Skip to content

Commit 1a9b344

Browse files
pennyannnpennyannn
authored
Renable NSym CI (#2570)
1. Reenable the NSym CI since the build is fixed in AWS-LC-verification. Related PR: awslabs/aws-lc-verification#172 2. Update the README description to match AWS-LC-verification README ### Testing: This change will be tested in the CI run. If the fix in AWS-LC-verification works, the NSym build should pass. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
1 parent 229d978 commit 1a9b344

File tree

5 files changed

+35
-4
lines changed

5 files changed

+35
-4
lines changed

README.md

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -150,10 +150,11 @@ verified on certain CPUs with caveats include:
150150
| SHA-2 | 384 | neoverse-n1, neoverse-v1 |
151151
| HMAC | with <nobr>SHA-384</nobr> | SandyBridge+ |
152152
| <nobr>AES-KW(P)</nobr> | 256 | SandyBridge+ |
153-
| Elliptic Curve Keys and Parameters | with <nobr>P-384</nobr> | SandyBridge+ |
154-
| ECDSA | with <nobr>P-384</nobr>, <nobr>SHA-384</nobr> | SandyBridge+ |
155-
| ECDH | with <nobr>P-384</nobr> | SandyBridge+ |
156-
| HKDF | with <nobr>HMAC-SHA384</nobr> | SandyBridge+ |
153+
| <nobr>AES-GCM</nobr> | 256 | SandyBridge+ |
154+
<!--- | Elliptic Curve Keys and Parameters | with <nobr>P-384</nobr> | SandyBridge+ | --->
155+
<!--- | ECDSA | with <nobr>P-384</nobr>, <nobr>SHA-384</nobr> | SandyBridge+ | --->
156+
<!--- | ECDH | with <nobr>P-384</nobr> | SandyBridge+ | --->
157+
<!--- | HKDF | with <nobr>HMAC-SHA384</nobr> | SandyBridge+ | --->
157158

158159
The CPUs for which code is verified are defined in the following table.
159160

tests/ci/cdk/cdk/codebuild/github_ci_linux_x86_omnibus.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -516,6 +516,17 @@ batch:
516516
variables:
517517
DOCKER_ENTRYPOINT: SAW/scripts/aarch64/docker_entrypoint.sh
518518

519+
# NSym proofs on platform AArch64
520+
- identifier: ubuntu2204_clang14x_formal_verification_nsym_aarch64
521+
buildspec: ./tests/ci/codebuild/common/run_fv_target.yml
522+
env:
523+
type: LINUX_CONTAINER
524+
privileged-mode: false
525+
compute-type: BUILD_GENERAL1_2XLARGE
526+
image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-22.04_clang-14x_formal-verification-nsym-aarch64_latest
527+
variables:
528+
DOCKER_ENTRYPOINT: NSym/scripts/docker_entrypoint.sh
529+
519530
# Build and test aws-lc without Perl/Go.
520531
- identifier: amazonlinux2_gcc7x_x86_64_minimal
521532
buildspec: ./tests/ci/codebuild/common/run_simple_target.yml

tests/ci/docker_images/linux-x86/build_images.sh

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ docker build -t fedora-31:clang-9x -f fedora-31_clang-9x/Dockerfile ../dependenc
5353
./ubuntu-20.04_clang-10x_formal-verification-saw-x86_64/create_image.sh ubuntu-20.04:clang-10x_formal-verification-saw-x86_64
5454
./ubuntu-20.04_clang-10x_formal-verification-saw-x86_64-aes-gcm/create_image.sh ubuntu-20.04:clang-10x_formal-verification-saw-x86_64-aes-gcm
5555
./ubuntu-20.04_clang-10x_formal-verification-saw-aarch64/create_image.sh ubuntu-20.04:clang-10x_formal-verification-saw-aarch64
56+
./ubuntu-22.04_clang-14x_formal-verification-nsym-aarch64/create_image.sh ubuntu-22.04:clang-14x_formal-verification-nsym-aarch64
5657

5758
###########################################################
5859
# Build older unofficial docker image that uses gcc 4.1.3 #

tests/ci/docker_images/linux-x86/push_images.sh

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ tag_and_push_img 'ubuntu-22.04:gcc-10x' "${ECS_REPO}:ubuntu-22.04_gcc-10x"
3636
tag_and_push_img 'ubuntu-22.04:gcc-11x' "${ECS_REPO}:ubuntu-22.04_gcc-11x"
3737
tag_and_push_img 'ubuntu-22.04:gcc-12x' "${ECS_REPO}:ubuntu-22.04_gcc-12x"
3838
tag_and_push_img 'ubuntu-22.04:gcc-12x_integration' "${ECS_REPO}:ubuntu-22.04_gcc-12x_integration"
39+
tag_and_push_img 'ubuntu-22.04:clang-14x_formal-verification-nsym-aarch64' "${ECS_REPO}:ubuntu-22.04_clang-14x_formal-verification-nsym-aarch64"
3940
tag_and_push_img 'centos-7:gcc-4x' "${ECS_REPO}:centos-7_gcc-4x"
4041
tag_and_push_img 'centos-8:gcc-8x' "${ECS_REPO}:centos-8_gcc-8x"
4142
tag_and_push_img 'amazonlinux-2:gcc-7x' "${ECS_REPO}:amazonlinux-2_gcc-7x"

tests/ci/docker_images/linux-x86/ubuntu-22.04_clang-14x_formal-verification-nsym-aarch64/create_image.sh

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
#!/usr/bin/env bash
2+
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3+
# SPDX-License-Identifier: Apache-2.0 OR ISC
4+
5+
set -ex
6+
7+
if [ -n "$1" ]; then
8+
docker_tag="$1"
9+
else
10+
docker_tag='ubuntu-20.04:clang-10x_formal-verification-nsym-aarch64'
11+
fi
12+
rm -rf aws-lc-verification
13+
git clone https://github.com/awslabs/aws-lc-verification.git
14+
cd aws-lc-verification
15+
docker build --pull --no-cache -f Dockerfile.nsym -t ${docker_tag} .
16+
cd ..
17+
rm -rf aws-lc-verification

0 commit comments

Comments
 (0)