Implement CI for hifive unmatched (#456)

.github/workflows/test-system.yml

@@ -9,12 +9,15 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        platform: [generic, mpfs, cva6]
+        platform: [generic, mpfs, cva6, hifive_unmatched]
         bits: [32, 64]
         exclude:
           # mpfs is not 32 bit
           - platform: mpfs
             bits: 32
+          # unmatched is not 32 bit
+          - platform: hifive_unmatched
+            bits: 32
           # ignore 32-bit cva6 for now
           - platform: cva6
             bits: 32

Makefile

@@ -123,3 +123,23 @@ linux-configure: $(BUILDROOT_BUILDDIR)/.config
 
 -include mkutils/plat/$(KEYSTONE_PLATFORM)/run.mk
 
+PORT_ARGS :=
+ifneq ($(KEYSTONE_PORT),)
+	PORT_ARGS += -p $(KEYSTONE_PORT)
+endif
+
+IP_ARGS :=
+ifeq ($(KEYSTONE_IP),)
+	IP_ARGS += localhost
+else
+	IP_ARGS += $(KEYSTONE_IP)
+endif
+
+CALL_LOGFILE ?= $(shell mktemp)
+call:
+	$(call log,info,Calling command)
+	ssh -i $(BUILDROOT_BUILDDIR)/target/root/.ssh/id-rsa \
+		-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
+		-o ConnectTimeout=5 \
+		$(PORT_ARGS) root@$(IP_ARGS) $(KEYSTONE_COMMAND) 2>&1 | \
+		 grep -v "Warning: Permanently added" | tee -a $(CALL_LOGFILE)

mkutils/plat/cva6/run.mk

@@ -19,14 +19,6 @@ flash: $(SD_DEVICE)
 	dd if=$(PAYLOAD) of=$(SDDEVICE_PART1) status=progress oflag=sync bs=1M
 	dd if=$(KERNEL) of=$(SDDEVICE_PART2) status=progress oflag=sync bs=1M
 
-CALL_LOGFILE ?= $(shell mktemp)
-call:
-	$(call log,info,Calling command on the CVA6 board)
-	ssh -i $(BUILDROOT_BUILDDIR)/target/root/.ssh/id-rsa \
-                -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
-                 root@$(KEYSTONE_IP) $(KEYSTONE_COMMAND) 2>&1 | \
-                 grep -v "Warning: Permanently added" | tee -a $(CALL_LOGFILE)
-
 debug-connect:
 	$(call log,info,Connecting to OpenOCD)
 	$(BUILDROOT_BUILDDIR)/host/bin/riscv64-buildroot-linux-gnu-gdb \

mkutils/plat/generic/run.mk

@@ -2,8 +2,8 @@
 ## QEMU run targets ##
 ######################
 
-QEMU_PORT       ?= 9821
-QEMU_DBG_PORT   ?= $(shell echo $$(( $(QEMU_PORT) + 1)) )
+KEYSTONE_PORT   ?= 9821
+QEMU_DBG_PORT   ?= $(shell echo $$(( $(KEYSTONE_PORT) + 1)) )
 QEMU_DEBUG      := -gdb tcp::$(QEMU_DBG_PORT) -S
 
 QEMU_MEM        ?= 2G
@@ -17,7 +17,7 @@ QEMU_FLAGS := -m $(QEMU_MEM) -smp $(QEMU_SMP) -nographic \
                 -drive file=$(BUILDROOT_BUILDDIR)/images/rootfs.ext2,format=raw,id=hd0 \
                 -device virtio-blk-device,drive=hd0 \
                 -append "console=ttyS0 ro root=/dev/vda" \
-                -netdev user,id=net0,net=192.168.100.1/24,dhcpstart=192.168.100.128,hostfwd=tcp::$(QEMU_PORT)-:22 \
+                -netdev user,id=net0,net=192.168.100.1/24,dhcpstart=192.168.100.128,hostfwd=tcp::$(KEYSTONE_PORT)-:22 \
                 -device virtio-net-device,netdev=net0 \
                 -device virtio-rng-pci \
 
@@ -29,15 +29,6 @@ run:
 	$(call log,info,Starting QEMU)
 	$(BUILDROOT_BUILDDIR)/host/bin/qemu-system-riscv$(KEYSTONE_BITS) $(QEMU_FLAGS)
 
-CALL_LOGFILE ?= $(shell mktemp)
-call:
-	$(call log,info,Calling command in QEMU)
-	ssh -i $(BUILDROOT_BUILDDIR)/target/root/.ssh/id-rsa \
-		-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
-		-o ConnectTimeout=5 \
-		-p $(QEMU_PORT) root@localhost $(KEYSTONE_COMMAND) 2>&1 | \
-		 grep -v "Warning: Permanently added" | tee -a $(CALL_LOGFILE)
-
 debug-connect:
 	$(call log,info,Connecting to QEMU)
 	$(BUILDROOT_BUILDDIR)/host/bin/riscv$(KEYSTONE_BITS)-buildroot-linux-gnu-gdb \

mkutils/plat/unmatched/run.mk → mkutils/plat/hifive_unmatched/run.mk

@@ -22,4 +22,3 @@ ifeq ($(EXTEND),1)
 endif
 
 endif
-

mkutils/plat/mpfs/run.mk

@@ -18,14 +18,6 @@ run:
 	$(call log,info,Starting OpenOCD)
 	$(SC_INSTALL_DIR)/openocd/bin/openocd $(OPENOCD_FLAGS)
 
-CALL_LOGFILE ?= $(shell mktemp)
-call:
-	$(call log,info,Calling command on the MPFS board)
-	ssh -i $(BUILDROOT_BUILDDIR)/target/root/.ssh/id-rsa \
-		-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
-		 root@$(KEYSTONE_IP) $(KEYSTONE_COMMAND) 2>&1 | \
-		 grep -v "Warning: Permanently added" | tee -a $(CALL_LOGFILE)
-
 debug-connect:
 	$(call log,info,Connecting to OpenOCD)
 	PYTHONPATH=$(BUILDROOT_BUILDDIR)/build/host-gcc-final-11.4.0/libstdc++-v3/python \

scripts/ci/configs/global.sh

@@ -11,3 +11,6 @@ export TTY_IDPRODUCT_mpfs="ea71"
 export TTY_IDVENDOR_cva6="0403"
 export TTY_IDPRODUCT_cva6="6001"
 
+# hifive_unmatched
+export TTY_IDVENDOR_hifive_unmatched="0403"
+export TTY_IDPRODUCT_hifive_unmatched="6010"

scripts/ci/configs/track.sh

@@ -5,6 +5,7 @@ export RELAY_SERIAL="AH02O23H"
 export RELAY_ID_global=1
 export RELAY_ID_mpfs=8
 export RELAY_ID_cva6=4
+export RELAY_ID_hifive_unmatched=5
 
 # MPFS configuration
 
@@ -20,3 +21,8 @@ export TFTP_DIR="/srv/tftp"
 
 export HOST_IP_cva6="10.42.1.1"
 export BOARD_IP_cva6="10.42.1.171"
+
+# Unmatched configuration
+
+export HOST_IP_hifive_unmatched="10.42.1.1"
+export BOARD_IP_hifive_unmatched="10.42.1.27"

scripts/ci/plat/hifive_unmatched/expected.log

@@ -0,0 +1,17 @@
+Verifying archive integrity... MD5 checksums are OK. All good.
+Uncompressing Keystone Enclave Package
+testing test-stack
+testing test-loop
+testing test-malloc
+testing test-long-nop
+testing test-fibonacci
+testing test-fib-bench
+testing test-attestation
+Attestation report SIGNATURE is valid
+testing test-untrusted
+Enclave said: hello world!
+Enclave said: 2nd hello world!
+Enclave said value: 13
+Enclave said value: 20
+testing test-data-sealing
+Enclave said: Sealing key derivation successful!

scripts/ci/plat/hifive_unmatched/flash-os.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+set -e
+
+# Source global test configuration file
+. scripts/ci/test-setup.sh
+
+OS_FILENAME="build-hifive_unmatched64/buildroot.build/images/sdcard.img"
+get_platform_var HOST_IP
+get_platform_var BOARD_IP
+
+###########
+## Flash ##
+###########
+set -x
+
+TTYDEV=$(find_tty 1)
+touch "$LOGFILE"
+start_record_tty "$TTYDEV" 115200 "$LOGFILE" hfu-tty
+
+power_on_btn
+wait_for "Hit any key to stop autoboot"
+echo 'a' > "$TTYDEV"
+
+rm -rf "$TFTP_DIR/sdcard.img"
+cp "$OS_FILENAME" "$TFTP_DIR/sdcard.img"
+
+# Configure TFTP
+echo "setenv serverip $HOST_IP" > "$TTYDEV" ; sleep 1
+echo "setenv ipaddr $BOARD_IP" > "$TTYDEV" ; sleep 1
+
+echo "tftp sdcard.img" > "$TTYDEV"
+wait_for "=>"
+echo "mmc write 80210000 0 100000" > "$TTYDEV"
+wait_for "=>"
+
+stop_record_tty hfu-tty
+power_off_btn
+
+# For some reason, the UART for this board does not like
+# being closed and then opened again quickly. This leads to
+# test failures later on, so we delay a bit extra.
+sleep 5
+exit 0

scripts/ci/plat/hifive_unmatched/test.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+set -e
+
+# Source global test configuration file
+. scripts/ci/test-setup.sh
+
+if [[ -z "$CMD_LOGFILE" ]]; then
+        echo "CMD_LOGFILE undefined"
+        exit 1
+fi
+
+get_platform_var BOARD_IP
+
+###############
+## Run tests ##
+###############
+set -x
+
+# Fix permissions on the key
+chmod 600 "build-hifive_unmatched64/buildroot.build/target/root/.ssh/id-rsa"
+
+# Start the board
+export KEYSTONE_PLATFORM="hifive_unmatched"
+export KEYSTONE_IP="$BOARD_IP"
+
+TTYDEV=$(find_tty 1)
+start_record_tty "$TTYDEV" 115200 "$LOGFILE" hfu-tty
+power_on_btn
+
+# TODO: check for connectivity instead of sleeping
+sleep 60
+
+export CALL_LOGFILE="$CMD_LOGFILE"
+touch "$CALL_LOGFILE"
+
+KEYSTONE_COMMAND="modprobe keystone-driver" make call
+KEYSTONE_COMMAND="/usr/share/keystone/examples/tests.ke" make call
+# TODO: attestation does not yet work in unmatched
+#KEYSTONE_COMMAND="/usr/share/keystone/examples/attestor.ke" make call
+
+power_off_btn
+stop_record_tty hfu-tty
+exit 0

scripts/ci/test-setup.sh

@@ -73,6 +73,16 @@ function power_off {
 	./scripts/ci/utils/relay_power.py "$RELAY_SERIAL" "$RELAY_ID" off
 }
 
+function power_on_btn {
+	# Very temporarily close the power on circuit
+	power_on ; power_off
+}
+
+function power_off_btn {
+	# Simulate holding the power button to force off
+	power_on ; sleep 3 ; power_off
+}
+
 # Serial functions
 
 get_platform_var TTY_IDVENDOR
@@ -135,4 +145,14 @@ function wait_for {
 #############
 
 # Make sure we turn off the boards if we die early
-trap power_off EXIT
+function final_shutdown {
+	if [[ $? -ne 0 ]]; then
+		if [[ "$KEYSTONE_PLATFORM" == "hifive_unmatched" ]]; then
+			power_off_btn
+		else
+			power_off
+		fi
+	fi
+}
+
+trap final_shutdown EXIT