simple example of failable malloc #390
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a basic workflow to help you get started with Actions | |
| name: Component Build & Test CI | |
| # Controls when the workflow will run | |
| on: | |
| # Triggers the workflow on push or pull request events but only for the develop branch | |
| push: | |
| # Allows you to run this workflow manually from the Actions tab | |
| #workflow_dispatch: | |
| # A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
| jobs: | |
| mps-build: | |
| runs-on: ubuntu-22.04 | |
| needs: libgpiod | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Checkout submodules | |
| run: | | |
| git submodule update --init src/pkvm_setup/libgpiod | |
| - name: Hash inputs | |
| id: hash | |
| run: | | |
| cache_key="$(bash src/pkvm_setup/package.sh cache_key mps)" | |
| echo "Cache key: $cache_key" | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV | |
| - name: Cache results | |
| id: cache | |
| uses: actions/cache@v3 | |
| with: | |
| key: ${{ env.CACHE_KEY }} | |
| path: packages/${{ env.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit == 'true' }} | |
| name: "Unpack mps" | |
| run: | | |
| tar -xvf packages/${{ env.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: "Cache restore: libgpiod" | |
| uses: actions/cache/restore@v3 | |
| with: | |
| key: ${{ needs.libgpiod.outputs.CACHE_KEY }} | |
| path: packages/${{ needs.libgpiod.outputs.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Install aarch64 toolchain | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y {gcc,g++}-aarch64-linux-gnu | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Install verilator | |
| run: sudo apt-get install -y verilator | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Build MPS | |
| run: | | |
| bash src/pkvm_setup/package.sh full_build mps | |
| - name: Upload MPS binaries | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: mps-binaries | |
| path: components/mission_protection_system/src/mps.* | |
| outputs: | |
| CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} | |
| mps-test: | |
| runs-on: ubuntu-22.04 | |
| needs: mps-build | |
| steps: | |
| - name: Checkout repository and submodules | |
| uses: actions/checkout@v4 | |
| - name: Download MPS binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: mps-binaries | |
| - name: Display structure of downloaded files | |
| run: | | |
| chmod +x mps.* | |
| mv mps.* components/mission_protection_system/src/. | |
| - name: Install pip3 | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y python3-pip | |
| - name: Test MPS | |
| run: | | |
| cd components/mission_protection_system/tests | |
| pip3 install -r requirements.txt | |
| MPS_DEBUG=1 QUICK=1 python3 ./run_all.py | |
| trusted-boot-build: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout repository and submodules | |
| uses: actions/checkout@v4 | |
| - name: Install aarch64 toolchain | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y {gcc,g++}-aarch64-linux-gnu | |
| - name: Build trusted_boot | |
| run: | | |
| cd components/platform_crypto/shave_trusted_boot/ | |
| make clean | |
| # Build, then check it created the correct output file. | |
| make | |
| [ -f trusted_boot ] | |
| make TARGET=aarch64 | |
| [ -f trusted_boot.aarch64 ] | |
| - name: Upload trusted_boot binaries | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: trusted-boot-binaries | |
| path: | | |
| components/platform_crypto/shave_trusted_boot/trusted_boot | |
| components/platform_crypto/shave_trusted_boot/trusted_boot.* | |
| vm_runner: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Hash inputs | |
| id: hash | |
| run: | | |
| cache_key="$(bash src/pkvm_setup/package.sh cache_key vm_runner)" | |
| echo "Cache key: $cache_key" | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV | |
| - name: Cache results | |
| id: cache | |
| uses: actions/cache@v3 | |
| with: | |
| key: ${{ env.CACHE_KEY }} | |
| path: packages/${{ env.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Install aarch64 toolchain | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y gcc-aarch64-linux-gnu | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| uses: hecrj/setup-rust-action@v2 | |
| with: | |
| rust-version: 1.74 | |
| targets: aarch64-unknown-linux-gnu | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Build VM runner | |
| run: | | |
| bash src/pkvm_setup/package.sh full_build vm_runner | |
| outputs: | |
| CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} | |
| libgpiod: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Checkout submodules | |
| run: | | |
| git submodule update --init src/pkvm_setup/libgpiod | |
| - name: Hash inputs | |
| id: hash | |
| run: | | |
| cache_key="$(bash src/pkvm_setup/package.sh cache_key libgpiod)" | |
| echo "Cache key: $cache_key" | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV | |
| - name: Cache results | |
| id: cache | |
| uses: actions/cache@v3 | |
| with: | |
| key: ${{ env.CACHE_KEY }} | |
| path: packages/${{ env.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Install dependency packages | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| build-essential autoconf automake autoconf-archive \ | |
| gcc-aarch64-linux-gnu | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Build libgpiod | |
| run: | | |
| bash src/pkvm_setup/package.sh full_build libgpiod | |
| outputs: | |
| CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} | |
| vhost_device: | |
| runs-on: ubuntu-22.04 | |
| needs: libgpiod | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Checkout submodules | |
| run: | | |
| git config --global url."https://galoisactions:${{ secrets.VERSE_VHOST_DEVICE_ACCESS_TOKEN }}@github.com/".insteadOf "git@github.com:" | |
| git submodule update --init src/pkvm_setup/libgpiod | |
| git submodule update --init src/pkvm_setup/vhost-device | |
| - name: Hash inputs | |
| id: hash | |
| run: | | |
| cache_key="$(bash src/pkvm_setup/package.sh cache_key vhost_device)" | |
| echo "Cache key: $cache_key" | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV | |
| - name: Cache results | |
| id: cache | |
| uses: actions/cache@v3 | |
| with: | |
| key: ${{ env.CACHE_KEY }} | |
| path: packages/${{ env.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: "Cache restore: libgpiod" | |
| uses: actions/cache/restore@v3 | |
| with: | |
| key: ${{ needs.libgpiod.outputs.CACHE_KEY }} | |
| path: packages/${{ needs.libgpiod.outputs.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Install dependency packages | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| build-essential autoconf automake autoconf-archive \ | |
| gcc-aarch64-linux-gnu | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| uses: hecrj/setup-rust-action@v2 | |
| with: | |
| rust-version: 1.74 | |
| targets: aarch64-unknown-linux-gnu | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Build vhost-device | |
| run: | | |
| # This must match the `rust-version` installed above. | |
| export RUSTUP_TOOLCHAIN=1.74 | |
| bash src/pkvm_setup/package.sh full_build vhost_device | |
| outputs: | |
| CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} | |
| pkvm: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Checkout submodules | |
| run: | | |
| git submodule update --init src/pkvm_setup/linux-pkvm | |
| - name: Hash inputs | |
| id: hash | |
| run: | | |
| cache_key="$(bash src/pkvm_setup/package.sh cache_key pkvm)" | |
| echo "Cache key: $cache_key" | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV | |
| - name: Cache results | |
| id: cache | |
| uses: actions/cache@v3 | |
| with: | |
| key: ${{ env.CACHE_KEY }} | |
| path: packages/${{ env.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Fetch from Artifactory | |
| run: | | |
| bash src/pkvm_setup/package.sh download pkvm \ | |
| -u "${{ secrets.ARTIFACTORY_RDE_GENERIC_USERNAME }}:${{ secrets.ARTIFACTORY_RDE_GENERIC_ACCESS_TOKEN }}" | |
| outputs: | |
| CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} | |
| qemu: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Checkout submodules | |
| run: | | |
| git config --global url."https://galoisactions:${{ secrets.VERSE_VHOST_DEVICE_ACCESS_TOKEN }}@github.com/".insteadOf "git@github.com:" | |
| git submodule update --init src/pkvm_setup/qemu | |
| - name: Hash inputs | |
| id: hash | |
| run: | | |
| cache_key="$(bash src/pkvm_setup/package.sh cache_key qemu)" | |
| echo "Cache key: $cache_key" | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV | |
| - name: Cache results | |
| id: cache | |
| uses: actions/cache@v3 | |
| with: | |
| key: ${{ env.CACHE_KEY }} | |
| path: packages/${{ env.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Fetch from Artifactory | |
| run: | | |
| bash src/pkvm_setup/package.sh download qemu \ | |
| -u "${{ secrets.ARTIFACTORY_RDE_GENERIC_USERNAME }}:${{ secrets.ARTIFACTORY_RDE_GENERIC_ACCESS_TOKEN }}" | |
| outputs: | |
| CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} | |
| vm_image_base: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Hash inputs | |
| id: hash | |
| run: | | |
| cache_key="$(bash src/pkvm_setup/package.sh cache_key vm_image_base)" | |
| echo "Cache key: $cache_key" | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV | |
| - name: Cache results | |
| id: cache | |
| uses: actions/cache@v3 | |
| with: | |
| key: ${{ env.CACHE_KEY }} | |
| path: packages/${{ env.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Fetch from Artifactory | |
| run: | | |
| bash src/pkvm_setup/package.sh download vm_image_base \ | |
| -u "${{ secrets.ARTIFACTORY_RDE_GENERIC_USERNAME }}:${{ secrets.ARTIFACTORY_RDE_GENERIC_ACCESS_TOKEN }}" | |
| outputs: | |
| CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} | |
| vm_images: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - vm_runner | |
| - vhost_device | |
| - pkvm | |
| - qemu | |
| - vm_image_base | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Checkout submodules | |
| run: | | |
| git config --global url."https://galoisactions:${{ secrets.VERSE_VHOST_DEVICE_ACCESS_TOKEN }}@github.com/".insteadOf "git@github.com:" | |
| git submodule update --init src/pkvm_setup/libgpiod | |
| git submodule update --init src/pkvm_setup/vhost-device | |
| git submodule update --init src/pkvm_setup/linux-pkvm | |
| git submodule update --init src/pkvm_setup/qemu | |
| - name: Hash inputs | |
| id: hash | |
| run: | | |
| cache_key="$(bash src/pkvm_setup/package.sh cache_key vm_images)" | |
| echo "Cache key: $cache_key" | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV | |
| - name: Cache results | |
| id: cache | |
| uses: actions/cache@v3 | |
| with: | |
| key: ${{ env.CACHE_KEY }} | |
| path: packages/${{ env.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: "Cache restore: vm_runner" | |
| uses: actions/cache/restore@v3 | |
| with: | |
| key: ${{ needs.vm_runner.outputs.CACHE_KEY }} | |
| path: packages/${{ needs.vm_runner.outputs.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: "Cache restore: vhost_device" | |
| uses: actions/cache/restore@v3 | |
| with: | |
| key: ${{ needs.vhost_device.outputs.CACHE_KEY }} | |
| path: packages/${{ needs.vhost_device.outputs.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: "Cache restore: pkvm" | |
| uses: actions/cache/restore@v3 | |
| with: | |
| key: ${{ needs.pkvm.outputs.CACHE_KEY }} | |
| path: packages/${{ needs.pkvm.outputs.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: "Cache restore: qemu" | |
| uses: actions/cache/restore@v3 | |
| with: | |
| key: ${{ needs.qemu.outputs.CACHE_KEY }} | |
| path: packages/${{ needs.qemu.outputs.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: "Cache restore: vm_image_base" | |
| uses: actions/cache/restore@v3 | |
| with: | |
| key: ${{ needs.vm_image_base.outputs.CACHE_KEY }} | |
| path: packages/${{ needs.vm_image_base.outputs.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Install dependency packages | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y qemu-system-arm qemu-utils | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Build VM images | |
| run: | | |
| bash src/pkvm_setup/package.sh full_build vm_images | |
| outputs: | |
| CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} | |
| mps-test-vm: | |
| # Other jobs use Ubuntu 22.04, but that release has an old version of QEMU | |
| # (6.2) and doesn't support vhost-user-gpio devices. | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - mps-build | |
| - vm_images | |
| - vhost_device | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Download MPS binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: mps-binaries | |
| - name: Prepare MPS binaries for use | |
| run: | | |
| chmod +x mps.* | |
| mv mps.* components/mission_protection_system/src/. | |
| - name: "Cache restore: vm_images" | |
| uses: actions/cache/restore@v3 | |
| with: | |
| key: ${{ needs.vm_images.outputs.CACHE_KEY }} | |
| path: packages/${{ needs.vm_images.outputs.CACHE_KEY }}.tar.gz | |
| - name: "Cache restore: vhost_device" | |
| uses: actions/cache/restore@v3 | |
| with: | |
| key: ${{ needs.vhost_device.outputs.CACHE_KEY }} | |
| path: packages/${{ needs.vhost_device.outputs.CACHE_KEY }}.tar.gz | |
| - name: "Unpack vm_images" | |
| run: | | |
| tar -xvf packages/${{ needs.vm_images.outputs.CACHE_KEY }}.tar.gz | |
| - name: "Unpack vhost_device" | |
| run: | | |
| tar -xvf packages/${{ needs.vhost_device.outputs.CACHE_KEY }}.tar.gz | |
| - name: Install QEMU | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y qemu-system-arm | |
| - uses: hecrj/setup-rust-action@v2 | |
| with: | |
| rust-version: 1.74 | |
| - name: Run MPS tests | |
| run: RUST_LOG=trace MPS_DEBUG=1 python3 src/vm_runner/tests/mps/run_tests.py | |
| ardupilot: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Checkout submodules | |
| run: | | |
| git config --global url."https://galoisactions:${{ secrets.VERSE_VHOST_DEVICE_ACCESS_TOKEN }}@github.com/".insteadOf "git@github.com:" | |
| git submodule update --init components/autopilot/ardupilot | |
| - name: Hash inputs | |
| id: hash | |
| run: | | |
| cache_key="$(bash src/pkvm_setup/package.sh cache_key ardupilot)" | |
| echo "Cache key: $cache_key" | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV | |
| - name: Cache results | |
| id: cache | |
| uses: actions/cache@v3 | |
| with: | |
| key: ${{ env.CACHE_KEY }} | |
| path: packages/${{ env.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| BUILD_ONLY=1 bash components/autopilot/ardupilot_install_deps.sh | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Fetch additional submodules for build | |
| run: | | |
| bash components/autopilot/ardupilot_init_submodules.sh | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Build ArduPilot | |
| run: | | |
| bash src/pkvm_setup/package.sh full_build ardupilot | |
| outputs: | |
| CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} | |
| logging: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Checkout submodules | |
| run: | | |
| git config --global url."https://galoisactions:${{ secrets.VERSE_VHOST_DEVICE_ACCESS_TOKEN }}@github.com/".insteadOf "git@github.com:" | |
| git submodule update --init components/autopilot/ardupilot | |
| # Set up mavlink submodule early because it's used to calculate | |
| # the cache key. | |
| (cd components/autopilot/ardupilot && git submodule update --init modules/mavlink) | |
| - name: Hash inputs | |
| id: hash | |
| run: | | |
| cache_key="$(bash src/pkvm_setup/package.sh cache_key logging)" | |
| echo "Cache key: $cache_key" | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT | |
| echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV | |
| - name: Cache results | |
| id: cache | |
| uses: actions/cache@v3 | |
| with: | |
| key: ${{ env.CACHE_KEY }} | |
| path: packages/${{ env.CACHE_KEY }}.tar.gz | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Install MAVLink dependencies | |
| run: | | |
| sudo apt-get update | |
| BUILD_ONLY=1 bash components/autopilot/ardupilot_setup_mavgen.sh | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Install aarch64 toolchain | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y {gcc,g++}-aarch64-linux-gnu | |
| - if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| name: Build logging component | |
| run: | | |
| bash src/pkvm_setup/package.sh full_build logging | |
| outputs: | |
| CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} | |
| jsbsim_proxy: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| # jsbsim_proxy is trivial to build, so we don't bother packaging or | |
| # caching it. | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt install build-essential | |
| - name: Build jsbsim_proxy | |
| run: | | |
| cd src/jsbsim_proxy | |
| make | |
| [ -f jsbsim_proxy ] | |
| mkm: | |
| runs-on: ubuntu-22.04 | |
| needs: trusted-boot-build | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| # mkm is trivial to build, so we don't bother packaging or caching it. | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y build-essential | |
| sudo apt-get install -y {gcc,g++}-aarch64-linux-gnu | |
| - name: Build mkm | |
| run: | | |
| cd components/mission_key_management | |
| make | |
| [ -f mkm ] | |
| make TARGET=aarch64 | |
| [ -f mkm.aarch64 ] | |
| # Some test cases require the `trusted_boot` binary for generating | |
| # attestations. | |
| - name: Download trusted_boot binary | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: trusted-boot-binaries | |
| - name: Move trusted_boot binary into place | |
| run: | | |
| chmod -v +x trusted_boot | |
| mv -v trusted_boot components/platform_crypto/shave_trusted_boot/ | |
| - name: Run tests | |
| run: | | |
| cd components/mission_key_management | |
| python3 run_tests.py | |
| mkm_client: | |
| runs-on: ubuntu-22.04 | |
| needs: trusted-boot-build | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| # mkm is trivial to build, so we don't bother packaging or caching it. | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y build-essential | |
| sudo apt-get install -y {gcc,g++}-aarch64-linux-gnu | |
| - name: Build mkm | |
| run: | | |
| cd components/mission_key_management | |
| make | |
| [ -f mkm ] | |
| - name: Build mkm_client | |
| run: | | |
| cd components/mkm_client | |
| make | |
| [ -f mkm_client ] | |
| make TARGET=aarch64 | |
| [ -f mkm_client.aarch64 ] | |
| - name: Download trusted_boot binary | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: trusted-boot-binaries | |
| - name: Move trusted_boot binary into place | |
| run: | | |
| chmod -v +x trusted_boot | |
| mv -v trusted_boot components/platform_crypto/shave_trusted_boot/ | |
| - name: Run tests | |
| run: | | |
| cd components/mkm_client | |
| ../mission_key_management/mkm & | |
| key=$(../platform_crypto/shave_trusted_boot/trusted_boot ./run_client.sh) | |
| [ "$key" = "mkm_client uses this key to test" ] |