Skip to content

Home

Jump to bottom
Andrea Barisani edited this page May 27, 2021 · 45 revisions

Introduction

The GoTEE frameworks implements concurrent instantiation of TamaGo based unikernels in privileged and unprivileged modes, interacting with each other through monitor mode and custom system calls

With these capabilities GoTEE implements a TamaGo based Trusted Execution Environments (TEE), bringing Go memory safety, convenience and capabilities to bare metal execution within TrustZone Secure World or equivalent isolation technology.

A compatibility layer for libutee is planned, allowing execution of/as OP-TEE compatible applets.

Tutorial

This tutorial introduces the API implemented by the GoTEE project which allows multiple execution domains under a trusted TamaGo unikernel.

The tutorial reflects the GoTEE examples.

  1. Introduction
  2. Trusted OS and Applet execution
  3. System Calls
  4. Main OS execution
  5. TrustZone configuration

Examples

See the examples directory and the README for compilation/execution instructions.

GoTEE API

The GoTEE package API documentation can be found on pkg.go.dev.

Supported hardware

The following table summarizes currently supported SoCs and boards.

SoC Board SoC package Board package
NXP i.MX6ULZ USB armory Mk II imx6 usbarmory/mark-two
NXP i.MX6ULL MCIMX6ULL-EVK imx6 mx6ullevk

Implementation status

  • PL0/PL1 separation
  • PL0 virtual address space
  • PL0/PL1 base syscall API
  • PL0/PL1 user net/rpc API
  • PL0/PL1 GoTEE crypto API
  • Secure World execution
  • Normal World execution
  • Normal World isolation
  • Secure/Normal World API
  • TEE Client API

Authors

Andrea Barisani
andrea.barisani@f-secure.com | andrea@inversepath.com

Andrej Rosano
andrej.rosano@f-secure.com | andrej@inversepath.com

License

Copyright (c) F-Secure Corporation

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation under version 3 of the License.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

See accompanying LICENSE file for full details.

Tutorial

  1. Introduction
  2. Trusted OS and Applet execution
  3. System Calls
  4. Main OS execution
  5. TrustZone configuration
  6. Examples
Clone this wiki locally