-
Notifications
You must be signed in to change notification settings - Fork 11
Home
The GoTEE framework implements concurrent instantiation of TamaGo based unikernels in privileged and unprivileged modes, interacting with each other through monitor mode and custom system calls.
With these capabilities GoTEE implements a TamaGo based Trusted Execution Environments (TEE), bringing Go memory safety, convenience and capabilities to bare metal execution within TrustZone Secure World or equivalent isolation technology.
GoTEE can supervise pure Go, Rust or C based freestanding Trusted Applets, implementing the GoTEE API, as well as any operating system capable of running in TrustZone Normal World such as Linux.
-
Isolated execution contexts for ARM User mode, TrustZone Normal World or RISC-V Supervisor Mode
-
API for Trusted OS implementation (Syscall, JSON-RPC and exception handlers)
This tutorial introduces the API implemented by the GoTEE project which allows multiple execution domains under a trusted TamaGo unikernel.
The tutorial is implemented in the GoTEE example.
- Introduction
- Trusted OS and Applet execution
- System Calls
- Main OS execution
- TrustZone configuration
- Examples
See the GoTEE-example repository and its README for compilation/execution instructions.
The GoTEE package API documentation can be found on pkg.go.dev.
The following table summarizes currently supported SoCs and boards.
SoC | Board | SoC package | Board package |
---|---|---|---|
NXP i.MX6ULZ | USB armory Mk II | imx6ul | usbarmory/mk2 |
NXP i.MX6ULL | MCIMX6ULL-EVK | imx6ul | mx6ullevk |
SiFive FU540 | QEMU sifive_u | fu540 | qemu/sifive_u |
- ArmoredWitness - cross-ecosystem witness network
Andrea Barisani
andrea.barisani@withsecure.com | andrea@inversepath.com
Andrej Rosano
andrej.rosano@withsecure.com | andrej@inversepath.com
GoTEE | https://github.com/usbarmory/GoTEE
Copyright (c) WithSecure Corporation
These source files are distributed under the BSD-style license found in the LICENSE file.