Commit dc87bca
authored
Move out HAF and TFA build to pipeline and consume the bins locally (#1227)
## Description
For SBSA, move out HAF and TFA build to GitHub workflow and consume the
bins locally.
Eliminates need for local developer to rely on HAF/TFA build steps via a
new `HAF_TFA_BUILD` build flag set to `FALSE` by default.
The GitHub Workflow on Release will run `stuart_build` with
`HAF_TFA_BUILD=TRUE` and publishes the Hafnium and TFA binaries for
consumption as a part of the GitHub release. It will also publish a file
`fip_blob_manifest.json` which is generated using the output of the
fiptool from TFA against fip.bin. This is needed because the fiptool
reports offsets that are necessary to patch up the fip.bin if we want to
employ this method of building SBSA with HAF/TFA bins being pulled down
from an extdep.
The GitHub workflow runs the end-to-end build with `HAF_TFA_BUILD=TRUE`
only on GitHub releases. We will not publish the binaries after building
on arbitrary PR runs, but will still run stuart_build with
`HAF_TFA_BUILD=TRUE`.
On github releases, the version number and sha for the extdep must also
be updated for every release, as the contents of the binaries and the
json manifest, `fip_blob_manifest.json` needs to get updated also.
Once this and #1229
are merged, a developer can build SBSA like they would normally, however
the default behavior for building the Hafnium and TFA binaries will be
to use the extdep through `stuart_update`. Along with this, the
Post-Build step will now patch the extdep binaries with the contents of
the secure partitions that the local developer has built as a part of
`stuart_build`. For more advanced use cases, where the developer would
need to modify the secure partition DTS files, or if the developer
changes the .fd files to be larger than the size reported in the
`fip_blob_manifest.json`, then the developer would have to use
`HAF_TFA_BUILD=TRUE` in their `stuart_build` step as an argument.
After this PR is merged, we need to make a formal GitHub release so that
the necessary binaries and artifacts can be published as a part of that
release.
For details on how to complete these options and their meaning refer to
[CONTRIBUTING.md](https://github.com/microsoft/mu/blob/HEAD/CONTRIBUTING.md).
- [ ] Impacts functionality?
- [ ] Impacts security?
- [ ] Breaking change?
- [ ] Includes tests?
- [ ] Includes documentation?
## How This Was Tested
Tested on my fork by doing a release and making this pr and watching the
pipeline build publish the bins to test13 release on my fork
https://github.com/eeshanl/mu_tiano_platforms/releases/tag/test13_tag
but skips the just the publish step on this pr.
pr pipeline run:
https://github.com/microsoft/mu_tiano_platforms/actions/runs/17990944480/job/51180666584?pr=1227
release pipeline run:
https://github.com/eeshanl/mu_tiano_platforms/actions/runs/18020305440/job/51275744986
And then locally tested the ext_deps step by pointing to this release.
## Integration Instructions
This PR must be merged first, then make a release to autopopulate new ext_dep artifacts.1 parent c17f309 commit dc87bca
File tree
3 files changed
+522
-80
lines changed- .github/workflows
- Platforms/QemuSbsaPkg
- Binaries
3 files changed
+522
-80
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
| 55 | + | |
| 56 | + | |
| 57 | + | |
| 58 | + | |
| 59 | + | |
| 60 | + | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
| 70 | + | |
| 71 | + | |
| 72 | + | |
| 73 | + | |
| 74 | + | |
| 75 | + | |
| 76 | + | |
| 77 | + | |
| 78 | + | |
| 79 | + | |
| 80 | + | |
| 81 | + | |
| 82 | + | |
| 83 | + | |
Lines changed: 21 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
0 commit comments