github.com/transparency-dev/armored-witness-boot@v0.1.0/config/config.go

github.com/transparency-dev/armored-witness-boot@v0.1.0/config/config.go (about)

     1  // Copyright 2022 The Armored Witness Boot authors. All Rights Reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package config provides parsing for the armored-witness-boot configuration
    16  // file format.
    17  package config
    18  
    19  import (
    20  	"bytes"
    21  	"encoding/gob"
    22  )
    23  
    24  const (
    25  	Offset    = 10485760
    26  	MaxLength = 40960
    27  )
    28  
    29  // ProofBundle represents a firmware transparency proof bundle.
    30  type ProofBundle struct {
    31  	// Checkpoint is a note-formatted checkpoint from a log which contains Manifest, below.
    32  	Checkpoint []byte
    33  	// Manifest contains metadata about a firmware release.
    34  	Manifest []byte
    35  	// LogIndex is the position within the log where Manifest was included.
    36  	LogIndex uint64
    37  	// InclusionProof is a proof for Manifest@Index being committed to by Checkpoint.
    38  	InclusionProof [][]byte
    39  }
    40  
    41  // Config represents the armored-witness-boot configuration.
    42  type Config struct {
    43  	// Offset is the MMC/SD card offset to an ELF unikernel image (e.g. TamaGo).
    44  	Offset int64
    45  	// Size is the unikernel length.
    46  	Size int64
    47  	// Signatures are the unikernel signify/minisign signatures.
    48  	Signatures [][]byte
    49  	// Bundle contains firmware transparency artefacts relating to the firmware this config
    50  	// references.
    51  	Bundle ProofBundle
    52  }
    53  
    54  // Encode serializes the configuration.
    55  func (c *Config) Encode() ([]byte, error) {
    56  	buf := new(bytes.Buffer)
    57  	err := gob.NewEncoder(buf).Encode(c)
    58  
    59  	return buf.Bytes(), err
    60  }
    61  
    62  // Decode deserializes the configuration.
    63  func (c *Config) Decode(buf []byte) (err error) {
    64  	// TODO: Go encoding/gob makes the following commitment:
    65  	//
    66  	// "Any future changes to the package will endeavor to maintain
    67  	// compatibility with streams encoded using previous versions"
    68  	//
    69  	// Do we treat this as sufficient considering that we will throw away
    70  	// the secure boot signing keys for this firmware?
    71  	return gob.NewDecoder(bytes.NewBuffer(buf)).Decode(c)
    72  }