Documentation ¶
Overview ¶
Package ftlog contains public structures related to the firmware transparency log contents.
Index ¶
Constants ¶
View Source
const ( // Component name for the applet used in FirmwareRelease.Component. ComponentApplet = "TRUSTED_APPLET" // Component name for the OS used in FirmwareRelease.Component. ComponentOS = "TRUSTED_OS" // Component name for the Bootloader used in FirmwareRelease.Component. ComponentBoot = "BOOTLOADER" // Component name for the Recovery image used in FirmwareRelease.Component. ComponentRecovery = "RECOVERY" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Build ¶
type Build struct { // TamagoVersion identifies the version of [Tamago] that the builder used to compile // the binary with FirmwareDigestSha256. // // [Tamago]: https://github.com/usbarmory/tamago TamagoVersion semver.Version `json:"tamago_version"` // Envs contains all environment variables set for this build. Each value in the string // array will be a single key/value assignment, such as "DEBUG=1". Envs []string `json:"envs,omitempty"` }
Build holds information about the build toolchain and methodology for turning the source into the binary.
type FirmwareRelease ¶
type FirmwareRelease struct { // SchemaVersion gives a unique ID for this version of the schema. This will be // incremented when there are breaking changes to the schema that all clients // should be aware of. SchemaVersion int `json:"schema_version"` // Component identifies the type of firmware (e.g. OS or applet). // This component is key to disambiguate what the firmware is, and other // implicit information can be derived from this. For example, the git // repository that the code should be checked out from to reproduce the // build. Component string `json:"component"` // Git contains information about the origin of the code used to build this release. Git Git `json:"git"` // Build contains information about the toolchain used to build this release. Build Build `json:"build"` // Output contains commitments to the binaries distributed in this release. Output Output `json:"output"` // HAB holds a signature and related data for firmware which must be authenticated // by the device's mask ROM at boot. // Currently, this is only meaningful for Bootloader and Recovery firmware images. HAB *HAB `json:"hab,omitempty"` }
FirmwareRelease represents a firmware release in the log.
type Git ¶
type Git struct { // TagName identifies the version of this release, e.g. "0.1.2" TagName semver.Version `json:"tag_name"` // CommitFingerprint contains the hex-encoded SHA-1 commit hash of the git repository when checked // out at TagName. Committing to this information allows verifiers that cannot // reproduce a build to quickly narrow down the problem space: // - if this CommitFingerprint is different then they have checked out different code // than was used to build the binary. This could happen if the wrong repo was // used, or because the TagName was changed to a different commit // - if the CommitFingerprint is the same, then they have the same code checked out but // there is a problem with the build toolchain (different tooling or non-reproducible // builds). CommitFingerprint string `json:"commit_fingerprint"` }
Git holds information about the source from which the binary was built.
type HAB ¶
type HAB struct { // Target identifies the class of device for which the signature below is expected to be valid. // Examples might be "ci", "wave0", etc. Target string `json:"target"` // SignatureDigestSha256 is the hash of the "Secure Boot" signature for Bootloader and Recovery firmware images. SignatureDigestSha256 []byte `json:"signature_digest_sha256"` }
HAB holds information relating to SecureBoot.
type Output ¶
type Output struct { // FirmwareDigestSha256 is the hash of the compiled firmware binary. Believers that are // installing a firmware release must check that the firmware data they are going to // believe has a fingerprint matching this hash. Verifiers that check out the correct // source repo & version must be able to reproducibly build a binary that has this fingerprint. FirmwareDigestSha256 []byte `json:"firmware_digest_sha256"` }
Output holds commitments to the binary artifacts that were produced.
Click to show internal directories.
Click to hide internal directories.