github.com/transparency-dev/armored-witness-applet@v0.1.1/Makefile (about) 1 # Copyright 2022 The Armored Witness Applet authors. All Rights Reserved. 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 BUILD_EPOCH := $(shell /bin/date -u "+%s") 16 BUILD_TAGS = linkramsize,linkramstart,disable_fr_auth,linkprintk,nostatfs 17 REV = $(shell git rev-parse --short HEAD 2> /dev/null) 18 GIT_SEMVER_TAG ?= $(shell (git describe --tags --exact-match --match 'v*.*.*' 2>/dev/null || git describe --match 'v*.*.*' --tags 2>/dev/null || git describe --tags 2>/dev/null || echo -n v0.0.${BUILD_EPOCH}+`git rev-parse HEAD`) | tail -c +2 ) 19 FT_BIN_URL ?= http://$(shell hostname --fqdn):9944/artefacts/ 20 FT_LOG_URL ?= http://$(shell hostname --fqdn):9944/log/ 21 REST_DISTRIBUTOR_BASE_URL ?= https://api.transparency.dev 22 23 TAMAGO_SEMVER = $(shell [ -n "${TAMAGO}" -a -x "${TAMAGO}" ] && ${TAMAGO} version | sed 's/.*go\([0-9]\.[0-9]*\.[0-9]*\).*/\1/') 24 MINIMUM_TAMAGO_VERSION=1.22.0 25 26 SHELL = /bin/bash 27 28 APP := "" 29 TEXT_START = 0x90010000 # ramStart (defined in mem.go under relevant tamago/soc package) + 0x10000 30 31 ifeq ("${BEE}","1") 32 TEXT_START := 0x20010000 33 BUILD_TAGS := ${BUILD_TAGS},bee 34 endif 35 36 GOENV := GO_EXTLINK_ENABLED=0 CGO_ENABLED=0 GOOS=tamago GOARM=7 GOARCH=arm 37 ENTRY_POINT := _rt0_arm_tamago 38 39 ARCH = "arm" 40 41 GOFLAGS = -tags ${BUILD_TAGS} -trimpath -buildvcs=false -buildmode=exe \ 42 -ldflags "-T ${TEXT_START} -E ${ENTRY_POINT} -R 0x1000 \ 43 -X 'main.Revision=${REV}' -X 'main.Version=${GIT_SEMVER_TAG}' \ 44 -X 'main.RestDistributorBaseURL=${REST_DISTRIBUTOR_BASE_URL}' \ 45 -X 'main.updateBinariesURL=${FT_BIN_URL}' \ 46 -X 'main.updateLogURL=${FT_LOG_URL}' \ 47 -X 'main.updateLogOrigin=${LOG_ORIGIN}' \ 48 -X 'main.updateLogVerifier=$(shell cat ${LOG_PUBLIC_KEY})' \ 49 -X 'main.updateAppletVerifier=$(shell cat ${APPLET_PUBLIC_KEY})' \ 50 -X 'main.updateOSVerifier1=$(shell cat ${OS_PUBLIC_KEY1})' \ 51 -X 'main.updateOSVerifier2=$(shell cat ${OS_PUBLIC_KEY2})' \ 52 " 53 54 .PHONY: clean 55 56 #### primary targets #### 57 58 all: trusted_applet 59 60 trusted_applet_nosign: APP=trusted_applet 61 trusted_applet_nosign: DIR=$(CURDIR)/trusted_applet 62 trusted_applet_nosign: check_embed_env elf 63 64 trusted_applet: APP=trusted_applet 65 trusted_applet: DIR=$(CURDIR)/trusted_applet 66 trusted_applet: check_embed_env elf manifest 67 68 ## Targets for managing a local serverless log instance for dev/testing FT related bits. 69 70 ## log_initialise initialises the log stored under ${LOG_STORAGE_DIR}. 71 log_initialise: 72 echo "(Re-)initialising log at ${LOG_STORAGE_DIR}" 73 go run github.com/transparency-dev/serverless-log/cmd/integrate@a56a93b5681e5dc231882ac9de435c21cb340846 \ 74 --storage_dir=${LOG_STORAGE_DIR} \ 75 --origin=${LOG_ORIGIN} \ 76 --private_key=${LOG_PRIVATE_KEY} \ 77 --public_key=${LOG_PUBLIC_KEY} \ 78 --initialise 79 80 ## log_applet adds the trusted_applet_manifest file created during the build to the dev FT log. 81 log_applet: LOG_STORAGE_DIR=$(DEV_LOG_DIR)/log 82 log_applet: LOG_ARTEFACT_DIR=$(DEV_LOG_DIR)/artefacts 83 log_applet: ARTEFACT_HASH=$(shell sha256sum ${CURDIR}/bin/trusted_applet.elf | cut -f1 -d" ") 84 log_applet: 85 @if [ "${LOG_PRIVATE_KEY}" == "" -o "${LOG_PUBLIC_KEY}" == "" ]; then \ 86 echo "You need to set LOG_PRIVATE_KEY and LOG_PUBLIC_KEY variables"; \ 87 exit 1; \ 88 fi 89 @if [ "${DEV_LOG_DIR}" == "" ]; then \ 90 echo "You need to set the DEV_LOG_DIR variable"; \ 91 exit 1; \ 92 fi 93 94 @if [ ! -f ${LOG_STORAGE_DIR}/checkpoint ]; then \ 95 make log_initialise LOG_STORAGE_DIR="${LOG_STORAGE_DIR}" ; \ 96 fi 97 go run github.com/transparency-dev/serverless-log/cmd/sequence@a56a93b5681e5dc231882ac9de435c21cb340846 \ 98 --storage_dir=${LOG_STORAGE_DIR} \ 99 --origin=${LOG_ORIGIN} \ 100 --public_key=${LOG_PUBLIC_KEY} \ 101 --entries=${CURDIR}/bin/trusted_applet_manifest 102 -go run github.com/transparency-dev/serverless-log/cmd/integrate@a56a93b5681e5dc231882ac9de435c21cb340846 \ 103 --storage_dir=${LOG_STORAGE_DIR} \ 104 --origin=${LOG_ORIGIN} \ 105 --private_key=${LOG_PRIVATE_KEY} \ 106 --public_key=${LOG_PUBLIC_KEY} 107 @mkdir -p ${LOG_ARTEFACT_DIR} 108 cp ${CURDIR}/bin/trusted_applet.elf ${LOG_ARTEFACT_DIR}/${ARTEFACT_HASH} 109 110 #### ARM targets #### 111 112 elf: $(APP).elf 113 manifest: $(APP)_manifest 114 115 #### utilities #### 116 117 # Various strings need to be embedded into the binary, keys, log info, etc. check they are present. 118 check_embed_env: 119 @if [ "${LOG_ORIGIN}" == "" ]; then \ 120 echo 'You need to set the LOG_ORIGIN variable'; \ 121 exit 1; \ 122 fi 123 @if [ "${LOG_PUBLIC_KEY}" == "" ] || [ ! -f "${LOG_PUBLIC_KEY}" ]; then \ 124 echo 'You need to set the LOG_PUBLIC_KEY variable to a valid note verifier key path'; \ 125 exit 1; \ 126 fi 127 @if [ "${APPLET_PUBLIC_KEY}" == "" ] || [ ! -f "${APPLET_PUBLIC_KEY}" ]; then \ 128 echo 'You need to set the APPLET_PUBLIC_KEY variable to a valid note verifier key path'; \ 129 exit 1; \ 130 fi 131 @if [ "${OS_PUBLIC_KEY1}" == "" ] || [ ! -f "${OS_PUBLIC_KEY1}" ]; then \ 132 echo 'You need to set the OS_PUBLIC_KEY1 variable to a valid note verifier key path'; \ 133 exit 1; \ 134 fi 135 @if [ "${OS_PUBLIC_KEY2}" == "" ] || [ ! -f "${OS_PUBLIC_KEY2}" ]; then \ 136 echo 'You need to set the OS_PUBLIC_KEY2 variable to a valid note verifier key path'; \ 137 exit 1; \ 138 fi 139 140 check_tamago: 141 @if [ "${TAMAGO}" == "" ] || [ ! -f "${TAMAGO}" ]; then \ 142 echo 'You need to set the TAMAGO variable to a compiled version of https://github.com/usbarmory/tamago-go'; \ 143 exit 1; \ 144 fi 145 @if [ "$(shell printf '%s\n' ${MINIMUM_TAMAGO_VERSION} ${TAMAGO_SEMVER} | sort -V | head -n1 )" != "${MINIMUM_TAMAGO_VERSION}" ]; then \ 146 echo "You need TamaGo >= ${MINIMUM_TAMAGO_VERSION}, found ${TAMAGO_SEMVER}" ; \ 147 exit 1; \ 148 fi 149 150 clean: 151 @rm -fr $(CURDIR)/bin/* 152 153 #### application target #### 154 155 $(APP).elf: check_tamago 156 cd $(DIR) && $(GOENV) $(TAMAGO) build $(GOFLAGS) -o $(CURDIR)/bin/$(APP).elf 157 158 159 $(APP)_manifest: 160 @if [ "${APPLET_PRIVATE_KEY}" == "" ] || [ ! -f "${APPLET_PRIVATE_KEY}" ]; then \ 161 echo 'You need to set the APPLET_PRIVATE_KEY variable to a valid note signing key path'; \ 162 exit 1; \ 163 fi 164 # Create manifest 165 @echo ---------- Manifest -------------- 166 go run github.com/transparency-dev/armored-witness/cmd/manifest@561c0b09a2cc48877a8c9e59c3fbf7ffc81cdd4d \ 167 create \ 168 --git_tag=${GIT_SEMVER_TAG} \ 169 --git_commit_fingerprint="${REV}" \ 170 --firmware_file=${CURDIR}/bin/$(APP).elf \ 171 --firmware_type=TRUSTED_APPLET \ 172 --tamago_version=${TAMAGO_SEMVER} \ 173 --private_key_file=${APPLET_PRIVATE_KEY} \ 174 --output_file=${CURDIR}/bin/trusted_applet_manifest 175 @echo ---------------------------------- 176 177