Skip to content

SGX attestation validation #1296

SGX attestation validation

SGX attestation validation #1296

Workflow file for this run

name: Run tests
on:
push:
schedule:
- cron: "17 6 * * *"
jobs:
run-unit-tests:
name: Unit tests
runs-on: ubuntu-20.04
steps:
- name: Checkout this repo
uses: actions/checkout@v3
- name: Build the middleware docker image
run: docker/mware/build
- name: Middleware tests
run: middleware/test-all
- name: Firmware tests using TCPSigner
run: firmware/test/test-all
- name: Firmware HAL's common unit tests
run: firmware/src/hal/common/test/run-all.sh
- name: Firmware HAL's x86 unit tests
run: firmware/src/hal/x86/test/run-all.sh
- name: Firmware HAL's SGX unit tests
run: firmware/src/hal/sgx/test/run-all.sh
- name: Firmware common lib unit tests
run: firmware/src/common/test/run-all.sh
- name: Firmware PowHSM's unit tests
run: firmware/src/powhsm/test/run-all.sh
- name: Firmware SGX's unit tests
run: firmware/src/sgx/test/run-all.sh
- name: Ledger UI's unit tests
run: firmware/src/ledger/ui/test/run-all.sh
- name: Ledger Signer's unit tests
run: firmware/src/ledger/signer/test/run-all.sh
run-integration-tests-tcpsigner:
name: Integration tests for TCPSigner
runs-on: ubuntu-20.04
steps:
- name: Checkout rsk-powhsm repo
uses: actions/checkout@v3
with:
path: rsk-powhsm
- name: Build required software
working-directory: rsk-powhsm
run: |
docker/mware/build
docker/packer/build
middleware/build/manager_tcp
firmware/build/build-tcpsigner
- name: Checkout hsm-integration-test repo
uses: actions/checkout@v3
with:
repository: rootstock/hsm-integration-test
ref: 5.3.0.plus
path: hsm-integration-test
ssh-key: ${{ secrets.HSM_INTEGRATION_TEST_SSH_KEY }}
- name: Copy required files
run: |
mkdir hsm-integration-test/docker/manager/manager_tcp
tar -xzf rsk-powhsm/middleware/bin/manager_tcp.tgz \
-C hsm-integration-test/docker/manager/manager_tcp
cp rsk-powhsm/firmware/src/tcpsigner/tcpsigner \
hsm-integration-test/docker/tcpsigner/
- name: Run HSM integration tests
working-directory: hsm-integration-test
run: sh smoke-test.sh
run-integration-tests-sgx:
name: Integration tests for SGX simulator
runs-on: ubuntu-20.04
steps:
- name: Checkout rsk-powhsm repo
uses: actions/checkout@v3
with:
path: rsk-powhsm
- name: Build required software
working-directory: rsk-powhsm
run: |
docker/mware/build
docker/packer/build
docker/sgx/build
middleware/build/manager_sgx
docker/sgx/do-notty /hsm2/firmware/src/sgx "make generate-private-key"
firmware/build/build-sgx-sim \
0xe108960a242ad7bd45c21aff9c7ed9c516789e9cffacdd895502727d8f460d2c \
0x6E regtest
- name: Checkout hsm-integration-test repo
uses: actions/checkout@v3
with:
repository: rootstock/hsm-integration-test
ref: 5.3.0.plus
path: hsm-integration-test
ssh-key: ${{ secrets.HSM_INTEGRATION_TEST_SSH_KEY }}
- name: Copy required files
run: |
mkdir hsm-integration-test/docker/manager/manager_sgx
tar -xzf rsk-powhsm/middleware/bin/manager_sgx.tgz \
-C hsm-integration-test/docker/manager/manager_sgx
cp rsk-powhsm/firmware/src/sgx/bin/hsmsgx \
hsm-integration-test/docker/sgx
cp rsk-powhsm/firmware/src/sgx/bin/hsmsgx_enclave.signed \
hsm-integration-test/docker/sgx
echo abcd1234 > hsm-integration-test/docker/manager/pin.txt
echo -n abcd1234 > hsm-integration-test/docker/sgx/kvstore-password.dat
echo -en "\x03" > hsm-integration-test/docker/sgx/kvstore-retries.dat
echo -en "\x03" > hsm-integration-test/docker/sgx/kvstore-retries.dat
dd if=/dev/urandom bs=1 count=32 \
of=hsm-integration-test/docker/sgx/kvstore-seed.dat
echo "SGX_SIM=yes" >> "$GITHUB_ENV"
- name: Run HSM integration tests
working-directory: hsm-integration-test
run: sh smoke-test.sh