Bump actions/upload-artifact from 4.4.3 to 4.6.0 #522
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: vTPM Integration Test on TDX server | |
on: | |
push: | |
paths-ignore: | |
- "**.md" | |
pull_request: | |
paths-ignore: | |
- "**.md" | |
env: | |
AS: nasm | |
RUST_TOOLCHAIN: nightly-2023-12-31 | |
TOOLCHAIN_PROFILE: minimal | |
LIBGUESTFS_BACKEND: direct | |
permissions: | |
contents: read | |
jobs: | |
integration: | |
name: Run vTPM Integration Test | |
runs-on: [self-hosted, vtpm] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
with: | |
egress-policy: audit | |
- name: Checkout sources - vTpm | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Initialize and update submodules | |
run: | | |
git config --global http.postBuffer 524288000 | |
git config --global http.sslVerify "false" | |
git submodule update --init --recursive --depth 1 | |
- name: Checkout sources - TDVF | |
run: | | |
rm -rf ../vtpm-tdvf | |
git clone --recursive --single-branch -b TDVF-vTPM-TD https://github.com/tianocore/edk2-staging ../vtpm-tdvf | |
- name: Build vTPM td | |
run: | | |
rm -rf ../run-vtpm-td | |
mkdir ../run-vtpm-td | |
git submodule update --init --recursive | |
bash sh_script/pre-build.sh | |
bash sh_script/build.sh | |
cp target/x86_64-unknown-none/release/vtpmtd.bin ../run-vtpm-td | |
- name: Build config-A TDVF | |
run: | | |
pushd ../vtpm-tdvf | |
make -C BaseTools | |
source edksetup.sh | |
rm -rf ../run-user-td | |
mkdir ../run-user-td | |
build -p OvmfPkg/OvmfPkgX64.dsc -t GCC5 -a X64 -D TPM2_ENABLE=TRUE -D VTPM_ENABLE=TRUE -b RELEASE | |
cp Build/OvmfX64/RELEASE_GCC5/FV/OVMF.fd ../run-user-td/ | |
popd | |
- name: Run test - Config A | |
run: | | |
pushd sh_script | |
python -m pytest -k "config_A" | |
popd | |
- name: Run test - Config A + Tpm cmd | |
run: | | |
pushd sh_script | |
python -m pytest -k "tpm_cmd" | |
popd | |
- name: Build Config-B TDVF without secure boot | |
run: | | |
pushd ../vtpm-tdvf | |
make -C BaseTools | |
source edksetup.sh | |
rm -rf ../run-user-td | |
mkdir ../run-user-td | |
build -p OvmfPkg/IntelTdx/IntelTdxX64.dsc -t GCC5 -a X64 -b RELEASE | |
cp Build/IntelTdx/RELEASE_GCC5/FV/OVMF.fd ../run-user-td/ | |
popd | |
- name: Run test - Config B + no secure boot | |
run: | | |
pushd sh_script | |
python -m pytest -k "config_B_no_sb" | |
popd | |
- name: Run test - Config B + no secure boot + Tpm cmd | |
run: | | |
pushd sh_script | |
python -m pytest -k "tpm_cmd" | |
popd | |
- name: Build Config-B TDVF with secure boot | |
run: | | |
pushd ../vtpm-tdvf | |
make -C BaseTools | |
source edksetup.sh | |
rm -rf ../run-user-td | |
mkdir ../run-user-td | |
build -p OvmfPkg/IntelTdx/IntelTdxX64.dsc -D SECURE_BOOT_ENABLE=TRUE -t GCC5 -a X64 -b RELEASE | |
cp Build/IntelTdx/RELEASE_GCC5/FV/OVMF.fd ../run-user-td/ | |
popd | |
- name: Enroll OVMF.fd | |
run: | | |
SECURE_BOOT="/home/env/secure_boot" | |
GUID=`cat ${SECURE_BOOT}/myGUID.txt` | |
python sh_script/secure_boot/secure_boot.py -fd ../run-user-td/OVMF.fd -pk ${GUID} ${SECURE_BOOT}/PK.cer -kek ${GUID} ${SECURE_BOOT}/KEK.cer -db ${GUID} ${SECURE_BOOT}/DB.cer | |
python sh_script/secure_boot/var_enroll.py --fd ../run-user-td/OVMF.sb.fd -op add -n FB_NO_REBOOT -g 605dab50-e046-4300-abb6-3dd810dd8b23 -a 0x7 -d sh_script/secure_boot/FB_NO_REBOOT.bin -o ../run-user-td/OVMF.fd | |
- name: Run test - Config B + secure boot | |
run: | | |
pushd sh_script | |
python -m pytest -k "config_B_sb_create_destroy_instance" | |
popd |