CI-tests additions

.github/workflows/test-build-riscv.yml

@@ -0,0 +1,104 @@
+name: Wolfboot Reusable Build Workflow for RISC-V
+
+on:
+
+  workflow_call:
+    inputs:
+      arch:
+        required: true
+        type: string
+      config-file:
+        required: true
+        type: string
+      make-args:
+        required: false
+        type: string
+
+jobs:
+
+  build:
+    runs-on: ubuntu-24.04
+    timeout-minutes: 30
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+
+      - uses: actions/checkout@v4
+        with:
+          repository: sifive/freedom-e-sdk
+          path: freedom-e-sdk
+          submodules: recursive
+
+      - name: Workaround for sources.list
+        run: |
+            # Replace sources
+
+            set -euxo pipefail
+
+            # Peek (what repos are active now)
+            apt-cache policy
+            grep -RInE '^(deb|Types|URIs)' /etc/apt || true
+
+            # Enable nullglob so *.list/*.sources that don't exist don't break sed
+            shopt -s nullglob
+
+            echo "Replace sources.list (legacy)"
+            sudo sed -i \
+              -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
+              /etc/apt/sources.list || true
+
+            echo "Replace sources.list.d/*.list (legacy)"
+            for f in /etc/apt/sources.list.d/*.list; do
+              sudo sed -i \
+                -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
+                "$f"
+            done
+
+            echo "Replace sources.list.d/*.sources (deb822)"
+            for f in /etc/apt/sources.list.d/*.sources; do
+              sudo sed -i \
+                -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
+                -e "s|https\?://azure\.archive\.ubuntu\.com|http://mirror.arizona.edu|g" \
+                "$f"
+            done
+
+            echo "Fix /etc/apt/apt-mirrors.txt (used by URIs: mirror+file:...)"
+            if grep -qE '^[[:space:]]*https?://azure\.archive\.ubuntu\.com/ubuntu/?' /etc/apt/apt-mirrors.txt; then
+              # Replace azure with our mirror (idempotent)
+              sudo sed -i 's|https\?://azure\.archive\.ubuntu\.com/ubuntu/|http://mirror.arizona.edu/ubuntu/|g' /etc/apt/apt-mirrors.txt
+            fi
+
+            # Peek (verify changes)
+            grep -RIn "azure.archive.ubuntu.com" /etc/apt || true
+            grep -RInE '^(deb|Types|URIs)' /etc/apt || true
+            echo "--- apt-mirrors.txt ---"
+            cat /etc/apt/apt-mirrors.txt || true
+
+      - name: Update repository
+        run: sudo apt-get update -o Acquire::Retries=3
+
+      - name: Download and install SiFive RISC-V toolchain
+        run: |
+          # Download SiFive prebuilt toolchain with newlib
+          wget -q https://static.dev.sifive.com/dev-tools/freedom-tools/v2020.12/riscv64-unknown-elf-toolchain-10.2.0-2020.12.8-x86_64-linux-ubuntu14.tar.gz
+          tar xzf riscv64-unknown-elf-toolchain-10.2.0-2020.12.8-x86_64-linux-ubuntu14.tar.gz
+          echo "$GITHUB_WORKSPACE/riscv64-unknown-elf-toolchain-10.2.0-2020.12.8-x86_64-linux-ubuntu14/bin" >> $GITHUB_PATH
+
+      - name: make clean
+        run: |
+          make distclean
+
+      - name: Select config
+        run: |
+          cp ${{inputs.config-file}} .config
+
+      - name: Build tools
+        run: |
+          make -C tools/keytools && make -C tools/bin-assemble
+
+      - name: Build wolfboot
+        run: |
+          make FREEDOM_E_SDK=$GITHUB_WORKSPACE/freedom-e-sdk CROSS_COMPILE=riscv64-unknown-elf- ${{inputs.make-args}}
+

.github/workflows/test-build-stm32cube.yml

@@ -0,0 +1,105 @@
+name: Wolfboot Reusable Build Workflow for STM32Cube SDK
+
+on:
+
+  workflow_call:
+    inputs:
+      arch:
+        required: true
+        type: string
+      config-file:
+        required: true
+        type: string
+      cube-repo:
+        description: 'STM32Cube repository to clone (e.g., STMicroelectronics/STM32CubeL4)'
+        required: true
+        type: string
+      make-args:
+        required: false
+        type: string
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+
+      - uses: actions/checkout@v4
+        with:
+          repository: ${{inputs.cube-repo}}
+          path: STM32Cube
+          submodules: true
+
+      - name: Workaround for sources.list
+        run: |
+            # Replace sources
+
+            set -euxo pipefail
+
+            # Peek (what repos are active now)
+            apt-cache policy
+            grep -RInE '^(deb|Types|URIs)' /etc/apt || true
+
+            # Enable nullglob so *.list/*.sources that don't exist don't break sed
+            shopt -s nullglob
+
+            echo "Replace sources.list (legacy)"
+            sudo sed -i \
+              -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
+              /etc/apt/sources.list || true
+
+            echo "Replace sources.list.d/*.list (legacy)"
+            for f in /etc/apt/sources.list.d/*.list; do
+              sudo sed -i \
+                -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
+                "$f"
+            done
+
+            echo "Replace sources.list.d/*.sources (deb822)"
+            for f in /etc/apt/sources.list.d/*.sources; do
+              sudo sed -i \
+                -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
+                -e "s|https\?://azure\.archive\.ubuntu\.com|http://mirror.arizona.edu|g" \
+                "$f"
+            done
+
+            echo "Fix /etc/apt/apt-mirrors.txt (used by URIs: mirror+file:...)"
+            if grep -qE '^[[:space:]]*https?://azure\.archive\.ubuntu\.com/ubuntu/?' /etc/apt/apt-mirrors.txt; then
+              # Replace azure with our mirror (idempotent)
+              sudo sed -i 's|https\?://azure\.archive\.ubuntu\.com/ubuntu/|http://mirror.arizona.edu/ubuntu/|g' /etc/apt/apt-mirrors.txt
+            fi
+
+            # Peek (verify changes)
+            grep -RIn "azure.archive.ubuntu.com" /etc/apt || true
+            grep -RInE '^(deb|Types|URIs)' /etc/apt || true
+            echo "--- apt-mirrors.txt ---"
+            cat /etc/apt/apt-mirrors.txt || true
+
+      - name: Update repository
+        run: sudo apt-get update
+
+      - name: Install cross compilers
+        run: |
+          sudo apt-get install -y gcc-arm-none-eabi
+
+      - name: make distclean
+        run: |
+          make distclean
+
+      - name: Select config
+        run: |
+          cp ${{inputs.config-file}} .config && make include/target.h
+
+      - name: Build tools
+        run: |
+          make -C tools/keytools && make -C tools/bin-assemble
+
+      - name: Build wolfboot
+        run: |
+          make STM32CUBE="$GITHUB_WORKSPACE/STM32Cube" ${{inputs.make-args}} V=1
+

.github/workflows/test-configs.yml

@@ -8,21 +8,19 @@ on:
 
 jobs:
 
-  # TODO: cypsoc6.config requires cy_device_headers.h
+  # TODO: cypsoc6.config requires cy_device_headers.h and component defines
   # cypsoc6_test:
-  #   uses: ./.github/workflows/test-build.yml
+  #   uses: ./.github/workflows/test-build-psoc6.yml
   #   with:
   #     arch: arm
   #     config-file: ./config/examples/cypsoc6.config
 
-  # TODO: hifive.config requires RISC-V compiler
-  # hifive1_test:
-  #   uses: ./.github/workflows/test-build.yml
-  #   with:
-  #     arch: riscv
-  #     config-file: ./config/examples/hifive.config
-  #
-  #
+  hifive1_test:
+    uses: ./.github/workflows/test-build-riscv.yml
+    with:
+      arch: riscv
+      config-file: ./config/examples/hifive1.config
+
   sama5d3_test:
     uses: ./.github/workflows/test-build.yml
     with:
@@ -93,6 +91,12 @@ jobs:
       config-file: ./config/examples/imx-rt1064.config
       make-args: PKA=1 NO_ARM_ASM=1
 
+  imx_rt1060_hab_test:
+    uses: ./.github/workflows/test-build-mcux-sdk.yml
+    with:
+      arch: arm
+      config-file: ./config/examples/imx-rt1060_hab.config
+
   kinetis_k64f_test:
     uses: ./.github/workflows/test-build-mcux-sdk.yml
     with:
@@ -172,6 +176,20 @@ jobs:
       arch: ppc
       config-file: ./config/examples/nxp-t2080.config
 
+  nxp_ls1028a_test:
+    uses: ./.github/workflows/test-build.yml
+    with:
+      arch: aarch64
+      config-file: ./config/examples/nxp-ls1028a.config
+      make-args: CROSS_COMPILE=aarch64-linux-gnu-
+
+  nxp_ls1028a_tpm_test:
+    uses: ./.github/workflows/test-build.yml
+    with:
+      arch: aarch64
+      config-file: ./config/examples/nxp-ls1028a-tpm.config
+      make-args: CROSS_COMPILE=aarch64-linux-gnu-
+
   nxp_mcxa_test:
     uses: ./.github/workflows/test-build-mcux-sdk.yml
     with:
@@ -191,6 +209,13 @@ jobs:
       config-file: ./config/examples/raspi3.config
       make-args: wolfboot.bin CROSS_COMPILE=aarch64-linux-gnu-
 
+  raspi3_encrypted_test:
+    uses: ./.github/workflows/test-build.yml
+    with:
+      arch: aarch64
+      config-file: ./config/examples/raspi3-encrypted.config
+      make-args: wolfboot.bin CROSS_COMPILE=aarch64-linux-gnu-
+
   sim_tfm_smallstack_test:
     uses: ./.github/workflows/test-build.yml
     with:
@@ -375,12 +400,12 @@ jobs:
       arch: arm
       config-file: ./config/examples/stm32l0.config
 
-  # TODO: stm32l4-cube.config requires Cube HAL
-  # stm32l4_cube_test:
-  #   uses: ./.github/workflows/test-build.yml
-  #   with:
-  #     arch: arm
-  #     config-file: ./config/examples/stm32l4-cube.config
+  stm32l4_cube_test:
+    uses: ./.github/workflows/test-build-stm32cube.yml
+    with:
+      arch: arm
+      config-file: ./config/examples/stm32l4-cube.config
+      cube-repo: STMicroelectronics/STM32CubeL4
 
   stm32l5_nonsecure_dualbank_test:
     uses: ./.github/workflows/test-build.yml
@@ -436,12 +461,13 @@ jobs:
       arch: arm
       config-file: ./config/examples/stm32wb-delta.config
 
-  # TODO: stm32wb-pka-1mb.config requires STM32 HAL #include "stm32wbxx_hal.h
-  # stm32wb_pka_1mb_test:
-  #   uses: ./.github/workflows/test-build.yml
-  #   with:
-  #     arch: arm
-  #     config-file: ./config/examples/stm32wb-pka-1mb.config
+  stm32wb_pka_1mb_test:
+    uses: ./.github/workflows/test-build-stm32cube.yml
+    with:
+      arch: arm
+      config-file: ./config/examples/stm32wb-pka-1mb.config
+      cube-repo: STMicroelectronics/STM32CubeWB
+      make-args: PKA=1 NO_ARM_ASM=1
 
   stm32wb_tpm_test:
     uses: ./.github/workflows/test-build.yml
@@ -473,7 +499,12 @@ jobs:
       arch: arm
       config-file: ./config/examples/stm32wb.config
 
-  # TODO: ti-tms570lc435.config requires CCS_ROOT
+  # TODO: ti-tms570lc435.config requires F021 Flash API (Windows installer only)
+  # ti_tms570lc435_test:
+  #   uses: ./.github/workflows/test-build-ti-hercules.yml
+  #   with:
+  #     arch: arm
+  #     config-file: ./config/examples/ti-tms570lc435.config
 
   # Cannot run on CI without the SDK (see VORAGO_SDK_DIR)
   # vorago_va416x0_test:

hal/hifive1.ld

@@ -17,6 +17,7 @@ SECTIONS
         . = ORIGIN(FLASH) + 0x200;
         _start_vector = .;
         KEEP(*(.isr_vector))
+        *(.keystore*)
         *(.text*)
         *(.rodata*)
         *(.srodata*)