Skip to content

Commit

Permalink
Integrate MPFS into CI
Browse files Browse the repository at this point in the history
  • Loading branch information
grg-haas committed Dec 29, 2023
1 parent 25093a8 commit 7b30bbf
Show file tree
Hide file tree
Showing 7 changed files with 165 additions and 4 deletions.
5 changes: 4 additions & 1 deletion .github/workflows/build-runtime.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,15 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
platform: [generic, unmatched]
platform: [generic, unmatched, mpfs]
bits: [32, 64]
exclude:
# unmatched is not 32 bit
- platform: unmatched
bits: 32
# mpfs is not 32 bit
- platform: mpfs
bits: 32

steps:
# We don't need submodules here since Keystone is a monorepo!
Expand Down
11 changes: 9 additions & 2 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,15 @@ jobs:
# platform that we support here
strategy:
matrix:
platform: [generic, unmatched]
platform: [generic, unmatched, mpfs]
bits: [32, 64]
exclude:
# unmatched is not 32 bit
- platform: unmatched
bits: 32
# mpfs is not 32 bit
- platform: mpfs
bits: 32

steps:

Expand Down Expand Up @@ -106,6 +109,10 @@ jobs:
# Needed by end-to-end tests
COMPRESSDIRS="$COMPRESSDIRS $BASEDIR/target/root/"
if [[ "${{ matrix.platform }}" == "mpfs" ]]; then
COMPRESSDIRS="$COMPRESSDIRS $BASEDIR/build/hss-v2023.06"
fi
tar -cf - $COMPRESSDIRS | xz -9 -T0 > build.tar.xz
- name: Upload build directory
Expand Down Expand Up @@ -159,7 +166,7 @@ jobs:
needs: build
uses: ./.github/workflows/build-runtime.yml

# System tests, which are run for simulatable platforms
# System tests, which are run for simulatable and self-hostable platforms
test-system:
needs: build
uses: ./.github/workflows/test-system.yml
96 changes: 95 additions & 1 deletion .github/workflows/test-system.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ on:
workflow_call:

jobs:
test-system:
test-generic:
runs-on: ubuntu-latest
strategy:
matrix:
Expand Down Expand Up @@ -65,3 +65,97 @@ jobs:
with:
name: test-keystone-${{ matrix.platform }}${{ matrix.bits }}-cmd.log
path: cmd.log

test-mpfs:
runs-on: [self-hosted, mpfs]
environment: track
steps:
# We don't need submodules here since Keystone is a monorepo!
- name: Checkout Keystone
uses: actions/checkout@v3
with:
submodules: 'false'

- name: Restore build directory
uses: actions/download-artifact@v4
with:
name: keystone-mpfs64-builddir
path: .

- name: Decompress build directory
run: cat build.tar.xz | xz -d -T0 | tar - xf -

# Test the firmware, first by flashing it
- name: Flash HSS
env:
POWER_ON_CMD: ${{ vars.POWER_ON_CMD_MPFS }}
POWER_OFF_CMD: ${{ vars.POWER_OFF_CMD_MPFS }}
SC_INSTALL_DIR: ${{ vars.SC_INSTALL_DIR }}
run: |
$POWER_ON_CMD
export FPGENPROG=$(which FPGENPROG)
make -C build-mpfs64/buildroot.build/build/hss-v2023.06 program
$POWER_OFF_CMD
# And then verifying that we can actually get to the command line
- name: Check HSS ok
env:
POWER_ON_CMD: ${{ vars.POWER_ON_CMD_MPFS }}
POWER_OFF_CMD: ${{ vars.POWER_OFF_CMD_MPFS }}
run: |
# Collect serial output
screen -L -dmS mpfs-tty bash -c "stty raw -echo < /dev/ttyUSB0 ; cat /dev/ttyUSB0 > run-hss.log"
$POWER_ON_CMD ; sleep 30 ; $POWER_OFF_CMD
screen -XS mpfs-tty quit
# At least the first hart should have started
[[ ! -z $(cat run-hss.log | sed -e 's/\x1b\[[0-9;]*m//g' | grep "u54 State Change: \[Running\]" ]]
- name: Upload HSS run log
if: failure()
uses: actions/upload-artifact@v4
with:
name: test-keystone-mpfs64-run-hss.log
path: run-hss.log

# Now we also need to flash the disk. First, get into usbdmsc
- name: Flash OS
env:
POWER_ON_CMD: ${{ vars.POWER_ON_CMD_MPFS }}
POWER_OFF_CMD: ${{ vars.POWER_OFF_CMD_MPFS }}
run: |
# Wait for the board to come up a bit
$POWER_ON_CMD
sleep 10
stty raw -echo < /dev/ttyUSB0 ; echo "usbdmsc" > /dev/ttyUSB0
# Wait a bit for the USB to connect then flash
sleep 10
dd if=build-mpfs64/buildroot.build/images/sdcard.img of=/dev/sda bs=4M oflag=direct
sync
$POWER_OFF_CMD
- name: Test Keystone system
env:
POWER_ON_CMD: ${{ vars.POWER_ON_CMD_MPFS }}
POWER_OFF_CMD: ${{ vars.POWER_OFF_CMD_MPFS }}
KEYSTONE_IP: ${{ vars.BOARD_IP_MPFS }}
run: |
# Fix permissions on the key
chmod 600 build-mpfs64/buildroot.build/target/root/.ssh/id-rsa
# Start the board
export KEYSTONE_PLATFORM=mpfs
export KEYSTONE_BITS=64
screen -L -dmS mpfs-tty bash -c "stty raw -echo < /dev/ttyUSB1 ; cat /dev/ttyUSB1 > run.log
$POWER_ON_CMD
# TODO: check for connectivity instead of sleeping
sleep 30
export CALL_LOGFILE=cmd.log
echo "" > $CALL_LOGFILE
KEYSTONE_COMMAND="modprobe keystone-driver" make call
KEYSTONE_COMMAND="/usr/share/keystone/examples/tests.ke" make call
KEYSTONE_COMMAND="/usr/share/keystone/examples/attestor.ke" make call
42 changes: 42 additions & 0 deletions docs/source/Continuous-Integration/Custom-Runner.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
Custom CI Runner
===========

We have created a custom CI runner set up with real RISC-V hardware so that we
can run CI tests even on platforms that don't have a good QEMU-based simulator.
This document details how this runner was setup so that it can be replicated or
extended with future hardware platforms.

Setup
-----------------

On the machine which has the RISC-V board connected, first create a new user and
assign them to any groups they will need in order to talk to the hardware.

.. code-block:: bash
sudo adduser runner
sudo usermod -aG disks runner
sudo usermod -aG dialout runner
...
# To allow user systemd units to run even when user is not logged in
sudo loginctl enable-linger runner
Then, login as that user and follow `these <https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners>`_
instructions for creating a new custom runner. When setting up the custom runner,
you will want to add any tags as necessary to describe the hardware that this
runner has access to. Then, optionally (but recommended), create a new systemd
unit file to automatically start the runner on machine boot.

.. code-block:: bash
mkdir -p /home/runner/.config/systemd/user
cat <<EOF > /home/runner/.config/systemd/user/runner.service
[Service]
ExecStart=/home/runner/actions-runner/run.sh
[Install]
WantedBy=default.target
EOF
systemctl --user enable runner
systemctl --user start runner
6 changes: 6 additions & 0 deletions docs/source/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,12 @@ Welcome to Keystone Enclave's documentation!

Security-Monitor/index

.. toctree::
:maxdepth: 1
:caption: Continuous Integration
:numbered:

Continuous-Integration/Custom-Runner

.. toctree::
:maxdepth: 1
Expand Down
8 changes: 8 additions & 0 deletions mkutils/plat/mpfs/run.mk
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,14 @@ run:
$(call log,info,Starting OpenOCD)
$(SC_INSTALL_DIR)/openocd/bin/openocd $(OPENOCD_FLAGS)

CALL_LOGFILE ?= $(shell mktemp)
call:
$(call log,info,Calling command in QEMU)
ssh -i $(BUILDROOT_BUILDDIR)/target/root/.ssh/id-rsa \
-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
root@$(KEYSTONE_IP) $(KEYSTONE_COMMAND) 2>&1 | \
grep -v "Warning: Permanently added" | tee -a $(CALL_LOGFILE)

debug-connect:
$(call log,info,Connecting to OpenOCD)
PYTHONPATH=$(BUILDROOT_BUILDDIR)/build/host-gcc-final-11.4.0/libstdc++-v3/python \
Expand Down
1 change: 1 addition & 0 deletions runtime/test/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ include(AddCMockaTest)
enable_testing()

include_directories(../include)
include_directories(../../sdk/include/shared/)

add_cmocka_test(test_string SOURCES string.c COMPILE_OPTIONS -I${CMAKE_BINARY_DIR}/cmocka/include LINK_LIBRARIES cmocka)
add_cmocka_test(test_merkle
Expand Down

0 comments on commit 7b30bbf

Please sign in to comment.