Skip to content

Update FIH tests to use recent TFM and bump toolchain to 14.2 to ensure compatibility with the TFM version #2426

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+52 −1
Open

Update FIH tests to use recent TFM and bump toolchain to 14.2 to ensure compatibility with the TFM version #2426

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion ci/fih-tests_run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,14 @@
set -e

source $(dirname "$0")/fih-tests_version.sh
TFM_TAG="1329d18c7f90329452c79393c0a5bc045fb2c1d2"

# Note that we are pulling from a github mirror of these repos, not direct upstream. If the sha
# checked out below changes, the mirrors might need to be updated.
pushd ..
git clone https://github.com/mcu-tools/trusted-firmware-m
pushd trusted-firmware-m
git checkout eb8ff0db7d657b77abcd0262d5bf7f38eb1e1cdc
git checkout $TFM_TAG
source lib/ext/tf-m-tests/version.txt
popd
git clone https://github.com/mcu-tools/tf-m-tests.git
Expand Down
50 changes: 50 additions & 0 deletions ci/fih_test_docker/execute_test.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,63 @@

set -e

# Function to update/install native GCC inside the Docker container
update_native_gcc() {
REQUIRED_MAJOR=12
INSTALLED_MAJOR=$(gcc -dumpversion | cut -d. -f1 || echo 0)

if [[ "$INSTALLED_MAJOR" -lt "$REQUIRED_MAJOR" ]]; then
echo "Installing native GCC $REQUIRED_MAJOR..."
apt-get update
apt-get install -y --no-install-recommends gcc-$REQUIRED_MAJOR g++-$REQUIRED_MAJOR \
cpp-$REQUIRED_MAJOR libgcc-$REQUIRED_MAJOR-dev libstdc++-$REQUIRED_MAJOR-dev
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-$REQUIRED_MAJOR 60
update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-$REQUIRED_MAJOR 60
rm -rf /var/lib/apt/lists/*
else
echo "Native GCC is already version $INSTALLED_MAJOR; skipping installation."
fi
}

# Function to update/install ARM Embedded GCC inside the Docker container
update_cross_gcc() {
ARM_GCC_URL="https://developer.arm.com/-/media/Files/downloads/gnu/14.2.rel1/binrel/arm-gnu-toolchain-14.2.rel1-x86_64-arm-none-eabi.tar.xz"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why can this package not be got from the distro itself? How long will this file be available? How often can it be accessed per IP? Is it rate limited? I don't think we should be putting things like this in given that there's so many unknown variables and given that we've seen countless problems in the past trying to get even the tfm repo for CI checks

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right, the package has to be from the distro (which means I have to update the distro). But how do I do that? Did you missed the discord conversation where I raised the same question? https://discord.com/channels/1106321706588577904/1390625171785646151. let me know how to update the distro and I will do the rest.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In that from @d3zd3z :

I think the correct solution here is to figure out how to get the mcuboot docker images to be properly owned by trustedfirmware.org. I don't know if that moves us into a scenario where they are going to charge for this, though.

I see no comment suggesting that packages should be manually added like this, action is on @d3zd3z to deal with docket image ownership

TOOLCHAIN_DIR="/opt/arm-gcc"

# Install prerequisites
echo "Installing prerequisites for ARM toolchain..."
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
curl libncurses5 xz-utils file
rm -rf /var/lib/apt/lists/*

# Download and extract
echo "Downloading and extracting ARM Embedded GCC..."
mkdir -p "$TOOLCHAIN_DIR"
curl -SLf "$ARM_GCC_URL" -o /tmp/arm-gcc.tar.xz
tar -xJf /tmp/arm-gcc.tar.xz -C "$TOOLCHAIN_DIR" --strip-components=1
rm -f /tmp/arm-gcc.tar.xz

# Symlink into PATH
echo "Symlinking ARM toolchain into /usr/local/bin..."
ln -sf "$TOOLCHAIN_DIR/bin/"* /usr/local/bin/
}

# Ensure we have the proper compiler before running tests
update_native_gcc
update_cross_gcc

source $(dirname "$0")/paths.sh

SKIP_SIZE=$1
BUILD_TYPE=$2
DAMAGE_TYPE=$3
FIH_LEVEL=$4

# Required for git am to apply patches under TF-M
git config --global user.email "[email protected]"
git config --global user.name "fih-test docker"

if test -z "$FIH_LEVEL"; then
# Use the default level
CMAKE_FIH_LEVEL=""
Expand Down
Loading