pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / optee.nix
at master 2.3 kB view raw
1import ./make-test-python.nix ( 2 { pkgs, lib, ... }: 3 { 4 name = "optee"; 5 6 meta = with pkgs.lib.maintainers; { 7 maintainers = [ jmbaur ]; 8 }; 9 10 nodes.machine = 11 { config, pkgs, ... }: 12 let 13 inherit (pkgs) armTrustedFirmwareQemu opteeQemuAarch64 ubootQemuAarch64; 14 15 # Default environment for qemu-arm64 uboot does not work well with 16 # large nixos kernel/initrds. 17 uboot = ubootQemuAarch64.overrideAttrs (old: { 18 postPatch = (old.postPatch or "") + '' 19 substituteInPlace board/emulation/qemu-arm/qemu-arm.env \ 20 --replace-fail "ramdisk_addr_r=0x44000000" "ramdisk_addr_r=0x46000000" 21 ''; 22 }); 23 24 bios = armTrustedFirmwareQemu.override { 25 extraMakeFlags = [ 26 "SPD=opteed" 27 "BL32=${opteeQemuAarch64}/tee-header_v2.bin" 28 "BL32_EXTRA1=${opteeQemuAarch64}/tee-pager_v2.bin" 29 "BL32_EXTRA2=${opteeQemuAarch64}/tee-pageable_v2.bin" 30 "BL33=${uboot}/u-boot.bin" 31 "all" 32 "fip" 33 ]; 34 filesToInstall = [ 35 "build/qemu/release/bl1.bin" 36 "build/qemu/release/fip.bin" 37 ]; 38 postInstall = '' 39 dd if=$out/bl1.bin of=$out/bios.bin bs=4096 conv=notrunc 40 dd if=$out/fip.bin of=$out/bios.bin seek=64 bs=4096 conv=notrunc 41 ''; 42 }; 43 in 44 { 45 virtualisation = { 46 inherit bios; 47 cores = 2; 48 qemu.options = [ 49 "-machine virt,secure=on,accel=tcg,gic-version=2" 50 "-cpu cortex-a57" 51 ]; 52 }; 53 54 # VM boots up via qfw 55 boot.loader.grub.enable = false; 56 57 services.tee-supplicant = { 58 enable = true; 59 # pkcs11 trusted application 60 trustedApplications = [ "${opteeQemuAarch64.devkit}/ta/fd02c9da-306c-48c7-a49c-bbd827ae86ee.ta" ]; 61 }; 62 }; 63 testScript = '' 64 machine.wait_for_unit("tee-supplicant.service") 65 out = machine.succeed("${pkgs.opensc}/bin/pkcs11-tool --module ${lib.getLib pkgs.optee-client}/lib/libckteec.so --list-token-slots") 66 if out.find("OP-TEE PKCS11 TA") < 0: 67 raise Exception("optee pkcs11 token not found") 68 ''; 69 } 70)