Skip to content
STM32H563 m33mu

More various fixes from the analyzers #161

Sign in to view logs

More various fixes from the analyzers

More various fixes from the analyzers #161

Workflow file for this run

.github/workflows/stm32h563-m33mu.yml at 01c2e18
name: STM32H563 m33mu
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
jobs:
stm32h563_m33mu_echo:
runs-on: ubuntu-latest
timeout-minutes: 20
container:
image: ghcr.io/wolfssl/wolfboot-ci-m33mu:v1.2
options: --privileged
steps:
- uses: actions/checkout@v4
- name: Install host tools
run: |
set -euo pipefail
apt-get update
apt-get install -y sudo dnsmasq iproute2 netcat-openbsd
- name: Build STM32H563 echo firmware
run: |
set -euo pipefail
make -C src/port/stm32h563 CC=arm-none-eabi-gcc OBJCOPY=arm-none-eabi-objcopy
- name: Run m33mu + DHCP + echo test
timeout-minutes: 10
run: |
set -euo pipefail
cleanup() {
set +e
if [ -f /tmp/m33mu.pid ]; then
sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
fi
sudo pkill -x m33mu 2>/dev/null || true
if [ -f /tmp/dnsmasq.pid ]; then
sudo kill "$(cat /tmp/dnsmasq.pid)" 2>/dev/null || true
fi
sudo ip link del tap0 2>/dev/null || true
}
trap cleanup EXIT
sudo ip tuntap add dev tap0 mode tap
sudo ip addr add 192.168.12.1/24 dev tap0
sudo ip link set tap0 up
cat > /tmp/dnsmasq.conf <<'EOF'
interface=tap0
bind-interfaces
dhcp-range=192.168.12.50,192.168.12.100,255.255.255.0,12h
dhcp-leasefile=/tmp/dnsmasq.leases
log-dhcp
EOF
sudo dnsmasq --conf-file=/tmp/dnsmasq.conf --pid-file=/tmp/dnsmasq.pid
sudo m33mu src/port/stm32h563/app.bin \
--cpu stm32h563 --tap:tap0 --uart-stdout --timeout 120 \
2>&1 | tee /tmp/m33mu.log &
sleep 1
m33mu_pid="$(pgrep -n -x m33mu || true)"
if [ -n "${m33mu_pid}" ]; then
echo "${m33mu_pid}" > /tmp/m33mu.pid
fi
ip=""
for _ in $(seq 1 60); do
if [ -s /tmp/dnsmasq.leases ]; then
ip="$(tail -n1 /tmp/dnsmasq.leases | cut -d' ' -f3)"
fi
if [ -n "${ip}" ]; then
break
fi
sleep 1
done
if [ -z "${ip}" ]; then
echo "No DHCP lease acquired."
echo "m33mu log:"
tail -n 200 /tmp/m33mu.log || true
exit 1
fi
echo "Leased IP: ${ip}"
ok=0
for _ in $(seq 1 20); do
if ! pgrep -x m33mu >/dev/null 2>&1; then
echo "m33mu exited before echo check."
tail -n 200 /tmp/m33mu.log || true
exit 1
fi
if printf "ping" | nc -w 2 "${ip}" 7 | grep -q "ping"; then
ok=1
break
fi
sleep 0.2
done
if [ "${ok}" -ne 1 ]; then
echo "Echo test failed."
echo "m33mu log:"
tail -n 200 /tmp/m33mu.log || true
exit 1
fi
echo "Echo test succeeded."
if [ -f /tmp/m33mu.pid ]; then
sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
fi
stm32h563_m33mu_full:
runs-on: ubuntu-latest
timeout-minutes: 30
container:
image: ghcr.io/wolfssl/wolfboot-ci-m33mu:v1.2
options: --privileged
steps:
- uses: actions/checkout@v4
- name: Clone wolfSSL, wolfSSH, wolfMQTT
run: |
set -euo pipefail
cd ..
git clone --depth 1 https://github.com/wolfSSL/wolfssl.git
git clone --depth 1 https://github.com/wolfSSL/wolfssh.git
git clone --depth 1 https://github.com/wolfSSL/wolfmqtt.git
- name: Install host tools
run: |
set -euo pipefail
apt-get update
apt-get install -y sudo dnsmasq iproute2 netcat-openbsd \
curl mosquitto-clients openssh-client
- name: Build STM32H563 full firmware
run: |
set -euo pipefail
make -C src/port/stm32h563 \
WOLFSSL_ROOT=../../../../wolfssl \
ENABLE_HTTPS=1 ENABLE_MQTT_BROKER=1 ENABLE_SSH=1 \
WOLFSSL_SP_NO_ASM=1 \
CC=arm-none-eabi-gcc OBJCOPY=arm-none-eabi-objcopy
- name: Run m33mu + DHCP + full test
timeout-minutes: 15
run: |
set -euo pipefail
cleanup() {
set +e
if [ -f /tmp/m33mu.pid ]; then
sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
fi
sudo pkill -x m33mu 2>/dev/null || true
if [ -f /tmp/dnsmasq.pid ]; then
sudo kill "$(cat /tmp/dnsmasq.pid)" 2>/dev/null || true
fi
sudo ip link del tap0 2>/dev/null || true
}
trap cleanup EXIT
sudo ip tuntap add dev tap0 mode tap
sudo ip addr add 192.168.12.1/24 dev tap0
sudo ip link set tap0 up
cat > /tmp/dnsmasq.conf <<'EOF'
interface=tap0
bind-interfaces
dhcp-range=192.168.12.50,192.168.12.100,255.255.255.0,12h
dhcp-leasefile=/tmp/dnsmasq.leases
log-dhcp
EOF
sudo dnsmasq --conf-file=/tmp/dnsmasq.conf --pid-file=/tmp/dnsmasq.pid
sudo m33mu src/port/stm32h563/app.bin \
--cpu stm32h563 --tap:tap0 --uart-stdout --timeout 240 \
2>&1 | tee /tmp/m33mu.log &
sleep 1
m33mu_pid="$(pgrep -n -x m33mu || true)"
if [ -n "${m33mu_pid}" ]; then
echo "${m33mu_pid}" > /tmp/m33mu.pid
fi
# Wait for DHCP lease
ip=""
for _ in $(seq 1 60); do
if [ -s /tmp/dnsmasq.leases ]; then
ip="$(tail -n1 /tmp/dnsmasq.leases | cut -d' ' -f3)"
fi
if [ -n "${ip}" ]; then
break
fi
sleep 1
done
if [ -z "${ip}" ]; then
echo "No DHCP lease acquired."
tail -n 200 /tmp/m33mu.log || true
exit 1
fi
echo "Leased IP: ${ip}"
# Helper: check m33mu is still running
check_alive() {
if ! pgrep -x m33mu >/dev/null 2>&1; then
echo "FAIL: m33mu exited unexpectedly."
tail -n 200 /tmp/m33mu.log || true
exit 1
fi
}
# Test 1: TCP Echo (port 7)
echo "=== Test 1: TCP Echo ==="
ok=0
for _ in $(seq 1 20); do
check_alive
if printf "ping" | nc -w 2 "${ip}" 7 | grep -q "ping"; then
ok=1; break
fi
sleep 0.5
done
if [ "${ok}" -ne 1 ]; then
echo "FAIL: Echo test."
tail -n 200 /tmp/m33mu.log || true
exit 1
fi
echo "PASS: Echo test."
# Test 2: HTTPS Web Server (port 443)
echo "=== Test 2: HTTPS Server ==="
sleep 3 # allow device to recover from echo session
ok=0
for _ in $(seq 1 10); do
check_alive
resp="$(curl -k -s --tlsv1.3 --max-time 20 "https://${ip}/" 2>/tmp/curl_err.log || true)"
if echo "${resp}" | grep -q "wolfIP Status"; then
ok=1; break
fi
sleep 2
done
if [ "${ok}" -ne 1 ]; then
echo "FAIL: HTTPS test."
echo "curl stderr:" && cat /tmp/curl_err.log || true
tail -n 200 /tmp/m33mu.log || true
exit 1
fi
echo "PASS: HTTPS test."
# Test 3: TLS Echo (port 8443)
echo "=== Test 3: TLS Echo ==="
sleep 5 # allow recovery from HTTPS TLS session
ok=0
for _ in $(seq 1 5); do
check_alive
resp="$(echo "TLS-ping" | timeout 10 openssl s_client \
-connect "${ip}:8443" -quiet 2>/dev/null || true)"
if echo "${resp}" | grep -q "TLS-ping"; then
ok=1; break
fi
sleep 3
done
if [ "${ok}" -ne 1 ]; then
echo "FAIL: TLS echo test."
tail -n 200 /tmp/m33mu.log || true
exit 1
fi
echo "PASS: TLS echo test."
# Test 4: MQTT Broker (port 8883)
echo "=== Test 4: MQTT Broker ==="
sleep 5 # allow recovery from TLS echo session
# Extract cert from certs.h for mosquitto
sed -n '/server_cert_pem\[\]/,/^"-----END CERTIFICATE-----\\n";$/p' src/port/certs.h \
| sed 's/^"//; s/\\n";$//; s/\\n"$//; s/"$//' \
| grep -v '^static\|^;' > /tmp/wolfip_cert.pem
ok=0
for _ in $(seq 1 5); do
check_alive
out="$(mosquitto_pub -h "${ip}" -p 8883 \
--cafile /tmp/wolfip_cert.pem --insecure \
-t "ci/test" -m "hello" -d 2>&1 || true)"
if echo "${out}" | grep -q "CONNACK"; then
ok=1; break
fi
sleep 5
done
if [ "${ok}" -ne 1 ]; then
echo "FAIL: MQTT broker test."
tail -n 200 /tmp/m33mu.log || true
exit 1
fi
echo "PASS: MQTT broker test."
# Test 5: SSH Server (port 22)
echo "=== Test 5: SSH Server ==="
sleep 5 # allow recovery from MQTT TLS session
ok=0
for _ in $(seq 1 5); do
check_alive
# Test SSH banner (connection-level check, no auth)
resp="$(timeout 10 bash -c "echo '' | nc -w 5 ${ip} 22" 2>/dev/null || true)"
if echo "${resp}" | grep -qi "ssh"; then
ok=1; break
fi
sleep 3
done
if [ "${ok}" -ne 1 ]; then
echo "FAIL: SSH banner test."
tail -n 200 /tmp/m33mu.log || true
exit 1
fi
echo "PASS: SSH banner test."
echo ""
echo "=== All tests passed ==="
if [ -f /tmp/m33mu.pid ]; then
sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
fi
stm32h563_m33mu_https_tls13:
runs-on: ubuntu-latest
timeout-minutes: 25
container:
image: ghcr.io/wolfssl/wolfboot-ci-m33mu:v1.2
options: --privileged
steps:
- uses: actions/checkout@v4
- name: Install host tools
run: |
set -euo pipefail
apt-get update
apt-get install -y sudo dnsmasq iproute2 curl git tcpdump
- name: Fetch wolfSSL
run: |
set -euo pipefail
if [ ! -d ../wolfssl ]; then
git clone --depth 1 --branch master https://github.com/wolfSSL/wolfssl.git ../wolfssl
fi
- name: Build STM32H563 HTTPS firmware
run: |
set -euo pipefail
make -C src/port/stm32h563 clean TZEN=0 ENABLE_HTTPS=1 \
WOLFSSL_SP_NO_ASM=1 \
CC=arm-none-eabi-gcc OBJCOPY=arm-none-eabi-objcopy
make -C src/port/stm32h563 TZEN=0 ENABLE_HTTPS=1 \
WOLFSSL_SP_NO_ASM=1 \
CC=arm-none-eabi-gcc OBJCOPY=arm-none-eabi-objcopy
strings src/port/stm32h563/app.bin | grep "Initializing HTTPS server" > /dev/null
- name: Run m33mu + DHCP + HTTPS test
timeout-minutes: 15
run: |
set -euo pipefail
cleanup() {
set +e
if [ -f /tmp/m33mu.pid ]; then
sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
fi
if [ -f /tmp/tcpdump.pid ]; then
sudo kill "$(cat /tmp/tcpdump.pid)" 2>/dev/null || true
fi
sudo pkill -x m33mu 2>/dev/null || true
if [ -f /tmp/dnsmasq.pid ]; then
sudo kill "$(cat /tmp/dnsmasq.pid)" 2>/dev/null || true
fi
sudo ip link del tap0 2>/dev/null || true
}
trap cleanup EXIT
sudo ip tuntap add dev tap0 mode tap
sudo ip addr add 192.168.12.1/24 dev tap0
sudo ip link set tap0 up
cat > /tmp/dnsmasq.conf <<'CONF'
interface=tap0
bind-interfaces
dhcp-range=192.168.12.50,192.168.12.100,255.255.255.0,12h
dhcp-leasefile=/tmp/dnsmasq.leases
log-dhcp
CONF
sudo dnsmasq --conf-file=/tmp/dnsmasq.conf --pid-file=/tmp/dnsmasq.pid
sudo tcpdump -i tap0 -nn -U -w /tmp/https-test.pcap > /tmp/tcpdump.log 2>&1 &
echo $! > /tmp/tcpdump.pid
sudo m33mu src/port/stm32h563/app.bin \
--cpu stm32h563 --tap:tap0 --uart-stdout --timeout 180 --quit-on-faults \
2>&1 | tee /tmp/m33mu.log &
sleep 1
m33mu_pid="$(pgrep -n -x m33mu || true)"
if [ -n "${m33mu_pid}" ]; then
echo "${m33mu_pid}" > /tmp/m33mu.pid
fi
ip=""
for _ in $(seq 1 90); do
if [ -s /tmp/dnsmasq.leases ]; then
ip="$(tail -n1 /tmp/dnsmasq.leases | cut -d' ' -f3)"
fi
if [ -n "${ip}" ]; then
break
fi
sleep 1
done
if [ -z "${ip}" ]; then
echo "No DHCP lease acquired."
echo "m33mu log:"
tail -n 200 /tmp/m33mu.log || true
exit 1
fi
echo "Leased IP: ${ip}"
ok=0
for _ in $(seq 1 60); do
if ! pgrep -x m33mu >/dev/null 2>&1; then
echo "m33mu exited before HTTPS check."
tail -n 200 /tmp/m33mu.log || true
exit 1
fi
if curl --silent --show-error --fail --insecure --tlsv1.3 \
--connect-timeout 10 --max-time 20 \
"https://${ip}/" | tee /tmp/curl.log | grep -q "wolfIP"; then
ok=1
break
fi
sleep 0.5
done
if [ "${ok}" -ne 1 ]; then
echo "HTTPS test failed."
echo "m33mu log:"
tail -n 200 /tmp/m33mu.log || true
echo "curl log:"
tail -n 200 /tmp/curl.log || true
echo "tcpdump log:"
tail -n 50 /tmp/tcpdump.log || true
exit 1
fi
echo "HTTPS test succeeded."
if [ -f /tmp/m33mu.pid ]; then
sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
fi
if [ -f /tmp/tcpdump.pid ]; then
sudo kill "$(cat /tmp/tcpdump.pid)" 2>/dev/null || true
fi