Documentation ¶
Overview ¶
Package firmware provides definitions of the firmware executable and associated metadata.
Index ¶
Constants ¶
View Source
const ( ConfigMaxLength = 40960 // Block size in bytes of the MMC device on the armored witness. MMCBlockSize = 512 // BootloaderBlock defines the location of the first block of the bootloader on MMC. BootloaderBlock = 0x2 BootloaderOffset = BootloaderBlock * MMCBlockSize // OSBlock defines the location of the first block of the TrustedOS on MMC. OSBlock = 0x5000 OSOffset = OSBlock * MMCBlockSize // AppletBlock defines the location of the first block of the TrustedApplet on MMC. AppletBlock = 0x200000 AppletOffset = AppletBlock * MMCBlockSize )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Bundle ¶
type Bundle struct { // Checkpoint is an append-only commitment from the log that includes the // Manifest as a leaf. Checkpoint []byte // Index is the position in the log that Manifest is committed to as a leaf. Index uint64 // InclusionProof is a chain of hashes that proves that Manifest is the // leaf at Index in the log committed to by Checkpoint. InclusionProof [][]byte // Manifest is the metadata about Firmware, including its type, provenance, // and semantic version. This includes a hash of Firmware, which binds this // executable to Checkpoint. Manifest []byte // Firmware is the elf executable data committed to by Manifest. Firmware []byte // HABSignature holds the signature bytes, if applicable to this firmware type. HABSignature []byte }
Bundle represents the required information for firmware to be installed onto the device.
type BundleVerifier ¶
type BundleVerifier struct { // LogOrigin identifies the expected FT log for manifests to be submitted to. LogOrigin string // LogVerifier can verify signatures from the expected FT log. LogVerifer note.Verifier // ManifestVerifiers is a list of verifiers to use when verifying signatures over manifests. // ALL verifiers are expected to succeed - i.e. there must be a matching signature present // on the manifest for every verifier in this list. ManifestVerifiers []note.Verifier }
func (*BundleVerifier) Verify ¶
func (v *BundleVerifier) Verify(b Bundle) (*ftlog.FirmwareRelease, error)
Verify checks the firmware bundle and returns an error if invalid, or nil if the firmware is safe to install. The parsed manifest used during verification is returned.
type Config ¶
type Config struct { // Offset is the MMC/SD card offset in bytes to an ELF unikernel image (e.g. TamaGo). Offset int64 // Size is the unikernel length in bytes. Size int64 // Signatures are the unikernel signify/minisign signatures. Signatures [][]byte // Bundle contains firmware transparency artefacts relating to the firmware this config // references. Bundle Bundle }
Config represents the armored-witness-boot configuration.
Directories ¶
Path | Synopsis |
---|---|
Package ftlog contains public structures related to the firmware transparency log contents.
|
Package ftlog contains public structures related to the firmware transparency log contents. |
Package update provides functionality for fetching updates, verifying them, and installing them onto the armory device.
|
Package update provides functionality for fetching updates, verifying them, and installing them onto the armory device. |
Click to show internal directories.
Click to hide internal directories.