[DRAFT] [bazel,qemu] Add QEMU support for ROM_EXT E2E attestation & dice chain tests #28505
+72
−16
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adds the QEMU ROM_EXT environment to the DICE CWT functest, to check that DICE CWT works in QEMU environments. This test is currently expected to pass given the state of QEMU emulation. Signed-off-by: Alex Jones <[email protected]>
Adds the QEMU ROM_EXT execution environment to the end-to-end ROM_EXT attestation test that tests we can read out valid attestation data and print the generated DICE certificates. This test target requires bootstrapping and as such needs an appropriate bootstrapping delay (e.g. 1 second). Signed-off-by: Alex Jones <[email protected]>
Currently, if a test target provides custom device binaries (i.e. it does not provide test source files), and does not specify an "assemble" parameter for generating an image, the QEMU Bazel test dispatch rules do not know how to handle this case. This is needed for example in the `variation_interop_X_first_test` DICE Chain ROM_EXT end-to-end tests. Add logic to correctly ignore assembly and changes to the "firmware" param so that a blank image will be generated, and whatever binaries the test defines for bootstrapping can then be used on the empty flash. Signed-off-by: Alex Jones <[email protected]>
This commit adds QEMU environments for running the ROM_EXT end-to-end dice chain tests. Some of these test targets require bootstrapping, and as such need an appropriate bootstrapping delay (e.g. 1 second) which is higher than the default for QEMU environments, as a result of QEMU's slow emulation of the ROM compared to FPGA/silicon. This is due to the SEC_MMIO hot loop in the ROM falling in an unaligned (to a 4K page) EPMP region, which causes QEMU'S TCG'S TLB caching to be unused. Signed-off-by: Alex Jones <[email protected]>
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note: this PR requires QEMU opentitantool SPI bootstrapping support which is not yet currently merged (see #28413), and so is not expected to pass. This PR is marked as draft for now, but is otherwise ready for review. When run on top of that PR (with some small tweaks, see my working local branch) all tests pass in QEMU environments.
This PR checks that QEMU Earlgrey emulation can correctly support DICE chain attestation flows (with the same limitations as FPGA when unprovisioned, due to the lack of info page splicing). Also adds QEMU to the relevant attestation
dice_cwt_functestand theprint_certs_testwhich is used by some DICE chain tests.