wolfTPM/.github/workflows/cmake-build.yml at 3bf81baedeba66af75e116a9df5fa01973849814 · wolfSSL/wolfTPM · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
name: WolfTPM CMake Build Tests

on:
  push:
    branches: [ 'master', 'main', 'release/**' ]
  pull_request:
    branches: [ '*' ]

jobs:
  build:

    runs-on: ${{ matrix.config.os }}
    strategy:
      fail-fast: false
      matrix:
        config:
          # Default configuration (SWTPM first)
          - name: "Defaults"
            os: ubuntu-latest
            options: ""
          # ST33 supports both SPI and I2C
          - name: "Module ST33 SPI"
            os: ubuntu-latest
            options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_MODULE=st33"
          - name: "Module ST33 I2C"
            os: ubuntu-latest
            options: "-DWOLFTPM_INTERFACE=I2C -DWOLFTPM_MODULE=st33"
          # ST33 Firmware
          - name: "Module ST33 Firmware"
            os: ubuntu-latest
            options: "-DWOLFTPM_MODULE=st33 -DWOLFTPM_FIRMWARE=yes"
          # Other modules use SPI
          - name: "Module Microchip"
            os: ubuntu-latest
            options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_MODULE=microchip"
          - name: "Module Nuvoton"
            os: ubuntu-latest
            options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_MODULE=nuvoton"
          - name: "Module SLB9670"
            os: ubuntu-latest
            options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_MODULE=slb9670"
          - name: "Module SLB9672"
            os: ubuntu-latest
            options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_MODULE=slb9672"
          # SLB9673 is I2C
          - name: "Module SLB9673 I2C"
            os: ubuntu-latest
            options: "-DWOLFTPM_INTERFACE=I2C -DWOLFTPM_MODULE=slb9673"
          # Test wrapper disabled
          - name: "No Wrapper"
            os: ubuntu-latest
            options: "-DWOLFTPM_WRAPPER=no"
          # Test I2C support (enables ADV_IO automatically)
          - name: "I2C Enabled (legacy)"
            os: ubuntu-latest
            options: "-DWOLFTPM_I2C=yes"
          # Test interface options
          - name: "Interface I2C"
            os: ubuntu-latest
            options: "-DWOLFTPM_INTERFACE=I2C"
          - name: "Interface SPI"
            os: ubuntu-latest
            options: "-DWOLFTPM_INTERFACE=SPI"
          # Test Advanced IO
          - name: "Advanced IO"
            os: ubuntu-latest
            options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_ADVIO=yes"
          - name: "Advanced IO I2C"
            os: ubuntu-latest
            options: "-DWOLFTPM_INTERFACE=I2C -DWOLFTPM_ADVIO=yes"
          # Test MMIO (enables ADV_IO automatically)
          - name: "MMIO Enabled"
            os: ubuntu-latest
            options: "-DWOLFTPM_MMIO=yes"
          # Test Check Wait State
          - name: "Check Wait State Enabled"
            os: ubuntu-latest
            options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_CHECK_WAIT_STATE=yes"
          - name: "Check Wait State Disabled"
            os: ubuntu-latest
            options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_CHECK_WAIT_STATE=no"
          # Test TIS Lock
          - name: "TIS Lock Enabled"
            os: ubuntu-latest
            options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_TIS_LOCK=yes"
          # Test Small Stack
          - name: "Small Stack"
            os: ubuntu-latest
            options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_SMALL_STACK=yes"
          # Test HAL disabled
          - name: "No HAL"
            os: ubuntu-latest
            options: "-DWOLFTPM_HAL=no"
          # Test Firmware disabled
          - name: "No Firmware"
            os: ubuntu-latest
            options: "-DWOLFTPM_FIRMWARE=no"
          # Test Debug modes
          - name: "Debug Verbose"
            os: ubuntu-latest
            options: "-DWOLFTPM_DEBUG=verbose"
          - name: "Debug IO"
            os: ubuntu-latest
            options: "-DWOLFTPM_DEBUG=io"
          # Test Examples disabled
          - name: "No Examples"
            os: ubuntu-latest
            options: "-DWOLFTPM_EXAMPLES=no"
          # Test combination of options
          - name: "Combined Options"
            os: ubuntu-latest
            options: "-DWOLFTPM_INTERFACE=I2C -DWOLFTPM_MODULE=st33 -DWOLFTPM_ADVIO=yes -DWOLFTPM_CHECK_WAIT_STATE=yes"
          # fwTPM server with socket transport
          - name: "fwTPM Socket"
            os: ubuntu-latest
            options: "-DWOLFTPM_FWTPM=yes -DWOLFTPM_INTERFACE=SWTPM"
          # fwTPM server with TIS/shared-memory transport
          - name: "fwTPM TIS"
            os: ubuntu-latest
            options: "-DWOLFTPM_FWTPM=yes -DWOLFTPM_INTERFACE=SPI"
          # fwTPM server-only mode (no client library or examples)
          - name: "fwTPM Only"
            os: ubuntu-latest
            options: "-DWOLFTPM_FWTPM_ONLY=yes -DWOLFTPM_INTERFACE=SWTPM"
          # fwTPM socket on Windows (build-only)
          - name: "fwTPM Socket (Windows)"
            os: windows-latest
            options: "-DWOLFTPM_FWTPM=yes -DWOLFTPM_INTERFACE=SWTPM"

    steps:
#pull wolfTPM
    - uses: actions/checkout@master

# Install cmake
    - name: Install cmake
      if: runner.os == 'Linux'
      run: |
        sudo apt-get update
        sudo apt-get install -y cmake

#pull and build wolfssl
    - name: Checkout wolfssl
      uses: actions/checkout@master
      with:
        repository: wolfssl/wolfssl
        path: wolfssl
    - name: Build wolfssl
      working-directory: ./wolfssl
      shell: bash
      run: |
        mkdir build
        cd build
        # wolfSSL PR 7188 broke "make install" unless WOLFSSL_INSTALL is set
        cmake -DWOLFSSL_TPM=yes -DWOLFSSL_INSTALL=yes \
            -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
            -DCMAKE_C_FLAGS="-DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP" ..
        cmake --build . --config Release
        cmake --install . --config Release

#build wolftpm
    - name: Build wolfTPM (${{ matrix.config.name }})
      shell: bash
      run: |
        mkdir build
        cd build
        cmake ${{ matrix.config.options }} \
            -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
            -DWITH_WOLFSSL="$GITHUB_WORKSPACE/install" ..
        cmake --build . --config Release
        cmake --install . --config Release

    - name: Test fwTPM
      if: contains(matrix.config.options, 'WOLFTPM_FWTPM')
      shell: bash
      run: |
        cd build
        if [ "$RUNNER_OS" = "Windows" ]; then
          # Windows: DLL search uses PATH, and wolfssl.dll installs to install/bin
          PATH="$GITHUB_WORKSPACE/install/bin:$PATH" \
            ctest -C Release --output-on-failure
        else
          LD_LIBRARY_PATH="$GITHUB_WORKSPACE/install/lib" \
            ctest -C Release --output-on-failure
        fi

  # Verify that a static-library build can be installed and its exported
  # CMake targets are self-consistent.  The matrix builds above use
  # WITH_WOLFSSL (shared library) and do not catch this because CMake only
  # enforces export-set completeness for static libraries: any CMake target
  # in a static library's PRIVATE link chain must be exported or wrapped in
  # $<BUILD_INTERFACE:...>.
  cmake-static-export:
    name: CMake static export check
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master

      - name: Install cmake
        run: |
          sudo apt-get update
          sudo apt-get install -y cmake

      - name: Checkout wolfssl
        uses: actions/checkout@master
        with:
          repository: wolfssl/wolfssl
          path: wolfssl

      - name: Build and install wolfssl
        working-directory: ./wolfssl
        run: |
          mkdir build && cd build
          cmake -DWOLFSSL_TPM=yes -DWOLFSSL_INSTALL=yes \
              -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
              -DCMAKE_C_FLAGS="-DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP" ..
          cmake --build .
          cmake --install .

      - name: Build and install wolftpm (static, cmake-config wolfssl)
        run: |
          mkdir build && cd build
          cmake \
              -DBUILD_SHARED_LIBS=OFF \
              -DWOLFTPM_EXAMPLES=no \
              -DWOLFTPM_FWTPM=no \
              -DWOLFTPM_BUILD_OUT_OF_TREE=yes \
              -DCMAKE_PREFIX_PATH="$GITHUB_WORKSPACE/install" \
              -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
              ..
          cmake --build .
          cmake --install .