allow execution under qemu virtualization (#219)

transparency-dev · Mar 20, 2024 · 39c05ac · 39c05ac
1 parent c364329
commit 39c05ac
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -32,7 +32,7 @@ support (requires a `tap0` device routing the Trusted Applet IP address).
 > support by QEMU.
 
 ```bash
-make DEBUG=1 make qemu
+make DEBUG=1 FAKE_STORAGE=1 BEE=0 trusted_os_embedded_applet log_os qemu
 ...
 00:00:00 tamago/arm • TEE security monitor (Secure World system/monitor)
 00:00:00 SM applet verification

diff --git a/trusted_os/ctl.go b/trusted_os/ctl.go
@@ -73,8 +73,6 @@ func getStatus() (s *api.Status) {
 	}
 
 	s = &api.Status{
-		Serial:   fmt.Sprintf("%X", imx6ul.UniqueID()),
-		HAB:      imx6ul.SNVS.Available(),
 		SRKHash:  SRKHash,
 		Revision: Revision,
 		Build:    Build,
@@ -100,6 +98,11 @@ func getStatus() (s *api.Status) {
 		s.Link = err != nil && mode == usbarmory.STATE_ATTACHED_SRC
 	}
 
+	if imx6ul.Native {
+		s.HAB    = imx6ul.SNVS.Available()
+		s.Serial = fmt.Sprintf("%X", imx6ul.UniqueID())
+	}
+
 	return
 }
 

diff --git a/trusted_os/main.go b/trusted_os/main.go
@@ -163,7 +163,7 @@ func main() {
 		SRKHash: SRKHash,
 	}
 
-	if imx6ul.SNVS.Available() {
+	if imx6ul.Native && imx6ul.SNVS.Available() {
 		log.Printf("SM version verification (%s)", Version)
 
 		if err = rpmb.init(); err != nil {
@@ -250,8 +250,10 @@ func main() {
 		}
 	}()
 
-	// start USB control interface
-	ctl.Start()
+	if imx6ul.Native {
+		// start USB control interface
+		ctl.Start()
+	}
 
 	// never returns
 	handleInterrupts()

diff --git a/trusted_os/rpc.go b/trusted_os/rpc.go
@@ -176,8 +176,14 @@ func (r *RPC) ReadRPMB(buf []byte, n *uint32) error {
 //
 // The diversifier is AES-CBC encrypted using the internal OTPMK key.
 func (r *RPC) DeriveKey(diversifier [aes.BlockSize]byte, key *[sha256.Size]byte) (err error) {
-	if !imx6ul.SNVS.Available() && !debug {
+	switch {
+	case imx6ul.Native && !debug && !imx6ul.SNVS.Available():
 		return errors.New("Weird - SNVS not available but we're not in debug?!")
+	case !imx6ul.Native && debug:
+		// we support emulation only on debug builds, use input buffer as dummy key
+		return
+	case !imx6ul.Native && !debug:
+		return errors.New("Weird - under emulation but we're not in debug?!")
 	}
 
 	switch {
@@ -188,7 +194,6 @@ func (r *RPC) DeriveKey(diversifier [aes.BlockSize]byte, key *[sha256.Size]byte)
 		var k []byte
 		k, err = imx6ul.DCP.DeriveKey(r.Diversifier[:], diversifier[:], -1)
 		copy(key[:], k)
-	case debug && !imx6ul.Native:
 	default:
 		err = errors.New("unsupported hardware")
 	}