firmware

package
v0.0.0-...-5a551ca Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 5, 2024 License: Apache-2.0 Imports: 10 Imported by: 6

Documentation

Overview

Package firmware provides definitions of the firmware executable and associated metadata.

Index

Constants

View Source 
const (
	ConfigMaxLength = 40960

	// Block size in bytes of the MMC device on the armored witness.
	MMCBlockSize = 512

	// BootloaderBlock defines the location of the first block of the bootloader on MMC.
	BootloaderBlock  = 0x2
	BootloaderOffset = BootloaderBlock * MMCBlockSize
	// OSBlock defines the location of the first block of the TrustedOS on MMC.
	OSBlock  = 0x5000
	OSOffset = OSBlock * MMCBlockSize

	// AppletBlock defines the location of the first block of the TrustedApplet on MMC.
	AppletBlock  = 0x200000
	AppletOffset = AppletBlock * MMCBlockSize
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Bundle 

type Bundle struct {
	// Checkpoint is an append-only commitment from the log that includes the
	// Manifest as a leaf.
	Checkpoint []byte
	// Index is the position in the log that Manifest is committed to as a leaf.
	Index uint64
	// InclusionProof is a chain of hashes that proves that Manifest is the
	// leaf at Index in the log committed to by Checkpoint.
	InclusionProof [][]byte
	// Manifest is the metadata about Firmware, including its type, provenance,
	// and semantic version. This includes a hash of Firmware, which binds this
	// executable to Checkpoint.
	Manifest []byte
	// Firmware is the elf executable data committed to by Manifest.
	Firmware []byte
	// HABSignature holds the signature bytes, if applicable to this firmware type.
	HABSignature []byte
}

Bundle represents the required information for firmware to be installed onto the device.

type BundleVerifier 

type BundleVerifier struct {
	// LogOrigin identifies the expected FT log for manifests to be submitted to.
	LogOrigin string
	// LogVerifier can verify signatures from the expected FT log.
	LogVerifer note.Verifier
	// ManifestVerifiers is a list of verifiers to use when verifying signatures over manifests.
	// ALL verifiers are expected to succeed - i.e. there must be a matching signature present
	// on the manifest for every verifier in this list.
	ManifestVerifiers []note.Verifier
}

func (*BundleVerifier) Verify 

func (v *BundleVerifier) Verify(b Bundle) (*ftlog.FirmwareRelease, error)

Verify checks the firmware bundle and returns an error if invalid, or nil if the firmware is safe to install. The parsed manifest used during verification is returned.

type Config 

type Config struct {
	// Offset is the MMC/SD card offset in bytes to an ELF unikernel image (e.g. TamaGo).
	Offset int64
	// Size is the unikernel length in bytes.
	Size int64
	// Signatures are the unikernel signify/minisign signatures.
	Signatures [][]byte
	// Bundle contains firmware transparency artefacts relating to the firmware this config
	// references.
	Bundle Bundle
}

Config represents the armored-witness-boot configuration.

func (*Config) Decode 

func (c *Config) Decode(buf []byte) (err error)

Decode deserializes the configuration.

func (*Config) Encode 

func (c *Config) Encode() ([]byte, error)

Encode serializes the configuration.

Source Files

View all Source files

Directories

Path Synopsis
Package ftlog contains public structures related to the firmware transparency log contents.
 Package ftlog contains public structures related to the firmware transparency log contents.
Package update provides functionality for fetching updates, verifying them, and installing them onto the armory device.
 Package update provides functionality for fetching updates, verifying them, and installing them onto the armory device.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.