github.com/transparency-dev/armored-witness-os@v0.1.3-0.20240514084412-27eef7325168/README.md (about)

     1  # ArmoredWitness Trusted OS
     2  
     3  ## Introduction
     4  
     5  TODO.
     6  
     7  ## Supported hardware
     8  
     9  The following table summarizes currently supported SoCs and boards.
    10  
    11  | SoC          | Board                                                               | SoC package                                                              | Board package                                                                    |
    12  |--------------|---------------------------------------------------------------------|--------------------------------------------------------------------------|----------------------------------------------------------------------------------|
    13  | NXP i.MX6UL  | [USB armory Mk II LAN](https://github.com/usbarmory/usbarmory/wiki) | [imx6ul](https://github.com/usbarmory/tamago/tree/master/soc/nxp/imx6ul) | [usbarmory/mk2](https://github.com/usbarmory/tamago/tree/master/board/usbarmory) |
    14  | NXP i.MX6ULL | [USB armory Mk II](https://github.com/usbarmory/usbarmory/wiki)     | [imx6ul](https://github.com/usbarmory/tamago/tree/master/soc/nxp/imx6ul) | [usbarmory/mk2](https://github.com/usbarmory/tamago/tree/master/board/usbarmory) |
    15  
    16  ## Purpose
    17  
    18  This trusted OS is a [TamaGo](https://github.com/usbarmory/tamago) unikernel
    19  intended to run on the board(s) listed above in the TrustZone Secure World
    20  system mode, to be used in conjuction with the counterpart
    21  [witness trusted applet](https://github.com/transparency-dev/armored-witness-applet)
    22   unikernel running in the Secure World user mode.
    23  
    24  The GoTEE [syscall](https://github.com/usbarmory/GoTEE/blob/master/syscall/syscall.go)
    25  interface is implemented for communication between the Trusted OS and Trusted
    26  Applet.
    27  
    28  The trusted OS can be also executed under QEMU emulation, including networking
    29  support (requires a `tap0` device routing the Trusted Applet IP address).
    30  
    31  > :warning: emulated runs perform partial tests due to lack of full hardware
    32  > support by QEMU.
    33  
    34  ```bash
    35  make DEBUG=1 FAKE_STORAGE=1 BEE=0 trusted_os_embedded_applet log_os qemu
    36  ...
    37  00:00:00 tamago/arm • TEE security monitor (Secure World system/monitor)
    38  00:00:00 SM applet verification
    39  00:00:01 SM applet verified
    40  00:00:01 SM loaded applet addr:0x90000000 entry:0x9007751c size:14228514
    41  00:00:01 SM starting mode:USR sp:0xa0000000 pc:0x9007751c ns:false
    42  00:00:02 tamago/arm • TEE user applet
    43  00:00:02 TA MAC:1a:55:89:a2:69:41 IP:10.0.0.1 GW:10.0.0.2 DNS:8.8.8.8:53
    44  00:00:02 TA requesting SM status
    45  00:00:02 ----------------------------------------------------------- Trusted OS ----
    46  00:00:02 Secure Boot ............: false
    47  00:00:02 Runtime ................: tamago/arm
    48  00:00:02 Link ...................: false
    49  00:00:02 TA starting ssh server (SHA256:eeMIwwN/zw1ov1BvO6sW3wtYi463sq+oLgKhmAew1WE) at 10.0.0.1:22
    50  ```
    51  
    52  
    53  
    54  ## Trusted OS signing
    55  
    56  For an overview of the firmware authentication process please see
    57  <https://github.com/transparency-dev/armored-witness/tree/main/docs/firmware_auth.md>.
    58  
    59  To maintain the chain of trust the Trusted OS must be signed and logged.
    60  To this end, two [note](https://pkg.go.dev/golang.org/x/mod/sumdb/note) signing keys
    61  must be generated.
    62  
    63  ```bash
    64  $ go run github.com/transparency-dev/serverless-log/cmd/generate_keys@HEAD \
    65    --key_name="DEV-TrustedOS-1" \
    66    --out_priv=armored-witness-os-1.sec \
    67    --out_pub=armored-witness-os-1.pub
    68  $ go run github.com/transparency-dev/serverless-log/cmd/generate_keys@HEAD \
    69    --key_name="DEV-TrustedOS-2" \
    70    --out_priv=armored-witness-os-2.sec \
    71    --out_pub=armored-witness-os-2.pub
    72  ```
    73  
    74  The corresponding public key files will be built into the bootloader to verify the OS.
    75  
    76  ## Trusted Applet authentication
    77  
    78  To maintain the chain of trust the OS performs trusted applet authentication
    79  before executing it. This includes verifying signatures and Firmware Transparency
    80  artefacts produced when the applet was built.
    81  
    82  ## Firmware transparency
    83  
    84  All ArmoredWitness firmware artefacts need to be added to a firmware transparency log.
    85  
    86  The provided `Makefile` has support for maintaining a local firmware transparency
    87  log on disk. This is intended to be used for development only.
    88  
    89  In order to use this functionality, a log key pair can be generated with the
    90  following command:
    91  
    92  ```bash
    93  $ go run github.com/transparency-dev/serverless-log/cmd/generate_keys@HEAD \
    94    --key_name="DEV-Log" \
    95    --out_priv=armored-witness-log.sec \
    96    --out_pub=armored-witness-log.pub
    97  ```
    98  
    99  ## Building and executing on ARM targets
   100  
   101  Download and install the
   102  [latest TamaGo binary release](https://github.com/usbarmory/tamago-go/releases/latest).
   103  
   104  ### Building the OS
   105  
   106  Ensure the following environment variables are set:
   107  
   108  | Variable            | Description
   109  |---------------------|------------
   110  | `OS_PRIVATE_KEY1`   | Path to OS firmware signing key 1. Used by the Makefile to sign the OS.
   111  | `OS_PRIVATE_KEY2`   | Path to OS firmware signing key 2. Used by the Makefile to sign the OS.
   112  | `APPLET_PUBLIC_KEY` | Path to applet firmware verification key. Embedded into the OS to verify the applet at run-time.
   113  | `LOG_PUBLIC_KEY`    | Path to log verification key. Embedded into the OS to verify at run-time that the applet is correctly logged.
   114  | `LOG_ORIGIN`        | FT log origin string. Embedded into the OS to verify applet firmware transparency.
   115  | `LOG_PRIVATE_KEY`   | Path to log signing key. Used by Makefile to add the new OS firmware to the local dev log.
   116  | `DEV_LOG_DIR`       | Path to directory in which to store the dev FT log files.
   117  
   118  The OS firmware image can then be built, signed, and logged with the following command:
   119  
   120  ```bash
   121  # The trusted_os target builds the firmware image, and log_os target adds it
   122  # to the local firmware transparency log.
   123  make trusted_os log_os
   124  ```
   125  
   126  The final executable, `trusted_os.elf` is created in the `bin` subdirectory, and
   127  should be used for loading through `armored-witness-boot`.
   128  
   129  Firmware transparency artefacts will be written into `${DEV_LOG_DIR}`.
   130  
   131  ### Development builds
   132  
   133  To aid in development, it is also possible to build the OS with the Trusted Applet
   134  directly embedded within it:
   135  
   136  ```bash
   137  make trusted_os_embedded_applet
   138  ```
   139  
   140  The resulting `bin/trusted_os.elf` may be seral booted directly to the device with
   141  the `imx_boot` tool, or similar.
   142  Note that since this OS image is not being loaded via the bootloader, it does not need
   143  to be added to the FT log.
   144  
   145  #### Optional development environment variables
   146  
   147  The following environment variables may be set when compiling the Trusted OS image in order
   148  to add extra debugging support to the resulting image:
   149  
   150  | Variable         | Description
   151  |------------------|------------
   152  | `DEBUG`          | When set to `1`, enables output of logging, stdout, etc. See #debugging section below for more details
   153  | `FAKE_STORAGE`   | When set to `1`, provides a storage card implementation which passes-through to SDCard on native hardware, but uses RAM to emulate an SDCard otherwise.
   154  
   155  ### Encrypted RAM support
   156  
   157  Only on i.MX6UL P/Ns, the `BEE` environment variable must be set to match
   158  `armored-witness-boot` compilation options in case AES CTR encryption for all
   159  external RAM, using TamaGo [bee package](https://pkg.go.dev/github.com/usbarmory/tamago/soc/nxp/bee),
   160  is configured at boot.
   161  
   162  The following targets are available:
   163  
   164  | `TARGET`    | Board            | Executing and debugging                                                                                  |
   165  |-------------|------------------|----------------------------------------------------------------------------------------------------------|
   166  | `usbarmory` | UA-MKII-LAN      | [usbarmory/mk2](https://github.com/usbarmory/tamago/tree/master/board/usbarmory)                         |
   167  
   168  The targets support native (see relevant documentation links in the table above)
   169  as well as emulated execution (e.g. `make qemu`).
   170  
   171  ## Debugging
   172  
   173  An optional Serial over USB console can be used to access Trusted OS and
   174  Trusted Applet logs, it can be enabled when compiling with the `DEBUG`
   175  environment variable set:
   176  
   177  ```bash
   178  make DEBUG=1 trusted_os
   179  ```
   180  
   181  The Serial over USB console can be accessed from a Linux host as follows:
   182  
   183  ```bash
   184  picocom -b 115200 -eb /dev/ttyACM0 --imap lfcrlf
   185  ```
   186  
   187  ### QEMU
   188  
   189  The Trusted OS image can be executed under emulation as follows:
   190  
   191  ```bash
   192  make qemu
   193  ```
   194  
   195  Note that emulated MMC storage is not currently supported, so the Trusted OS should
   196  be built with the `FAKE_STORAGE` environment variable set to `1`:
   197  
   198  ```bash
   199  make DEBUG=1 FAKE_STORAGE=1 trusted_os
   200  ```
   201  
   202  The emulation run network connectivity should be configured as follows (Linux
   203  example with tap0):
   204  
   205  ```bash
   206  ip addr add 10.0.0.2/24 dev tap0
   207  ip link set tap0 up
   208  ip tuntap add dev tap0 mode tap group <your user group>
   209  ```
   210  
   211  The emulated target can be debugged with GDB using `make qemu-gdb`, this will
   212  make qemu waiting for a GDB connection that can be launched as follows:
   213  
   214  ```bash
   215  arm-none-eabi-gdb -ex "target remote 127.0.0.1:1234" example
   216  ```
   217  
   218  Breakpoints can be set in the usual way:
   219  
   220  ```none
   221  b ecdsa.GenerateKey
   222  continue
   223  ```
   224  
   225  ## Trusted Applet installation
   226  
   227  Installing the various firmware images onto the device can be accomplished using the
   228  [provision](https://github.com/transparency-dev/armored-witness/tree/main/cmd/provision)
   229  tool.
   230  
   231  ## LED status
   232  
   233  The [USB armory Mk II](https://github.com/usbarmory/usbarmory/wiki) LEDs
   234  are used, in sequence, as follows:
   235  
   236  | Boot sequence                   | Blue | White |
   237  |---------------------------------|------|-------|
   238  | 0. initialization               | off  | off   |
   239  | 1. trusted applet verified      | off  | on    |
   240  | 2. trusted applet execution     | on   | on    |