go-fiovb: initial version

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "gomod" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"

.github/workflows/build.yml

@@ -0,0 +1,38 @@
+name: Build
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+  workflow_call:
+    inputs:
+      branch:
+        description: "Branch name to use"
+        required: true
+        type: string
+
+jobs:
+  build:
+    runs-on: "ubuntu-22.04"
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          repository: openpixelsystems/go-fiovb
+          fetch-depth: "0"
+          ref: ${{ inputs.branch || github.ref}}
+
+      - name: Install dependencies
+        run: sudo apt install gcc make cmake gcc-aarch64-linux-gnu binutils-aarch64-linux-gnu golang-go
+
+      - name: Initialize submodules
+        run: git submodule update --init --recursive
+
+      - name: Build fiovb (amd64)
+        run: make amd64 HOST_COMPILER=gcc
+
+      - name: Build fiovb (arm64)
+        run: |
+          CROSS_COMPILER=aarch64-linux-gnu-gcc && \
+          export CC_FOR_TARGET=$CROSS_COMPILER && \
+          export CC=$CROSS_COMPILER && \
+          make arm64 CROSS_COMPILER=$CROSS_COMPILER

.gitignore

@@ -0,0 +1 @@
+output/

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "third-party/optee-client"]
+	path = third-party/optee-client
+	url = https://github.com/OP-TEE/optee_client.git

Makefile

@@ -0,0 +1,21 @@
+################################################################################
+### fiovb - Makefile                                                         ###
+### Date: 08/01/2024                                                         ###
+### Version: v1.0.0                                                          ###
+################################################################################
+
+GO = go
+OUTPUT = output
+
+################################################################################
+### ALL                                                                      ###
+################################################################################
+
+all: amd64 arm64
+clean: amd64-clean arm64-clean
+
+################################################################################
+### INCLUDES                                                                 ###
+################################################################################
+
+include build/amd64.mk build/arm64.mk

README.md

@@ -1,5 +1,7 @@
 # Go fiovb library
 
+[![Build](https://github.com/OpenPixelSystems/go-fiovb/actions/workflows/build.yml/badge.svg?event=push)](https://github.com/OpenPixelSystems/go-fiovb/actions/workflows/build.yml)
+
 ## Summary
 
 The `go-fiovb` is a Go library for the Foundries.IO Verified Boot.

build/amd64.mk

@@ -0,0 +1,60 @@
+################################################################################
+### fiovb - amd64                                                            ###
+### Date: 08/01/2024                                                         ###
+### Version: v1.0.0                                                          ###
+################################################################################
+
+HOST_COMPILER   = "gcc"
+HOST_COMPILER_C = $(shell readlink -f $$(which $(HOST_COMPILER)))
+
+AMD64 = amd64
+BUILD_AMD64 = $(OUTPUT)/$(AMD64)/build
+SYSROOT_AMD64 = $(OUTPUT)/$(AMD64)/sysroot
+BIN_AMD64 = $(OUTPUT)/$(AMD64)/bin
+PREFIX_AMD64 = GOOS=linux GOARCH=$(AMD64)
+
+amd64: optee-client-amd64 fiovb-tool-amd64
+amd64-clean: optee-client-clean-amd64 sysroot-clean-amd64 fiovb-tool-clean-amd64
+
+################################################################################
+### OPTEE-CLIENT                                                             ###
+################################################################################
+
+optee-client-amd64:
+	@cmake -Sthird-party/optee-client/ \
+	-B$(BUILD_AMD64)/$@ \
+	-DCMAKE_INSTALL_PREFIX=$(SYSROOT_AMD64)/usr \
+	-DCMAKE_C_COMPILER=$(HOST_COMPILER_C)
+
+	@make -C $(BUILD_AMD64)/$@
+	@make -C $(BUILD_AMD64)/$@ install
+
+	@echo Compiled $@
+
+optee-client-clean-amd64:
+	@rm -rf $(BUILD_AMD64)/optee-client-amd64
+	@echo Cleaned optee-client-amd64
+
+################################################################################
+### SYSROOT                                                                  ###
+################################################################################
+
+sysroot-clean-amd64:
+	@rm -rf $(SYSROOT_AMD64)
+	@echo Cleaned sysroot-amd64
+
+################################################################################
+### FIOVB TOOL                                                               ###
+################################################################################
+
+fiovb-tool-amd64:
+	@$(PREFIX_AMD64) \
+	CGO_CFLAGS="-g -Wall -I$(shell pwd)/$(SYSROOT_AMD64)/usr/include" \
+	CGO_LDFLAGS="-L$(shell pwd)/$(SYSROOT_AMD64)/usr/lib -L$(shell pwd)/$(SYSROOT_AMD64)/usr/lib64 -lteec" \
+	$(GO) build -o $(BIN_AMD64)/fiovb github.com/OpenPixelSystems/go-fiovb/cmd/fiovb/
+
+	@echo Compiled $@
+
+fiovb-tool-clean-amd64:
+	@rm -rf $(BIN_AMD64)/fiovb
+	@echo Cleaned fiovb-tool-amd64

build/arm64.mk

@@ -0,0 +1,60 @@
+################################################################################
+### fiovb - arm64                                                            ###
+### Date: 08/01/2024                                                         ###
+### Version: v1.0.0                                                          ###
+################################################################################
+
+CROSS_COMPILER    = aarch64-lmp-linux-gcc
+CROSS_COMPILER_C  = $(shell readlink -f $$(which $(CROSS_COMPILER)))
+
+ARM64 = arm64
+BUILD_ARM64 = $(OUTPUT)/$(ARM64)/build
+SYSROOT_ARM64 = $(OUTPUT)/$(ARM64)/sysroot
+BIN_ARM64 = $(OUTPUT)/$(ARM64)/bin
+PREFIX_ARM64 = CGO_ENABLED=1 GOOS=linux GOARCH=$(ARM64)
+
+arm64: optee-client-arm64 fiovb-tool-arm64
+arm64-clean: optee-client-clean-arm64 sysroot-clean-arm64 fiovb-tool-clean-arm64
+
+################################################################################
+### OPTEE-CLIENT                                                             ###
+################################################################################
+
+optee-client-arm64:
+	@cmake -Sthird-party/optee-client/ \
+	-B$(BUILD_ARM64)/$@ \
+	-DCMAKE_INSTALL_PREFIX=$(SYSROOT_ARM64)/usr \
+	-DCMAKE_C_COMPILER=$(CROSS_COMPILER_C)
+
+	@make -C $(BUILD_ARM64)/$@
+	@make -C $(BUILD_ARM64)/$@ install
+
+	@echo Compiled $@
+
+optee-client-clean-arm64:
+	@rm -rf $(BUILD_ARM64)/optee-client-arm64
+	@echo Cleaned optee-client-arm64
+
+################################################################################
+### SYSROOT                                                                  ###
+################################################################################
+
+sysroot-clean-arm64:
+	@rm -rf $(SYSROOT_ARM64)
+	@echo Cleaned sysroot-arm64
+
+################################################################################
+### FIOVB TOOL                                                               ###
+################################################################################
+
+fiovb-tool-arm64:
+	@$(PREFIX_ARM64) \
+	CGO_CFLAGS="-g -Wall -I$(shell pwd)/$(SYSROOT_ARM64)/usr/include" \
+	CGO_LDFLAGS="-L$(shell pwd)/$(SYSROOT_ARM64)/usr/lib -lteec" \
+	$(GO) build -o $(BIN_ARM64)/fiovb github.com/OpenPixelSystems/go-fiovb/cmd/fiovb/
+
+	@echo Compiled $@
+
+fiovb-tool-clean-arm64:
+	@rm -rf $(BIN_ARM64)/fiovb
+	@echo Cleaned fiovb-tool-arm64

cmd/fiovb/main.go

@@ -0,0 +1,79 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"os"
+	"os/user"
+
+	"github.com/OpenPixelSystems/go-fiovb/fiovb"
+)
+
+type Mode int
+
+const (
+	unknownMode Mode = iota
+	readMode
+)
+
+func isRootUser() bool {
+	u, err := user.Current()
+	if err != nil {
+		return false
+	}
+
+	return os.Geteuid() == 0 && os.Getuid() == 0 && u.Username == "root"
+}
+
+func parseArgs() (Mode, string) {
+	var read = flag.String("read", "", "read value")
+
+	flag.Parse()
+
+	if read != nil && *read != "" {
+		return readMode, *read
+	}
+
+	return unknownMode, ""
+}
+
+func read(name string) error {
+	fvb := fiovb.New()
+
+	if err := fvb.Initialize(); err != nil {
+		return err
+	}
+
+	value, err := fvb.Read(name)
+	if err != nil {
+		return err
+	}
+
+	if err := fvb.Finalize(); err != nil {
+		return err
+	}
+
+	fmt.Println(value)
+	return nil
+}
+
+func main() {
+	if !isRootUser() {
+		fmt.Println("Permission denied")
+		return
+	}
+
+	mode, name := parseArgs()
+	if mode == unknownMode {
+		flag.Usage()
+		return
+	}
+
+	switch mode {
+	case readMode:
+		if err := read(name); err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+	}
+}

fiovb/fiovb_api.go

@@ -0,0 +1,81 @@
+package fiovb
+
+import "github.com/OpenPixelSystems/go-fiovb/teec"
+
+const (
+	readPersistValue   = 0
+	writePersistValue  = 1
+	deletePersistValue = 2
+	maxBuffer          = 4096
+)
+
+var (
+	// Universally Unique IDentifier (UUID) as defined in RFC4122.
+	// These UUID values are used to identify the fiovb Trusted Application.
+	destination = teec.UUID{
+		TimeLow:          0x22250a54,
+		TimeMid:          0x0bf1,
+		TimeHiAndVersion: 0x48fe,
+		ClockSeqAndNode:  [8]byte{0x80, 0x02, 0x7b, 0x20, 0xf1, 0xc9, 0xc9, 0xb1},
+	}
+)
+
+type FIOVB struct {
+	t *teec.TEEC
+}
+
+func New() *FIOVB {
+	return &FIOVB{
+		t: teec.New(),
+	}
+}
+
+func (fiovb *FIOVB) Initialize() error {
+	if err := fiovb.t.Initialize(); err != nil {
+		return err
+	}
+
+	if err := fiovb.t.OpenSession(destination); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (fiovb *FIOVB) Read(name string) (string, error) {
+	req := []byte(name)
+	res := make([]byte, maxBuffer-1)
+
+	operation := teec.Operation{
+		ParamTypes: [4]teec.ParameterTypes{
+			teec.MEMREF_TEMP_INPUT,
+			teec.MEMREF_TEMP_INOUT,
+			teec.NONE,
+			teec.NONE,
+		},
+		Params: [4]teec.Parameter{
+			teec.Parameter{Buffer: req, Size: uint32(len(req) + 1)},
+			teec.Parameter{Buffer: res, Size: uint32(len(res))},
+		},
+	}
+
+	origin := uint32(0)
+
+	if err := fiovb.t.InvokeCommand(readPersistValue, &operation, &origin); err != nil {
+		return "", err
+	}
+
+	return string(operation.Params[1].Buffer), nil
+}
+
+func (fiovb *FIOVB) Finalize() error {
+	if err := fiovb.t.CloseSession(); err != nil {
+		return err
+	}
+
+	if err := fiovb.t.Finalize(); err != nil {
+		return err
+	}
+
+	return nil
+}

go.mod

@@ -0,0 +1,3 @@
+module github.com/OpenPixelSystems/go-fiovb
+
+go 1.19