github.com/usbarmory/GoTEE@v0.0.0-20240405084336-c52770d9fcdb/README.md (about) 1 Introduction 2 ============ 3 4 The [GoTEE](https://github.com/usbarmory/GoTEE) framework implements concurrent instantiation of 5 [TamaGo](https://github.com/usbarmory/tamago) based unikernels in 6 privileged and unprivileged modes, interacting with each other through monitor 7 mode and custom system calls. 8 9 With these capabilities GoTEE implements a 10 [TamaGo](https://github.com/usbarmory/tamago) based Trusted Execution 11 Environments (TEE), bringing Go memory safety, convenience and capabilities to 12 bare metal execution within ARM TrustZone Secure World or RISC-V Supervisor 13 Execution Environments. 14 15 GoTEE can supervise pure Go, Rust or C based freestanding Trusted Applets, 16 implementing the GoTEE API, as well as any operating system capable of running 17 in ARM TrustZone Normal World or RISC-V S-mode such as Linux. 18 19 <img src="https://github.com/usbarmory/GoTEE/wiki/images/diagram.jpg" width="350"> 20 21 Documentation 22 ============= 23 24 The main documentation, which includes a tutorial, can be found on the 25 [project wiki](https://github.com/usbarmory/GoTEE/wiki). 26 27 The package API documentation can be found on 28 [pkg.go.dev](https://pkg.go.dev/github.com/usbarmory/GoTEE). 29 30 Supported hardware 31 ================== 32 33 The following table summarizes currently supported SoCs and boards. 34 35 | SoC | Board | SoC package | Board package | 36 |--------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------|--------------------------------------------------------------------------------------| 37 | NXP i.MX6ULZ | [USB armory Mk II](https://github.com/usbarmory/usbarmory/wiki) | [imx6ul](https://github.com/usbarmory/tamago/tree/master/soc/nxp/imx6ul) | [usbarmory/mk2](https://github.com/usbarmory/tamago/tree/master/board/usbarmory) | 38 | NXP i.MX6ULL | [MCIMX6ULL-EVK](https://www.nxp.com/design/development-boards/i-mx-evaluation-and-development-boards/evaluation-kit-for-the-i-mx-6ull-and-6ulz-applications-processor:MCIMX6ULL-EVK) | [imx6ul](https://github.com/usbarmory/tamago/tree/master/soc/nxp/imx6ul) | [mx6ullevk](https://github.com/usbarmory/tamago/tree/master/board/nxp/mx6ullevk) | 39 | SiFive FU540 | [QEMU sifive_u](https://www.qemu.org/docs/master/system/riscv/sifive_u.html) | [fu540](https://github.com/usbarmory/tamago/tree/master/soc/sifive/fu540) | [qemu/sifive_u](https://github.com/usbarmory/tamago/tree/master/board/qemu/sifive_u) | 40 41 Example application 42 =================== 43 44 In TEE nomenclature, the privileged unikernel is commonly referred to as 45 Trusted OS, while the unprivileged one represents a Trusted Applet. 46 47 The GoTEE [example](https://github.com/usbarmory/GoTEE-example) 48 demonstrate concurrent operation of Go unikernels acting as Trusted OS, 49 Trusted Applet and Main OS. 50 51 > :warning: the Main OS can be any "rich" OS (e.g. Linux), TamaGo is simply 52 > used for a self-contained example. The same applies to the Trusted Applet 53 > which can be any bare metal application capable of running in user mode and 54 > implementing GoTEE API, such as freestanding C or Rust programs. 55 > 56 > A Rust [example](https://github.com/usbarmory/GoTEE-example/tree/master/trusted_applet_rust) 57 > can be used replacing `trusted_applet_go` with `trusted_applet_rust` when building. 58 59 The example trusted OS/applet combination performs basic testing of concurrent 60 execution of three [TamaGo](https://github.com/usbarmory/tamago) 61 unikernels at different privilege levels: 62 63 * Trusted OS (ARM: TZ Secure World system mode, RISC-V: M-mode) 64 * Trusted Applet (ARM: TZ Secure World user mode, RISC-V: S-mode) 65 * Main OS (ARM: TZ Normal World system mode, RISC-V: S-mode) 66 67 The Main OS yields back with a monitor call. 68 69 The Trusted Applet sleeps for 5 seconds before attempting to read Trusted OS 70 memory, which triggers an exception handled by the supervisor which terminates 71 the Trusted Applet. 72 73 The GoTEE [syscall](https://github.com/usbarmory/GoTEE/blob/master/syscall/syscall.go) 74 interface is implemented for communication between the Trusted OS and Trusted 75 Applet. 76 77 When launched on the [USB armory Mk II](https://github.com/usbarmory/usbarmory/wiki), 78 the example application is reachable via SSH through 79 [Ethernet over USB](https://github.com/usbarmory/usbarmory/wiki/Host-communication) 80 (ECM protocol, supported on Linux and macOS hosts): 81 82 ``` 83 $ ssh gotee@10.0.0.1 84 tamago/arm • TEE security monitor (Secure World system/monitor) 85 86 allgptr # memory forensics of applet goroutines 87 csl # show config security levels (CSL) 88 csl <periph> <slave> <hex csl> # set config security level (CSL) 89 dbg # show ARM debug permissions 90 exit, quit # close session 91 gotee # TrustZone example w/ TamaGo unikernels 92 help # this help 93 linux <uSD|eMMC> # boot NonSecure USB armory Debian base image 94 peek <hex offset> <size> # memory display (use with caution) 95 poke <hex offset> <hex value> # memory write (use with caution) 96 reboot # reset device 97 sa # show security access (SA) 98 sa <id> <secure|nonsecure> # set security access (SA) 99 stack # stack trace of current goroutine 100 stackall # stack trace of all goroutines 101 102 > 103 ``` 104 105 The example can be launched with the `gotee` command which spawns the Main OS 106 twice to demonstrate behaviour before and after TrustZone restrictions are in 107 effect using real hardware peripherals. 108 109 Additionally the `linux` command can be used to spawn the 110 [USB armory Debian base image](https://github.com/usbarmory/usbarmory-debian-base_image) 111 as Non-secure main OS. 112 113 > :warning: only USB armory Debian base image releases >= 20211129 are 114 > supported for Non-secure operation. 115 116 ![gotee](https://github.com/usbarmory/GoTEE/wiki/images/gotee.png) 117 118 The example can be also executed under QEMU emulation. 119 120 > :warning: emulated runs perform partial tests due to lack of full 121 > TrustZone/PMP support by QEMU. 122 123 ``` 124 make qemu 125 ... 126 > gotee 127 00:00:00 tamago/arm • TEE security monitor (Secure World system/monitor) 128 00:00:00 SM loaded applet addr:0x9c000000 entry:0x9c072740 size:4940275 129 00:00:00 SM loaded kernel addr:0x80000000 entry:0x8007100c size:4577643 130 00:00:00 SM waiting for applet and kernel 131 00:00:00 SM starting mode:USR sp:0x9e000000 pc:0x9c072740 ns:false 132 00:00:00 SM starting mode:SYS sp:0x00000000 pc:0x8007100c ns:true 133 00:00:00 tamago/arm (go1.19.1) • TEE user applet 134 00:00:00 tamago/arm (go1.19.1) • system/supervisor (Non-secure) 135 00:00:00 supervisor is about to yield back 136 00:00:00 SM stopped mode:SYS sp:0x8146bf54 lr:0x801937a4 pc:0x80193884 ns:true err:exit 137 00:00:00 applet obtained 16 random bytes from monitor: b4cc4764dd30291a52545b182313003c 138 00:00:00 applet requests echo via RPC: hello 139 00:00:00 applet received echo via RPC: hello 140 00:00:00 applet will sleep for 5 seconds 141 00:00:01 applet says 1 mississippi 142 ... 143 00:00:05 applet says 5 mississippi 144 00:00:05 applet is about to read secure memory at 0x98010000 145 00:00:05 r0:98010000 r1:9c8240c0 r2:98010000 r3:00000000 146 00:00:05 r4:00000000 r5:00000000 r6:00000000 r7:9c86bec8 147 00:00:05 r8:00000007 r9:0000003d r10:9c8020f0 r11:9c342f41 cpsr:600001d7 (ABT) 148 00:00:05 r12:00000061 sp:9c86bf08 lr:9c1b1be8 pc:9c011330 spsr:600001d0 (USR) 149 00:00:05 SM stopped mode:USR sp:0x9c86bf08 lr:0x9c1b1be8 pc:0x9c011330 ns:false err:ABT 150 ``` 151 152 Building the compiler 153 ===================== 154 155 Build the [TamaGo compiler](https://github.com/usbarmory/tamago-go) 156 (or use the [latest binary release](https://github.com/usbarmory/tamago-go/releases/latest)): 157 158 ``` 159 wget https://github.com/usbarmory/tamago-go/archive/refs/tags/latest.zip 160 unzip latest.zip 161 cd tamago-go-latest/src && ./all.bash 162 cd ../bin && export TAMAGO=`pwd`/go 163 ``` 164 165 Building and executing on ARM targets 166 ===================================== 167 168 Build the example trusted applet and kernel executables as follows: 169 170 ``` 171 git clone https://github.com/usbarmory/GoTEE-example 172 cd GoTEE-example && export TARGET=usbarmory && make nonsecure_os_go && make trusted_applet_go && make trusted_os 173 ``` 174 175 > :warning: replace `trusted_applet_go` with `trusted_applet_rust` for a Rust 176 > TA example, this requires Rust nightly and the `armv7a-none-eabi` toolchain. 177 178 Final executables are created in the `bin` subdirectory, 179 `trusted_os_usbarmory.imx` should be used for native execution. 180 181 The following targets are available: 182 183 | `TARGET` | Board | Executing and debugging | 184 |-------------|------------------|----------------------------------------------------------------------------------------------------------| 185 | `usbarmory` | USB armory Mk II | [usbarmory](https://github.com/usbarmory/tamago/tree/master/board/usbarmory#executing-and-debugging) | 186 187 The targets support native (see relevant documentation links in the table above) 188 as well as emulated execution (e.g. `make qemu`). 189 190 Building and executing on RISC-V targets 191 ======================================== 192 193 Build the example trusted applet and kernel executables as follows: 194 195 ``` 196 git clone https://github.com/usbarmory/GoTEE-example 197 cd GoTEE-example && export TARGET=sifive_u && make nonsecure_os_go && make trusted_applet_go && make trusted_os 198 ``` 199 200 > :warning: replace `trusted_applet_go` with `trusted_applet_rust` for a Rust 201 > TA example, this requires Rust nightly and the `riscv64gc-unknown-none-elf` 202 > toolchain. 203 204 Final executables are created in the `bin` subdirectory. 205 206 Available targets: 207 208 | `TARGET` | Board | Executing and debugging | 209 |-------------|------------------|----------------------------------------------------------------------------------------------------------| 210 | `sifive_u` | QEMU sifive_u | [sifive_u](https://github.com/usbarmory/tamago/tree/master/board/qemu/sifive_u#executing-and-debugging) | 211 212 The target has only been tested with emulated execution (e.g. `make qemu`) 213 214 Authors 215 ======= 216 217 Andrea Barisani 218 andrea.barisani@withsecure.com | andrea@inversepath.com 219 220 Andrej Rosano 221 andrej.rosano@withsecure.com | andrej@inversepath.com 222 223 License 224 ======= 225 226 GoTEE | https://github.com/usbarmory/GoTEE 227 Copyright (c) WithSecure Corporation 228 229 These source files are distributed under the BSD-style license found in the 230 [LICENSE](https://github.com/usbarmory/GoTEE/blob/master/LICENSE) file.