-
Notifications
You must be signed in to change notification settings - Fork 115
360 lines (309 loc) · 12.7 KB
/
Copy pathfpga.yml
File metadata and controls
360 lines (309 loc) · 12.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
name: FPGA Build
on:
pull_request:
merge_group:
workflow_call:
inputs:
artifact-suffix:
type: string
required: false
extra-features:
default:
type: string
rom-logging:
default: true
type: boolean
fpga-itrng:
default: true
type: boolean
ocp-lock:
default: true
type: boolean
hw-version:
default: "latest"
type: string
rom-version:
default: "latest"
type: string
workflow_call:
description: 'Set true for workflow_call'
default: true
type: boolean
branch:
default: ${{ github.sha }}
type: string
workflow_dispatch:
inputs:
fpga-itrng:
default: true
type: boolean
ocp-lock:
default: true
type: boolean
concurrency:
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.ref || github.run_id }}-${{ inputs.artifact-suffix }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
permissions:
contents: read
jobs:
check_cache:
runs-on: ubuntu-22.04
env:
CACHE_BUSTER: 79cee50b6134
outputs:
rtl_cache_key: ${{ steps.cache_key.outputs.rtl_cache_key }}
rtl_cache_hit: ${{ steps.restore_rtl_bitstream_cache.outputs.cache-hit }}
steps:
- name: Checkout repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5
with:
ref: ${{ inputs.branch }}
submodules: recursive
- name: Compute cache-keys
id: cache_key
run: |
# Compute the key from the tree hash of the fpga directory and the rtl
# root directory.
if [ "${{ inputs.workflow_call }}" ]; then
RTL_VERSION="${{ inputs.hw-version }}"
else
RTL_VERSION="latest"
fi
echo "rtl_cache_key=$(git rev-parse HEAD:hw/fpga/src)-$(git hash-object hw/fpga/fpga_configuration.tcl)-$(cd hw/${RTL_VERSION}/rtl && git rev-parse HEAD)-${{ inputs.fpga-itrng }}-${{ env.CACHE_BUSTER }}" >> $GITHUB_OUTPUT
build_test_binaries:
runs-on: [e2-standard-8]
timeout-minutes: 60
env:
# Change this to a new random value if you suspect the cache is corrupted
CACHE_BUSTER: 9ff0db888988
steps:
- name: Checkout repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5
with:
ref: ${{ inputs.branch }}
- name: Restore sysroot from cache
uses: actions/cache/restore@v3
id: restore_sysroot_cache
with:
path: /tmp/caliptra-fpga-sysroot.tar
key: sysroot-v9-${{ env.CACHE_BUSTER }}
- name: Extract sysroot
if: "steps.restore_sysroot_cache.outputs.cache-hit"
run: |
sudo tar xvf /tmp/caliptra-fpga-sysroot.tar
- name: Install sysroot pre-requisites
if: "!steps.restore_sysroot_cache.outputs.cache-hit"
run: |
sudo apt-get update -qy && sudo apt-get -y install debootstrap binfmt-support qemu-user-static u-boot-tools
- name: build sysroot
# Note: This is the sysroot for the tiny debian installation we run on the FPGA;
# it is missing xilinx-provided kernel headers needed to build kernel modules
if: "!steps.restore_sysroot_cache.outputs.cache-hit"
run: |
sudo mkdir /tmp/caliptra-fpga-sysroot
sudo debootstrap --include linux-libc-dev --arch arm64 --foreign bookworm /tmp/caliptra-fpga-sysroot
sudo chroot /tmp/caliptra-fpga-sysroot /debootstrap/debootstrap --second-stage
# Remove unnecesary files
sudo find /tmp/caliptra-fpga-sysroot/ \( -type d -and ! -perm -o=r \) -prune -exec rm -rf {} \;
sudo find /tmp/caliptra-fpga-sysroot/ \( -type d -and ! -perm -o=x \) -prune -exec rm -rf {} \;
sudo find /tmp/caliptra-fpga-sysroot/ \( ! -perm -o=r \) -exec rm -f {} \;
sudo find /tmp/caliptra-fpga-sysroot/ \( -type c -or -type b -or -type p -or -type s \) -exec rm -f {} \;
sudo tar cvf /tmp/caliptra-fpga-sysroot.tar /tmp/caliptra-fpga-sysroot
- name: Save FPGA sysroot to cache
if: "!steps.restore_sysroot_cache.outputs.cache-hit"
uses: actions/cache/save@v3
with:
path: /tmp/caliptra-fpga-sysroot.tar
key: sysroot-v9-${{ env.CACHE_BUSTER }}
- name: Install cross compiler
run: |
sudo apt-get update -qy && sudo apt-get install -y gcc-aarch64-linux-gnu squashfs-tools
rustup toolchain install 1.84-x86_64-unknown-linux-gnu
rustup target add aarch64-unknown-linux-gnu
- name: Build test binaries
run: |
export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER="aarch64-linux-gnu-gcc"
export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUSTFLAGS="-C link-arg=--sysroot=$FARGO_SYSROOT"
if [ "${{ inputs.rom-version }}" != "latest" ]; then
export CPTRA_CI_ROM_VERSION="${{ inputs.rom-version }}"
fi
if [ "${{ inputs.workflow_call }}" ]; then
FEATURES=fpga_realtime,${{ inputs.extra-features }}
if [ "${{ inputs.ocp-lock }}" == "true" ]; then
FEATURES="${FEATURES},ocp-lock"
fi
else
FEATURES=fpga_realtime,itrng
fi
if [[ "${{ inputs.workflow_call }}" && "${{ inputs.hw-version }}" != "latest" ]]; then
FEATURES=$FEATURES,hw-${{ inputs.hw-version }}
fi
cargo nextest archive \
--features=${FEATURES} \
--release \
--target=aarch64-unknown-linux-gnu \
--archive-file=/tmp/caliptra-test-binaries.tar.zst
mkdir /tmp/caliptra-test-binaries/
tar xvf /tmp/caliptra-test-binaries.tar.zst -C /tmp/caliptra-test-binaries/
mksquashfs /tmp/caliptra-test-binaries /tmp/caliptra-test-binaries.sqsh -comp zstd
- name: Download bitstream
run: |
cargo xtask ci bitstream-downloader hw/fpga/bitstream_manifests/core.toml
mv core.pdi /tmp/caliptra-bitstream.pdi
- name: 'Upload bitstream'
uses: actions/upload-artifact@v4
with:
name: caliptra-bitstream${{ inputs.artifact-suffix }}
path: /tmp/caliptra-bitstream.pdi
retention-days: 1
- name: 'Upload test binaries artifact'
uses: actions/upload-artifact@v4
with:
name: caliptra-test-binaries${{ inputs.artifact-suffix }}
path: /tmp/caliptra-test-binaries.sqsh
retention-days: 1
- name: Build test firmware
run: |
rustup target add riscv32imc-unknown-none-elf
mkdir /tmp/caliptra-test-firmware
FEATURES=""
if [[ "${{ inputs.workflow_call }}" && "${{ inputs.hw-version }}" != "latest" ]]; then
FEATURES=hw-${{ inputs.hw-version }}
fi
cargo run --release -p caliptra-builder --features=${FEATURES} -- --all_elfs /tmp/caliptra-test-firmware
- name: 'Upload test firmware artifact'
uses: actions/upload-artifact@v4
with:
name: caliptra-test-firmware${{ inputs.artifact-suffix }}
path: /tmp/caliptra-test-firmware
retention-days: 1
test_artifacts:
runs-on: vck190
needs: [check_cache, build_test_binaries]
timeout-minutes: 120
strategy:
fail-fast: false
matrix:
partition: [1, 2]
if: |
!cancelled() &&
needs.check_cache.result == 'success' &&
(needs.build_test_binaries.result == 'success' || needs.build_test_binaries.result == 'skipped')
steps:
- name: 'Print image metadata'
run: |
if [ -f "/etc/caliptra-build-info" ]; then
sudo cat /etc/caliptra-build-info
fi
- name: Checkout repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5
with:
ref: ${{ inputs.branch }}
- name: 'Download Test Binaries Artifact'
uses: actions/download-artifact@v4
with:
name: caliptra-test-binaries${{ inputs.artifact-suffix }}
path: /tmp/caliptra-test-binaries.sqsh
- name: 'Download Test Firmware Artifact'
uses: actions/download-artifact@v4
with:
name: caliptra-test-firmware${{ inputs.artifact-suffix }}
path: /tmp/caliptra-test-firmware
- name: 'Download Bitstream'
uses: actions/download-artifact@v4
with:
name: caliptra-bitstream${{ inputs.artifact-suffix }}
path: /tmp/caliptra-bitstream
- name: Mount binaries
run: |
# We don't have enough DRAM on the FPGA board to extract a tarball
# into the overlaid tmpfs, so use squashfs instead
echo mkdir
sudo mkdir /tmp/caliptra-test-binaries
echo mount squashfs
sudo mount /tmp/caliptra-test-binaries.sqsh/caliptra-test-binaries.sqsh /tmp/caliptra-test-binaries -t squashfs -o loop
find /tmp/caliptra-test-binaries
- name: Check kernel modules
run: |
sudo lsmod
ls /sys/class/uio
- name: Load bitstream
run: |
sudo mkdir -p /lib/firmware
ls /tmp/caliptra-bitstream
sudo cp /tmp/caliptra-bitstream/caliptra-bitstream.pdi /lib/firmware
sudo bash -c 'echo "caliptra-bitstream.pdi" > /sys/class/fpga_manager/fpga0/firmware'
- name: Execute tests
run: |
export RUST_TEST_THREADS=1
TEST_BIN=/tmp/caliptra-test-binaries
VARS="CPTRA_UIO_NUM=0 CALIPTRA_PREBUILT_FW_DIR=/tmp/caliptra-test-firmware CALIPTRA_IMAGE_NO_GIT_REVISION=1"
if [ "${{ inputs.rom-logging }}" == "true" ] || [ -z "${{ inputs.rom-logging }}" ]; then
VARS+=" CPTRA_ROM_TYPE=ROM_WITH_UART"
elif [ "${{ inputs.rom-logging }}" == false ]; then
VARS+=" CPTRA_ROM_TYPE=ROM_WITHOUT_UART"
else
echo "Unexpected inputs.rom-logging: ${{ inputs.rom-logging }}"
exit 1
fi
if [[ "${{ inputs.workflow_call }}" && "${{ inputs.rom-version }}" != "latest" ]]; then
VARS+=" CPTRA_CI_ROM_VERSION="${{ inputs.rom-version }}""
# Map rom-version to the expected FIPS test ROM version
case "${{ inputs.rom-version }}" in
"2.1") VARS+=" FIPS_TEST_ROM_EXP_VERSION=2_1_0" ;;
*) echo "Unknown rom-version ${{ inputs.rom-version }} for FIPS_TEST_ROM_EXP_VERSION"; exit 1 ;;
esac
fi
echo VARS=${VARS}
# TODO remove version test filter once bitstream is up to date
COMMON_ARGS=(
--cargo-metadata="${TEST_BIN}/target/nextest/cargo-metadata.json"
--binaries-metadata="${TEST_BIN}/target/nextest/binaries-metadata.json"
--target-dir-remap="${TEST_BIN}/target"
--workspace-remap=.
--profile=fpga-core
)
cargo-nextest --version
cargo-nextest nextest list \
"${COMMON_ARGS[@]}" \
--partition count:${{ matrix.partition }}/2 \
--message-format json > /tmp/nextest-list-${{ matrix.partition }}.json
sudo env ${VARS} cargo-nextest nextest run \
"${COMMON_ARGS[@]}" \
--partition count:${{ matrix.partition }}/2 \
--test-threads=1 \
--no-fail-fast
- name: Copy junit.xml
if: success() || failure()
run: |
sudo mv /tmp/junit.xml /tmp/junit-${{ matrix.partition }}.xml
- name: 'Upload test results'
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: caliptra-test-results${{ inputs.artifact-suffix }}-${{ matrix.partition }}
path: |
/tmp/junit-${{ matrix.partition }}.xml
/tmp/nextest-list-${{ matrix.partition }}.json
print_test_results:
runs-on: ubuntu-22.04
needs: [test_artifacts]
if: always()
steps:
- name: Checkout repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5
with:
ref: ${{ inputs.branch }}
- name: 'Download test results'
uses: actions/download-artifact@v4
with:
pattern: caliptra-test-results${{ inputs.artifact-suffix }}-*
merge-multiple: true
path: /tmp/junit
- name: Print results
run: |
cargo install --git https://github.com/chipsalliance/caliptra-infra test-printer --root /tmp/test-printer --rev 3db904cf9cd704fcf890da32fd61dd30bfce8d11
echo "## Test Results" >> $GITHUB_STEP_SUMMARY
for xml in /tmp/junit/junit-*.xml; do
/tmp/test-printer/bin/test-printer --xml-path "$xml" >> $GITHUB_STEP_SUMMARY
done