1name: CI 2on: [push, pull_request] 3permissions: 4 contents: read # to fetch code (actions/checkout) 5env: 6 # Workaround disk space limitations ("no space left on device...") 7 RUST_ENABLE: "n" 8jobs: 9 code_style: 10 name: Code style 11 runs-on: ubuntu-latest 12 container: jforissier/optee_os_ci 13 steps: 14 - name: Checkout 15 uses: actions/checkout@v4 16 with: 17 fetch-depth: 0 # full history so checkpatch can check commit IDs in commit messages 18 - name: Update Git config 19 run: git config --global --add safe.directory ${GITHUB_WORKSPACE} 20 - name: Run checkpatch 21 shell: bash 22 run: | 23 # checkpatch task 24 set -e 25 pushd . >/dev/null 26 mkdir -p /tmp/linux/scripts 27 cd /tmp/linux/scripts 28 wget --quiet https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/plain/scripts/checkpatch.pl 29 chmod +x checkpatch.pl 30 wget --quiet https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/plain/scripts/spelling.txt 31 echo "invalid.struct.name" >const_structs.checkpatch 32 export PATH=/tmp/linux/scripts:$PATH 33 popd >/dev/null 34 source scripts/checkpatch_inc.sh 35 function _do() { echo '>>' $*; $*; } 36 # Run checkpatch.pl: 37 # - on the tip of the branch only if we're not in a pull request 38 # - otherwise: 39 # * on each commit in the development branch that is not in the target (merge to) branch 40 # * on the global diff if the PR contains more than one commit (useful to check if fixup 41 # commits do solve previous checkpatch errors) 42 if [ "${GITHUB_EVENT_NAME}" = "push" ]; then \ 43 _do checkpatch HEAD || failed=1; \ 44 else \ 45 for c in $(git rev-list HEAD^1..HEAD^2); do \ 46 _do checkpatch $c || failed=1; \ 47 done; \ 48 if [ "$(git rev-list --count HEAD^1..HEAD^2)" -gt 1 ]; then \ 49 _do checkdiff $(git rev-parse HEAD^1) $(git rev-parse HEAD^2) || failed=1; \ 50 fi; \ 51 fi 52 [ -z "$failed" ] 53 - name: Run pycodestyle 54 if: success() || failure() 55 run: | 56 # pycodestyle task 57 sudo -E bash -c "apt update -qq -y && apt install -qq -y pycodestyle" 58 pycodestyle scripts/*.py core/arch/arm/plat-stm32mp1/scripts/stm32image.py 59 builds: 60 name: make (multi-platform) 61 runs-on: ubuntu-latest 62 container: jforissier/optee_os_ci 63 steps: 64 - name: Restore build cache 65 uses: actions/cache@v4 66 with: 67 path: /github/home/.cache/ccache 68 key: builds-cache-${{ github.sha }} 69 restore-keys: | 70 builds-cache- 71 - name: Checkout 72 uses: actions/checkout@v4 73 - name: Update Git config 74 run: git config --global --add safe.directory ${GITHUB_WORKSPACE} 75 - shell: bash 76 run: | 77 # build task 78 set -e -v 79 export LC_ALL=C 80 export PATH=/usr/local/bin:$PATH # clang 81 export FORCE_UNSAFE_CONFIGURE=1 # Prevent Buildroot error when building as root 82 export CFG_DEBUG_INFO=n 83 export CFG_WERROR=y 84 85 function _make() { make -j$(nproc) -s O=out $*; } 86 function download_plug_and_trust() { mkdir -p $HOME/se050 && git clone --single-branch -b v0.4.2 https://github.com/foundriesio/plug-and-trust $HOME/se050/plug-and-trust || (rm -rf $HOME/se050 ; echo Nervermind); } 87 88 function download_scp_firmware() { git clone --single-branch https://git.gitlab.arm.com/firmware/SCP-firmware.git $HOME/scp-firmware && git -C $HOME/scp-firmware checkout 0d48080449e3bd3e5218a31c5f24a6068004c5af || (rm -rf $HOME/scp-firmware ; echo Nervermind); } 89 90 ccache -s -v 91 download_plug_and_trust 92 download_scp_firmware 93 94 export CROSS_COMPILE32="ccache arm-linux-gnueabihf-" 95 export CROSS_COMPILE64="ccache aarch64-linux-gnu-" 96 97 _make 98 _make COMPILER=clang 99 _make CFG_TEE_CORE_LOG_LEVEL=4 CFG_TEE_CORE_DEBUG=y CFG_TEE_TA_LOG_LEVEL=4 CFG_CC_OPT_LEVEL=0 CFG_DEBUG_INFO=y 100 _make CFG_TEE_CORE_LOG_LEVEL=0 CFG_TEE_CORE_DEBUG=n CFG_TEE_TA_LOG_LEVEL=0 CFG_DEBUG_INFO=n CFG_ENABLE_EMBEDDED_TESTS=n 101 _make CFG_TEE_CORE_MALLOC_DEBUG=y CFG_CORE_DEBUG_CHECK_STACKS=y 102 _make CFG_CORE_SANITIZE_KADDRESS=y CFG_CORE_ASLR=n 103 _make CFG_LOCKDEP=y 104 _make CFG_CRYPTO=n 105 _make CFG_CRYPTO_{AES,DES}=n 106 _make CFG_CRYPTO_{DSA,RSA,DH}=n 107 _make CFG_CRYPTO_{DSA,RSA,DH,ECC}=n 108 _make CFG_CRYPTO_{H,C,CBC_}MAC=n 109 _make CFG_CRYPTO_{G,C}CM=n 110 _make CFG_CRYPTO_{MD5,SHA{1,224,256,384,512,512_256}}=n 111 _make CFG_WITH_PAGER=y out/core/tee{,-pager,-pageable}.bin 112 _make CFG_WITH_PAGER=y CFG_CRYPTOLIB_NAME=mbedtls CFG_CRYPTOLIB_DIR=lib/libmbedtls 113 _make CFG_WITH_PAGER=y CFG_WITH_LPAE=y 114 _make CFG_WITH_LPAE=y 115 _make CFG_CORE_PREALLOC_EL0_TBLS=y 116 _make CFG_RPMB_FS=y 117 _make CFG_RPMB_FS=y CFG_RPMB_TESTKEY=y 118 _make CFG_RPMB_FS=y CFG_RPMB_WRITE_KEY=y 119 _make CFG_REE_FS=n CFG_RPMB_FS=y 120 _make CFG_WITH_PAGER=y CFG_WITH_LPAE=y CFG_RPMB_FS=y CFG_DT=y CFG_TEE_CORE_LOG_LEVEL=1 CFG_TEE_CORE_DEBUG=y CFG_CC_OPT_LEVEL=0 CFG_DEBUG_INFO=y 121 _make CFG_WITH_PAGER=y CFG_WITH_LPAE=y CFG_RPMB_FS=y CFG_DT=y CFG_TEE_CORE_LOG_LEVEL=0 CFG_TEE_CORE_DEBUG=n DEBUG=0 122 _make CFG_BUILT_IN_ARGS=y CFG_PAGEABLE_ADDR=0 CFG_NS_ENTRY_ADDR=0 CFG_DT_ADDR=0 CFG_DT=y 123 _make CFG_FTRACE_SUPPORT=y CFG_ULIBS_MCOUNT=y CFG_ULIBS_SHARED=y 124 _make CFG_TA_GPROF_SUPPORT=y CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y CFG_ULIBS_MCOUNT=y 125 _make CFG_SECURE_DATA_PATH=y 126 _make CFG_REE_FS_TA_BUFFERED=y 127 _make CFG_WITH_USER_TA=n 128 _make CFG_{ATTESTATION,DEVICE_ENUM,RTC,SCMI,SECSTOR_TA_MGT,VERAISON_ATTESTATION}_PTA=y CFG_WITH_STATS=y CFG_TA_STATS=y 129 _make PLATFORM=vexpress-qemu_armv8a 130 _make PLATFORM=vexpress-qemu_armv8a COMPILER=clang 131 _make PLATFORM=vexpress-qemu_armv8a CFG_TEE_CORE_LOG_LEVEL=0 CFG_TEE_CORE_DEBUG=n CFG_TEE_TA_LOG_LEVEL=0 CFG_DEBUG_INFO=n 132 _make PLATFORM=vexpress-qemu_armv8a CFG_TEE_CORE_LOG_LEVEL=4 CFG_TEE_CORE_DEBUG=y CFG_TEE_TA_LOG_LEVEL=4 CFG_CC_OPT_LEVEL=0 CFG_DEBUG_INFO=y 133 _make PLATFORM=vexpress-qemu_armv8a CFG_WITH_PAGER=y 134 _make PLATFORM=vexpress-qemu_armv8a CFG_FTRACE_SUPPORT=y CFG_ULIBS_MCOUNT=y CFG_ULIBS_SHARED=y 135 _make PLATFORM=vexpress-qemu_armv8a CFG_TA_GPROF_SUPPORT=y CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y CFG_ULIBS_MCOUNT=y 136 _make PLATFORM=vexpress-qemu_armv8a CFG_NS_VIRTUALIZATION=y 137 _make PLATFORM=vexpress-qemu_armv8a CFG_CORE_PREALLOC_EL0_TBLS=y 138 _make PLATFORM=vexpress-qemu_armv8a CFG_TRANSFER_LIST=y CFG_MAP_EXT_DT_SECURE=y 139 _make PLATFORM=vexpress-qemu_armv8a CFG_CORE_SEL1_SPMC=y 140 _make PLATFORM=vexpress-qemu_armv8a CFG_CORE_SEL2_SPMC=y CFG_CORE_PHYS_RELOCATABLE=y CFG_TZDRAM_START=0x0d304000 CFG_TZDRAM_SIZE=0x00cfc000 141 _make PLATFORM=vexpress-qemu_armv8a CFG_{ATTESTATION,DEVICE_ENUM,RTC,SCMI,SECSTOR_TA_MGT,VERAISON_ATTESTATION}_PTA=y CFG_WITH_STATS=y CFG_TA_STATS=y 142 _make PLATFORM=vexpress-qemu_armv8a CFG_CORE_SEL1_SPMC=y CFG_NS_VIRTUALIZATION=y 143 _make PLATFORM=vexpress-qemu_armv8a CFG_CRYPTO_WITH_CE=y CFG_CRYPTOLIB_NAME=mbedtls CFG_CRYPTOLIB_DIR=lib/libmbedtls 144 _make PLATFORM=vexpress-qemu_armv8a CFG_CORE_SANITIZE_UNDEFINED=y CFG_TA_SANITIZE_UNDEFINED=y CFG_TEE_RAM_VA_SIZE=0x00400000 145 dd if=/dev/urandom of=BL32_AP_MM.fd bs=2621440 count=1 && _make PLATFORM=vexpress-qemu_armv8a CFG_STMM_PATH=BL32_AP_MM.fd CFG_RPMB_FS=y CFG_CORE_HEAP_SIZE=524288 CFG_TEE_RAM_VA_SIZE=0x00400000 146 if [ -d $HOME/scp-firmware ]; then _make PLATFORM=vexpress-qemu_armv8a CFG_SCMI_SCPFW=y CFG_SCP_FIRMWARE=$HOME/scp-firmware; fi 147 _make PLATFORM=vexpress-qemu_sbsa CFG_CORE_SEL1_SPMC=y CFG_TZDRAM_START=0x20002000 CFG_TZDRAM_SIZE=0x1fbcf000 148 _make PLATFORM=stm-b2260 149 _make PLATFORM=stm-cannes 150 _make PLATFORM=stm32mp1 151 _make PLATFORM=stm32mp1-135F_DK CFG_DRIVERS_CLK_PRINT_TREE=y CFG_DRIVERS_REGULATOR_PRINT_TREE=y 152 _make PLATFORM=stm32mp1-135F_DK COMPILER=clang 153 _make PLATFORM=stm32mp1 CFG_STM32MP1_OPTEE_IN_SYSRAM=y CFG_STM32MP_REMOTEPROC=y 154 # Don't build stm32mp1 with SCP-Firmware until its support is fixed in SCP-Firmware source tree 155 # if [ -d $HOME/scp-firmware ]; then _make PLATFORM=stm32mp1-157C_DK2 CFG_SCMI_SCPFW=y CFG_SCP_FIRMWARE=$HOME/scp-firmware; fi 156 if [ -d $HOME/scp-firmware ]; then _make PLATFORM=stm32mp2 CFG_SCP_FIRMWARE=$HOME/scp-firmware; fi 157 if [ -d $HOME/scp-firmware ]; then _make PLATFORM=stm32mp2-235F_DK CFG_SCP_FIRMWARE=$HOME/scp-firmware; fi 158 if [ -d $HOME/scp-firmware ]; then _make PLATFORM=stm32mp2-215F_DK CFG_SCP_FIRMWARE=$HOME/scp-firmware; fi 159 _make PLATFORM=vexpress-fvp 160 _make PLATFORM=vexpress-fvp CFG_ARM64_core=y 161 _make PLATFORM=vexpress-fvp CFG_ARM64_core=y CFG_CORE_SEL1_SPMC=y CFG_SECURE_PARTITION=y 162 if [ -d $HOME/scp-firmware ]; then _make PLATFORM=vexpress-fvp CFG_SCMI_SCPFW=y CFG_SCP_FIRMWARE=$HOME/scp-firmware; fi 163 _make PLATFORM=vexpress-juno 164 _make PLATFORM=vexpress-juno CFG_ARM64_core=y 165 _make PLATFORM=hikey 166 _make PLATFORM=hikey CFG_ARM64_core=y 167 _make PLATFORM=mediatek-mt8173 168 _make PLATFORM=mediatek-mt8175 169 _make PLATFORM=mediatek-mt8183 170 _make PLATFORM=mediatek-mt8516 171 _make PLATFORM=imx-mx6ulevk 172 _make PLATFORM=imx-mx6ulevk CFG_NXP_CAAM=y CFG_CRYPTO_DRIVER=y 173 _make PLATFORM=imx-mx6ul9x9evk 174 _make PLATFORM=imx-mx6ullevk CFG_WITH_SOFTWARE_PRNG=n CFG_IMX_RNGB=y 175 if [ -d $HOME/se050/plug-and-trust ]; then _make PLATFORM=imx-mx6ullevk CFG_NXP_SE05X=y CFG_IMX_I2C=y CFG_STACK_{THREAD,TMP}_EXTRA=8192 CFG_CRYPTO_DRV_{CIPHER,ACIPHER}=y CFG_WITH_SOFTWARE_PRNG=n CFG_NXP_SE05X_{DIEID,RNG,RSA,ECC,CTR}_DRV=y CFG_NXP_SE05X_RSA_DRV_FALLBACK=y CFG_NXP_SE05X_ECC_DRV_FALLBACK=y CFG_NXP_SE05X_PLUG_AND_TRUST=$HOME/se050/plug-and-trust ; fi 176 _make PLATFORM=imx-mx6ulzevk 177 _make PLATFORM=imx-mx6slevk 178 _make PLATFORM=imx-mx6sllevk 179 _make PLATFORM=imx-mx6sxsabreauto 180 _make PLATFORM=imx-mx6sxsabresd 181 _make PLATFORM=imx-mx6sxsabresd CFG_NXP_CAAM=y CFG_CRYPTO_DRIVER=y 182 _make PLATFORM=imx-mx6solosabresd 183 _make PLATFORM=imx-mx6solosabreauto 184 _make PLATFORM=imx-mx6sxsabreauto 185 _make PLATFORM=imx-mx6qsabrelite 186 _make PLATFORM=imx-mx6qsabresd 187 _make PLATFORM=imx-mx6qsabresd CFG_RPMB_FS=y 188 _make PLATFORM=imx-mx6qsabreauto 189 _make PLATFORM=imx-mx6qsabreauto CFG_NXP_CAAM=y CFG_CRYPTO_DRIVER=y 190 _make PLATFORM=imx-mx6qpsabreauto 191 _make PLATFORM=imx-mx6qpsabresd 192 _make PLATFORM=imx-mx6dlsabresd 193 _make PLATFORM=imx-mx6dlsabreauto 194 _make PLATFORM=imx-mx6dapalis 195 _make PLATFORM=imx-mx6qapalis 196 _make PLATFORM=imx-mx7dsabresd 197 _make PLATFORM=imx-mx7dsabresd CFG_NXP_CAAM=y CFG_CRYPTO_DRIVER=y 198 _make PLATFORM=imx-mx7ulpevk 199 _make PLATFORM=imx-mx8mmevk 200 _make PLATFORM=imx-mx8mmevk CFG_NXP_CAAM=y CFG_CRYPTO_DRIVER=y 201 if [ -d $HOME/se050/plug-and-trust ]; then _make PLATFORM=imx-mx8mmevk CFG_NXP_CAAM=y CFG_NXP_CAAM_AE_{GCM,CCM}_DRV=y CFG_NXP_CAAM_RNG_DRV=y CFG_NXP_SE05X=y CFG_IMX_I2C=y CFG_STACK_{THREAD,TMP}_EXTRA=8192 CFG_CRYPTO_DRV_{CIPHER,ACIPHER,AUTHENC}=y CFG_NXP_SE05X_RNG_DRV=n CFG_WITH_SOFTWARE_PRNG=n CFG_NXP_SE05X_{DIEID,RSA,ECC,CTR}_DRV=y CFG_NXP_SE05X_RSA_DRV_FALLBACK=y CFG_NXP_SE05X_ECC_DRV_FALLBACK=y CFG_NXP_SE05X_PLUG_AND_TRUST=$HOME/se050/plug-and-trust ; fi 202 _make PLATFORM=imx-mx8mnevk 203 _make PLATFORM=imx-mx8mqevk 204 _make PLATFORM=imx-mx8mpevk 205 _make PLATFORM=imx-mx8qxpmek 206 _make PLATFORM=imx-mx8dxmek 207 _make PLATFORM=imx-mx8qmmek 208 _make PLATFORM=imx-mx8dxlevk 209 _make PLATFORM=imx-mx8ulpevk 210 _make PLATFORM=imx-mx8ulpevk CFG_NXP_CAAM=y CFG_CRYPTO_DRIVER=y 211 _make PLATFORM=imx-mx93evk 212 _make PLATFORM=imx-mx95evk 213 _make PLATFORM=imx-mx91evk 214 _make PLATFORM=k3-j721e 215 _make PLATFORM=k3-j721e CFG_ARM64_core=y 216 _make PLATFORM=k3-j784s4 217 _make PLATFORM=k3-j784s4 CFG_ARM64_core=y 218 _make PLATFORM=k3-am65x 219 _make PLATFORM=k3-am65x CFG_ARM64_core=y 220 _make PLATFORM=k3-am64x 221 _make PLATFORM=k3-am64x CFG_ARM64_core=y 222 _make PLATFORM=k3-am62x 223 _make PLATFORM=k3-am62x CFG_ARM64_core=y 224 _make PLATFORM=k3-am62lx 225 _make PLATFORM=k3-am62lx CFG_ARM64_core=y 226 _make PLATFORM=ti-dra7xx out/core/tee{,-pager,-pageable}.bin 227 _make PLATFORM=ti-am57xx 228 _make PLATFORM=ti-am43xx 229 _make PLATFORM=sprd-sc9860 230 _make PLATFORM=sprd-sc9860 CFG_ARM64_core=y 231 _make PLATFORM=ls-ls1043ardb 232 _make PLATFORM=ls-ls1046ardb 233 _make PLATFORM=ls-ls1012ardb 234 _make PLATFORM=ls-ls1028ardb 235 _make PLATFORM=ls-ls1088ardb 236 _make PLATFORM=ls-ls2088ardb 237 _make PLATFORM=ls-lx2160ardb 238 _make PLATFORM=ls-lx2160aqds 239 _make PLATFORM=zynq7k-zc702 240 _make PLATFORM=zynqmp-zcu102 241 _make PLATFORM=zynqmp-zcu102 CFG_ARM64_core=y 242 _make PLATFORM=zynqmp-zcu102 CFG_ARM64_core=y CFG_WITH_SOFTWARE_PRNG=n CFG_XIPHERA_TRNG=y CFG_ZYNQMP_HUK=y 243 _make PLATFORM=d02 244 _make PLATFORM=d02 CFG_ARM64_core=y 245 _make PLATFORM=rcar 246 _make PLATFORM=rzg 247 _make PLATFORM=rzg CFG_ARM64_core=y 248 _make PLATFORM=rpi3 249 _make PLATFORM=rpi3 CFG_ARM64_core=y 250 _make PLATFORM=hikey-hikey960 251 _make PLATFORM=hikey-hikey960 COMPILER=clang 252 _make PLATFORM=hikey-hikey960 CFG_ARM64_core=y 253 _make PLATFORM=hikey-hikey960 CFG_ARM64_core=y COMPILER=clang 254 _make PLATFORM=hikey-hikey960 CFG_SECURE_DATA_PATH=n 255 _make PLATFORM=poplar 256 _make PLATFORM=poplar CFG_ARM64_core=y 257 _make PLATFORM=rockchip-rk322x 258 _make PLATFORM=rockchip-rk3399 259 _make PLATFORM=rockchip-rk3588 260 _make PLATFORM=sam 261 _make PLATFORM=sam-sama5d2_xplained 262 _make PLATFORM=sam-sama5d27_som1_ek 263 _make PLATFORM=sam-sama5d27_wlsom1_ek 264 _make PLATFORM=marvell-armada7k8k 265 _make PLATFORM=marvell-armada3700 266 _make PLATFORM=marvell-otx2t96 267 _make PLATFORM=marvell-otx2f95 268 _make PLATFORM=marvell-otx2t98 269 _make PLATFORM=marvell-cn10ka 270 _make PLATFORM=marvell-cn10kb 271 _make PLATFORM=marvell-cnf10ka 272 _make PLATFORM=marvell-cnf10kb 273 _make PLATFORM=marvell-cn20ka 274 _make PLATFORM=marvell-cnf20ka 275 _make PLATFORM=synquacer 276 _make PLATFORM=sunxi-bpi_zero 277 _make PLATFORM=sunxi-sun50i_a64 278 _make PLATFORM=bcm-ns3 CFG_ARM64_core=y 279 _make PLATFORM=hisilicon-hi3519av100_demo 280 _make PLATFORM=amlogic 281 _make PLATFORM=rzn1 282 _make PLATFORM=versal CFG_VERSAL_FPGA_DDR_ADDR=0x40000000 283 _make PLATFORM=corstone1000 284 _make PLATFORM=nuvoton 285 _make PLATFORM=d06 286 _make PLATFORM=d06 CFG_HISILICON_ACC_V3=y 287 _make PLATFORM=telechips-tcc805x 288 _make PLATFORM=versal2 289 _make PLATFORM=versal2 CFG_AMD_PS_GPIO=y 290 291 export ARCH=riscv 292 unset CROSS_COMPILE32 293 export CROSS_COMPILE64="ccache riscv64-linux-gnu-" 294 295 _make PLATFORM=virt 296 _make PLATFORM=virt CFG_RISCV_PLIC=n CFG_RISCV_APLIC=y 297 _make PLATFORM=virt CFG_RISCV_PLIC=n CFG_RISCV_APLIC_MSI=y CFG_RISCV_IMSIC=y 298 _make PLATFORM=sifive 299 300 QEMUv7_check: 301 name: make check (QEMUv7) 302 runs-on: ubuntu-latest 303 container: jforissier/optee_os_ci:qemu_check 304 steps: 305 - name: Remove /__t/* 306 run: rm -rf /__t/* 307 - name: Restore build cache 308 uses: actions/cache@v4 309 with: 310 path: /github/home/.cache/ccache 311 key: qemuv7_check-cache-${{ github.sha }} 312 restore-keys: | 313 qemuv7_check-cache- 314 - name: Checkout 315 uses: actions/checkout@v4 316 - name: Update Git config 317 run: git config --global --add safe.directory ${GITHUB_WORKSPACE} 318 - shell: bash 319 run: | 320 # make check task 321 set -e -v 322 export LC_ALL=C 323 export BR2_CCACHE_DIR=/github/home/.cache/ccache 324 export FORCE_UNSAFE_CONFIGURE=1 # Prevent Buildroot error when building as root 325 export CFG_TEE_CORE_LOG_LEVEL=2 326 WD=$(pwd) 327 cd .. 328 TOP=$(pwd)/optee 329 /root/get_optee.sh default ${TOP} 330 mv ${TOP}/optee_os ${TOP}/optee_os_old 331 ln -s ${WD} ${TOP}/optee_os 332 cd ${TOP}/build 333 334 make -j$(nproc) check CFG_LOCKDEP=y CFG_LOCKDEP_RECORD_STACK=n CFG_IN_TREE_EARLY_TAS=pkcs11/fd02c9da-306c-48c7-a49c-bbd827ae86ee CFG_PKCS11_TA=y CFG_CORE_UNSAFE_MODEXP=y XTEST_ARGS="-x pkcs11_1007" 335 make -j$(nproc) check CFG_CORE_SANITIZE_KADDRESS=y CFG_CORE_ASLR=n CFG_ATTESTATION_PTA=n XTEST_ARGS="n_1001 n_1003 n_1004" 336 make -j$(nproc) check CFG_CORE_SANITIZE_KADDRESS=y CFG_CORE_ASLR=n CFG_ATTESTATION_PTA=n CFG_DYN_CONFIG=n XTEST_ARGS="n_1001 n_1003 n_1004" 337 338 QEMUv8_check1: 339 name: make check (QEMUv8) 1 / 4 340 runs-on: ubuntu-latest 341 container: jforissier/optee_os_ci:qemu_check 342 steps: 343 - name: Remove /__t/* 344 run: rm -rf /__t/* 345 - name: Restore build cache 346 uses: actions/cache@v4 347 with: 348 path: /github/home/.cache/ccache 349 key: qemuv8_check-cache-${{ github.sha }} 350 restore-keys: | 351 qemuv8_check-cache- 352 - name: Checkout 353 uses: actions/checkout@v4 354 - name: Update Git config 355 run: git config --global --add safe.directory ${GITHUB_WORKSPACE} 356 - shell: bash 357 run: | 358 # make check task 359 set -e -v 360 export LC_ALL=C 361 export BR2_CCACHE_DIR=/github/home/.cache/ccache 362 export FORCE_UNSAFE_CONFIGURE=1 # Prevent Buildroot error when building as root 363 export CFG_TEE_CORE_LOG_LEVEL=2 364 export CFG_ATTESTATION_PTA=y 365 export CFG_ATTESTATION_PTA_KEY_SIZE=1024 366 OPTEE_OS_TO_TEST=$(pwd) 367 cd .. 368 TOP=$(pwd)/optee_repo_qemu_v8 369 /root/get_optee.sh qemu_v8 ${TOP} 370 mv ${TOP}/optee_os ${TOP}/optee_os_old 371 ln -s ${OPTEE_OS_TO_TEST} ${TOP}/optee_os 372 cd ${TOP}/build 373 374 make -j$(nproc) check 375 make -j$(nproc) check CFG_CRYPTO_WITH_CE82=y 376 make -j$(nproc) check CFG_CORE_SANITIZE_KADDRESS=y CFG_CORE_ASLR=n CFG_ATTESTATION_PTA=n RUST_ENABLE=n MEASURED_BOOT_FTPM=n XTEST_ARGS="n_1001 n_1003 n_1004" 377 make -j$(nproc) check CFG_DYN_CONFIG=n 378 379 QEMUv8_check2: 380 name: make check (QEMUv8) 2 / 4 381 runs-on: ubuntu-latest 382 container: jforissier/optee_os_ci:qemu_check 383 steps: 384 - name: Remove /__t/* 385 run: rm -rf /__t/* 386 - name: Restore build cache 387 uses: actions/cache@v4 388 with: 389 path: /github/home/.cache/ccache 390 key: qemuv8_check-cache-${{ github.sha }} 391 restore-keys: | 392 qemuv8_check-cache- 393 - name: Checkout 394 uses: actions/checkout@v4 395 - name: Update Git config 396 run: git config --global --add safe.directory ${GITHUB_WORKSPACE} 397 - shell: bash 398 run: | 399 # make check task 400 set -e -v 401 export LC_ALL=C 402 export BR2_CCACHE_DIR=/github/home/.cache/ccache 403 export FORCE_UNSAFE_CONFIGURE=1 # Prevent Buildroot error when building as root 404 export CFG_TEE_CORE_LOG_LEVEL=2 405 export CFG_ATTESTATION_PTA=y 406 export CFG_ATTESTATION_PTA_KEY_SIZE=1024 407 OPTEE_OS_TO_TEST=$(pwd) 408 cd .. 409 TOP=$(pwd)/optee_repo_qemu_v8 410 /root/get_optee.sh qemu_v8 ${TOP} 411 mv ${TOP}/optee_os ${TOP}/optee_os_old 412 ln -s ${OPTEE_OS_TO_TEST} ${TOP}/optee_os 413 cd ${TOP}/build 414 415 # Rust is disabled because signature_verification-rs hangs with this OP-TEE configuration 416 # fTPM is disabled because it takes too long to probe with this OP-TEE configuration 417 make -j$(nproc) check CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y XTEST_ARGS=regression_1001 RUST_ENABLE=n MEASURED_BOOT_FTPM=n 418 # fTPM is disabled because tests are too slow otherwise (lots of paging) 419 make -j$(nproc) check CFG_WITH_PAGER=y MEASURED_BOOT_FTPM=n 420 make arm-tf-clean && make -j$(nproc) check ARM_FIRMWARE_HANDOFF=y 421 422 QEMUv8_check3: 423 name: make check (QEMUv8) 3 / 4 424 runs-on: ubuntu-latest 425 container: jforissier/optee_os_ci:qemu_check 426 steps: 427 - name: Remove /__t/* 428 run: rm -rf /__t/* 429 - name: Restore build cache 430 uses: actions/cache@v4 431 with: 432 path: /github/home/.cache/ccache 433 key: qemuv8_check-cache-${{ github.sha }} 434 restore-keys: | 435 qemuv8_check-cache- 436 - name: Checkout 437 uses: actions/checkout@v4 438 - name: Update Git config 439 run: git config --global --add safe.directory ${GITHUB_WORKSPACE} 440 - shell: bash 441 run: | 442 # make check task 443 set -e -v 444 export LC_ALL=C 445 export BR2_CCACHE_DIR=/github/home/.cache/ccache 446 export FORCE_UNSAFE_CONFIGURE=1 # Prevent Buildroot error when building as root 447 export CFG_TEE_CORE_LOG_LEVEL=2 448 export CFG_ATTESTATION_PTA=y 449 export CFG_ATTESTATION_PTA_KEY_SIZE=1024 450 OPTEE_OS_TO_TEST=$(pwd) 451 cd .. 452 TOP=$(pwd)/optee_repo_qemu_v8 453 /root/get_optee.sh qemu_v8 ${TOP} 454 mv ${TOP}/optee_os ${TOP}/optee_os_old 455 ln -s ${OPTEE_OS_TO_TEST} ${TOP}/optee_os 456 cd ${TOP}/build 457 458 make -j$(nproc) check CFG_PAN=y 459 make -j$(nproc) check CFG_ULIBS_SHARED=y 460 461 QEMUv8_check4: 462 name: make check (QEMUv8) 4 / 4 463 runs-on: ubuntu-latest 464 container: jforissier/optee_os_ci:qemu_check 465 steps: 466 - name: Remove /__t/* 467 run: rm -rf /__t/* 468 - name: Restore build cache 469 uses: actions/cache@v4 470 with: 471 path: /github/home/.cache/ccache 472 key: qemuv8_check-cache-${{ github.sha }} 473 restore-keys: | 474 qemuv8_check-cache- 475 - name: Checkout 476 uses: actions/checkout@v4 477 - name: Update Git config 478 run: git config --global --add safe.directory ${GITHUB_WORKSPACE} 479 - shell: bash 480 run: | 481 # make check task 482 set -e -v 483 export LC_ALL=C 484 export BR2_CCACHE_DIR=/github/home/.cache/ccache 485 export FORCE_UNSAFE_CONFIGURE=1 # Prevent Buildroot error when building as root 486 export CFG_TEE_CORE_LOG_LEVEL=2 487 export CFG_ATTESTATION_PTA=y 488 export CFG_ATTESTATION_PTA_KEY_SIZE=1024 489 OPTEE_OS_TO_TEST=$(pwd) 490 cd .. 491 TOP=$(pwd)/optee_repo_qemu_v8 492 /root/get_optee.sh qemu_v8 ${TOP} 493 mv ${TOP}/optee_os ${TOP}/optee_os_old 494 ln -s ${OPTEE_OS_TO_TEST} ${TOP}/optee_os 495 cd ${TOP}/build 496 497 make -j$(nproc) arm-tf-clean SPMC_AT_EL=3 && make -j$(nproc) check SPMC_AT_EL=3 498 make -j$(nproc) arm-tf-clean SPMC_AT_EL=1 && make -j$(nproc) check SPMC_AT_EL=1 CFG_SECURE_PARTITION=y CFG_SPMC_TESTS=y 499 500 QEMUv8_clang_check: 501 name: make check (QEMUv8, Clang) 502 runs-on: ubuntu-latest 503 container: jforissier/optee_os_ci:qemu_check 504 steps: 505 - name: Remove /__t/* 506 run: rm -rf /__t/* 507 - name: Restore build cache 508 uses: actions/cache@v4 509 with: 510 path: /github/home/.cache/ccache 511 key: qemuv8_check-cache-${{ github.sha }} 512 restore-keys: | 513 qemuv8_check-cache- 514 - name: Checkout 515 uses: actions/checkout@v4 516 - name: Update Git config 517 run: git config --global --add safe.directory ${GITHUB_WORKSPACE} 518 - shell: bash 519 run: | 520 # make check task 521 set -e -v 522 export LC_ALL=C 523 export BR2_CCACHE_DIR=/github/home/.cache/ccache 524 export FORCE_UNSAFE_CONFIGURE=1 # Prevent Buildroot error when building as root 525 export CFG_TEE_CORE_LOG_LEVEL=2 526 export CFG_ATTESTATION_PTA=y 527 export CFG_ATTESTATION_PTA_KEY_SIZE=1024 528 export COMPILER=clang 529 OPTEE_OS_TO_TEST=$(pwd) 530 cd .. 531 TOP=$(pwd)/optee_repo_qemu_v8 532 /root/get_optee.sh qemu_v8 ${TOP} 533 mv ${TOP}/optee_os ${TOP}/optee_os_old 534 ln -s ${OPTEE_OS_TO_TEST} ${TOP}/optee_os 535 cd ${TOP}/build 536 537 make -j$(nproc) check 538 make -j$(nproc) check CFG_ULIBS_SHARED=y 539 540 QEMUv8_Xen_check: 541 name: make check (QEMUv8, Xen) 542 runs-on: ubuntu-latest 543 container: jforissier/optee_os_ci:qemu_check 544 steps: 545 - name: Remove /__t/* 546 run: rm -rf /__t/* 547 - name: Restore build cache 548 uses: actions/cache@v4 549 with: 550 path: /github/home/.cache/ccache 551 key: qemuv8_xen_check-cache-${{ github.sha }} 552 restore-keys: | 553 qemuv8_xen_check-cache- 554 - name: Checkout 555 uses: actions/checkout@v4 556 - name: Update Git config 557 run: git config --global --add safe.directory ${GITHUB_WORKSPACE} 558 - shell: bash 559 run: | 560 # make check task 561 set -e -v 562 export LC_ALL=C 563 export CFG_TEE_CORE_LOG_LEVEL=2 564 export BR2_CCACHE_DIR=/github/home/.cache/ccache 565 export FORCE_UNSAFE_CONFIGURE=1 # Prevent Buildroot error when building as root 566 OPTEE_OS_TO_TEST=$(pwd) 567 cd .. 568 TOP=$(pwd)/optee_repo_qemu_v8 569 /root/get_optee.sh qemu_v8 ${TOP} 570 mv ${TOP}/optee_os ${TOP}/optee_os_old 571 ln -s ${OPTEE_OS_TO_TEST} ${TOP}/optee_os 572 cd ${TOP}/build 573 574 make -j$(nproc) check XEN_BOOT=y 575 576 QEMUv8_Xen_ffa_check: 577 name: make check (QEMUv8, Xen FF-A) 578 runs-on: ubuntu-latest 579 container: jforissier/optee_os_ci:qemu_check 580 steps: 581 - name: Remove /__t/* 582 run: rm -rf /__t/* 583 - name: Restore build cache 584 uses: actions/cache@v4 585 with: 586 path: /github/home/.cache/ccache 587 key: qemuv8_xen_ffa_check-cache-${{ github.sha }} 588 restore-keys: | 589 qemuv8_xen_ffa_check-cache- 590 - name: Checkout 591 uses: actions/checkout@v4 592 - name: Update Git config 593 run: git config --global --add safe.directory ${GITHUB_WORKSPACE} 594 - shell: bash 595 run: | 596 # make check task 597 set -e -v 598 export LC_ALL=C 599 export CFG_TEE_CORE_LOG_LEVEL=2 600 export BR2_CCACHE_DIR=/github/home/.cache/ccache 601 export FORCE_UNSAFE_CONFIGURE=1 # Prevent Buildroot error when building as root 602 OPTEE_OS_TO_TEST=$(pwd) 603 cd .. 604 TOP=$(pwd)/optee_repo_qemu_v8 605 /root/get_optee.sh qemu_v8 ${TOP} 606 mv ${TOP}/optee_os ${TOP}/optee_os_old 607 ln -s ${OPTEE_OS_TO_TEST} ${TOP}/optee_os 608 cd ${TOP}/build 609 610 make -j$(nproc) check XEN_BOOT=y SPMC_AT_EL=1 611 612 QEMUv8_Hafnium_check: 613 name: make check (QEMUv8, Hafnium) 614 runs-on: ubuntu-latest 615 container: jforissier/optee_os_ci:qemu_check 616 steps: 617 - name: Remove /__t/* 618 run: rm -rf /__t/* 619 - name: Restore build cache 620 uses: actions/cache@v4 621 with: 622 path: /github/home/.cache/ccache 623 key: qemuv8_hafnium_check-cache-${{ github.sha }} 624 restore-keys: | 625 qemuv8_hafnium_check-cache- 626 - name: Checkout 627 uses: actions/checkout@v4 628 - name: Update Git config 629 run: git config --global --add safe.directory ${GITHUB_WORKSPACE} 630 - shell: bash 631 run: | 632 # make check task 633 set -e -v 634 export LC_ALL=C 635 export CFG_TEE_CORE_LOG_LEVEL=2 636 export BR2_CCACHE_DIR=/github/home/.cache/ccache 637 export FORCE_UNSAFE_CONFIGURE=1 # Prevent Buildroot error when building as root 638 OPTEE_OS_TO_TEST=$(pwd) 639 cd .. 640 TOP=$(pwd)/optee_repo_qemu_v8 641 /root/get_optee.sh qemu_v8 ${TOP} 642 mv ${TOP}/optee_os ${TOP}/optee_os_old 643 ln -s ${OPTEE_OS_TO_TEST} ${TOP}/optee_os 644 cd ${TOP}/build 645 646 make -j$(nproc) check SPMC_AT_EL=2 647 648 QEMUv8_check_BTI_MTE_PAC: 649 name: make check (QEMUv8, BTI+MTE+PAC) 650 runs-on: ubuntu-latest 651 container: jforissier/optee_os_ci:qemu_check 652 steps: 653 - name: Remove /__t/* 654 run: rm -rf /__t/* 655 - name: Restore build cache 656 uses: actions/cache@v4 657 with: 658 path: /github/home/.cache/ccache 659 key: qemuv8_check_bti_mte_pac-cache-${{ github.sha }} 660 restore-keys: | 661 qemuv8_check_bti_mte_pac-cache- 662 - name: Checkout 663 uses: actions/checkout@v4 664 - name: Update Git config 665 run: git config --global --add safe.directory ${GITHUB_WORKSPACE} 666 - shell: bash 667 run: | 668 # make check task 669 set -e -v 670 export LC_ALL=C 671 # The BTI-enabled toolchain is aarch64-unknown-linux-uclibc-gcc in /usr/local/bin 672 export PATH=/usr/local/bin:$PATH 673 export AARCH64_CROSS_COMPILE=aarch64-unknown-linux-uclibc- 674 export BR2_CCACHE_DIR=/github/home/.cache/ccache 675 export FORCE_UNSAFE_CONFIGURE=1 # Prevent Buildroot error when building as root 676 export CFG_TEE_CORE_LOG_LEVEL=2 677 export CFG_USER_TA_TARGETS=ta_arm64 678 OPTEE_OS_TO_TEST=$(pwd) 679 cd .. 680 TOP=$(pwd)/optee_repo_qemu_v8 681 # TF-A v2.6 fails to build with the above toolchain so override it 682 export TF_A_EXPORTS="CROSS_COMPILE=${TOP}/toolchains/aarch64/bin/aarch64-linux-gnu-" 683 /root/get_optee.sh qemu_v8 ${TOP} 684 mv ${TOP}/optee_os ${TOP}/optee_os_old 685 ln -s ${OPTEE_OS_TO_TEST} ${TOP}/optee_os 686 cd ${TOP}/build 687 688 # xtest 1031 is excluded because 1031.4 (C++ exception from shared library) fails with this cross-compiler 689 # Rust is disabled because of a link error in the examples with this toolchain 690 make -j$(nproc) CFG_CORE_BTI=y CFG_TA_BTI=y SEL0_SPS=y MEMTAG=y PAUTH=y RUST_ENABLE=n XTEST_ARGS="-x n_1031" check 691 692 QEMUv8_check_arm64_host: 693 name: make check (QEMUv8) (arm64 host) 694 runs-on: ubuntu-24.04-arm 695 container: jforissier/optee_os_ci:qemu_check_arm64 696 steps: 697 - name: Remove /__t/* 698 run: rm -rf /__t/* 699 - name: Restore build cache 700 uses: actions/cache@v4 701 with: 702 path: /github/home/.cache/ccache 703 key: qemuv8_check_arm64-cache-${{ github.sha }} 704 restore-keys: | 705 qemuv8_check_arm64-cache- 706 - name: Checkout 707 uses: actions/checkout@v4 708 - name: Update Git config 709 run: git config --global --add safe.directory ${GITHUB_WORKSPACE} 710 - shell: bash 711 run: | 712 # make check task 713 set -e -v 714 export LC_ALL=C 715 export BR2_CCACHE_DIR=/github/home/.cache/ccache 716 export FORCE_UNSAFE_CONFIGURE=1 # Prevent Buildroot error when building as root 717 export CFG_TEE_CORE_LOG_LEVEL=2 718 export CFG_ATTESTATION_PTA=y 719 export CFG_ATTESTATION_PTA_KEY_SIZE=1024 720 OPTEE_OS_TO_TEST=$(pwd) 721 cd .. 722 TOP=$(pwd)/optee_repo_qemu_v8 723 /root/get_optee.sh qemu_v8 ${TOP} 724 mv ${TOP}/optee_os ${TOP}/optee_os_old 725 ln -s ${OPTEE_OS_TO_TEST} ${TOP}/optee_os 726 cd ${TOP}/build 727 728 # CFG_CORE_UNSAFE_MODEXP=y to speed up regression_4011 729 # See commit cb03400251f9 ("Squashed commit upgrading to mbedtls-3.6.2") 730 # and commit 85df256c4a67 ("libmbedtls: add CFG_CORE_UNSAFE_MODEXP and CFG_TA_MBEDTLS_UNSAFE_MODEXP") 731 make -j$(nproc) check CFG_CORE_UNSAFE_MODEXP=y 732