Skip to content

Make fake BORD and SIGN values a little more realistic #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jgallagher merged 2 commits into from
Aug 22, 2025
Merged

Make fake BORD and SIGN values a little more realistic #40

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
59387ca
Make BORD and SIGN values a little more realistic
jgallagher Aug 20, 2025
afadab1
make RoT and bootloader artifacts distinct
jgallagher Aug 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions artifact/src/kind.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -246,6 +246,36 @@ impl KnownArtifactKind {
pub fn iter() -> KnownArtifactKindIter {
<Self as IntoEnumIterator>::iter()
}

/// For fake artifacts we generate for tests, what `SIGN` value do we insert
/// in the Hubris caboose for this artifact kind?
pub fn fake_artifact_hubris_sign(&self) -> Option<String> {
match self {
// Only RoT and RoT bootloader artifacts are signed. We want to use
// a distinct sign value for kind of system, just like real systems
// have.
KnownArtifactKind::GimletRot
| KnownArtifactKind::GimletRotBootloader => {
Some("sign-gimlet".to_string())
Copy link

@karencfv karencfv Aug 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Optional nit: Would be nice to make these fake sign values constants so we can use them in tests in Omicron.

Copy link
Contributor Author

@jgallagher jgallagher Aug 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's actually why I made this a method! We can call it from Omicron tests.

Copy link

@karencfv karencfv Aug 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤦‍♀️ lol of course

}
KnownArtifactKind::SwitchRot
| KnownArtifactKind::SwitchRotBootloader => {
Some("sign-switch".to_string())
}
KnownArtifactKind::PscRot | KnownArtifactKind::PscRotBootloader => {
Some("sign-psc".to_string())
}

KnownArtifactKind::GimletSp
| KnownArtifactKind::Host
| KnownArtifactKind::Trampoline
| KnownArtifactKind::InstallinatorDocument
| KnownArtifactKind::ControlPlane
| KnownArtifactKind::Zone
| KnownArtifactKind::PscSp
| KnownArtifactKind::SwitchSp => None,
}
}
}

#[derive(Debug, Error)]
Expand Down
46 changes: 27 additions & 19 deletions lib/src/assemble/manifest.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -427,9 +427,6 @@ impl<'a> FakeDataAttributes<'a> {
use hubtools::{CabooseBuilder, HubrisArchiveBuilder};

let board = match self.kind {
KnownArtifactKind::GimletRotBootloader
| KnownArtifactKind::PscRotBootloader
| KnownArtifactKind::SwitchRotBootloader => "SimRotStage0",
// non-Hubris artifacts: just make fake data
KnownArtifactKind::Host
| KnownArtifactKind::Trampoline
Expand All @@ -447,27 +444,38 @@ impl<'a> FakeDataAttributes<'a> {
);
}

// hubris artifacts: build a fake archive (SimGimletSp and
// In production, all the bootloaders and RoTs claim to have the
// same board (currently: `oxide-rot-1`). Let's do that here too.
KnownArtifactKind::GimletRotBootloader
| KnownArtifactKind::PscRotBootloader
| KnownArtifactKind::SwitchRotBootloader
| KnownArtifactKind::GimletRot
| KnownArtifactKind::PscRot
| KnownArtifactKind::SwitchRot => "SimRot",
Copy link

@karencfv karencfv Aug 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need to change anything here, but just curious. What are the consequences of using the real board names here instead of "SimRot", "SimPscSp", etc?

Copy link
Contributor Author

@jgallagher jgallagher Aug 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'd have to change the sp-sim to match for tests to work, I think. I could see an argument for that, but to date we've kept them separate. I think it shouldn't matter much either way, except that it's nice to be able to immediately tell whether something is fake?

Copy link

@karencfv karencfv Aug 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it shouldn't matter much either way, except that it's nice to be able to immediately tell whether something is fake?

Yeah, that makes sense. I guess we can revisit this if we find we need more fidelity to a real environment.


// SP artifacts: build a fake archive (SimGimletSp and
// SimGimletRot are used by sp-sim)
KnownArtifactKind::GimletSp => "SimGimletSp",
KnownArtifactKind::GimletRot => "SimRot",
KnownArtifactKind::PscSp => "fake-psc-sp",
KnownArtifactKind::PscRot => "fake-psc-rot",
KnownArtifactKind::SwitchSp => "SimSidecarSp",
KnownArtifactKind::SwitchRot => "SimRot",
KnownArtifactKind::PscSp => "SimPscSp",
};

// For our purposes sign = board represents what we want for the RoT
// and we don't care about the sign value for the SP
// We now have an assumption that board == name for our production
// images
let caboose = CabooseBuilder::default()
.git_commit("this-is-fake-data")
.board(board)
.version(self.version.to_string())
.name(board)
.sign(board)
.build();
let caboose = {
// We use a fake git commit that contains `self.kind` to ensure that
// the artifacts we produce are distinct for each `kind`, even if
// all the other caboose fields are identical.
let mut builder = CabooseBuilder::default()
.git_commit(format!("this-is-a-fake-{}", self.kind))
.board(board)
.name(board)
.version(self.version.to_string());

if let Some(sign) = self.kind.fake_artifact_hubris_sign() {
builder = builder.sign(sign);
}

builder.build()
};

let mut builder = HubrisArchiveBuilder::with_fake_image();
builder.write_caboose(caboose.as_slice()).unwrap();
Expand Down
Loading