github.com/transparency-dev/armored-witness-applet@v0.1.1/Makefile (about)

     1  # Copyright 2022 The Armored Witness Applet authors. All Rights Reserved.
     2  #
     3  # Licensed under the Apache License, Version 2.0 (the "License");
     4  # you may not use this file except in compliance with the License.
     5  # You may obtain a copy of the License at
     6  #
     7  #     http://www.apache.org/licenses/LICENSE-2.0
     8  #
     9  # Unless required by applicable law or agreed to in writing, software
    10  # distributed under the License is distributed on an "AS IS" BASIS,
    11  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  # See the License for the specific language governing permissions and
    13  # limitations under the License.
    14  
    15  BUILD_EPOCH := $(shell /bin/date -u "+%s")
    16  BUILD_TAGS = linkramsize,linkramstart,disable_fr_auth,linkprintk,nostatfs
    17  REV = $(shell git rev-parse --short HEAD 2> /dev/null)
    18  GIT_SEMVER_TAG ?= $(shell (git describe --tags --exact-match --match 'v*.*.*' 2>/dev/null || git describe --match 'v*.*.*' --tags 2>/dev/null || git describe --tags 2>/dev/null || echo -n v0.0.${BUILD_EPOCH}+`git rev-parse HEAD`) | tail -c +2 )
    19  FT_BIN_URL ?= http://$(shell hostname --fqdn):9944/artefacts/
    20  FT_LOG_URL ?= http://$(shell hostname --fqdn):9944/log/
    21  REST_DISTRIBUTOR_BASE_URL ?= https://api.transparency.dev
    22  
    23  TAMAGO_SEMVER = $(shell [ -n "${TAMAGO}" -a -x "${TAMAGO}" ] && ${TAMAGO} version | sed 's/.*go\([0-9]\.[0-9]*\.[0-9]*\).*/\1/')
    24  MINIMUM_TAMAGO_VERSION=1.22.0
    25  
    26  SHELL = /bin/bash
    27  
    28  APP := ""
    29  TEXT_START = 0x90010000 # ramStart (defined in mem.go under relevant tamago/soc package) + 0x10000
    30  
    31  ifeq ("${BEE}","1")
    32  	TEXT_START := 0x20010000
    33  	BUILD_TAGS := ${BUILD_TAGS},bee
    34  endif
    35  
    36  GOENV := GO_EXTLINK_ENABLED=0 CGO_ENABLED=0 GOOS=tamago GOARM=7 GOARCH=arm
    37  ENTRY_POINT := _rt0_arm_tamago
    38  
    39  ARCH = "arm"
    40  
    41  GOFLAGS = -tags ${BUILD_TAGS} -trimpath -buildvcs=false -buildmode=exe \
    42          -ldflags "-T ${TEXT_START} -E ${ENTRY_POINT} -R 0x1000 \
    43                    -X 'main.Revision=${REV}' -X 'main.Version=${GIT_SEMVER_TAG}' \
    44                    -X 'main.RestDistributorBaseURL=${REST_DISTRIBUTOR_BASE_URL}' \
    45                    -X 'main.updateBinariesURL=${FT_BIN_URL}' \
    46                    -X 'main.updateLogURL=${FT_LOG_URL}' \
    47                    -X 'main.updateLogOrigin=${LOG_ORIGIN}' \
    48                    -X 'main.updateLogVerifier=$(shell cat ${LOG_PUBLIC_KEY})' \
    49                    -X 'main.updateAppletVerifier=$(shell cat ${APPLET_PUBLIC_KEY})' \
    50                    -X 'main.updateOSVerifier1=$(shell cat ${OS_PUBLIC_KEY1})' \
    51                    -X 'main.updateOSVerifier2=$(shell cat ${OS_PUBLIC_KEY2})' \
    52                   "
    53  
    54  .PHONY: clean
    55  
    56  #### primary targets ####
    57  
    58  all: trusted_applet
    59  
    60  trusted_applet_nosign: APP=trusted_applet
    61  trusted_applet_nosign: DIR=$(CURDIR)/trusted_applet
    62  trusted_applet_nosign: check_embed_env elf
    63  
    64  trusted_applet: APP=trusted_applet
    65  trusted_applet: DIR=$(CURDIR)/trusted_applet
    66  trusted_applet: check_embed_env elf manifest
    67  
    68  ## Targets for managing a local serverless log instance for dev/testing FT related bits.
    69  
    70  ## log_initialise initialises the log stored under ${LOG_STORAGE_DIR}.
    71  log_initialise:
    72  	echo "(Re-)initialising log at ${LOG_STORAGE_DIR}"
    73  	go run github.com/transparency-dev/serverless-log/cmd/integrate@a56a93b5681e5dc231882ac9de435c21cb340846 \
    74  		--storage_dir=${LOG_STORAGE_DIR} \
    75  		--origin=${LOG_ORIGIN} \
    76  		--private_key=${LOG_PRIVATE_KEY} \
    77  		--public_key=${LOG_PUBLIC_KEY} \
    78  		--initialise
    79  
    80  ## log_applet adds the trusted_applet_manifest file created during the build to the dev FT log.
    81  log_applet: LOG_STORAGE_DIR=$(DEV_LOG_DIR)/log
    82  log_applet: LOG_ARTEFACT_DIR=$(DEV_LOG_DIR)/artefacts
    83  log_applet: ARTEFACT_HASH=$(shell sha256sum ${CURDIR}/bin/trusted_applet.elf | cut -f1 -d" ")
    84  log_applet:
    85  	@if [ "${LOG_PRIVATE_KEY}" == "" -o "${LOG_PUBLIC_KEY}" == "" ]; then \
    86  		echo "You need to set LOG_PRIVATE_KEY and LOG_PUBLIC_KEY variables"; \
    87  		exit 1; \
    88  	fi
    89  	@if [ "${DEV_LOG_DIR}" == "" ]; then \
    90  		echo "You need to set the DEV_LOG_DIR variable"; \
    91  		exit 1; \
    92  	fi
    93  
    94  	@if [ ! -f ${LOG_STORAGE_DIR}/checkpoint ]; then \
    95  		make log_initialise LOG_STORAGE_DIR="${LOG_STORAGE_DIR}" ; \
    96  	fi
    97  	go run github.com/transparency-dev/serverless-log/cmd/sequence@a56a93b5681e5dc231882ac9de435c21cb340846 \
    98  		--storage_dir=${LOG_STORAGE_DIR} \
    99  		--origin=${LOG_ORIGIN} \
   100  		--public_key=${LOG_PUBLIC_KEY} \
   101  		--entries=${CURDIR}/bin/trusted_applet_manifest
   102  	-go run github.com/transparency-dev/serverless-log/cmd/integrate@a56a93b5681e5dc231882ac9de435c21cb340846 \
   103  		--storage_dir=${LOG_STORAGE_DIR} \
   104  		--origin=${LOG_ORIGIN} \
   105  		--private_key=${LOG_PRIVATE_KEY} \
   106  		--public_key=${LOG_PUBLIC_KEY}
   107  	@mkdir -p ${LOG_ARTEFACT_DIR}
   108  	cp ${CURDIR}/bin/trusted_applet.elf ${LOG_ARTEFACT_DIR}/${ARTEFACT_HASH}
   109  
   110  #### ARM targets ####
   111  
   112  elf: $(APP).elf
   113  manifest: $(APP)_manifest
   114  
   115  #### utilities ####
   116  
   117  # Various strings need to be embedded into the binary, keys, log info, etc. check they are present.
   118  check_embed_env:
   119  	@if [ "${LOG_ORIGIN}" == "" ]; then \
   120  		echo 'You need to set the LOG_ORIGIN variable'; \
   121  		exit 1; \
   122  	fi
   123  	@if [ "${LOG_PUBLIC_KEY}" == "" ] || [ ! -f "${LOG_PUBLIC_KEY}" ]; then \
   124  		echo 'You need to set the LOG_PUBLIC_KEY variable to a valid note verifier key path'; \
   125  		exit 1; \
   126  	fi
   127  	@if [ "${APPLET_PUBLIC_KEY}" == "" ] || [ ! -f "${APPLET_PUBLIC_KEY}" ]; then \
   128  		echo 'You need to set the APPLET_PUBLIC_KEY variable to a valid note verifier key path'; \
   129  		exit 1; \
   130  	fi
   131  	@if [ "${OS_PUBLIC_KEY1}" == "" ] || [ ! -f "${OS_PUBLIC_KEY1}" ]; then \
   132  		echo 'You need to set the OS_PUBLIC_KEY1 variable to a valid note verifier key path'; \
   133  		exit 1; \
   134  	fi
   135  	@if [ "${OS_PUBLIC_KEY2}" == "" ] || [ ! -f "${OS_PUBLIC_KEY2}" ]; then \
   136  		echo 'You need to set the OS_PUBLIC_KEY2 variable to a valid note verifier key path'; \
   137  		exit 1; \
   138  	fi
   139  
   140  check_tamago:
   141  	@if [ "${TAMAGO}" == "" ] || [ ! -f "${TAMAGO}" ]; then \
   142  		echo 'You need to set the TAMAGO variable to a compiled version of https://github.com/usbarmory/tamago-go'; \
   143  		exit 1; \
   144  	fi
   145  	@if [ "$(shell printf '%s\n' ${MINIMUM_TAMAGO_VERSION} ${TAMAGO_SEMVER} | sort -V | head -n1 )" != "${MINIMUM_TAMAGO_VERSION}" ]; then \
   146  		echo "You need TamaGo >= ${MINIMUM_TAMAGO_VERSION}, found ${TAMAGO_SEMVER}" ; \
   147  		exit 1; \
   148  	fi
   149  
   150  clean:
   151  	@rm -fr $(CURDIR)/bin/*
   152  
   153  #### application target ####
   154  
   155  $(APP).elf: check_tamago
   156  	cd $(DIR) && $(GOENV) $(TAMAGO) build $(GOFLAGS) -o $(CURDIR)/bin/$(APP).elf
   157  
   158  
   159  $(APP)_manifest:
   160  	@if [ "${APPLET_PRIVATE_KEY}" == "" ] || [ ! -f "${APPLET_PRIVATE_KEY}" ]; then \
   161  		echo 'You need to set the APPLET_PRIVATE_KEY variable to a valid note signing key path'; \
   162  		exit 1; \
   163  	fi
   164  	# Create manifest
   165  	@echo ---------- Manifest --------------
   166  	go run github.com/transparency-dev/armored-witness/cmd/manifest@561c0b09a2cc48877a8c9e59c3fbf7ffc81cdd4d \
   167  		create \
   168  		--git_tag=${GIT_SEMVER_TAG} \
   169  		--git_commit_fingerprint="${REV}" \
   170  		--firmware_file=${CURDIR}/bin/$(APP).elf \
   171  		--firmware_type=TRUSTED_APPLET \
   172  		--tamago_version=${TAMAGO_SEMVER} \
   173  		--private_key_file=${APPLET_PRIVATE_KEY} \
   174  		--output_file=${CURDIR}/bin/trusted_applet_manifest
   175  	@echo ----------------------------------
   176  
   177