forked from confidential-containers/td-shim
-
Notifications
You must be signed in to change notification settings - Fork 1
105 lines (87 loc) · 4.21 KB
/
integration-tdx.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
on:
push:
paths-ignore:
- "**.md"
pull_request:
paths-ignore:
- "**.md"
workflow_dispatch:
name: Integration Test on TDX Server
env:
AS: nasm
AR_x86_64_unknown_uefi: llvm-ar
CC_x86_64_unknown_uefi: clang
RUST_TOOLCHAIN: nightly-2022-11-15
TOOLCHAIN_PROFILE: minimal
jobs:
system_compile:
name: Run TDX Integration Test
runs-on: [self-hosted, tdx]
timeout-minutes: 30
steps:
# Install first since it's needed to build NASM
- name: Install LLVM and Clang
uses: KyleMayes/install-llvm-action@v1
with:
version: "10.0"
directory: ${{ runner.temp }}/llvm
- name: Checkout sources
uses: actions/checkout@v2
with:
submodules: recursive
- name: Install toolchain
uses: actions-rs/toolchain@v1
with:
profile: ${{ env.TOOLCHAIN_PROFILE }}
toolchain: ${{ env.RUST_TOOLCHAIN }}
override: true
components: rust-src, llvm-tools-preview
- name: Run cargo install cargo-xbuild
uses: actions-rs/cargo@v1
with:
command: install
args: cargo-xbuild
- name: Preparation Work
run: bash sh_script/preparation.sh
- name: Build PE format payload with boot-kernel support
run: bash sh_script/build_final.sh boot_kernel
- name: Run Tests - Boot Kernel
run: |
bash sh_script/integration_tdx.sh -c 1 -m 1G -f target/release/final-boot-kernel.bin
bash sh_script/integration_tdx.sh -c 1 -m 2G -f target/release/final-boot-kernel.bin
bash sh_script/integration_tdx.sh -c 2 -m 4G -f target/release/final-boot-kernel.bin
bash sh_script/integration_tdx.sh -c 4 -m 8G -f target/release/final-boot-kernel.bin
bash sh_script/integration_tdx.sh -c 8 -m 16G -f target/release/final-boot-kernel.bin
bash sh_script/integration_tdx.sh -c 16 -m 32G -f target/release/final-boot-kernel.bin
- name: Build PE format payload with test TD payload
run: bash sh_script/build_final.sh pe_test
- name: Run Tests - Run PE format test TD payload
run: |
bash sh_script/integration_tdx.sh -c 1 -m 1G -f target/release/final-pe-test1.bin
bash sh_script/integration_tdx.sh -c 1 -m 2G -f target/release/final-pe-test2.bin
bash sh_script/integration_tdx.sh -c 2 -m 4G -f target/release/final-pe-test3.bin
bash sh_script/integration_tdx.sh -c 4 -m 8G -f target/release/final-pe-test4.bin
bash sh_script/integration_tdx.sh -c 8 -m 16G -f target/release/final-pe-test5.bin
- name: Build ELF format payload with test TD payload
run: bash sh_script/build_final.sh elf_test
- name: Run Tests - Run ELF format test TD payload
run: |
bash sh_script/integration_tdx.sh -c 1 -m 1G -t elf -f target/release/final-elf-test1.bin
bash sh_script/integration_tdx.sh -c 1 -m 2G -t elf -f target/release/final-elf-test2.bin
bash sh_script/integration_tdx.sh -c 2 -m 4G -t elf -f target/release/final-elf-test3.bin
bash sh_script/integration_tdx.sh -c 4 -m 8G -t elf -f target/release/final-elf-test4.bin
bash sh_script/integration_tdx.sh -c 8 -m 16G -t elf -f target/release/final-elf-test5.bin
- name: Build PE format payload for secure boot test
run: bash sh_script/build_final.sh pe_sb_test
- name: Run Tests - Run secure boot test with PE format payload
run: |
bash sh_script/integration_tdx.sh -f target/release/final-pe-sb-normal.bin
bash sh_script/integration_tdx.sh -f target/release/final-pe-sb-mismatch-pubkey.bin
bash sh_script/integration_tdx.sh -f target/release/final-pe-sb-unsigned.bin
- name: Build ELF format payload for secure boot test
run: bash sh_script/build_final.sh elf_sb_test
- name: Run Tests - Run secure boot test with ELF format payload
run: |
bash sh_script/integration_tdx.sh -t elf -f target/release/final-elf-sb-normal.bin
bash sh_script/integration_tdx.sh -t elf -f target/release/final-elf-sb-mismatch-pubkey.bin
bash sh_script/integration_tdx.sh -t elf -f target/release/final-elf-sb-unsigned.bin