ci: add FIH hardening tests to workflows
Add workflows to run FIH tests using GH actions. Update scripts to add
parsing of FIH parameters from a env matrix and disable docker caching
when running on GH.
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/ci/fih-tests_install.sh b/ci/fih-tests_install.sh
index fb6e0fb..4e38627 100755
--- a/ci/fih-tests_install.sh
+++ b/ci/fih-tests_install.sh
@@ -25,6 +25,8 @@
[[ -f $CACHED_IMAGE ]] && (gzip -dc $CACHED_IMAGE | docker load)
if [[ $? -ne 0 ]]; then
- docker pull mcuboot/$IMAGE
- docker save mcuboot/$IMAGE | gzip > $CACHED_IMAGE
+ docker pull mcuboot/$IMAGE
+ if [[ $GITHUB_ACTIONS != true ]]; then
+ docker save mcuboot/$IMAGE | gzip > $CACHED_IMAGE
+ fi
fi
diff --git a/ci/fih-tests_run.sh b/ci/fih-tests_run.sh
index efe33a0..5b975d3 100755
--- a/ci/fih-tests_run.sh
+++ b/ci/fih-tests_run.sh
@@ -22,6 +22,28 @@
git checkout TF-Mv1.4.0 &&\
popd
+if [[ $GITHUB_ACTIONS == true ]]; then
+ if [[ -z $FIH_ENV ]]; then
+ echo "Workflow has found no \$FIH_ENV"
+ exit 1
+ fi
+
+ args=($FIH_ENV)
+ len=${#args[@]}
+ if [[ $len < 3 ]]; then
+ echo "Invalid number of \$FIH_ENV args"
+ exit 1
+ fi
+
+ BUILD_TYPE=${args[0]}
+ SKIP_SIZE=${args[1]}
+ DAMAGE_TYPE=${args[2]}
+
+ if [[ $len > 3 ]]; then
+ FIH_LEVEL=${args[3]}
+ fi
+fi
+
if test -z "$FIH_LEVEL"; then
docker run --rm -v $(pwd):/root/work/tfm:rw,z mcuboot/fih-test /bin/sh -c '/root/work/tfm/mcuboot/ci/fih_test_docker/execute_test.sh $0 $1 $2' $SKIP_SIZE $BUILD_TYPE $DAMAGE_TYPE
else