Skip to content

Commit

Permalink
ci: added logic for enclave signing
Browse files Browse the repository at this point in the history
optee: updated patch format
  • Loading branch information
edtubbs committed Dec 5, 2024
1 parent 5cb0509 commit b00701a
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 13 deletions.
10 changes: 10 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -370,6 +370,9 @@ jobs:
"x86_64-linux-openenclave" | "aarch64-linux-optee" | "x86_64-nixos"):
if ([ "${{ matrix.name }}" == "aarch64-linux-optee" ]); then
make install
if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
printf "%s" "${{ secrets.DEFAULT_TA_PEM }}" > rsa_private.pem
fi
docker pull jforissier/optee_os_ci:qemu_check
docker run -v "$(pwd):/src" -w /src jforissier/optee_os_ci:qemu_check /bin/bash -c "\
# Set up the environment and build the OP-TEE SDK
Expand All @@ -383,6 +386,9 @@ jobs:
repo init -u https://github.com/edtubbs/manifest.git -m nanopc-t6.xml -b nanopc-t6 && \
export FORCE_UNSAFE_CONFIGURE=1 && \
repo sync -j\"$(getconf _NPROCESSORS_ONLN)\" && \
if [[ "${{ github.ref }}" == refs/tags/* ]]; then \
mv /src/rsa_private.pem /src/optee/optee_os/keys/default_ta.pem; \
fi && \
patch -F 4 /src/optee/build/common.mk < /src/src/optee/common.mk.patch && \
patch /src/optee/build/kconfigs/qemu.conf < /src/src/optee/qemu.conf.patch && \
patch /src/optee/linux/arch/arm64/boot/dts/rockchip/rk3588-nanopi6-common.dtsi < /src/src/optee/rk3588-nanopi6-common.dtsi.patch && \
Expand Down Expand Up @@ -490,6 +496,10 @@ jobs:
elif ([ "${{ matrix.name }}" == "x86_64-linux-openenclave" ]); then
make install && \
mkdir -p src/openenclave/build && \
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
printf "%s" "${{ secrets.OE_PRIVATE_PEM }}" > src/openenclave/build/private.pem && \
openssl rsa -pubout -in src/openenclave/build/private.pem -out src/openenclave/build/public.pem; \
fi && \
docker run -v $PWD:/src -w /src ubuntu:20.04 bash -c "\
# Install dependencies
export DEBIAN_FRONTEND=noninteractive && \
Expand Down
26 changes: 13 additions & 13 deletions src/optee/rk3588-nanopi6-common.dtsi.patch
Original file line number Diff line number Diff line change
@@ -1,26 +1,26 @@
--- a/rk3588-nanopi6-common.dtsi
+++ b/rk3588-nanopi6-common.dtsi
@@ -124,6 +124,24 @@
@@ -124,6 +124,24 @@ pwm_backlight: pwm-backlight {
test-power {
status = "okay";
};
+
+ firmware {
+ optee {
+ compatible = "linaro,optee-tz";
+ method = "smc";
+ };
+ firmware {
+ optee {
+ compatible = "linaro,optee-tz";
+ method = "smc";
+ };
+ };
+
+ reserved-memory {
+ #address-cells = <2>;
+ #size-cells = <2>;
+ ranges;
+ #address-cells = <2>;
+ #size-cells = <2>;
+ ranges;
+
+ optee@8400000 {
+ reg = <0x0 0x8400000 0x0 0x2000000>;
+ no-map;
+ };
+ optee@8400000 {
+ reg = <0x0 0x8400000 0x0 0x2000000>;
+ no-map;
+ };
+ };
};

Expand Down

0 comments on commit b00701a

Please sign in to comment.