addition of uart and uartns550 to swtpm #4
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test UART Communication with SWTPM | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| workflow_dispatch: | |
| jobs: | |
| test-uart-swtpm: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install basic dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| automake \ | |
| autotools-dev \ | |
| libtool \ | |
| pkg-config \ | |
| gcc \ | |
| make \ | |
| git \ | |
| socat | |
| - name: Install swtpm | |
| run: | | |
| sudo apt-get install -y swtpm swtpm-tools | |
| - name: Setup wolfSSL | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: wolfssl/wolfssl | |
| path: wolfssl | |
| - name: Build wolfSSL | |
| working-directory: ./wolfssl | |
| run: | | |
| ./autogen.sh | |
| ./configure --enable-wolftpm --prefix=$PWD/../wolfssl-install | |
| make -j$(nproc) | |
| make install | |
| - name: Create virtual UART pair | |
| id: uart | |
| run: | | |
| # Create a PTY pair for UART simulation using socat | |
| # This creates two pseudo-terminals that are connected | |
| # One end will be used by swtpm (server side) | |
| # The other end will be used by wolfTPM (client side, as UART device) | |
| socat -d -d pty,raw,echo=0,link=/tmp/tpm-uart-server pty,raw,echo=0,link=/tmp/tpm-uart-client & | |
| SOCAT_PID=$! | |
| echo $SOCAT_PID > /tmp/socat.pid | |
| sleep 2 | |
| # Get the actual PTY device names | |
| SERVER_PTY=$(readlink -f /tmp/tpm-uart-server) | |
| CLIENT_PTY=$(readlink -f /tmp/tpm-uart-client) | |
| echo "server_pty=$SERVER_PTY" >> $GITHUB_OUTPUT | |
| echo "client_pty=$CLIENT_PTY" >> $GITHUB_OUTPUT | |
| echo "Server PTY (for swtpm): $SERVER_PTY" | |
| echo "Client PTY (for wolfTPM): $CLIENT_PTY" | |
| # Verify PTYs exist and set permissions | |
| ls -la $SERVER_PTY $CLIENT_PTY || exit 1 | |
| # Make PTYs readable/writable by all (needed for swtpm) | |
| # Also ensure they're owned by the current user | |
| sudo chown $USER:$USER $SERVER_PTY $CLIENT_PTY || true | |
| chmod 666 $SERVER_PTY $CLIENT_PTY || true | |
| - name: Start swtpm with chardev (UART) | |
| run: | | |
| SERVER_PTY="${{ steps.uart.outputs.server_pty }}" | |
| mkdir -p /tmp/swtpm-state | |
| # Ensure PTY permissions are correct | |
| chmod 666 $SERVER_PTY || true | |
| # Start swtpm with chardev backend using the server PTY | |
| # This allows swtpm to communicate over the PTY as if it were a UART | |
| # Run without sudo since we've set permissions | |
| swtpm chardev \ | |
| --tpm2 \ | |
| --tpmstate dir=/tmp/swtpm-state \ | |
| --chardev $SERVER_PTY \ | |
| --flags not-need-init & | |
| SWTPM_PID=$! | |
| echo $SWTPM_PID > /tmp/swtpm.pid | |
| # Give swtpm time to start | |
| sleep 3 | |
| # Verify swtpm is running | |
| ps aux | grep swtpm | grep -v grep || exit 1 | |
| - name: Build wolfTPM with UART support | |
| env: | |
| CLIENT_PTY: ${{ steps.uart.outputs.client_pty }} | |
| run: | | |
| cd ${{ github.workspace }} | |
| ./autogen.sh | |
| # Set UART device path and baud rate via CFLAGS | |
| # The device path needs to be properly quoted in the C define | |
| export CFLAGS="-DTPM2_SWTPM_HOST=\\\"$CLIENT_PTY\\\" -DTPM2_SWTPM_PORT=115200" | |
| echo "Building with UART device: $CLIENT_PTY" | |
| ./configure \ | |
| --enable-swtpm=uart \ | |
| --with-wolfcrypt=$PWD/../wolfssl-install | |
| make -j$(nproc) | |
| - name: Verify UART setup | |
| env: | |
| CLIENT_PTY: ${{ steps.uart.outputs.client_pty }} | |
| SERVER_PTY: ${{ steps.uart.outputs.server_pty }} | |
| run: | | |
| echo "Verifying UART setup..." | |
| echo "Client PTY: $CLIENT_PTY" | |
| echo "Server PTY: $SERVER_PTY" | |
| # Verify PTYs are still accessible | |
| [ -c "$CLIENT_PTY" ] || (echo "Client PTY not found!" && exit 1) | |
| [ -c "$SERVER_PTY" ] || (echo "Server PTY not found!" && exit 1) | |
| # Verify swtpm is still running | |
| ps aux | grep swtpm | grep -v grep || (echo "swtpm not running!" && exit 1) | |
| echo "UART setup verified successfully" | |
| - name: Run UART communication test | |
| env: | |
| CLIENT_PTY: ${{ steps.uart.outputs.client_pty }} | |
| run: | | |
| cd ${{ github.workspace }} | |
| # Build the caps example | |
| cd examples/wrap | |
| make caps | |
| echo "Running UART communication test..." | |
| echo "Using UART device: $CLIENT_PTY" | |
| # Run the test with a timeout | |
| # The test should connect to the PTY as if it were a UART device | |
| timeout 30 ./caps || { | |
| echo "Test failed!" | |
| echo "Checking if swtpm is still running..." | |
| ps aux | grep swtpm | grep -v grep || echo "swtpm is not running" | |
| exit 1 | |
| } | |
| echo "UART communication test passed!" | |
| - name: Cleanup | |
| if: always() | |
| run: | | |
| # Kill swtpm | |
| if [ -f /tmp/swtpm.pid ]; then | |
| kill $(cat /tmp/swtpm.pid) 2>/dev/null || true | |
| fi | |
| # Kill socat PTY pair | |
| if [ -f /tmp/socat.pid ]; then | |
| kill $(cat /tmp/socat.pid) 2>/dev/null || true | |
| fi | |
| # Clean up PTY links | |
| rm -f /tmp/tpm-uart-server /tmp/tpm-uart-client |