Fixing nightly CI failures and adding frozen 1.1 ROM

chipsalliance · Nov 21, 2024 · 4c1ae8f · 4c1ae8f
1 parent 51bfb5c
commit 4c1ae8f
Show file tree

Hide file tree

Showing 24 changed files with 317 additions and 49 deletions.
diff --git a/.github/workflows/fpga.yml b/.github/workflows/fpga.yml
@@ -420,11 +420,6 @@ jobs:
           TEST_BIN=/tmp/caliptra-test-binaries
           VARS="CPTRA_UIO_NUM=4 CALIPTRA_PREBUILT_FW_DIR=/tmp/caliptra-test-firmware CALIPTRA_IMAGE_NO_GIT_REVISION=1"
 
-          if [[ "${{ inputs.workflow_call }}" && "${{ inputs.hw-version }}" != "latest" ]]; then
-            VARS+=" FIPS_TEST_HW_EXP_VERSION=1_0_0"
-            VARS+=" FIPS_TEST_ROM_EXP_VERSION=1_0_1"
-          fi
-
           if [ "${{ inputs.rom-logging }}" == "true" ] || [ -z "${{ inputs.rom-logging }}" ]; then
             VARS+=" CPTRA_ROM_TYPE=ROM_WITH_UART"
           elif [ "${{ inputs.rom-logging }}" == false ]; then

diff --git a/.github/workflows/fw-test-emu.yml b/.github/workflows/fw-test-emu.yml
@@ -67,11 +67,6 @@ jobs:
             exit 1
           fi
 
-          if [[ ${{ inputs.extra-features }} == *"hw-1.0"* ]]; then
-            export FIPS_TEST_HW_EXP_VERSION=1_0_0
-            export FIPS_TEST_ROM_EXP_VERSION=1_0_1
-          fi
-
           # Workaround https://github.com/nextest-rs/nextest/issues/267
           export LD_LIBRARY_PATH=$(rustc --print sysroot)/lib
 

diff --git a/.github/workflows/nightly-release.yml b/.github/workflows/nightly-release.yml
@@ -64,7 +64,7 @@ jobs:
     uses: ./.github/workflows/fpga.yml
     with:
       artifact-suffix: -fpga-realtime-hw-1.0-etrng-log
-      extra-features: slow_tests
+      extra-features: slow_tests,ci-rom-1.0
       hw-version: "1.0"
       rom-logging: true
       fpga-itrng: false
@@ -76,7 +76,7 @@ jobs:
     uses: ./.github/workflows/fpga.yml
     with:
       artifact-suffix: -fpga-realtime-hw-1.0-etrng-nolog
-      extra-features: slow_tests
+      extra-features: slow_tests,ci-rom-1.0
       hw-version: "1.0"
       rom-logging: false
       fpga-itrng: false
@@ -88,7 +88,7 @@ jobs:
     uses: ./.github/workflows/fpga.yml
     with:
       artifact-suffix: -fpga-realtime-hw-1.0-itrng-log
-      extra-features: slow_tests,itrng
+      extra-features: slow_tests,itrng,ci-rom-1.0
       hw-version: "1.0"
       rom-logging: true
       fpga-itrng: true
@@ -100,11 +100,59 @@ jobs:
     uses: ./.github/workflows/fpga.yml
     with:
       artifact-suffix: -fpga-realtime-hw-1.0-itrng-nolog
-      extra-features: slow_tests,itrng
+      extra-features: slow_tests,itrng,ci-rom-1.0
       hw-version: "1.0"
       rom-logging: false
       fpga-itrng: true
 
+  fpga-1_1-full-suite-etrng-log:
+    name: FPGA Suite (1.1, etrng, log)
+    needs: find-latest-release
+    if: needs.find-latest-release.outputs.create_release
+    uses: ./.github/workflows/fpga.yml
+    with:
+      artifact-suffix: -fpga-realtime-rom-1.1-etrng-log
+      extra-features: slow_tests,ci-rom-1.1
+      hw-version: "latest"
+      rom-logging: true
+      fpga-itrng: false
+
+  fpga-1_1-full-suite-etrng-nolog:
+    name: FPGA Suite (1.1, etrng, nolog)
+    needs: find-latest-release
+    if: needs.find-latest-release.outputs.create_release
+    uses: ./.github/workflows/fpga.yml
+    with:
+      artifact-suffix: -fpga-realtime-rom-1.1-etrng-nolog
+      extra-features: slow_tests,ci-rom-1.1
+      hw-version: "latest"
+      rom-logging: false
+      fpga-itrng: false
+
+  fpga-1_1-full-suite-itrng-log:
+    name: FPGA Suite (1.1, itrng, log)
+    needs: find-latest-release
+    if: needs.find-latest-release.outputs.create_release
+    uses: ./.github/workflows/fpga.yml
+    with:
+      artifact-suffix: -fpga-realtime-rom-1.1-itrng-log
+      extra-features: slow_tests,itrng,ci-rom-1.1
+      hw-version: "latest"
+      rom-logging: true
+      fpga-itrng: true
+
+  fpga-1_1-full-suite-itrng-nolog:
+    name: FPGA Suite (1.1, itrng, nolog)
+    needs: find-latest-release
+    if: needs.find-latest-release.outputs.create_release
+    uses: ./.github/workflows/fpga.yml
+    with:
+      artifact-suffix: -fpga-realtime-rom-1.1-itrng-nolog
+      extra-features: slow_tests,itrng,ci-rom-1.1
+      hw-version: "latest"
+      rom-logging: false
+      fpga-itrng: true
+
   fpga-latest-full-suite-etrng-log:
     name: FPGA Suite (hw-latest, etrng, log)
     needs: find-latest-release
@@ -193,14 +241,54 @@ jobs:
       extra-features: slow_tests,itrng
       rom-logging: false
 
+  sw-emulator-rom-1_1-full-suite-etrng-log:
+    name: sw-emulator Suite (etrng, log)
+    needs: find-latest-release
+    if: needs.find-latest-release.outputs.create_release
+    uses: ./.github/workflows/fw-test-emu.yml
+    with:
+      artifact-suffix: -sw-emulator-hw-1.1-etrng-log
+      extra-features: ci-rom-1.1,slow_tests
+      rom-logging: true
+
+  sw-emulator-rom-1_1-full-suite-etrng-nolog:
+    name: sw-emulator Suite (etrng, nolog)
+    needs: find-latest-release
+    if: needs.find-latest-release.outputs.create_release
+    uses: ./.github/workflows/fw-test-emu.yml
+    with:
+      artifact-suffix: -sw-emulator-hw-1.1-etrng-nolog
+      extra-features: ci-rom-1.1,slow_tests
+      rom-logging: false
+
+  sw-emulator-rom-1_1-full-suite-itrng-log:
+    name: sw-emulator Suite (itrng, log)
+    needs: find-latest-release
+    if: needs.find-latest-release.outputs.create_release
+    uses: ./.github/workflows/fw-test-emu.yml
+    with:
+      artifact-suffix: -sw-emulator-hw-1.1-itrng-log
+      extra-features: ci-rom-1.1,slow_tests,itrng
+      rom-logging: true
+
+  sw-emulator-rom-1_1-full-suite-itrng-nolog:
+    name: sw-emulator Suite (itrng, nolog)
+    needs: find-latest-release
+    if: needs.find-latest-release.outputs.create_release
+    uses: ./.github/workflows/fw-test-emu.yml
+    with:
+      artifact-suffix: -sw-emulator-hw-1.1-itrng-nolog
+      extra-features: ci-rom-1.1,slow_tests,itrng
+      rom-logging: false
+
   sw-emulator-hw-1_0-full-suite-etrng-log:
     name: sw-emulator Suite (etrng, log)
     needs: find-latest-release
     if: needs.find-latest-release.outputs.create_release
     uses: ./.github/workflows/fw-test-emu.yml
     with:
       artifact-suffix: -sw-emulator-hw-1.0-etrng-log
-      extra-features: hw-1.0,slow_tests
+      extra-features: hw-1.0,ci-rom-1.0,slow_tests
       rom-logging: true
 
   sw-emulator-hw-1_0-full-suite-etrng-nolog:
@@ -210,7 +298,7 @@ jobs:
     uses: ./.github/workflows/fw-test-emu.yml
     with:
       artifact-suffix: -sw-emulator-hw-1.0-etrng-nolog
-      extra-features: hw-1.0,slow_tests
+      extra-features: hw-1.0,ci-rom-1.0,slow_tests
       rom-logging: false
 
   sw-emulator-hw-1_0-full-suite-itrng-log:
@@ -220,7 +308,7 @@ jobs:
     uses: ./.github/workflows/fw-test-emu.yml
     with:
       artifact-suffix: -sw-emulator-hw-1.0-itrng-log
-      extra-features: hw-1.0,slow_tests,itrng
+      extra-features: hw-1.0,ci-rom-1.0,slow_tests,itrng
       rom-logging: true
 
   sw-emulator-hw-1_0-full-suite-itrng-nolog:
@@ -230,7 +318,7 @@ jobs:
     uses: ./.github/workflows/fw-test-emu.yml
     with:
       artifact-suffix: -sw-emulator-hw-1.0-itrng-nolog
-      extra-features: hw-1.0,slow_tests,itrng
+      extra-features: hw-1.0,ci-rom-1.0,slow_tests,itrng
       rom-logging: false
 
   create-release:

diff --git a/builder/Cargo.toml b/builder/Cargo.toml
@@ -25,6 +25,8 @@ zerocopy.workspace = true
 default = ["openssl"]
 slow_tests = []
 "hw-1.0" = []
+"ci-rom-1.0" = []
+"ci-rom-1.1" = []
 openssl = ["caliptra-image-crypto/openssl"]
 rustcrypto = ["caliptra-image-crypto/rustcrypto"]
 

diff --git a/builder/src/lib.rs b/builder/src/lib.rs
@@ -366,19 +366,38 @@ pub fn build_firmware_elf(id: &FwId<'static>) -> io::Result<Arc<Vec<u8>>> {
 /// a particular hardware version. DO NOT USE this for ROM-only tests.
 pub fn rom_for_fw_integration_tests() -> io::Result<Cow<'static, [u8]>> {
     let rom_from_env = firmware::rom_from_env();
-    if cfg!(feature = "hw-1.0") {
+    if cfg!(all(feature = "hw-1.0", not(feature = "ci-rom-1.0"))) {
+        panic!("ci-rom-1.0 is required for hw-1.0");
+    }
+    if cfg!(feature = "ci-rom-1.0") {
         if rom_from_env == &firmware::ROM {
             Ok(
-                include_bytes!("../../hw/1.0/caliptra-rom-1.0.1-9342687.bin")
+                include_bytes!("../../rom/ci_frozen_rom/1.0/caliptra-rom-1.0.3-e8e23d9.bin")
                     .as_slice()
                     .into(),
             )
         } else if rom_from_env == &firmware::ROM_WITH_UART {
+            Ok(include_bytes!(
+                "../../rom/ci_frozen_rom/1.0/caliptra-rom-with-log-1.0.3-e8e23d9.bin"
+            )
+            .as_slice()
+            .into())
+        } else {
+            Err(other_err(format!("Unexpected ROM fwid {rom_from_env:?}")))
+        }
+    } else if cfg!(feature = "ci-rom-1.1") {
+        if rom_from_env == &firmware::ROM {
             Ok(
-                include_bytes!("../../hw/1.0/caliptra-rom-with-log-1.0.1-9342687.bin")
+                include_bytes!("../../rom/ci_frozen_rom/1.1/caliptra-rom-1.1.0-51ff0a8.bin")
                     .as_slice()
                     .into(),
             )
+        } else if rom_from_env == &firmware::ROM_WITH_UART {
+            Ok(include_bytes!(
+                "../../rom/ci_frozen_rom/1.1/caliptra-rom-with-log-1.1.0-51ff0a8.bin"
+            )
+            .as_slice()
+            .into())
         } else {
             Err(other_err(format!("Unexpected ROM fwid {rom_from_env:?}")))
         }

diff --git a/fmc/Cargo.toml b/fmc/Cargo.toml
@@ -41,3 +41,5 @@ itrng = ["caliptra-hw-model/itrng"]
 verilator = ["caliptra-hw-model/verilator"]
 fake-fmc = []
 "hw-1.0" = ["caliptra-builder/hw-1.0", "caliptra-cpu/hw-1.0", "caliptra-drivers/hw-1.0", "caliptra-registers/hw-1.0"]
+"ci-rom-1.0" = ["caliptra-builder/ci-rom-1.0"]
+"ci-rom-1.1" = ["caliptra-builder/ci-rom-1.1"]
diff --git a/fmc/tests/fmc_integration_tests/test_rtalias.rs b/fmc/tests/fmc_integration_tests/test_rtalias.rs
@@ -91,7 +91,11 @@ fn test_fht_info() {
     let data = hw.mailbox_execute(TEST_CMD_READ_FHT, &[]).unwrap().unwrap();
     let fht = FirmwareHandoffTable::read_from_prefix(data.as_bytes()).unwrap();
     assert_eq!(fht.ldevid_tbs_size, 552);
-    assert_eq!(fht.fmcalias_tbs_size, 753);
+    if cfg!(any(feature = "ci-rom-1.0", feature = "ci-rom-1.1")) {
+        assert_eq!(fht.fmcalias_tbs_size, 786);
+    } else {
+        assert_eq!(fht.fmcalias_tbs_size, 753);
+    }
     assert_eq!(fht.ldevid_tbs_addr, 0x50003C00);
     assert_eq!(fht.fmcalias_tbs_addr, 0x50004000);
     assert_eq!(fht.pcr_log_addr, 0x50004800);

diff --git a/hw/1.0/caliptra-rom-1.0.1-9342687.bin b/hw/1.0/caliptra-rom-1.0.1-9342687.bin
diff --git a/hw/1.0/caliptra-rom-with-log-1.0.1-9342687.bin b/hw/1.0/caliptra-rom-with-log-1.0.1-9342687.bin
diff --git a/rom/ci_frozen_rom/1.0/caliptra-rom-1.0.3-e8e23d9.bin b/rom/ci_frozen_rom/1.0/caliptra-rom-1.0.3-e8e23d9.bin
diff --git a/rom/ci_frozen_rom/1.0/caliptra-rom-with-log-1.0.3-e8e23d9.bin b/rom/ci_frozen_rom/1.0/caliptra-rom-with-log-1.0.3-e8e23d9.bin
diff --git a/rom/ci_frozen_rom/1.1/caliptra-rom-1.1.0-51ff0a8.bin b/rom/ci_frozen_rom/1.1/caliptra-rom-1.1.0-51ff0a8.bin
diff --git a/rom/ci_frozen_rom/1.1/caliptra-rom-with-log-1.1.0-51ff0a8.bin b/rom/ci_frozen_rom/1.1/caliptra-rom-with-log-1.1.0-51ff0a8.bin
diff --git a/runtime/Cargo.toml b/runtime/Cargo.toml
@@ -65,3 +65,5 @@ no-cfi = ["caliptra-image-verify/no-cfi", "caliptra-drivers/no-cfi"]
 fpga_realtime = ["caliptra-drivers/fpga_realtime"]
 "hw-1.0" = ["caliptra-builder/hw-1.0", "caliptra-drivers/hw-1.0", "caliptra-registers/hw-1.0", "caliptra-kat/hw-1.0","caliptra-cpu/hw-1.0"]
 fips-test-hooks = ["caliptra-drivers/fips-test-hooks"]
+"ci-rom-1.0" = ["caliptra-builder/ci-rom-1.0"]
+"ci-rom-1.1" = ["caliptra-builder/ci-rom-1.1"]
diff --git a/runtime/tests/runtime_integration_tests/test_get_idev_csr.rs b/runtime/tests/runtime_integration_tests/test_get_idev_csr.rs
@@ -25,20 +25,27 @@ fn test_get_csr() {
         chksum: caliptra_common::checksum::calc_checksum(u32::from(CommandId::GET_IDEV_CSR), &[]),
     };
 
-    let response = model
-        .mailbox_execute(CommandId::GET_IDEV_CSR.into(), payload.as_bytes())
-        .unwrap()
-        .unwrap();
+    let result = model.mailbox_execute(CommandId::GET_IDEV_CSR.into(), payload.as_bytes());
 
-    let get_idv_csr_resp = GetIdevCsrResp::read_from(response.as_bytes()).unwrap();
+    if cfg!(any(feature = "ci-rom-1.0", feature = "ci-rom-1.1")) {
+        // 1.0 and 1.1 ROM do not support this feature
+        assert_eq!(
+            result.unwrap_err(),
+            ModelError::MailboxCmdFailed(CaliptraError::RUNTIME_GET_IDEV_ID_UNSUPPORTED_ROM.into())
+        );
+    } else {
+        let response = result.unwrap().unwrap();
 
-    assert_ne!(IdevIdCsr::UNPROVISIONED_CSR, get_idv_csr_resp.data_size);
-    assert_ne!(0, get_idv_csr_resp.data_size);
+        let get_idv_csr_resp = GetIdevCsrResp::read_from(response.as_bytes()).unwrap();
 
-    let csr_bytes = &get_idv_csr_resp.data[..get_idv_csr_resp.data_size as usize];
-    assert_ne!([0; 512], csr_bytes);
+        assert_ne!(IdevIdCsr::UNPROVISIONED_CSR, get_idv_csr_resp.data_size);
+        assert_ne!(0, get_idv_csr_resp.data_size);
 
-    assert!(X509Req::from_der(csr_bytes).is_ok());
+        let csr_bytes = &get_idv_csr_resp.data[..get_idv_csr_resp.data_size as usize];
+        assert_ne!([0; 512], csr_bytes);
+
+        assert!(X509Req::from_der(csr_bytes).is_ok());
+    }
 }
 
 #[test]
@@ -56,8 +63,17 @@ fn test_missing_csr() {
     let response = model
         .mailbox_execute(CommandId::GET_IDEV_CSR.into(), payload.as_bytes())
         .unwrap_err();
-    assert_eq!(
-        response,
-        ModelError::MailboxCmdFailed(CaliptraError::RUNTIME_GET_IDEV_ID_UNPROVISIONED.into())
-    );
+
+    if cfg!(any(feature = "ci-rom-1.0", feature = "ci-rom-1.1")) {
+        // 1.0 and 1.1 ROM do not support this feature
+        assert_eq!(
+            response,
+            ModelError::MailboxCmdFailed(CaliptraError::RUNTIME_GET_IDEV_ID_UNSUPPORTED_ROM.into())
+        );
+    } else {
+        assert_eq!(
+            response,
+            ModelError::MailboxCmdFailed(CaliptraError::RUNTIME_GET_IDEV_ID_UNPROVISIONED.into())
+        );
+    }
 }
diff --git a/test/Cargo.toml b/test/Cargo.toml
@@ -45,3 +45,5 @@ verilator = ["caliptra-hw-model/verilator"]
 fips_self_test = ["caliptra-runtime/fips_self_test"]
 test_env_immutable_rom = []
 "hw-1.0" = ["caliptra-builder/hw-1.0", "caliptra-drivers/hw-1.0", "caliptra-hw-model/hw-1.0"]
+"ci-rom-1.0" = ["caliptra-builder/ci-rom-1.0"]
+"ci-rom-1.1" = ["caliptra-builder/ci-rom-1.1"]