=k3-am64x CFG_ARM64_core=y
213213 _make PLATFORM=k3-am62x
214214 _make PLATFORM=k3-am62x CFG_ARM64_core=y
215+ _make PLATFORM=k3-am62lx
216+ _make PLATFORM=k3-am62lx CFG_ARM64_core=y
215217 _make PLATFORM=ti-dra7xx out/core/tee{,-pager,-pageable}.bin
216218 _make PLATFORM=ti-am57xx
217219 _make PLATFORM=ti-am43xx
@@ -245,6 +247,7 @@ jobs:
245247 _make PLATFORM=poplar CFG_ARM64_core=y
246248 _make PLATFORM=rockchip-rk322x
247249 _make PLATFORM=rockchip-rk3399
250+ _make PLATFORM=rockchip-rk3588
248251 _make PLATFORM=sam
249252 _make PLATFORM=sam-sama5d2_xplained
250253 _make PLATFORM=sam-sama5d27_som1_ek
@@ -270,12 +273,15 @@ jobs:
270273 _make PLATFORM=nuvoton
271274 _make PLATFORM=d06
272275 _make PLATFORM=d06 CFG_HISILICON_ACC_V3=y
276+ _make PLATFORM=telechips-tcc805x
273277
274278 export ARCH=riscv
275279 unset CROSS_COMPILE32
276280 export CROSS_COMPILE64="ccache riscv64-linux-gnu-"
277281
278282 _make PLATFORM=virt
283+ _make PLATFORM=virt CFG_RISCV_PLIC=n CFG_RISCV_APLIC=y
284+ _make PLATFORM=virt CFG_RISCV_PLIC=n CFG_RISCV_APLIC_MSI=y CFG_RISCV_IMSIC=y
279285
280286QEMUv7_check :
281287 name : make check (QEMUv7)
@@ -313,8 +319,8 @@ jobs:
313319
314320 make -j$(nproc) check CFG_LOCKDEP=y CFG_LOCKDEP_RECORD_STACK=n CFG_IN_TREE_EARLY_TAS=pkcs11/fd02c9da-306c-48c7-a49c-bbd827ae86ee CFG_PKCS11_TA=y CFG_CORE_UNSAFE_MODEXP=y XTEST_ARGS="-x pkcs11_1007"
315321
316- QEMUv8_check :
317- name : make check (QEMUv8)
322+ QEMUv8_check1 :
323+ name : make check (QEMUv8) 1 / 2
318324 runs-on : ubuntu-latest
319325 container : jforissier/optee_os_ci:qemu_check
320326 steps :
@@ -352,10 +358,51 @@ jobs:
352358 make -j$(nproc) check
353359 make -j$(nproc) check CFG_CRYPTO_WITH_CE82=y
354360 # Rust is disabled because signature_verification-rs hangs with this OP-TEE configuration
355- make -j$(nproc) check CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y XTEST_ARGS=regression_1001 RUST_ENABLE=n
361+ # fTPM is disabled because it takes too long to probe with this OP-TEE configuration
362+ make -j$(nproc) check CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y XTEST_ARGS=regression_1001 RUST_ENABLE=n MEASURED_BOOT_FTPM=n
363+ # fTPM is disabled because tests are too slow otherwise (lots of paging)
364+ make -j$(nproc) check CFG_WITH_PAGER=y MEASURED_BOOT_FTPM=n
365+
366+ QEMUv8_check2 :
367+ name : make check (QEMUv8) 2 / 2
368+ runs-on : ubuntu-latest
369+ container : jforissier/optee_os_ci:qemu_check
370+ steps :
371+ - name : Remove /__t/*
372+ run : rm -rf /__t/*
373+ - name : Restore build cache
374+ uses : actions/cache@v4
375+ with :
376+ path : /github/home/.cache/ccache
377+ key : qemuv8_check-cache-${{ github.sha }}
378+ restore-keys : |
379+ qemuv8_check-cache-
380+ name : Checkout
381+ uses : actions/checkout@v4
382+ - name : Update Git config
383+ run : git config --global --add safe.directory ${GITHUB_WORKSPACE}
384+ - shell : bash
385+ run : |
386+ # make check task
387+ set -e -v
388+ export LC_ALL=C
389+ export BR2_CCACHE_DIR=/github/home/.cache/ccache
390+ export FORCE_UNSAFE_CONFIGURE=1 # Prevent Buildroot error when building as root
391+ export CFG_TEE_CORE_LOG_LEVEL=0
392+ export CFG_ATTESTATION_PTA=y
393+ export CFG_ATTESTATION_PTA_KEY_SIZE=1024
394+ OPTEE_OS_TO_TEST=$(pwd)
395+ cd ..
396+ TOP=$(pwd)/optee_repo_qemu_v8
397+ /root/get_optee.sh qemu_v8 ${TOP}
398+ mv ${TOP}/optee_os ${TOP}/optee_os_old
399+ ln -s ${OPTEE_OS_TO_TEST} ${TOP}/optee_os
400+ cd ${TOP}/build
401+
356402 make -j$(nproc) check CFG_PAN=y
357- make -j$(nproc) check CFG_WITH_PAGER=y
358403 make -j$(nproc) check CFG_ULIBS_SHARED=y
404+ make -j$(nproc) arm-tf-clean SPMC_AT_EL=3 && make -j$(nproc) check SPMC_AT_EL=3
405+ make -j$(nproc) arm-tf-clean SPMC_AT_EL=1 && make -j$(nproc) check SPMC_AT_EL=1 CFG_SECURE_PARTITION=y CFG_SPMC_TESTS=y
359406
360407QEMUv8_clang_check :
361408 name : make check (QEMUv8, Clang)
@@ -551,3 +598,44 @@ jobs:
551598 # xtest 1031 is excluded because 1031.4 (C++ exception from shared library) fails with this cross-compiler
552599 # Rust is disabled because of a link error in the examples with this toolchain
553600 make -j$(nproc) CFG_CORE_BTI=y CFG_TA_BTI=y MEMTAG=y PAUTH=y RUST_ENABLE=n XTEST_ARGS="-x 1031" check
601+
602+ QEMUv8_check_arm64_host :
603+ name : make check (QEMUv8) (arm64 host)
604+ runs-on : ubuntu-24.04-arm
605+ container : jforissier/optee_os_ci:qemu_check_arm64
606+ steps :
607+ - name : Remove /__t/*
608+ run : rm -rf /__t/*
609+ - name : Restore build cache
610+ uses : actions/cache@v4
611+ with :
612+ path : /github/home/.cache/ccache
613+ key : qemuv8_check_arm64-cache-${{ github.sha }}
614+ restore-keys : |
615+ qemuv8_check_arm64-cache-
616+ name : Checkout
617+ uses : actions/checkout@v4
618+ - name : Update Git config
619+ run : git config --global --add safe.directory ${GITHUB_WORKSPACE}
620+ - shell : bash
621+ run : |
622+ # make check task
623+ set -e -v
624+ export LC_ALL=C
625+ export BR2_CCACHE_DIR=/github/home/.cache/ccache
626+ export FORCE_UNSAFE_CONFIGURE=1 # Prevent Buildroot error when building as root
627+ export CFG_TEE_CORE_LOG_LEVEL=0
628+ export CFG_ATTESTATION_PTA=y
629+ export CFG_ATTESTATION_PTA_KEY_SIZE=1024
630+ OPTEE_OS_TO_TEST=$(pwd)
631+ cd ..
632+ TOP=$(pwd)/optee_repo_qemu_v8
633+ /root/get_optee.sh qemu_v8 ${TOP}
634+ mv ${TOP}/optee_os ${TOP}/optee_os_old
635+ ln -s ${OPTEE_OS_TO_TEST} ${TOP}/optee_os
636+ cd ${TOP}/build
637+
638+ # CFG_CORE_UNSAFE_MODEXP=y to speed up regression_4011
639+ # See commit cb03400251f9 ("Squashed commit upgrading to mbedtls-3.6.2")
640+ # and commit 85df256c4a67 ("libmbedtls: add CFG_CORE_UNSAFE_MODEXP and CFG_TA_MEBDTLS_UNSAFE_MODEXP")
641+ make -j$(nproc) check CFG_CORE_UNSAFE_MODEXP=y
0 commit comments