Commit graph

118 commits

Author SHA1 Message Date
Tom Rini
09ed7e62f3 CI: Update to gcc-12.2
- Update to gcc-12.2, and cherry-pick a fix in grub for risc-v

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-12-06 15:30:30 -05:00
Tom Rini
d948c8988c sandbox: Rework how SDL is enabled / disabled
Given that we can use Kconfig logic directly to see if we have a program
available on the host or not, change from passing NO_SDL to instead
controlling CONFIG_SANDBOX_SDL in Kconfig directly. Introduce
CONFIG_HOST_HAS_SDL as the way to test for sdl2-config and default
CONFIG_SANDBOX_SDL on if we have that, or not.

Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-12-05 16:11:50 -05:00
Tom Rini
bd181a24c4 CI: Make more use of git safe.directory
We have a number of jobs that will have git complain about needing to
set safe.directory and this being untrue as a fatal error, but then
complete. Set this flag correctly now as it should be used, and may
prevent a future failure.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-11-24 16:26:03 -05:00
Tom Rini
d7713ad36f buildman: Add --allow-missing flag to allow missing blobs
Add a new flag to buildman so that we will in turn pass
BINMAN_ALLOW_MISSING=1 to 'make'. Make use of this flag in CI.

Allow the settings file to control this.

Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
2022-11-22 15:13:35 -07:00
Tom Rini
17196e446b CI: Update to jammy-20221003-17Oct2022 tag
This includes python3-pyelftools so we can drop it from one of the tests
directly.

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-10-17 11:10:32 -04:00
Heinrich Schuchardt
e2ce13c4a7 docker: install riscv32 toolchain
For building riscv32 targets we should use the riscv32 toolchain.
Add it to the Docker image.

Drop the riscv toolchain-alias as we do not need it in future.

While in here, update to the latest "jammy" tag.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Rick Chen <rick@andestech.com>
[trini: Update to latest jammy tag]
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-10-07 08:42:21 -04:00
Simon Glass
1aa168ca8f ci: Add a test for a non-LTO build
Check that sandbox builds and runs tests OK with LTO disabled.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-02 16:20:11 -04:00
Tom Rini
b6d4e0850b CI: Move to Ubuntu 2022.04 "Jammy" for CI base
- We now have a new enough sbsigntools in the distro, stop building.
- Use the 20220801 tag for Jammy.
- Move to pygit2 1.9.2 (current version) as the old one doesn't build on
 "Jammy".
- Add the working directory to the list of safe directories for git.
- Move to pytest 6.2.5 to address other issues.
- This move exposed a number of minor issues in the existing scripts we
  used within CI to perform the jobs themselves.  The most notable changes
  here involve using 'set +e / set -e' to enforce when we should or should
  not make non-zero buildman status be a fatal error.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-08-22 08:01:34 -04:00
Tom Rini
05f958f8a2 CI: Azure: Merge PowerPC jobs in to one
At this point given the number of PowerPC platforms we have, a single
job to build them all fits within the time limit we have in Azure.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-08-20 22:46:02 -04:00
Tom Rini
0040ed7e0c ppc: Remove corenet_ds boards
These boards have been orphaned for some time and are behind on various
DM migrations. Remove them.

Cc: Priyanka Jain <priyanka.jain@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-08-20 21:18:15 -04:00
Tom Rini
24291741f6 CI: Azure: Move to using macOS-12 image
As per https://github.com/actions/virtual-environments/issues/5583 the
macOS-10.15 image is being deprecated.  Move us up to macOS-12.

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-08-12 16:10:49 -04:00
Tom Rini
b0a23a60dd CI: Azure: Move to Ubuntu 22.04 image
As per https://github.com/actions/runner-images/issues/6002 the Ubuntu
18.04 image is deprecated and will be removed by December 1, 2022.
Move to the Ubuntu 22.04 image as our base for launching our containers
from.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-08-12 16:10:32 -04:00
Simon Glass
7ae8a5270a gitlab/azure: Use buildman instead of genboardscfg
Use the equivalent buildman functionality to check maintainer info.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2022-08-05 11:47:56 -04:00
Joel Stanley
b24087ae64 CI: Add Aspeed AST2600
The AST2600 has a Qemu model that allows testing. Create a SPI NOR image
containing the combined SPL and u-boot FIT image.

Reviewed-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Joel Stanley <joel@jms.id.au>
2022-07-06 14:32:00 -04:00
Andrew Scull
eabc4e2980 CI: Azure: Build with ASAN enabled
In order to prevent build regressions with ASAN, add the builds to CI.
The longer term objective will be to enabled test targets with ASAN
enabled, but there are too many at the moment.

Signed-off-by: Andrew Scull <ascull@google.com>
2022-06-23 12:58:18 -04:00
Tom Rini
f8e7670f8b CI: Azure: Rework how we update MSYS2
Based on reading https://www.msys2.org/docs/ci/ and "Other Systems"
rework how we update MSYS2 to the current version.  We run it once, to
perform nothing other than being the first run, then we run pacman
twice.

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-05-03 08:32:50 -04:00
Simon Glass
a31eff3015 CI: Run VPL tests
Add tests for VPL into the mix. For now this just runs the help test and
a few SPL ones.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-05-02 10:01:52 -04:00
Tom Rini
11232139e3 nds32: Remove the architecture
As removal of nds32 has been ack'd for the Linux kernel, remove support
here as well.

Cc: Rick Chen <rick@andestech.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2022-04-25 16:04:05 -04:00
Tom Rini
239fe55a6c CI: Print out unmigrated symbols when failing
To make addressing the problem of migrated symbols being present in
board config header files, update the CI test to them print what symbols
are causing it to fail.  Also report all failures in the tree, rather
than stopping at the first failing file.

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-04-15 08:09:16 -04:00
Tom Rini
694943cf2a CI: Update unmigrated symbol check
We need to check for config header files that #undef migrated symbols as
well.

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-04-01 10:28:45 -04:00
Tom Rini
e47bbf7e0e CI: Pin pylint version to 2.12.2
For consistency in runs, we need to always use the same pylint version.
Pin to 2.12.2 as this is what we have been using so far.

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-03-25 08:26:01 -04:00
Tom Rini
576eac8557 CI: Fix unmigrated symbol test
When calling comm to compare the CONFIG symbols a defconfig uses with
the symbols that have been migrated, we need to suppress all output as
the summary line will have everything we need.  Failure to do this leads
to the test blowing up, but in non-fatal ways.

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-03-18 08:43:24 -04:00
Tom Rini
17af72eb16 CI, Docker: Update to latest focal tag
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-03-15 16:18:16 -04:00
Simon Glass
642e51addf Azure/GitLab CI: Add the pylint checker
Add a check that new Python code does not regress the pylint score for
any module.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-03-02 10:28:12 -05:00
AKASHI Takahiro
d9612f4426 tools: mkeficapsule: allow for specifying GUID explicitly
The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.

To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
   [--fit <image> | --raw <image>] <capsule file>
NEW:
   [--fit | --raw | --guid <guid-string>] <image> <capsule file>

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-02-11 20:07:55 +01:00
AKASHI Takahiro
16abff246b tools: mkeficapsule: add firmware image signing
With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.

To do that, we need specify additional command parameters:
  -monotonic-cout <count> : monotonic count
  -private-key <private key file> : private key file
  -certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.

Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-02-11 20:07:55 +01:00
AKASHI Takahiro
9ebfc6ba5b CI: enforce packages upgrade for Msys2 on Windows
We need to install libgnutls-devel package to build the host tool,
mkeficapsule, and as of now, there seems to be a depencency conflict
in the current msys2 installer;

   :: installing libp11-kit (0.24.1-1) breaks dependency \
	'libp11-kit=0.23.22' required by p11-kit

To resolve this conflict, however, the initial "pacman -Syyuu" in
'tools_only_windows' job is not enough. Another "pacman -Su" will
enforce all the out-of-date packages being upgraded.
(Probably the first "-Syyuu" can be changed to "-Syu".)

See the installation steps in
  https://www.msys2.org/

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-02-11 20:07:55 +01:00
Tom Rini
cd59d44cfd Dockfile, CI: Update to latest focal tag and build
- Latest focal tag
- Add libgnutls to image

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-02-03 12:15:32 -05:00
Simon Glass
bfb2a7fbd1 gitlab/azure: x86: Add a coreboot test
Coreboot supports U-Boot as a payload and this recently got a bit of a
facelist. Add a test for this.

For now this uses a binary build of coreboot (v4.15). Future work could
potentially build it from source, but we need to figure out the
toolchain problems first, since coreboot uses its own toolchain. It
turns out that this is tricky, because coreboot fails to build with a
vanilla gcc.

This needs some changes to the hooks scripts as well. An example build
is at https://source.denx.de/u-boot/custodians/u-boot-dm/-/jobs/359687

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2022-01-28 17:58:41 -05:00
Tom Rini
9d358a8c26 CI, Dockerfile: Update to latest "focal" tag
Bring us to the focal-20220105 tag and rebuild our images on top of
this.

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-01-12 21:26:52 -05:00
Tom Rini
67d3e67dd8 ci: azure: Update to use stages
Follow what we do in GitLab CI where we break the jobs up in to stages
such that if earlier and often quicker sanity tests fail we don't run
everything else.

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-01-12 20:56:22 -05:00
Tom Rini
c1a7de5702 CI: Test for unmigrated CONFIG symbols in board config.h files
Now that all symbols that exist in Kconfig no longer also have boards
setting them  in the board config.h file, add a CI test to catch new
instances of this, and fail.

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-12-27 16:20:18 -05:00
Tom Rini
99cffa233c Dockerfile, CI: Update to latest "focal" tag
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-11-14 10:30:48 -05:00
Tom Rini
38a9840d98 Azure: Move to windows-2019
As per https://github.com/actions/virtual-environments/issues/4312 the
Windows-2016 environments are scheduled for deprecation and removal in
early 2022.  Move to windows-2019 now to avoid this (Visual Studio 2019
is included here, hence the tag naming scheme change).

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-11-11 19:02:44 -05:00
Tom Rini
e2d6a77a8f CI: Switch running the nokia_rx51 test with in-container toolchain
Instead of fetching an arm toolchain to use, run the test with the one
that's already in the container image.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
2021-10-21 12:50:48 -06:00
Tom Rini
927e0eedfc CI: Update to LLVM-13
- Switch sources and CI scripts to install and use LLVM-13
- Update to latest "focal" tag.

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-10-14 19:45:07 -04:00
Tom Rini
7fde64c004 Azure/GitLab CI: Update docker image
Rebuild our current docker image so that ca-certificates will be updated
and Let's Encrypt issued certificates will work again.

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-30 11:36:10 -04:00
Kristian Amlie
15e30106ce ARM: vexpress_ca9x4: Reintroduce board in order to use with QEMU.
vexpress_ca9x4 is seemingly the only board except for qemu_arm which
is able to run U-Boot correctly, using the `-M vexpress-a9` option to
QEMU. Building for qemu_arm and running qemu-system-arm with the `-M
virt` argument has a number of downsides, most importantly that it
only supports virtio storage drivers. This significantly reduces its
usefulness in testing memory card and Flash solutions, especially when
the tested images are from a third party source.

So therefore we reintroduce the vexpress_ca9x4 board in this commit,
with the explicit goal of using it with QEMU.

A number of differences to note from the original:

* Since the board was apparently unmaintained, I have now set myself
  as the maintainer.

* The board has been converted to use the driver model, which was the
  reason it was removed in the first place.

* The vexpress_ca15_tc2 and vexpress_ca5x2 boards, which were removed
  in the same commit, are not necessary for the QEMU use case, and
  have been omitted.

* An `mmc0` alias was introduced in the dts file. The mmc is not
  detected correctly without this, now that it's based on the device
  tree instead of the board's init function.

* A couple of other nodes were removed because they were problematic
  when trying to run the UEFI bootmgr. Once again, the primary use
  case here is QEMU, and these nodes are not needed for that to work.

* Unnecessary board init code has been removed, thanks to driver model
  and device tree.

* `CONFIG_OF_EMBED` has been enabled. I know this goes against
  recommended practice, but there doesn't seem to be any other way to
  pass the dtb to U-Boot in the QEMU scenario. Using the -dtb argument
  does not work, I suppose because U-Boot doesn't use the same
  mechanics as the kernel when it's booting.

* Load addresses have been changed to fit QEMU use case.

People wanting to get a more detailed, yet somewhat isolated, diff
between this and the original, can run this command:

  git diff c6c26a05b89f25a06e7562f8c2071b60fd0c9eac~1 -- \
      $( git diff-tree --diff-filter=A -r --name-only HEAD~1 HEAD)

(Make sure to either check out this commit first, or replace HEAD with
the commit ID of this commit)

Signed-off-by: Kristian Amlie <kristian.amlie@northern.tech>
2021-09-24 14:30:46 -04:00
Tom Rini
201853834a CI: Update to latest container images
- Current Ubuntu/Focal tag
- QEMU 6.1.0
- genimage tool added

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-11 12:15:15 -04:00
Bin Meng
0e60b3a718 azure/gitlab: Add tests for SiFive Unleashed board
This adds CI tests for SiFive Unleashed board.

QEMU supports booting exact the same images as used on the real
hardware out of the box, that U-Boot SPL loads U-Boot proper
from either an SD card or the SPI NOR flash, hence we can easily
set up CI to cover these 2 boot flows of SiFive Unleashed board.

With this, now we can have regression testing of mmc-spi-slot and
sifive spi drivers, as well as mmc and spi-nor subsystems.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2021-09-11 10:40:31 -04:00
Simon Glass
4a753fbcee ppc: Drop t4qds and b4860qds references
These boards have been removed. Drop the config file and other references.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-06 08:26:48 -04:00
Tom Rini
66217225f7 CI: Update to LLVM-12
The current stable release of LLVM is 12, update to that.  While at it,
fix that we had not correctly upgraded to LLVM 11 previously.

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-08-04 11:30:46 -04:00
Tom Rini
5ea605ce49 AzureCI: Move i.MX8 builds to their own job
The aarch64 catch-all job is starting to get close to or exceed the time
limit for jobs.  Move the i.MX8 boards to their own job to fix this.

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-07-27 17:56:22 -04:00
Tom Rini
5bda1878b9 Azure: Remove "spear" jobs
With the spear family of platforms gone, remove references to them from
the build jobs.

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-07-08 09:33:10 -04:00
Tom Rini
1c58857ad7 ppc: Remove sbc8641d board
This board has not been converted to CONFIG_DM_PCI by the deadline and is
also missing conversion to CONFIG_DM.  Remove it.  This is also the last
of the ARCH_MPC8641/MPC8610 platforms, so remove that support as well.

Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
Cc: Priyanka Jain <priyanka.jain@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-07 19:52:24 -04:00
Tom Rini
7bb1cc3bb9 Azure/GitLab: Move to gcc-11.1.0 and LLVM-11
- Move to gcc-11.1.0 builds from kernel.org for supported platforms and
  LLVM-11 for those tests.
- As Heinrich has noted, the RISC-V platform specification has a profile
  OS-A for running rich operating systems like Linux and BSD. This profile
  requires 64bit and UEFI conforming to the EBBR. Only the 'embedded'
  profile may use 32bit.  Given this, drop grub for 32bit RISC-V as it no
  longer compiles with gcc-11.1 and upstream is unlikely to fix it:
  https://www.mail-archive.com/grub-devel@gnu.org/msg30736.html
- Update to grub-2.06 release to address other issues of building with
  gcc-11.1.
- Update to newer Xtensa (gcc-9.2.0) and ARC (gcc-10.2) toolchains

Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Bin Meng <bmeng.cn@gmail.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Rick Chen <rick@andestech.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-07-07 10:17:54 -04:00
Tom Rini
b1c2102db1 Docker/CI: Update to "focal" and latest build
Move us up to being based on Ubuntu 20.04 "focal" and the latest tag
from Ubuntu for this release.  For this, we make sure that "python" is
now python3 but still include python2.7 for the rx51 qemu build as that
is very old and does not support python3.

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-07-05 15:28:32 -04:00
Alper Nebi Yasak
e22ec9c692 Azure: Add loop devices and CAP_SYS_ADMIN for sandbox test.py tests
The filesystem test setup needs to prepare disk images for its tests,
with either guestmount or loop mounts. The former requires access to the
host fuse device (added in a previous patch), the latter requires access
to host loop devices. Both mounts also need additional privileges since
docker's default configuration prevents the containers from mounting
filesystems (for host security).

Add any available loop devices to the container and try to add as few
privileges as possible to run these tests, which narrow down to adding
SYS_ADMIN capability and disabling apparmor confinement. However, this
much still seems to be insecure enough to let malicious container
processes escape as root on the host system [1].

[1] https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/

Since the mentioned tests are marked to run only on the sandbox board,
add these additional devices and privileges only when testing with that.

An alternative to using mounts is modifying the filesystem tests to use
virt-make-fs (like some EFI tests do), but it fails to generate a
partitionless FAT filesystem image on Debian systems. Other more
feasible alternatives are using guestfish or directly using libguestfs
Python bindings to create and populate the images, but switching the
test setups to these is nontrivial and is left as future work.

Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2021-07-05 15:28:32 -04:00
Alper Nebi Yasak
1aaaf60d20 Azure: Add fuse device for test.py tests
The EFI secure boot and capsule test setups need to prepare disk images
for their tests using virt-make-fs, which requires access to the host
fuse device. This is not exposed to the docker container by default and
has to be added explicitly. Add it.

Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2021-07-05 15:28:32 -04:00
Bin Meng
1ce892cb1c azure: Use msys2 20210604 installer for Windows build
MSYS2 Windows build started to fail since yesterday (Jun 21):

  checking keyring...
  checking package integrity...
  error: gcc-libs: signature from "David Macek <david.macek.0@gmail.com>" is unknown trust
  :: File /var/cache/pacman/pkg/gcc-libs-10.2.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
  error: gcc: signature from "David Macek <david.macek.0@gmail.com>" is unknown trust
  :: File /var/cache/pacman/pkg/gcc-10.2.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
  error: failed to commit transaction (invalid or corrupted package)
  Errors occurred, no packages were upgraded.

Switching to the latest installer (version 20210604) seems to fix it.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Tested-by: Tom Rini <trini@konsulko.com>
2021-06-22 09:06:03 -04:00