addition of uart and uartns550 to swtpm #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test UART Communication with SWTPM | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| workflow_dispatch: | |
| jobs: | |
| test-uart-swtpm: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| automake \ | |
| autotools-dev \ | |
| libtool \ | |
| pkg-config \ | |
| gcc \ | |
| make \ | |
| git \ | |
| socat \ | |
| libglib2.0-dev \ | |
| libtasn1-dev \ | |
| expect \ | |
| netcat-openbsd | |
| - name: Install OpenSSL | |
| run: | | |
| sudo apt-get install -y libssl-dev | |
| - name: Build and install libtpms | |
| run: | | |
| git clone https://github.com/stefanberger/libtpms.git | |
| cd libtpms | |
| ./autogen.sh --with-tpm2 --with-openssl --prefix=/usr | |
| make -j$(nproc) | |
| sudo make install | |
| cd .. | |
| - name: Build and install swtpm | |
| run: | | |
| git clone https://github.com/stefanberger/swtpm.git | |
| cd swtpm | |
| ./autogen.sh | |
| ./configure --with-openssl --with-tpm2 --prefix=/usr | |
| make -j$(nproc) | |
| sudo make install | |
| cd .. | |
| - name: Build wolfSSL | |
| run: | | |
| git clone https://github.com/wolfSSL/wolfssl.git | |
| cd wolfssl | |
| ./autogen.sh | |
| ./configure --enable-wolftpm --prefix=$PWD/../wolfssl-install | |
| make -j$(nproc) | |
| make install | |
| cd .. | |
| - name: Create virtual UART pair | |
| id: uart | |
| run: | | |
| # Create a PTY pair for UART simulation using socat | |
| # This creates two pseudo-terminals that are connected | |
| # One end will be used by swtpm (server side) | |
| # The other end will be used by wolfTPM (client side, as UART device) | |
| socat -d -d pty,raw,echo=0,link=/tmp/tpm-uart-server pty,raw,echo=0,link=/tmp/tpm-uart-client & | |
| SOCAT_PID=$! | |
| echo $SOCAT_PID > /tmp/socat.pid | |
| sleep 2 | |
| # Get the actual PTY device names | |
| SERVER_PTY=$(readlink -f /tmp/tpm-uart-server) | |
| CLIENT_PTY=$(readlink -f /tmp/tpm-uart-client) | |
| echo "server_pty=$SERVER_PTY" >> $GITHUB_OUTPUT | |
| echo "client_pty=$CLIENT_PTY" >> $GITHUB_OUTPUT | |
| echo "Server PTY (for swtpm): $SERVER_PTY" | |
| echo "Client PTY (for wolfTPM): $CLIENT_PTY" | |
| # Verify PTYs exist | |
| ls -la $SERVER_PTY $CLIENT_PTY || exit 1 | |
| - name: Start swtpm with chardev (UART) | |
| run: | | |
| SERVER_PTY="${{ steps.uart.outputs.server_pty }}" | |
| mkdir -p /tmp/swtpm-state | |
| # Start swtpm with chardev backend using the server PTY | |
| # This allows swtpm to communicate over the PTY as if it were a UART | |
| swtpm chardev \ | |
| --tpm2 \ | |
| --tpmstate dir=/tmp/swtpm-state \ | |
| --chardev $SERVER_PTY \ | |
| --flags not-need-init & | |
| SWTPM_PID=$! | |
| echo $SWTPM_PID > /tmp/swtpm.pid | |
| # Give swtpm time to start | |
| sleep 3 | |
| # Verify swtpm is running | |
| ps aux | grep swtpm | grep -v grep || exit 1 | |
| - name: Build wolfTPM with UART support | |
| env: | |
| CLIENT_PTY: ${{ steps.uart.outputs.client_pty }} | |
| run: | | |
| cd ${{ github.workspace }} | |
| ./autogen.sh | |
| # Set UART device path and baud rate via CFLAGS | |
| # The device path needs to be properly quoted in the C define | |
| export CFLAGS="-DTPM2_SWTPM_HOST=\\\"$CLIENT_PTY\\\" -DTPM2_SWTPM_PORT=115200" | |
| echo "Building with UART device: $CLIENT_PTY" | |
| ./configure \ | |
| --enable-swtpm=uart \ | |
| --with-wolfcrypt=$PWD/../wolfssl-install | |
| make -j$(nproc) | |
| - name: Verify UART setup | |
| env: | |
| CLIENT_PTY: ${{ steps.uart.outputs.client_pty }} | |
| SERVER_PTY: ${{ steps.uart.outputs.server_pty }} | |
| run: | | |
| echo "Verifying UART setup..." | |
| echo "Client PTY: $CLIENT_PTY" | |
| echo "Server PTY: $SERVER_PTY" | |
| # Verify PTYs are still accessible | |
| [ -c "$CLIENT_PTY" ] || (echo "Client PTY not found!" && exit 1) | |
| [ -c "$SERVER_PTY" ] || (echo "Server PTY not found!" && exit 1) | |
| # Verify swtpm is still running | |
| ps aux | grep swtpm | grep -v grep || (echo "swtpm not running!" && exit 1) | |
| echo "UART setup verified successfully" | |
| - name: Run UART communication test | |
| env: | |
| CLIENT_PTY: ${{ steps.uart.outputs.client_pty }} | |
| run: | | |
| cd ${{ github.workspace }} | |
| # Build the caps example | |
| cd examples/wrap | |
| make caps | |
| echo "Running UART communication test..." | |
| echo "Using UART device: $CLIENT_PTY" | |
| # Run the test with a timeout | |
| # The test should connect to the PTY as if it were a UART device | |
| timeout 30 ./caps || { | |
| echo "Test failed!" | |
| echo "Checking if swtpm is still running..." | |
| ps aux | grep swtpm | grep -v grep || echo "swtpm is not running" | |
| exit 1 | |
| } | |
| echo "UART communication test passed!" | |
| - name: Cleanup | |
| if: always() | |
| run: | | |
| # Kill swtpm | |
| if [ -f /tmp/swtpm.pid ]; then | |
| kill $(cat /tmp/swtpm.pid) 2>/dev/null || true | |
| fi | |
| # Kill socat PTY pair | |
| if [ -f /tmp/socat.pid ]; then | |
| kill $(cat /tmp/socat.pid) 2>/dev/null || true | |
| fi | |
| # Clean up PTY links | |
| rm -f /tmp/tpm-uart-server /tmp/tpm-uart-client |