Documentation
¶
Overview ¶
Package monitor provides supervisor support for TamaGo unikernels to allow scheduling of Secure user mode or NonSecure system mode (ARM) or Supervisor mode (RISC-V) executables.
This package is only meant to be used with `GOOS=tamago` as supported by the TamaGo framework for bare metal Go, see https://github.com/usbarmory/tamago.
Index ¶
- func Equal(a, b *ExecCtx) bool
- func Exec(ctx *ExecCtx)
- func NonSecureHandler(ctx *ExecCtx) (err error)
- func SecureHandler(ctx *ExecCtx) (err error)
- type ExecCtx
- func (ctx *ExecCtx) A0() uint
- func (ctx *ExecCtx) A1() uint
- func (ctx *ExecCtx) A2() uint
- func (ctx *ExecCtx) Cause() (code uint64, irq bool)
- func (ctx *ExecCtx) Clone() (shadow *ExecCtx)
- func (ctx *ExecCtx) Close() error
- func (ctx *ExecCtx) Done() chan struct{}
- func (ctx *ExecCtx) Flush(errno int) (n int, err error)
- func (ctx *ExecCtx) Mode() (current int, saved int)
- func (ctx *ExecCtx) NonSecure() bool
- func (ctx *ExecCtx) Poke(off int, buf []byte)
- func (ctx *ExecCtx) Read(p []byte) (int, error)
- func (ctx *ExecCtx) Recv() (err error)
- func (ctx *ExecCtx) Ret(val interface{})
- func (ctx *ExecCtx) Run() (err error)
- func (ctx *ExecCtx) Schedule() (err error)
- func (ctx *ExecCtx) Secure() bool
- func (ctx *ExecCtx) Stop()
- func (ctx *ExecCtx) String()
- func (ctx *ExecCtx) TransferRegion() (off int, n int, err error)
- func (ctx *ExecCtx) Write(p []byte) (int, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Exec ¶
func Exec(ctx *ExecCtx)
Exec allows execution of an executable in Secure user mode or NonSecure system mode (ARM) or Supervisor mode (RISC-V).
The execution is isolated from the invoking Go runtime, yielding back to it is supported through exceptions (e.g. syscalls through SVC on ARM and ECALL on RISC-V).
The execution context pointer allows task initialization and it is updated with the program state at return, it can therefore be passed again to resume the task.
func NonSecureHandler ¶
NonSecureHandler is the default handler for exceptions raised by a non-secure execution context to handle supported GoTEE secure monitor calls.
func SecureHandler ¶
SecureHandler is the default handler for exceptions raised by a secure execution context to handle supported GoTEE system calls.
Types ¶
type ExecCtx ¶
type ExecCtx struct{}
ExecCtx represents a executable initialization or returning state.
func Load ¶
Load returns an execution context initialized for the argument entry point and memory region
ARM: the secure flag controls whether the context belongs to a secure partition (e.g. TrustZone Secure World) or a non-secure one (e.g. TrustZone Normal World). In case of a non-secure execution context, the memory is configured as NonSecure by means of MMU NS bit and memory controller region configuration. The caller is responsible for any other required MMU configuration (see arm.ConfigureMMU()) or additional peripheral restrictions (e.g. TrustZone).
RISC-V: any additional peripheral restrictions are up to the caller.
func (*ExecCtx) A0 ¶
A0 returns the register treated as first argument for GoTEE secure monitor calls.
func (*ExecCtx) A1 ¶
A1 returns the register treated as second argument for GoTEE secure monitor calls.
func (*ExecCtx) A2 ¶
A2 returns the register treated as third argument for GoTEE secure monitor calls.
func (*ExecCtx) Clone ¶
Clone returns a duplicate execution context suitable for lockstep operation (see Shadow field), the original Handler field is not carried over in the shadow copy.
func (*ExecCtx) Done ¶
func (ctx *ExecCtx) Done() chan struct{}
Done returns a channel which will be closed once execution context has stopped.
func (*ExecCtx) Flush ¶
Flush handles syscall.Read() as received from the execution context, the buffered data (see Write()) is returned to the execution context memory.
A negative error number can passed as return value for syscall.Read() causing no data to be returned or flushed, zero or positive values are ignored as the number of bytes read is returned.
func (*ExecCtx) NonSecure ¶
NonSecure (ARM) returns whether the execution context is loaded as non-secure.
func (*ExecCtx) Poke ¶
Poke writes buffer contents to the execution context memory, including its Shadow if present, at a given offset.
func (*ExecCtx) Read ¶
Read reads up to len(p) bytes into p. The read data is received from the execution context memory, after it is being written with syscall.Write().
func (*ExecCtx) Recv ¶
Recv handles syscall.Write() as received from the execution context memory, the written data is buffered (see Read()).
func (*ExecCtx) Ret ¶
func (ctx *ExecCtx) Ret(val interface{})
Ret sets the return value for GoTEE secure monitor calls updating the relevant execution context registers, including its Shadow if present.
func (*ExecCtx) Run ¶
Run starts the execution context and handles system or monitor calls. The execution yields back to the invoking Go runtime only when exceptions are caught.
The function invokes the context Handler() and returns when an unhandled exception, or any other error, is raised.
func (*ExecCtx) Schedule ¶
Schedule runs the execution context until an exception is caught.
Unlike Run() the function does not invoke the context Handler(), there exceptions and system or monitor calls are not handled.
func (*ExecCtx) Secure ¶
Secure (RISC-V) returns whether the execution context is loaded as trusted applet.
func (*ExecCtx) String ¶
func (ctx *ExecCtx) String()
String returns the string form of the execution context registers.
func (*ExecCtx) TransferRegion ¶
TransferRegion validates the registers used in memory transfer request for GoTEE secure monitor calls (syscall.Read(), syscall.Write()) and returns the computed memory offset and transfer size.
Source Files