addition of uart and uartns550 to swtpm #7
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test UART Communication with SWTPM | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| workflow_dispatch: | |
| jobs: | |
| test-uart-swtpm: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install basic dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| automake \ | |
| autotools-dev \ | |
| libtool \ | |
| pkg-config \ | |
| gcc \ | |
| make \ | |
| git \ | |
| socat \ | |
| strace \ | |
| acl | |
| - name: Install swtpm | |
| run: | | |
| sudo apt-get install -y swtpm swtpm-tools | |
| - name: Setup wolfSSL | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: wolfssl/wolfssl | |
| path: wolfssl | |
| - name: Build wolfSSL | |
| working-directory: ./wolfssl | |
| run: | | |
| ./autogen.sh | |
| ./configure --enable-wolftpm --prefix=$PWD/../wolfssl-install | |
| make -j$(nproc) | |
| make install | |
| - name: Create virtual UART pair | |
| id: uart | |
| run: | | |
| # Add current user to tty group to access PTYs | |
| # PTYs are created with group tty (gid=5) by default | |
| sudo usermod -a -G tty $USER || true | |
| # Apply group changes (may require newgrp or re-login, but we'll try chmod) | |
| # Create a PTY pair for UART simulation using socat | |
| # This creates two pseudo-terminals that are connected | |
| # One end will be used by swtpm (server side) | |
| # The other end will be used by wolfTPM (client side, as UART device) | |
| socat -d -d pty,raw,echo=0,link=/tmp/tpm-uart-server pty,raw,echo=0,link=/tmp/tpm-uart-client & | |
| SOCAT_PID=$! | |
| echo $SOCAT_PID > /tmp/socat.pid | |
| sleep 2 | |
| # Get the actual PTY device names | |
| SERVER_PTY=$(readlink -f /tmp/tpm-uart-server) | |
| CLIENT_PTY=$(readlink -f /tmp/tpm-uart-client) | |
| echo "server_pty=$SERVER_PTY" >> $GITHUB_OUTPUT | |
| echo "client_pty=$CLIENT_PTY" >> $GITHUB_OUTPUT | |
| echo "Server PTY (for swtpm): $SERVER_PTY" | |
| echo "Client PTY (for wolfTPM): $CLIENT_PTY" | |
| # Verify PTYs exist | |
| ls -la $SERVER_PTY $CLIENT_PTY || exit 1 | |
| # Change PTY permissions to be world-readable/writable | |
| # This ensures swtpm can access it even if it drops privileges or changes user | |
| sudo chmod 666 $SERVER_PTY $CLIENT_PTY || true | |
| # Ensure they're owned by the current user (not tty group) | |
| sudo chown $USER:$USER $SERVER_PTY $CLIENT_PTY || true | |
| ls -la $SERVER_PTY $CLIENT_PTY | |
| - name: Start swtpm with chardev (UART) | |
| run: | | |
| SERVER_PTY="${{ steps.uart.outputs.server_pty }}" | |
| mkdir -p /tmp/swtpm-state | |
| # Ensure PTY permissions are still correct (world-readable/writable) | |
| sudo chmod 666 $SERVER_PTY || true | |
| sudo chown $USER:$USER $SERVER_PTY || true | |
| # Start swtpm with chardev backend using the server PTY | |
| # Use --seccomp action=none to disable seccomp restrictions that might block PTY access | |
| swtpm chardev \ | |
| --tpm2 \ | |
| --tpmstate dir=/tmp/swtpm-state \ | |
| --chardev $SERVER_PTY \ | |
| --flags not-need-init \ | |
| --seccomp action=none \ | |
| --log level=20 & | |
| SWTPM_PID=$! | |
| echo $SWTPM_PID > /tmp/swtpm.pid | |
| # Give swtpm time to start | |
| sleep 3 | |
| # Verify swtpm is running | |
| ps aux | grep swtpm | grep -v grep || { | |
| echo "ERROR: swtpm failed to start!" | |
| echo "Checking PTY permissions:" | |
| ls -la $SERVER_PTY | |
| exit 1 | |
| } | |
| - name: Build wolfTPM with UART support | |
| env: | |
| CLIENT_PTY: ${{ steps.uart.outputs.client_pty }} | |
| run: | | |
| cd ${{ github.workspace }} | |
| ./autogen.sh | |
| # Set UART device path and baud rate via CFLAGS | |
| # The device path needs to be properly quoted in the C define | |
| export CFLAGS="-DTPM2_SWTPM_HOST=\\\"$CLIENT_PTY\\\" -DTPM2_SWTPM_PORT=115200" | |
| echo "Building with UART device: $CLIENT_PTY" | |
| ./configure \ | |
| --enable-swtpm=uart \ | |
| --with-wolfcrypt=$PWD/../wolfssl-install | |
| make -j$(nproc) | |
| - name: Verify UART setup | |
| env: | |
| CLIENT_PTY: ${{ steps.uart.outputs.client_pty }} | |
| SERVER_PTY: ${{ steps.uart.outputs.server_pty }} | |
| run: | | |
| echo "Verifying UART setup..." | |
| echo "Client PTY: $CLIENT_PTY" | |
| echo "Server PTY: $SERVER_PTY" | |
| # Verify PTYs are still accessible | |
| [ -c "$CLIENT_PTY" ] || (echo "Client PTY not found!" && exit 1) | |
| [ -c "$SERVER_PTY" ] || (echo "Server PTY not found!" && exit 1) | |
| # Verify swtpm is still running | |
| ps aux | grep swtpm | grep -v grep || (echo "swtpm not running!" && exit 1) | |
| echo "UART setup verified successfully" | |
| - name: Run UART communication test | |
| env: | |
| CLIENT_PTY: ${{ steps.uart.outputs.client_pty }} | |
| run: | | |
| cd ${{ github.workspace }} | |
| # Build the caps example | |
| cd examples/wrap | |
| make caps | |
| echo "Running UART communication test..." | |
| echo "Using UART device: $CLIENT_PTY" | |
| # Run the test with a timeout | |
| # The test should connect to the PTY as if it were a UART device | |
| timeout 30 ./caps || { | |
| echo "Test failed!" | |
| echo "Checking if swtpm is still running..." | |
| ps aux | grep swtpm | grep -v grep || echo "swtpm is not running" | |
| exit 1 | |
| } | |
| echo "UART communication test passed!" | |
| - name: Cleanup | |
| if: always() | |
| run: | | |
| # Kill swtpm | |
| if [ -f /tmp/swtpm.pid ]; then | |
| kill $(cat /tmp/swtpm.pid) 2>/dev/null || true | |
| # Also try to kill any remaining swtpm processes | |
| pkill -f "swtpm chardev" 2>/dev/null || true | |
| fi | |
| # Kill socat PTY pair | |
| if [ -f /tmp/socat.pid ]; then | |
| kill $(cat /tmp/socat.pid) 2>/dev/null || true | |
| fi | |
| # Clean up PTY links | |
| rm -f /tmp/tpm-uart-server /tmp/tpm-uart-client |