Add network namespace isolation, macOS CI, and Windows build support for fwTPM

Use unshare --user --net to isolate fwtpm_check.sh TCP ports in CI, eliminating flaky port conflicts on shared runners. Add macOS CI with socket transport tests. Add Windows socket portability (Winsock2) and build-only CI via CMake.

Author: dgarske

.github/workflows/cmake-build.yml

@@ -9,97 +9,131 @@ on:
 jobs:
   build:
 
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.config.os }}
     strategy:
       fail-fast: false
       matrix:
         config:
           # Default configuration (SWTPM first)
           - name: "Defaults"
+            os: ubuntu-latest
             options: ""
           # ST33 supports both SPI and I2C
           - name: "Module ST33 SPI"
+            os: ubuntu-latest
             options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_MODULE=st33"
           - name: "Module ST33 I2C"
+            os: ubuntu-latest
             options: "-DWOLFTPM_INTERFACE=I2C -DWOLFTPM_MODULE=st33"
           # ST33 Firmware
           - name: "Module ST33 Firmware"
+            os: ubuntu-latest
             options: "-DWOLFTPM_MODULE=st33 -DWOLFTPM_FIRMWARE=yes"
           # Other modules use SPI
           - name: "Module Microchip"
+            os: ubuntu-latest
             options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_MODULE=microchip"
           - name: "Module Nuvoton"
+            os: ubuntu-latest
             options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_MODULE=nuvoton"
           - name: "Module SLB9670"
+            os: ubuntu-latest
             options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_MODULE=slb9670"
           - name: "Module SLB9672"
+            os: ubuntu-latest
             options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_MODULE=slb9672"
           # SLB9673 is I2C
           - name: "Module SLB9673 I2C"
+            os: ubuntu-latest
             options: "-DWOLFTPM_INTERFACE=I2C -DWOLFTPM_MODULE=slb9673"
           # Test wrapper disabled
           - name: "No Wrapper"
+            os: ubuntu-latest
             options: "-DWOLFTPM_WRAPPER=no"
           # Test I2C support (enables ADV_IO automatically)
           - name: "I2C Enabled (legacy)"
+            os: ubuntu-latest
             options: "-DWOLFTPM_I2C=yes"
           # Test interface options
           - name: "Interface I2C"
+            os: ubuntu-latest
             options: "-DWOLFTPM_INTERFACE=I2C"
           - name: "Interface SPI"
+            os: ubuntu-latest
             options: "-DWOLFTPM_INTERFACE=SPI"
           # Test Advanced IO
           - name: "Advanced IO"
+            os: ubuntu-latest
             options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_ADVIO=yes"
           - name: "Advanced IO I2C"
+            os: ubuntu-latest
             options: "-DWOLFTPM_INTERFACE=I2C -DWOLFTPM_ADVIO=yes"
           # Test MMIO (enables ADV_IO automatically)
           - name: "MMIO Enabled"
+            os: ubuntu-latest
             options: "-DWOLFTPM_MMIO=yes"
           # Test Check Wait State
           - name: "Check Wait State Enabled"
+            os: ubuntu-latest
             options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_CHECK_WAIT_STATE=yes"
           - name: "Check Wait State Disabled"
+            os: ubuntu-latest
             options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_CHECK_WAIT_STATE=no"
           # Test TIS Lock
           - name: "TIS Lock Enabled"
+            os: ubuntu-latest
             options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_TIS_LOCK=yes"
           # Test Small Stack
           - name: "Small Stack"
+            os: ubuntu-latest
             options: "-DWOLFTPM_INTERFACE=SPI -DWOLFTPM_SMALL_STACK=yes"
           # Test HAL disabled
           - name: "No HAL"
+            os: ubuntu-latest
             options: "-DWOLFTPM_HAL=no"
           # Test Firmware disabled
           - name: "No Firmware"
+            os: ubuntu-latest
             options: "-DWOLFTPM_FIRMWARE=no"
           # Test Debug modes
           - name: "Debug Verbose"
+            os: ubuntu-latest
             options: "-DWOLFTPM_DEBUG=verbose"
           - name: "Debug IO"
+            os: ubuntu-latest
             options: "-DWOLFTPM_DEBUG=io"
           # Test Examples disabled
           - name: "No Examples"
+            os: ubuntu-latest
             options: "-DWOLFTPM_EXAMPLES=no"
           # Test combination of options
           - name: "Combined Options"
+            os: ubuntu-latest
             options: "-DWOLFTPM_INTERFACE=I2C -DWOLFTPM_MODULE=st33 -DWOLFTPM_ADVIO=yes -DWOLFTPM_CHECK_WAIT_STATE=yes"
           # fwTPM server with socket transport
           - name: "fwTPM Socket"
+            os: ubuntu-latest
             options: "-DWOLFTPM_FWTPM=yes -DWOLFTPM_INTERFACE=SWTPM"
           # fwTPM server with TIS/shared-memory transport
           - name: "fwTPM TIS"
+            os: ubuntu-latest
             options: "-DWOLFTPM_FWTPM=yes -DWOLFTPM_INTERFACE=SPI"
           # fwTPM server-only mode (no client library or examples)
           - name: "fwTPM Only"
+            os: ubuntu-latest
             options: "-DWOLFTPM_FWTPM_ONLY=yes -DWOLFTPM_INTERFACE=SWTPM"
+          # fwTPM socket on Windows (build-only)
+          - name: "fwTPM Socket (Windows)"
+            os: windows-latest
+            options: "-DWOLFTPM_FWTPM=yes -DWOLFTPM_INTERFACE=SWTPM"
 
     steps:
 #pull wolfTPM
     - uses: actions/checkout@master
 
 # Install cmake
     - name: Install cmake
+      if: runner.os == 'Linux'
       run: |
         sudo apt-get update
         sudo apt-get install -y cmake
@@ -112,25 +146,32 @@ jobs:
         path: wolfssl
     - name: Build wolfssl
       working-directory: ./wolfssl
+      shell: bash
       run: |
         mkdir build
         cd build
         # wolfSSL PR 7188 broke "make install" unless WOLFSSL_INSTALL is set
-        cmake -DWOLFSSL_TPM=yes -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" -DCMAKE_C_FLAGS="-DWC_RSA_NO_PADDING" ..
-        cmake --build .
-        cmake --install .
+        cmake -DWOLFSSL_TPM=yes -DWOLFSSL_INSTALL=yes \
+            -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
+            -DCMAKE_C_FLAGS="-DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP" ..
+        cmake --build . --config Release
+        cmake --install . --config Release
 
 #build wolftpm
     - name: Build wolfTPM (${{ matrix.config.name }})
+      shell: bash
       run: |
         mkdir build
         cd build
-        cmake ${{ matrix.config.options }} -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" -DWITH_WOLFSSL="$GITHUB_WORKSPACE/install" ..
-        cmake --build .
-        cmake --install .
+        cmake ${{ matrix.config.options }} \
+            -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
+            -DWITH_WOLFSSL="$GITHUB_WORKSPACE/install" ..
+        cmake --build . --config Release
+        cmake --install . --config Release
 
     - name: Test fwTPM
       if: contains(matrix.config.options, 'WOLFTPM_FWTPM')
+      shell: bash
       run: |
         cd build
         LD_LIBRARY_PATH="$GITHUB_WORKSPACE/install/lib" ctest --output-on-failure