github.com/transparency-dev/armored-witness-os@v0.1.3-0.20240514084412-27eef7325168/README.md (about) 1 # ArmoredWitness Trusted OS 2 3 ## Introduction 4 5 TODO. 6 7 ## Supported hardware 8 9 The following table summarizes currently supported SoCs and boards. 10 11 | SoC | Board | SoC package | Board package | 12 |--------------|---------------------------------------------------------------------|--------------------------------------------------------------------------|----------------------------------------------------------------------------------| 13 | NXP i.MX6UL | [USB armory Mk II LAN](https://github.com/usbarmory/usbarmory/wiki) | [imx6ul](https://github.com/usbarmory/tamago/tree/master/soc/nxp/imx6ul) | [usbarmory/mk2](https://github.com/usbarmory/tamago/tree/master/board/usbarmory) | 14 | NXP i.MX6ULL | [USB armory Mk II](https://github.com/usbarmory/usbarmory/wiki) | [imx6ul](https://github.com/usbarmory/tamago/tree/master/soc/nxp/imx6ul) | [usbarmory/mk2](https://github.com/usbarmory/tamago/tree/master/board/usbarmory) | 15 16 ## Purpose 17 18 This trusted OS is a [TamaGo](https://github.com/usbarmory/tamago) unikernel 19 intended to run on the board(s) listed above in the TrustZone Secure World 20 system mode, to be used in conjuction with the counterpart 21 [witness trusted applet](https://github.com/transparency-dev/armored-witness-applet) 22 unikernel running in the Secure World user mode. 23 24 The GoTEE [syscall](https://github.com/usbarmory/GoTEE/blob/master/syscall/syscall.go) 25 interface is implemented for communication between the Trusted OS and Trusted 26 Applet. 27 28 The trusted OS can be also executed under QEMU emulation, including networking 29 support (requires a `tap0` device routing the Trusted Applet IP address). 30 31 > :warning: emulated runs perform partial tests due to lack of full hardware 32 > support by QEMU. 33 34 ```bash 35 make DEBUG=1 FAKE_STORAGE=1 BEE=0 trusted_os_embedded_applet log_os qemu 36 ... 37 00:00:00 tamago/arm • TEE security monitor (Secure World system/monitor) 38 00:00:00 SM applet verification 39 00:00:01 SM applet verified 40 00:00:01 SM loaded applet addr:0x90000000 entry:0x9007751c size:14228514 41 00:00:01 SM starting mode:USR sp:0xa0000000 pc:0x9007751c ns:false 42 00:00:02 tamago/arm • TEE user applet 43 00:00:02 TA MAC:1a:55:89:a2:69:41 IP:10.0.0.1 GW:10.0.0.2 DNS:8.8.8.8:53 44 00:00:02 TA requesting SM status 45 00:00:02 ----------------------------------------------------------- Trusted OS ---- 46 00:00:02 Secure Boot ............: false 47 00:00:02 Runtime ................: tamago/arm 48 00:00:02 Link ...................: false 49 00:00:02 TA starting ssh server (SHA256:eeMIwwN/zw1ov1BvO6sW3wtYi463sq+oLgKhmAew1WE) at 10.0.0.1:22 50 ``` 51 52 53 54 ## Trusted OS signing 55 56 For an overview of the firmware authentication process please see 57 <https://github.com/transparency-dev/armored-witness/tree/main/docs/firmware_auth.md>. 58 59 To maintain the chain of trust the Trusted OS must be signed and logged. 60 To this end, two [note](https://pkg.go.dev/golang.org/x/mod/sumdb/note) signing keys 61 must be generated. 62 63 ```bash 64 $ go run github.com/transparency-dev/serverless-log/cmd/generate_keys@HEAD \ 65 --key_name="DEV-TrustedOS-1" \ 66 --out_priv=armored-witness-os-1.sec \ 67 --out_pub=armored-witness-os-1.pub 68 $ go run github.com/transparency-dev/serverless-log/cmd/generate_keys@HEAD \ 69 --key_name="DEV-TrustedOS-2" \ 70 --out_priv=armored-witness-os-2.sec \ 71 --out_pub=armored-witness-os-2.pub 72 ``` 73 74 The corresponding public key files will be built into the bootloader to verify the OS. 75 76 ## Trusted Applet authentication 77 78 To maintain the chain of trust the OS performs trusted applet authentication 79 before executing it. This includes verifying signatures and Firmware Transparency 80 artefacts produced when the applet was built. 81 82 ## Firmware transparency 83 84 All ArmoredWitness firmware artefacts need to be added to a firmware transparency log. 85 86 The provided `Makefile` has support for maintaining a local firmware transparency 87 log on disk. This is intended to be used for development only. 88 89 In order to use this functionality, a log key pair can be generated with the 90 following command: 91 92 ```bash 93 $ go run github.com/transparency-dev/serverless-log/cmd/generate_keys@HEAD \ 94 --key_name="DEV-Log" \ 95 --out_priv=armored-witness-log.sec \ 96 --out_pub=armored-witness-log.pub 97 ``` 98 99 ## Building and executing on ARM targets 100 101 Download and install the 102 [latest TamaGo binary release](https://github.com/usbarmory/tamago-go/releases/latest). 103 104 ### Building the OS 105 106 Ensure the following environment variables are set: 107 108 | Variable | Description 109 |---------------------|------------ 110 | `OS_PRIVATE_KEY1` | Path to OS firmware signing key 1. Used by the Makefile to sign the OS. 111 | `OS_PRIVATE_KEY2` | Path to OS firmware signing key 2. Used by the Makefile to sign the OS. 112 | `APPLET_PUBLIC_KEY` | Path to applet firmware verification key. Embedded into the OS to verify the applet at run-time. 113 | `LOG_PUBLIC_KEY` | Path to log verification key. Embedded into the OS to verify at run-time that the applet is correctly logged. 114 | `LOG_ORIGIN` | FT log origin string. Embedded into the OS to verify applet firmware transparency. 115 | `LOG_PRIVATE_KEY` | Path to log signing key. Used by Makefile to add the new OS firmware to the local dev log. 116 | `DEV_LOG_DIR` | Path to directory in which to store the dev FT log files. 117 118 The OS firmware image can then be built, signed, and logged with the following command: 119 120 ```bash 121 # The trusted_os target builds the firmware image, and log_os target adds it 122 # to the local firmware transparency log. 123 make trusted_os log_os 124 ``` 125 126 The final executable, `trusted_os.elf` is created in the `bin` subdirectory, and 127 should be used for loading through `armored-witness-boot`. 128 129 Firmware transparency artefacts will be written into `${DEV_LOG_DIR}`. 130 131 ### Development builds 132 133 To aid in development, it is also possible to build the OS with the Trusted Applet 134 directly embedded within it: 135 136 ```bash 137 make trusted_os_embedded_applet 138 ``` 139 140 The resulting `bin/trusted_os.elf` may be seral booted directly to the device with 141 the `imx_boot` tool, or similar. 142 Note that since this OS image is not being loaded via the bootloader, it does not need 143 to be added to the FT log. 144 145 #### Optional development environment variables 146 147 The following environment variables may be set when compiling the Trusted OS image in order 148 to add extra debugging support to the resulting image: 149 150 | Variable | Description 151 |------------------|------------ 152 | `DEBUG` | When set to `1`, enables output of logging, stdout, etc. See #debugging section below for more details 153 | `FAKE_STORAGE` | When set to `1`, provides a storage card implementation which passes-through to SDCard on native hardware, but uses RAM to emulate an SDCard otherwise. 154 155 ### Encrypted RAM support 156 157 Only on i.MX6UL P/Ns, the `BEE` environment variable must be set to match 158 `armored-witness-boot` compilation options in case AES CTR encryption for all 159 external RAM, using TamaGo [bee package](https://pkg.go.dev/github.com/usbarmory/tamago/soc/nxp/bee), 160 is configured at boot. 161 162 The following targets are available: 163 164 | `TARGET` | Board | Executing and debugging | 165 |-------------|------------------|----------------------------------------------------------------------------------------------------------| 166 | `usbarmory` | UA-MKII-LAN | [usbarmory/mk2](https://github.com/usbarmory/tamago/tree/master/board/usbarmory) | 167 168 The targets support native (see relevant documentation links in the table above) 169 as well as emulated execution (e.g. `make qemu`). 170 171 ## Debugging 172 173 An optional Serial over USB console can be used to access Trusted OS and 174 Trusted Applet logs, it can be enabled when compiling with the `DEBUG` 175 environment variable set: 176 177 ```bash 178 make DEBUG=1 trusted_os 179 ``` 180 181 The Serial over USB console can be accessed from a Linux host as follows: 182 183 ```bash 184 picocom -b 115200 -eb /dev/ttyACM0 --imap lfcrlf 185 ``` 186 187 ### QEMU 188 189 The Trusted OS image can be executed under emulation as follows: 190 191 ```bash 192 make qemu 193 ``` 194 195 Note that emulated MMC storage is not currently supported, so the Trusted OS should 196 be built with the `FAKE_STORAGE` environment variable set to `1`: 197 198 ```bash 199 make DEBUG=1 FAKE_STORAGE=1 trusted_os 200 ``` 201 202 The emulation run network connectivity should be configured as follows (Linux 203 example with tap0): 204 205 ```bash 206 ip addr add 10.0.0.2/24 dev tap0 207 ip link set tap0 up 208 ip tuntap add dev tap0 mode tap group <your user group> 209 ``` 210 211 The emulated target can be debugged with GDB using `make qemu-gdb`, this will 212 make qemu waiting for a GDB connection that can be launched as follows: 213 214 ```bash 215 arm-none-eabi-gdb -ex "target remote 127.0.0.1:1234" example 216 ``` 217 218 Breakpoints can be set in the usual way: 219 220 ```none 221 b ecdsa.GenerateKey 222 continue 223 ``` 224 225 ## Trusted Applet installation 226 227 Installing the various firmware images onto the device can be accomplished using the 228 [provision](https://github.com/transparency-dev/armored-witness/tree/main/cmd/provision) 229 tool. 230 231 ## LED status 232 233 The [USB armory Mk II](https://github.com/usbarmory/usbarmory/wiki) LEDs 234 are used, in sequence, as follows: 235 236 | Boot sequence | Blue | White | 237 |---------------------------------|------|-------| 238 | 0. initialization | off | off | 239 | 1. trusted applet verified | off | on | 240 | 2. trusted applet execution | on | on |