From 90a5f29dd3de565806c87a4c031f0ef720c53caa Mon Sep 17 00:00:00 2001 From: jackctj117 Date: Mon, 1 Dec 2025 15:55:26 -0700 Subject: [PATCH] CI-tests: - STM32L4 and STM32WB using CubeMX SDK - Add test-build-riscv.yml workflow for RISC-V HiFive1 targets - Enable tests for hifive1, nxp-ls1028a, nxp-ls1028a-tpm, imx-rt1060_hab, raspi3-encrypted --- .github/workflows/test-build-riscv.yml | 104 ++++++++++++++++++++ .github/workflows/test-build-stm32cube.yml | 105 +++++++++++++++++++++ .github/workflows/test-configs.yml | 77 ++++++++++----- hal/hifive1.ld | 1 + lib/wolfssl | 2 +- 5 files changed, 265 insertions(+), 24 deletions(-) create mode 100644 .github/workflows/test-build-riscv.yml create mode 100644 .github/workflows/test-build-stm32cube.yml diff --git a/.github/workflows/test-build-riscv.yml b/.github/workflows/test-build-riscv.yml new file mode 100644 index 0000000000..95893d7f91 --- /dev/null +++ b/.github/workflows/test-build-riscv.yml @@ -0,0 +1,104 @@ +name: Wolfboot Reusable Build Workflow for RISC-V + +on: + + workflow_call: + inputs: + arch: + required: true + type: string + config-file: + required: true + type: string + make-args: + required: false + type: string + +jobs: + + build: + runs-on: ubuntu-24.04 + timeout-minutes: 30 + + steps: + - uses: actions/checkout@v4 + with: + submodules: true + + - uses: actions/checkout@v4 + with: + repository: sifive/freedom-e-sdk + path: freedom-e-sdk + submodules: recursive + + - name: Workaround for sources.list + run: | + # Replace sources + + set -euxo pipefail + + # Peek (what repos are active now) + apt-cache policy + grep -RInE '^(deb|Types|URIs)' /etc/apt || true + + # Enable nullglob so *.list/*.sources that don't exist don't break sed + shopt -s nullglob + + echo "Replace sources.list (legacy)" + sudo sed -i \ + -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \ + /etc/apt/sources.list || true + + echo "Replace sources.list.d/*.list (legacy)" + for f in /etc/apt/sources.list.d/*.list; do + sudo sed -i \ + -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \ + "$f" + done + + echo "Replace sources.list.d/*.sources (deb822)" + for f in /etc/apt/sources.list.d/*.sources; do + sudo sed -i \ + -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \ + -e "s|https\?://azure\.archive\.ubuntu\.com|http://mirror.arizona.edu|g" \ + "$f" + done + + echo "Fix /etc/apt/apt-mirrors.txt (used by URIs: mirror+file:...)" + if grep -qE '^[[:space:]]*https?://azure\.archive\.ubuntu\.com/ubuntu/?' /etc/apt/apt-mirrors.txt; then + # Replace azure with our mirror (idempotent) + sudo sed -i 's|https\?://azure\.archive\.ubuntu\.com/ubuntu/|http://mirror.arizona.edu/ubuntu/|g' /etc/apt/apt-mirrors.txt + fi + + # Peek (verify changes) + grep -RIn "azure.archive.ubuntu.com" /etc/apt || true + grep -RInE '^(deb|Types|URIs)' /etc/apt || true + echo "--- apt-mirrors.txt ---" + cat /etc/apt/apt-mirrors.txt || true + + - name: Update repository + run: sudo apt-get update -o Acquire::Retries=3 + + - name: Download and install SiFive RISC-V toolchain + run: | + # Download SiFive prebuilt toolchain with newlib + wget -q https://static.dev.sifive.com/dev-tools/freedom-tools/v2020.12/riscv64-unknown-elf-toolchain-10.2.0-2020.12.8-x86_64-linux-ubuntu14.tar.gz + tar xzf riscv64-unknown-elf-toolchain-10.2.0-2020.12.8-x86_64-linux-ubuntu14.tar.gz + echo "$GITHUB_WORKSPACE/riscv64-unknown-elf-toolchain-10.2.0-2020.12.8-x86_64-linux-ubuntu14/bin" >> $GITHUB_PATH + + - name: make clean + run: | + make distclean + + - name: Select config + run: | + cp ${{inputs.config-file}} .config + + - name: Build tools + run: | + make -C tools/keytools && make -C tools/bin-assemble + + - name: Build wolfboot + run: | + make FREEDOM_E_SDK=$GITHUB_WORKSPACE/freedom-e-sdk CROSS_COMPILE=riscv64-unknown-elf- ${{inputs.make-args}} + diff --git a/.github/workflows/test-build-stm32cube.yml b/.github/workflows/test-build-stm32cube.yml new file mode 100644 index 0000000000..0556adb5b8 --- /dev/null +++ b/.github/workflows/test-build-stm32cube.yml @@ -0,0 +1,105 @@ +name: Wolfboot Reusable Build Workflow for STM32Cube SDK + +on: + + workflow_call: + inputs: + arch: + required: true + type: string + config-file: + required: true + type: string + cube-repo: + description: 'STM32Cube repository to clone (e.g., STMicroelectronics/STM32CubeL4)' + required: true + type: string + make-args: + required: false + type: string + +jobs: + + build: + runs-on: ubuntu-latest + timeout-minutes: 30 + + steps: + - uses: actions/checkout@v4 + with: + submodules: true + + - uses: actions/checkout@v4 + with: + repository: ${{inputs.cube-repo}} + path: STM32Cube + submodules: true + + - name: Workaround for sources.list + run: | + # Replace sources + + set -euxo pipefail + + # Peek (what repos are active now) + apt-cache policy + grep -RInE '^(deb|Types|URIs)' /etc/apt || true + + # Enable nullglob so *.list/*.sources that don't exist don't break sed + shopt -s nullglob + + echo "Replace sources.list (legacy)" + sudo sed -i \ + -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \ + /etc/apt/sources.list || true + + echo "Replace sources.list.d/*.list (legacy)" + for f in /etc/apt/sources.list.d/*.list; do + sudo sed -i \ + -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \ + "$f" + done + + echo "Replace sources.list.d/*.sources (deb822)" + for f in /etc/apt/sources.list.d/*.sources; do + sudo sed -i \ + -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \ + -e "s|https\?://azure\.archive\.ubuntu\.com|http://mirror.arizona.edu|g" \ + "$f" + done + + echo "Fix /etc/apt/apt-mirrors.txt (used by URIs: mirror+file:...)" + if grep -qE '^[[:space:]]*https?://azure\.archive\.ubuntu\.com/ubuntu/?' /etc/apt/apt-mirrors.txt; then + # Replace azure with our mirror (idempotent) + sudo sed -i 's|https\?://azure\.archive\.ubuntu\.com/ubuntu/|http://mirror.arizona.edu/ubuntu/|g' /etc/apt/apt-mirrors.txt + fi + + # Peek (verify changes) + grep -RIn "azure.archive.ubuntu.com" /etc/apt || true + grep -RInE '^(deb|Types|URIs)' /etc/apt || true + echo "--- apt-mirrors.txt ---" + cat /etc/apt/apt-mirrors.txt || true + + - name: Update repository + run: sudo apt-get update + + - name: Install cross compilers + run: | + sudo apt-get install -y gcc-arm-none-eabi + + - name: make distclean + run: | + make distclean + + - name: Select config + run: | + cp ${{inputs.config-file}} .config && make include/target.h + + - name: Build tools + run: | + make -C tools/keytools && make -C tools/bin-assemble + + - name: Build wolfboot + run: | + make STM32CUBE="$GITHUB_WORKSPACE/STM32Cube" ${{inputs.make-args}} V=1 + diff --git a/.github/workflows/test-configs.yml b/.github/workflows/test-configs.yml index 2260582b5e..a6a51bc8de 100644 --- a/.github/workflows/test-configs.yml +++ b/.github/workflows/test-configs.yml @@ -8,21 +8,19 @@ on: jobs: - # TODO: cypsoc6.config requires cy_device_headers.h + # TODO: cypsoc6.config requires cy_device_headers.h and component defines # cypsoc6_test: - # uses: ./.github/workflows/test-build.yml + # uses: ./.github/workflows/test-build-psoc6.yml # with: # arch: arm # config-file: ./config/examples/cypsoc6.config - # TODO: hifive.config requires RISC-V compiler - # hifive1_test: - # uses: ./.github/workflows/test-build.yml - # with: - # arch: riscv - # config-file: ./config/examples/hifive.config - # - # + hifive1_test: + uses: ./.github/workflows/test-build-riscv.yml + with: + arch: riscv + config-file: ./config/examples/hifive1.config + sama5d3_test: uses: ./.github/workflows/test-build.yml with: @@ -93,6 +91,12 @@ jobs: config-file: ./config/examples/imx-rt1064.config make-args: PKA=1 NO_ARM_ASM=1 + imx_rt1060_hab_test: + uses: ./.github/workflows/test-build-mcux-sdk.yml + with: + arch: arm + config-file: ./config/examples/imx-rt1060_hab.config + kinetis_k64f_test: uses: ./.github/workflows/test-build-mcux-sdk.yml with: @@ -172,6 +176,20 @@ jobs: arch: ppc config-file: ./config/examples/nxp-t2080.config + nxp_ls1028a_test: + uses: ./.github/workflows/test-build.yml + with: + arch: aarch64 + config-file: ./config/examples/nxp-ls1028a.config + make-args: CROSS_COMPILE=aarch64-linux-gnu- + + nxp_ls1028a_tpm_test: + uses: ./.github/workflows/test-build.yml + with: + arch: aarch64 + config-file: ./config/examples/nxp-ls1028a-tpm.config + make-args: CROSS_COMPILE=aarch64-linux-gnu- + nxp_mcxa_test: uses: ./.github/workflows/test-build-mcux-sdk.yml with: @@ -191,6 +209,13 @@ jobs: config-file: ./config/examples/raspi3.config make-args: wolfboot.bin CROSS_COMPILE=aarch64-linux-gnu- + raspi3_encrypted_test: + uses: ./.github/workflows/test-build.yml + with: + arch: aarch64 + config-file: ./config/examples/raspi3-encrypted.config + make-args: wolfboot.bin CROSS_COMPILE=aarch64-linux-gnu- + sim_tfm_smallstack_test: uses: ./.github/workflows/test-build.yml with: @@ -375,12 +400,12 @@ jobs: arch: arm config-file: ./config/examples/stm32l0.config - # TODO: stm32l4-cube.config requires Cube HAL - # stm32l4_cube_test: - # uses: ./.github/workflows/test-build.yml - # with: - # arch: arm - # config-file: ./config/examples/stm32l4-cube.config + stm32l4_cube_test: + uses: ./.github/workflows/test-build-stm32cube.yml + with: + arch: arm + config-file: ./config/examples/stm32l4-cube.config + cube-repo: STMicroelectronics/STM32CubeL4 stm32l5_nonsecure_dualbank_test: uses: ./.github/workflows/test-build.yml @@ -436,12 +461,13 @@ jobs: arch: arm config-file: ./config/examples/stm32wb-delta.config - # TODO: stm32wb-pka-1mb.config requires STM32 HAL #include "stm32wbxx_hal.h - # stm32wb_pka_1mb_test: - # uses: ./.github/workflows/test-build.yml - # with: - # arch: arm - # config-file: ./config/examples/stm32wb-pka-1mb.config + stm32wb_pka_1mb_test: + uses: ./.github/workflows/test-build-stm32cube.yml + with: + arch: arm + config-file: ./config/examples/stm32wb-pka-1mb.config + cube-repo: STMicroelectronics/STM32CubeWB + make-args: PKA=1 NO_ARM_ASM=1 stm32wb_tpm_test: uses: ./.github/workflows/test-build.yml @@ -473,7 +499,12 @@ jobs: arch: arm config-file: ./config/examples/stm32wb.config - # TODO: ti-tms570lc435.config requires CCS_ROOT + # TODO: ti-tms570lc435.config requires F021 Flash API (Windows installer only) + # ti_tms570lc435_test: + # uses: ./.github/workflows/test-build-ti-hercules.yml + # with: + # arch: arm + # config-file: ./config/examples/ti-tms570lc435.config # Cannot run on CI without the SDK (see VORAGO_SDK_DIR) # vorago_va416x0_test: diff --git a/hal/hifive1.ld b/hal/hifive1.ld index 64c5fbb657..a3145c02d0 100644 --- a/hal/hifive1.ld +++ b/hal/hifive1.ld @@ -17,6 +17,7 @@ SECTIONS . = ORIGIN(FLASH) + 0x200; _start_vector = .; KEEP(*(.isr_vector)) + *(.keystore*) *(.text*) *(.rodata*) *(.srodata*) diff --git a/lib/wolfssl b/lib/wolfssl index 59f4fa5686..8741805e9d 160000 --- a/lib/wolfssl +++ b/lib/wolfssl @@ -1 +1 @@ -Subproject commit 59f4fa568615396fbf381b073b220d1e8d61e4c2 +Subproject commit 8741805e9d1fd9c3014b5b774ad09a77ccb5b0dc