Skip to content
Andrea Barisani edited this page Oct 29, 2024 · 45 revisions

GoTEE

The GoTEE framework implements concurrent instantiation of TamaGo based unikernels in privileged and unprivileged modes, interacting with each other through monitor mode and custom system calls.

With these capabilities GoTEE implements a TamaGo based Trusted Execution Environments (TEE), bringing Go memory safety, convenience and capabilities to bare metal execution within TrustZone Secure World or equivalent isolation technology.

GoTEE can supervise pure Go, Rust or C based freestanding Trusted Applets, implementing the GoTEE API, as well as any operating system capable of running in TrustZone Normal World such as Linux.

Features

Tutorial

This tutorial introduces the API implemented by the GoTEE project which allows multiple execution domains under a trusted TamaGo unikernel.

The tutorial is implemented in the GoTEE example.

  1. Introduction
  2. Trusted OS and Applet execution
  3. System Calls
  4. Main OS execution
  5. TrustZone configuration
  6. Examples

Examples

See the GoTEE-example repository and its README for compilation/execution instructions.

GoTEE API

The GoTEE package API documentation can be found on pkg.go.dev.

Supported hardware

The following table summarizes currently supported SoCs and boards.

SoC Board SoC package Board package
NXP i.MX6ULZ USB armory Mk II imx6ul usbarmory/mk2
NXP i.MX6ULL MCIMX6ULL-EVK imx6ul mx6ullevk
SiFive FU540 QEMU sifive_u fu540 qemu/sifive_u

Applications using GoTEE

Authors

Andrea Barisani
andrea.barisani@withsecure.com | andrea@inversepath.com

Andrej Rosano
andrej.rosano@withsecure.com | andrej@inversepath.com

License

GoTEE | https://github.com/usbarmory/GoTEE
Copyright (c) WithSecure Corporation

These source files are distributed under the BSD-style license found in the LICENSE file.