Merge branch 'lowRISC:master' into rnd_reset_debug

lowRISC · Jan 2, 2025 · 768bfda · 768bfda
2 parents ec94065 + baa55f8
commit 768bfda
Show file tree

Hide file tree

Showing 1,203 changed files with 43,000 additions and 54,254 deletions.
diff --git a/.bazelrc b/.bazelrc
@@ -2,8 +2,8 @@
 # Licensed under the Apache License, Version 2.0, see LICENSE for details.
 # SPDX-License-Identifier: Apache-2.0
 
-# Opt-out of bzlmod for now and continue to use `WORKSPACE`.
-common --noenable_bzlmod
+# Enable bzlmod using both `MODULE.bazel` and `WORKSPACE.bzlmod`.
+common --enable_bzlmod
 
 # https://docs.opentitan.org/doc/rm/c_cpp_coding_style/#cxx-version specifies
 build --action_env=BAZEL_CXXOPTS="-std=gnu++14"

diff --git a/.gitattributes b/.gitattributes
@@ -26,3 +26,6 @@ sw/**/*.md  doc
 sw/**/*.svg doc
 sw/**/*.jpg doc
 sw/**/*.png doc
+
+# Generated lock files
+MODULE.bazel.lock linguist-generated=true
diff --git a/.github/actions/prepare-env/action.yml b/.github/actions/prepare-env/action.yml
@@ -87,10 +87,28 @@ runs:
     # This can't be Workload Identity Federation because Bazel performance using WIF is terrible.
     # This needs access to secrets and thus doesn't work for pull request.
     - uses: google-github-actions/auth@v2
+      id: google_auth
       if: github.event_name != 'pull_request'
       with:
         credentials_json: '${{ inputs.service_account_json }}'
 
+    # The above action creates a credential file in workspace and it doesn't provide a way to configure
+    # it. This influences with a few scripts that assume clean workspace, and introduce security risk
+    # that it may be exposed when uploading to buckets.
+    - name: Move Google credentials out from workspace
+      if: github.event_name != 'pull_request'
+      run: |
+        SOURCE=${{ steps.google_auth.outputs.credentials_file_path }}
+        TARGET=${{ runner.temp }}/$(basename "$SOURCE")
+        mv $SOURCE $TARGET
+        echo "CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=$TARGET" >> $GITHUB_ENV
+        echo "GOOGLE_APPLICATION_CREDENTIALS=$TARGET" >> $GITHUB_ENV
+        echo "GOOGLE_GHA_CREDS_PATH=$TARGET" >> $GITHUB_ENV
+      shell: bash
+
+    - uses: google-github-actions/setup-gcloud@v2
+      if: github.event_name != 'pull_request'
+
     - name: Configure ~/.bazelrc
       if: inputs.configure-bazel == 'true'
       run: |

diff --git a/.github/actions/publish-bazel-test-results/action.yml b/.github/actions/publish-bazel-test-results/action.yml
@@ -12,6 +12,9 @@ inputs:
   artifact-name:
     description: Name of uploaded artifact. Leave empty to skip upload.
     default: ''
+  bucket-destination:
+    description: GCP bucket destination to upload report to.
+    default: ''
 
 runs:
   using: composite
@@ -27,6 +30,11 @@ runs:
           echo '<?xml version="1.0" encoding="UTF-8"?><testsuites/>' >> "${{ inputs.merged-results }}"
         fi
 
+    - name: Add hostname to testsuites
+      shell: bash
+      run: |
+        xmlstarlet ed --inplace -i '/testsuites/testsuite' -t attr -n hostname -v "${{ runner.name }}" "${{ inputs.merged-results }}"
+
     - name: Upload report as artifact
       if: inputs.artifact-name != ''
       uses: actions/upload-artifact@v4
@@ -36,6 +44,12 @@ runs:
         # In case this is from a re-run
         overwrite: true
 
+    - name: Upload report to Google Cloud
+      if: inputs.bucket-destination != ''
+      shell: bash
+      run: |
+        gcloud storage cp "${{ inputs.merged-results }}" "gs://${{ inputs.bucket-destination }}"
+
     - name: Publish job summary
       uses: mikepenz/action-junit-report@ec3a351c13e080dc4fa94c49ab7ad5bf778a9668 # v5
       with:

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -22,6 +22,8 @@ concurrency:
 
 env:
   VIVADO_VERSION: "2021.1"
+  # Release tag from https://github.com/lowRISC/lowrisc-toolchains/releases
+  TOOLCHAIN_VERSION: 20220210-1
 
 jobs:
   quick_lint:
@@ -104,8 +106,6 @@ jobs:
       - name: DV software images
         run: ./ci/scripts/check_dv_sw_images.sh
         continue-on-error: true
-      - name: Build documentation
-        run: ./ci/scripts/build-docs.sh
       - name: Generated files
         run: ./ci/scripts/check-generated.sh
         env:
@@ -121,6 +121,48 @@ jobs:
       - name: Verible FPV
         run: ./ci/scripts/verible-lint.sh fpv
 
+  build_docs:
+    name: Build documentation
+    runs-on: ubuntu-22.04
+    needs: quick_lint
+    env:
+      BUCKET: gold-hybrid-255313-prod
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Bitstream cache requires all commits.
+      - name: Prepare environment
+        uses: ./.github/actions/prepare-env
+        with:
+          service_account_json: '${{ secrets.BAZEL_CACHE_CREDS }}'
+      - name: Build documentation
+        run: util/site/build-docs.sh build
+      - name: Upload files
+        if: ${{ github.event_name != 'pull_request' && github.ref_name == 'master' }}
+        run: |
+          echo "::group::Upload all uncompressed files"
+          gcloud storage cp -R --gzip-in-flight=js,css,html "build-site/*" gs://$BUCKET
+          echo "::endgroup::"
+
+          # This script compresses the searchindex files, replacing the originals in-place.
+          # (This is how 'content-encoding'-tagged files should be uploaded to gcloud buckets)
+          util/site/post-build.sh compress_br
+
+          search_indexes=$(find build-site/ -type f -name '*searchindex.json')
+          for f in $search_indexes; do
+              echo "Uploading compressed file ${f}"
+              # Get directory of file, relative to the build directory.
+              # - var=${var#*//} # removes stuff from the begining up to //
+              dir=$(dirname "${f#*build-site/}")
+              # When serving from gcloud buckets, file should be uploaded with an identical name as the
+              # original, but compressed and with the matching 'content-encoding' and 'content-type' tags applied.
+              gcloud storage cp \
+                     --content-encoding=br \
+                     --content-type=application/json \
+                     -R \
+                     "$f" "gs://$BUCKET/${dir}/"
+          done
+
   airgapped_build:
     name: Airgapped build
     runs-on: ubuntu-22.04
@@ -179,6 +221,55 @@ jobs:
           config_file: ${{ env.verible_config }}
           extra_args: "--waiver_files=verible_waiver"
 
+  otbn_standalone_tests:
+    name: Run OTBN smoke Test
+    needs: quick_lint
+    runs-on: ubuntu-22.04
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Bitstream cache requires all commits.
+      - name: Prepare environment
+        uses: ./.github/actions/prepare-env
+        with:
+          service_account_json: '${{ secrets.BAZEL_CACHE_CREDS }}'
+      - name: Install toolchain
+        run: |
+          TOOLCHAIN_PATH=/tools/riscv
+          sudo util/get-toolchain.py \
+            --install-dir="$TOOLCHAIN_PATH" \
+            --release-version="$TOOLCHAIN_VERSION" \
+            --update
+          echo "$TOOLCHAIN_PATH/bin" >> $GITHUB_PATH
+      - name: Display environment
+        run: |
+          python3 --version
+          fusesoc --version
+          verilator --version
+      - name: OTBN ISS test
+        run: make -C hw/ip/otbn/dv/otbnsim test
+      - name: OBTN smoke test
+        run: ./hw/ip/otbn/dv/smoke/run_smoke.sh
+      - name: Assemble & link code snippets
+        run: make -C hw/ip/otbn/util asm-check
+
+  otbn_crypto_tests:
+    name: Run OTBN crypto tests
+    needs: quick_lint
+    runs-on: ubuntu-22.04
+    timeout-minutes: 60
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Bitstream cache requires all commits.
+      - name: Prepare environment
+        uses: ./.github/actions/prepare-env
+        with:
+          service_account_json: '${{ secrets.BAZEL_CACHE_CREDS }}'
+      - name: Execute tests
+        run: ./bazelisk.sh test --test_tag_filters=-nightly //sw/otbn/crypto/...
+
   verilator_englishbreakfast:
     name: Verilated English Breakfast
     runs-on: ubuntu-22.04
@@ -222,7 +313,7 @@ jobs:
   # Build CW305 variant of the English Breakfast toplevel design using Vivado
   chip_englishbreakfast_cw305:
     name: CW305's Bitstream
-    runs-on: ubuntu-22.04-bitstream
+    runs-on: ubuntu-22.04-vivado
     needs: quick_lint
     steps:
       - uses: actions/checkout@v4
@@ -307,7 +398,6 @@ jobs:
             --stamp-file $PWD/bazel-out/volatile-status.txt \
             --out $PWD/build-bin/bitstream-cache \
             $PWD/build-bin/**/manifest.json
-      - uses: google-github-actions/setup-gcloud@v2
       - name: Upload bitstreams to GCP bucket
         run: |
           BUCKET_URI=gs://opentitan-bitstreams/${{ github.ref_name }}
@@ -344,15 +434,15 @@ jobs:
 
   execute_rom_ext_fpga_tests_cw310:
     name: CW310 ROM_EXT Tests
-    needs: chip_earlgrey_cw310
+    needs: chip_earlgrey_cw310_hyperdebug
     uses: ./.github/workflows/fpga.yml
     secrets: inherit
     with:
       job_name: execute_rom_ext_fpga_tests_cw310
-      bitstream: chip_earlgrey_cw310
+      bitstream: chip_earlgrey_cw310_hyperdebug
       board: cw310
-      interface: cw310
-      tag_filters: cw310_rom_ext
+      interface: hyper310
+      tag_filters: hyper310_rom_ext
 
   execute_sival_fpga_tests_cw310:
     name: CW310 SiVal Tests