ci: compile stats PTA on QEMU/QEMUv8

Enable stats PTA to catch compilation issues.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Revi

ci: compile stats PTA on QEMU/QEMUv8

Enable stats PTA to catch compilation issues.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ci: build sam-sama5d27_wlsom1_ek

Adds platform sam-sama5d27_wlsom1_ek to CI build to test I2C generic
driver implementation, at least from an OP-TEE core build perspective.

Acked-by: Jerome Forissi

ci: build sam-sama5d27_wlsom1_ek

Adds platform sam-sama5d27_wlsom1_ek to CI build to test I2C generic
driver implementation, at least from an OP-TEE core build perspective.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ci: se05x crypto driver: update plug-and-trust

Take security updates from Plug-and-Trust

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.

ci: se05x crypto driver: update plug-and-trust

Take security updates from Plug-and-Trust

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: compile-test as many PTAs as possible on QEMU/QEMUv8

Enable as many PTAs as possible in the QEMU/QEMUv8 CI builds in order to
catch compile issues. Some PTAs are not applicable to QEMU though.

ci: compile-test as many PTAs as possible on QEMU/QEMUv8

Enable as many PTAs as possible in the QEMU/QEMUv8 CI builds in order to
catch compile issues. Some PTAs are not applicable to QEMU though.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Revert "ci: disable QEMUv8_check_rust job"

This reverts commit 450963c289fe ("ci: disable QEMUv8_check_rust job").
The optee_rust project has been updated in [1] and the Rust tests are
now successfu

Revert "ci: disable QEMUv8_check_rust job"

This reverts commit 450963c289fe ("ci: disable QEMUv8_check_rust job").
The optee_rust project has been updated in [1] and the Rust tests are
now successful, therefore CI can be re-enabled.

Link: [1] https://github.com/OP-TEE/manifest/commit/beb79c27be83f7a4b90a898552569eb1a7638df8
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: qemuv8: build with maximum log level

Build qemuv8 platform with log core and TA levels set to
the maximum.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <je

ci: qemuv8: build with maximum log level

Build qemuv8 platform with log core and TA levels set to
the maximum.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

virt: rename CFG_VIRTUALIZATION to CFG_NS_VIRTUALIZATION

With the advent of virtualization support at S-EL2 in the Armv8.4-A
architecture, CFG_VIRTUALIZATION has become ambiguous. Let's rename
it to

virt: rename CFG_VIRTUALIZATION to CFG_NS_VIRTUALIZATION

With the advent of virtualization support at S-EL2 in the Armv8.4-A
architecture, CFG_VIRTUALIZATION has become ambiguous. Let's rename
it to CFG_NS_VIRTUALIZATION to indicate more clearly that it is about
supporting virtualization on the non-secure side.

This commit is the result of the following command:

$ for f in $(git grep -l -w CFG_VIRTUALIZATION); do \
sed -i -e 's/CFG_VIRTUALIZATION/CFG_NS_VIRTUALIZATION/g' $f; \
done

...plus the compatibility line in mk/config.mk:

CFG_NS_VIRTUALIZATION ?= $(CFG_VIRTUALIZATION)

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>

show more ...

ci: disable QEMUv8_check_rust job

Since the GlobalPlatrform 1.3.1 update, the check-rust job is failing
because some Rust interface needs to be updated [1]. In the meantime,
disable the CI job.

Lin

ci: disable QEMUv8_check_rust job

Since the GlobalPlatrform 1.3.1 update, the check-rust job is failing
because some Rust interface needs to be updated [1]. In the meantime,
disable the CI job.

Link: [1] https://github.com/OP-TEE/optee_os/pull/5688#issuecomment-1370608865
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ci: QEMuv8_check*: do not run as root

Now that the Docker image doesn't come with pre-cloned source files
owned by root, there is no need to use sudo to run commands.
Check out the build tree as the

ci: QEMuv8_check*: do not run as root

Now that the Docker image doesn't come with pre-cloned source files
owned by root, there is no need to use sudo to run commands.
Check out the build tree as the CI user, one level higher than the
optee_os checkout created for the current CI run.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ci: add job with BTI, MTE and PAC enabled

Add a new job to test OP-TEE with Branch Target Identification,
Memory Tagging Extension and Pointer Authentication Codes enabled.
BTI requires special supp

ci: add job with BTI, MTE and PAC enabled

Add a new job to test OP-TEE with Branch Target Identification,
Memory Tagging Extension and Pointer Authentication Codes enabled.
BTI requires special support in the toolchain (libgcc) so use a
custom cross-compiler (aarch64-unknown-linux-uclibc-gcc) which is
installed in the Docker image.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: make QEMUv8 jobs download source tree from scratch

Update the QEMUv8 jobs to user a new Docker image:
jforissier/optee_os_ci:qemuv8_check2 [2]. The main differences with
the previous one (:qemuv

ci: make QEMUv8 jobs download source tree from scratch

Update the QEMUv8 jobs to user a new Docker image:
jforissier/optee_os_ci:qemuv8_check2 [2]. The main differences with
the previous one (:qemuv8_check [1]) are:
- The OP-TEE development tree is not included. Instead a script is used
to download the source trees via repo init, repo sync etc.
(/root/get_optee_qemuv8.sh).
- The new image contains a toolchain with full BTI support.

Several reasons for that:
- The Gits in the older Docker image can be outdated. Doing "repo sync"
then rebuilding without "make clean" often works in practice but it
can also cause problems when external components are updated. For
example we may run out of disk space when Buildroot is updated and
brings many new packages. It can also happen that new sources are not
properly rebuilt.
- The Docker image is much bigger if it contains a pre-built OP-TEE
tree, that means longer download times but more importantly much slower
upload times when it needs updating, which is all the more often if it
contains the non OP-TEE software.
- Caching (ccache) is enabled and saved/restored by GitHub cache actions
so build time should not suffer too much.

Link: [1] https://github.com/jforissier/docker_optee_os_ci/tree/qemuv8_check
Link: [2] https://github.com/jforissier/docker_optee_os_ci/tree/qemuv8_check2
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: use set -v consistently

Use "set -v" in all jobs to display the commands before they are
executed.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etie

ci: use set -v consistently

Use "set -v" in all jobs to display the commands before they are
executed.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: configure ccache for jobs that use Buildroot

The jobs that use Buildroot are not configured properly to benefit from
ccache when compiling the Builroot packages. Therefore set BR2_CCACHE_DIR
to

ci: configure ccache for jobs that use Buildroot

The jobs that use Buildroot are not configured properly to benefit from
ccache when compiling the Builroot packages. Therefore set BR2_CCACHE_DIR
to point to the location that is cached by the CI environment.

The QEMUv8_check_rust job also needs a cache action and should not
change HOME to /root because ccache would default to /root/.cache
instead of /github/home/.cache.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: move Xen checks to a separate job

Move the Xen tests out of the QEMUv8_check job into their own job:
QEMUv8_Xen_check. This allows parallel execution which should reduce
the overall CI time. It

ci: move Xen checks to a separate job

Move the Xen tests out of the QEMUv8_check job into their own job:
QEMUv8_Xen_check. This allows parallel execution which should reduce
the overall CI time. It is easier to see what fails from the main CI
report as well.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: SE05X crypto driver: update Plug-and-Trust release to v0.4.1

Fixes to ECDSA and access policies to the asymmetric keys.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome

ci: SE05X crypto driver: update Plug-and-Trust release to v0.4.1

Fixes to ECDSA and access policies to the asymmetric keys.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ci: versal: program FPGA

Provide CFG_VERSAL_FPGA_DDR_ADDR to exercise this code path

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.o

ci: versal: program FPGA

Provide CFG_VERSAL_FPGA_DDR_ADDR to exercise this code path

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ci: build stm32mp15 with scp-firmware scmi-server

Adds build of platforms vexpress-fvp, vexpress-qemu_armv8a and stm32mp1
with CFG_SCMI_SCPFW enabled. This requires to fetch SCP-firmware source
tree

ci: build stm32mp15 with scp-firmware scmi-server

Adds build of platforms vexpress-fvp, vexpress-qemu_armv8a and stm32mp1
with CFG_SCMI_SCPFW enabled. This requires to fetch SCP-firmware source
tree.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ci: remove duplicate build for STM32MP157C-DK2

If no CFG_EMBED_DTB_SOURCE_FILE is specified, it is now defaulted to
stm32mp157c-dk2.dts. Therefore, make PLATFORM=stm32mp1 builds OP-TEE
for STM32MP15

ci: remove duplicate build for STM32MP157C-DK2

If no CFG_EMBED_DTB_SOURCE_FILE is specified, it is now defaulted to
stm32mp157c-dk2.dts. Therefore, make PLATFORM=stm32mp1 builds OP-TEE
for STM32MP157C-DK2 platform.

Removes duplicated build.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ci: QEMUv8_check: run tests with v8.2 Cryptographic Extension enabled

Updates the line with regression tests with CFG_CRYPTO_WITH_CE=y to use
CFG_CRYPTO_WITH_CE82=y instead to include the v8.2 Crypt

ci: QEMUv8_check: run tests with v8.2 Cryptographic Extension enabled

Updates the line with regression tests with CFG_CRYPTO_WITH_CE=y to use
CFG_CRYPTO_WITH_CE82=y instead to include the v8.2 Cryptographic
Extension.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: se05x crypto driver: enable fallback to softw-ops

Validates building the RSA/ECC fallback operations.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.

ci: se05x crypto driver: enable fallback to softw-ops

Validates building the RSA/ECC fallback operations.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ci: drop optee_rust patch

Now that optee_rust has been updated [1] ("qemu_v8: Pin optee_rust to
the latest version"), drop the patch in ci.yml.

Link: [1] https://github.com/OP-TEE/manifest/commit/2

ci: drop optee_rust patch

Now that optee_rust has been updated [1] ("qemu_v8: Pin optee_rust to
the latest version"), drop the patch in ci.yml.

Link: [1] https://github.com/OP-TEE/manifest/commit/286184404963afc4b298dfd94e3463e00177cc45
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: code_style: run pycodestyle even if checkpatch has failed

When checkpatch reports issues, it returns an error status which make
the code_style job fail as expected. However, by default when a jo

ci: code_style: run pycodestyle even if checkpatch has failed

When checkpatch reports issues, it returns an error status which make
the code_style job fail as expected. However, by default when a job step
fails the subsequent ones are not executed. Therefore, pycodestyle is
skipped which is bad because we sometimes want to ignore some checkpatch
errors and we still want to detect Python issues.

This problem is fixed by adding a condition to the "Run pycodestyle"
step.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: zynqmp: Add compilation for optional drivers

Test compile optional Xiphera TRNG and HUK drivers (and its related
drivers).

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked

ci: zynqmp: Add compilation for optional drivers

Test compile optional Xiphera TRNG and HUK drivers (and its related
drivers).

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ci: se05x crypto driver: update plug-and-trust

Update the Plug-and-Trust to the latest release 04.02.00

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.fo

ci: se05x crypto driver: update plug-and-trust

Update the Plug-and-Trust to the latest release 04.02.00

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ci: build for k3-j784s4

Add CI build for J784S4 SoC from Texas Instruments.

Signed-off-by: Jayesh Choudhary <j-choudhary@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: A

ci: build for k3-j784s4

Add CI build for J784S4 SoC from Texas Instruments.

Signed-off-by: Jayesh Choudhary <j-choudhary@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Andrew Davis <afd@ti.com>

show more ...