diff --git a/release/README.md b/release/README.md
deleted file mode 100644
index 095e64c..0000000
--- a/release/README.md
+++ /dev/null
@@ -1,68 +0,0 @@
-# Trusted OS Release Process
-
-TODO(jayhou): This file contains the design of the release process. It is in the
-process of being implemented and may not be accurate of the current state.
-
-## File structure
-
-* The Dockerfile found in the root of the repo builds an image which installs
- dependencies and compiles the Trusted OS with TamaGo. The version of TamaGo
- to use can be specified with the Docker
- [build arg](https://docs.docker.com/engine/reference/commandline/build/#build-arg)
- `TAMAGO_VERSION`.
-* [Cloud Build triggers](https://cloud.google.com/build/docs/automating-builds/create-manage-triggers)
- for the continuous integration (CI) and prod environments are defined on the
- Cloud Build yaml files in this directory.
-
-## Build and Release Process
-
-There are three parts to the Trusted OS release process.
-
-### Release kickoff
-
-First, the trigger defined on `cloudbuild(|_ci).yaml` file
-is defined by a yaml config file and is invoked when the Transparency.dev team
-publishes a new tag in the format `vX.X.X` in this repository.
-
-This trigger builds and writes the Trusted OS ELF file to a public Google Cloud
-Storage (GCS) bucket. Then, it runs the
-[`manifest`](https://github.com/transparency-dev/armored-witness/tree/main/cmd/manifest)
-tool to construct the Claimant Model Statement with arguments specific to this
-release, and writes it to the same GCS bucket. Then, Transparency.dev signs the
-output manifest file in the
-[note](https://pkg.go.dev/golang.org/x/mod/sumdb/note) format.
-
-Since it is stored in the public GCS bucket, it can be read by WithSecure.
-
-### WithSecure step
-
-WithSecure is notified of a release, and they reference the manifest for build
-details. After auditing it, and they add their signature of the manifest to the
-note as well before writing it to this repo as
-`$_WITHSECURE_DIR/withsecure_vX.X.X` (as defined in the yaml). Once
-complete, they tag a release in this repo in the format `withsecure_vX.X.X`.
-
-### Release completion
-
-Finally, the trigger defined on `cloudbuild_withsecure_signature.yaml` reads the
-signed note written to this repository by WithSecure and adds it to the
-artifacts bucket and the public firmware transparency log.
-
-The Trusted OS elf should only be used if both Transparency.dev and WithSecure
-signatures are verified successfully.
-
-TODO: add links for the GCS buckets once public.
-
-## Claimant Model
-
-| Role | Description |
-| ----------- | ----------- |
-| **Claimant** | - For Claims #1, #2: Transparency.dev team
- For Claims #1, #3: WithSecure
|
-| **Claim** | - The digest of the Trusted OS firmware is derived from this source Github repository, and is reproducible.
- The Trusted OS firmware is issued by the Transparency.dev team.
- The Trusted OS firmware is issued by the WithSecure.
|
-| **Believer** | Armored Witness devices |
-| **Verifier** | - For Claim #1: third party auditing the Transparency.dev team and WithSecure
- For Claim #2: the Transparency.dev team
- For Claim #3: WithSecure
|
-| **Arbiter** | Log ecosystem participants and reliers |
-
-The **Statement** is defined in the [armored-witness-common](https://github.com/transparency-dev/armored-witness-common/blob/main/release/firmware/ftlog/log_entries.go) repo.
-There is also an example available at
-[example_firmware_release.json](https://github.com/transparency-dev/armored-witness-common/blob/main/release/firmware/ftlog/example_firmware_release.json).
\ No newline at end of file
diff --git a/release/cloudbuild_ci.yaml b/release/cloudbuild_ci.yaml
deleted file mode 100644
index dd63b37..0000000
--- a/release/cloudbuild_ci.yaml
+++ /dev/null
@@ -1,195 +0,0 @@
-steps:
- # First create a fake tag we'll use throughout the CI build process below.
- # Unfortunately, GCB has no concept of dynamically creating substitutions or
- # passing ENV vars between steps, so the best we can do is to create a file
- # containing our tag in the share workspace which other steps can inspect.
- - name: bash
- script: |
- date +'0.3.%s-incompatible' > /workspace/fake_tag
- cat /workspace/fake_tag
- ### Build the Trusted OS and upload it to GCS.
- # Build an image containing the Trusted OS artifacts with the Dockerfile.
- # This step needs to be a bash script in order to substitute fake tag into a
- # build arg.
- - name: gcr.io/cloud-builders/docker
- entrypoint: bash
- args:
- - -c
- - |
- docker build \
- --build-arg=TAMAGO_VERSION=${_TAMAGO_VERSION} \
- --build-arg=GIT_SEMVER_TAG=$(cat /workspace/fake_tag) \
- --build-arg=LOG_ORIGIN=${_ORIGIN} \
- --build-arg=LOG_PUBLIC_KEY=${_LOG_PUBLIC_KEY} \
- --build-arg=APPLET_PUBLIC_KEY=${_APPLET_PUBLIC_KEY} \
- --build-arg=OS_PUBLIC_KEY1=${_OS_PUBLIC_KEY1} \
- --build-arg=OS_PUBLIC_KEY2=${_OS_PUBLIC_KEY2} \
- --build-arg=BEE=${_BEE} \
- --build-arg=DEBUG=${_DEBUG} \
- --build-arg=SRK_HASH=${_CI_SRK_HASH} \
- -t builder-image \
- .
- # Prepare a container with a copy of the artifacts.
- - name: gcr.io/cloud-builders/docker
- args:
- - create
- - --name
- - builder_scratch
- - builder-image
- # Copy the artifacts from the container to the Cloud Build VM.
- - name: gcr.io/cloud-builders/docker
- args:
- - cp
- - builder_scratch:/build/bin
- - output
- # List the artifacts.
- - name: bash
- args:
- - ls
- - output
- # Copy the artifacts from the Cloud Build VM to GCS.
- - name: gcr.io/cloud-builders/gcloud
- entrypoint: bash
- args:
- - -c
- - |
- gcloud storage cp \
- output/trusted_os.elf \
- gs://${_FIRMWARE_BUCKET}/$(sha256sum output/trusted_os.elf | cut -f1 -d" ")
- ### Construct log entry / Claimant Model statement.
- # Create the manifest.
- # This step needs to be a bash script in order to substitute the fake tag
- # in the command args.
- - name: golang
- entrypoint: bash
- args:
- - -c
- - |
- go run github.com/transparency-dev/armored-witness/cmd/manifest@main \
- create \
- --git_tag=$(cat /workspace/fake_tag) \
- --git_commit_fingerprint=${COMMIT_SHA} \
- --firmware_file=output/trusted_os.elf \
- --firmware_type=TRUSTED_OS \
- --tamago_version=${_TAMAGO_VERSION} \
- --build_env="LOG_ORIGIN=${_ORIGIN}" \
- --build_env="LOG_PUBLIC_KEY=${_LOG_PUBLIC_KEY}" \
- --build_env="APPLET_PUBLIC_KEY=${_APPLET_PUBLIC_KEY}" \
- --build_env="OS_PUBLIC_KEY1=${_OS_PUBLIC_KEY1}" \
- --build_env="OS_PUBLIC_KEY2=${_OS_PUBLIC_KEY2}" \
- --build_env="BEE=${_BEE}" \
- --build_env="DEBUG=${_DEBUG}" \
- --build_env="SRK_HASH=${_CI_SRK_HASH}" \
- --raw \
- --output_file=output/trusted_os_manifest_unsigned.json
- # Sign the log entry.
- - name: golang
- args:
- - go
- - run
- - github.com/transparency-dev/armored-witness/cmd/sign@main
- - --project_name=${PROJECT_ID}
- - --release=ci
- - --artefact=os1
- - --manifest_file=output/trusted_os_manifest_unsigned.json
- - --output_file=output/trusted_os_manifest_transparency_dev
- # Countersign the log entry to fake a WS signature for CI
- - name: golang
- args:
- - go
- - run
- - github.com/transparency-dev/armored-witness/cmd/sign@main
- - --project_name=${PROJECT_ID}
- - --release=ci
- - --artefact=os2
- - --note_file=output/trusted_os_manifest_transparency_dev
- - --note_verifier=${_OS_PUBLIC_KEY1}
- - --output_file=output/trusted_os_manifest_both
- # Print the content of the signed manifest.
- - name: bash
- args:
- - cat
- - output/trusted_os_manifest_both
- ### Write the firmware release to the CI transparency log.
- # Copy the signed note to the sequence bucket, preparing to write to log.
- #
- # Use the SHA256 of the manifest as the name of the manifest. This allows
- # multiple triggers to run without colliding.
- - name: gcr.io/cloud-builders/gcloud
- entrypoint: bash
- args:
- - -c
- - |
- gcloud storage cp output/trusted_os_manifest_both \
- gs://${_LOG_NAME}/${_ENTRIES_DIR}/$(sha256sum output/trusted_os_manifest_both | cut -f1 -d" ")/trusted_os_manifest_both
- # Sequence log entry.
- - name: gcr.io/cloud-builders/gcloud
- entrypoint: bash
- args:
- - -c
- - >
- gcloud functions call sequence \
-
- --data="{
- \"entriesDir\": \"${_ENTRIES_DIR}/$(sha256sum output/trusted_os_manifest_both | cut -f1 -d" ")\",
- \"origin\": \"${_ORIGIN}\",
- \"bucket\": \"${_LOG_NAME}\",
- \"kmsKeyName\": \"ft-log-ci\",
- \"kmsKeyRing\": \"firmware-release-ci\",
- \"kmsKeyVersion\": ${_KEY_VERSION},
- \"kmsKeyLocation\": \"global\",
- \"noteKeyName\": \"transparency.dev-aw-ftlog-ci-${_KEY_VERSION}\",
- \"checkpointCacheControl\": \"${_CHECKPOINT_CACHE}\"
- }"
- # Integrate log entry.
- - name: gcr.io/cloud-builders/gcloud
- args:
- - functions
- - call
- - integrate
- - '--data'
- - >-
- {
- "origin": "${_ORIGIN}",
- "bucket": "${_LOG_NAME}",
- "kmsKeyName": "ft-log-ci",
- "kmsKeyRing": "firmware-release-ci",
- "kmsKeyVersion": ${_KEY_VERSION},
- "kmsKeyLocation": "global",
- "noteKeyName": "transparency.dev-aw-ftlog-ci-${_KEY_VERSION}",
- "checkpointCacheControl": "${_CHECKPOINT_CACHE}"
- }
- # Clean up the file we added to the _ENTRIES_DIR bucket now that it's been
- # integrated to the log.
- - name: gcr.io/cloud-builders/gcloud
- entrypoint: bash
- args:
- - -c
- - |
- gcloud storage rm \
- gs://${_LOG_NAME}/${_ENTRIES_DIR}/$(sha256sum output/trusted_os_manifest_both | cut -f1 -d" ")/trusted_os_manifest_both
-substitutions:
- # Note that to be a valid CloudBuild config these MUST all be strings.
- # Without explicit quotes, some things may be interpreted as other types since
- # this is a YAML file, so to avoid future tears let's keep these all quoted.
- #
- # Build-related.
- _FIRMWARE_BUCKET: 'armored-witness-firmware-ci-2'
- _TAMAGO_VERSION: '1.22.0'
- # Log-related.
- _ENTRIES_DIR: 'firmware-log-sequence'
- # This must correspond with the trailing number on the _FIRMWARE_BUCKET, _ORIGIN, _LOG_NAME values.
- _KEY_VERSION: '2'
- _ORIGIN: 'transparency.dev/armored-witness/firmware_transparency/ci/2'
- _LOG_NAME: 'armored-witness-firmware-log-ci-2'
- _LOG_PUBLIC_KEY: 'transparency.dev-aw-ftlog-ci-2+f77c6276+AZXqiaARpwF4MoNOxx46kuiIRjrML0PDTm+c7BLaAMt6'
- _APPLET_PUBLIC_KEY: 'transparency.dev-aw-applet-ci+3ff32e2c+AV1fgxtByjXuPjPfi0/7qTbEBlPGGCyxqr6ZlppoLOz3'
- _OS_PUBLIC_KEY1: 'transparency.dev-aw-os1-ci+7a0eaef3+AcsqvmrcKIbs21H2Bm2fWb6oFWn/9MmLGNc6NLJty2eQ'
- _OS_PUBLIC_KEY2: 'transparency.dev-aw-os2-ci+af8e4114+AbBJk5MgxRB+68KhGojhUdSt1ts5GAdRIT1Eq9zEkgQh'
- _BEE: '1'
- _DEBUG: '1'
- _CHECKPOINT_CACHE: 'public, max-age=30'
- # Pinned CI SRK hash
- # This MUST be identical to the _PINNED_SRK_HASH in https://github.com/transparency-dev/armored-witness-boot/blob/main/release/cloudbuild_ci.yaml#L223-L224
- # and MUST NOT be changed unless you know very well what you're doing, otherwise devices will be bricked!
- _CI_SRK_HASH: 'b8ba457320663bf006accd3c57e06720e63b21ce5351cb91b4650690bb08d85a'
diff --git a/release/cloudbuild_presubmit.yaml b/release/cloudbuild_presubmit.yaml
deleted file mode 100644
index 28687df..0000000
--- a/release/cloudbuild_presubmit.yaml
+++ /dev/null
@@ -1,98 +0,0 @@
-steps:
- # First create a fake tag we'll use throughout the build process below.
- # Unfortunately, GCB has no concept of dynamically creating substitutions or
- # passing ENV vars between steps, so the best we can do is to create a file
- # containing our tag in the share workspace which other steps can inspect.
- - name: bash
- script: |
- date +'0.0.%s-incompatible' > /workspace/fake_tag
- cat /workspace/fake_tag
- ### Build the Trusted OS and upload it to GCS.
- # Build an image containing the Trusted OS artifacts with the Dockerfile.
- # This step needs to be a bash script in order to substitute fake tag into a
- # build arg.
- - name: gcr.io/cloud-builders/docker
- entrypoint: bash
- args:
- - -c
- - |
- docker build \
- --build-arg=TAMAGO_VERSION=${_TAMAGO_VERSION} \
- --build-arg=LOG_ORIGIN=${_ORIGIN} \
- --build-arg=LOG_PUBLIC_KEY=${_LOG_PUBLIC_KEY} \
- --build-arg=APPLET_PUBLIC_KEY=${_APPLET_PUBLIC_KEY} \
- --build-arg=OS_PUBLIC_KEY1=${_OS_PUBLIC_KEY1} \
- --build-arg=OS_PUBLIC_KEY2=${_OS_PUBLIC_KEY2} \
- --build-arg=GIT_SEMVER_TAG=$(cat /workspace/fake_tag) \
- --build-arg=DEBUG=${_DEBUG} \
- -t builder-image \
- .
- # Prepare a container with a copy of the artifacts.
- - name: gcr.io/cloud-builders/docker
- args:
- - create
- - --name
- - builder_scratch
- - builder-image
- # Copy the artifacts from the container to the Cloud Build VM.
- - name: gcr.io/cloud-builders/docker
- args:
- - cp
- - builder_scratch:/build/bin
- - output
- # List the artifacts.
- - name: bash
- args:
- - ls
- - output
- # Copy the artifacts from the Cloud Build VM to GCS.
- - name: gcr.io/cloud-builders/gcloud
- entrypoint: bash
- args:
- - -c
- - |
- gcloud storage cp \
- output/trusted_os.elf \
- gs://${_FIRMWARE_BUCKET}/$(sha256sum output/trusted_os.elf | cut -f1 -d" ")
- ### Construct log entry / Claimant Model statement.
- # Create the manifest.
- # This step needs to be a bash script in order to substitute the fake tag
- # in the command args.
- - name: golang
- entrypoint: bash
- args:
- - -c
- - |
- go run github.com/transparency-dev/armored-witness/cmd/manifest@main \
- create \
- --git_tag=$(cat /workspace/fake_tag) \
- --git_commit_fingerprint=${COMMIT_SHA} \
- --firmware_file=output/trusted_os.elf \
- --firmware_type=TRUSTED_OS \
- --tamago_version=${_TAMAGO_VERSION} \
- --raw \
- --output_file=output/trusted_os_manifest_unsigned.json
- # TODO: sign the log entry with github.com/transparency-dev/armored-witness/cmd/sign
- # after we create presubmit keys.
- #
- # Print the content of the manifest.
- - name: bash
- args:
- - cat
- - output/trusted_os_manifest_unsigned.json
-substitutions:
- # Note that to be a valid CloudBuild config these MUST all be strings.
- # Without explicit quotes, some things may be interpreted as other types since
- # this is a YAML file, so to avoid future tears let's keep these all quoted.
- #
- # Build-related.
- _FIRMWARE_BUCKET: 'armored-witness-firmware-ci-1'
- _TAMAGO_VERSION: '1.22.0'
- # This must correspond with the trailing number on the _FIRMWARE_BUCKET, _ORIGIN values.
- _KEY_VERSION: '1'
- _ORIGIN: 'transparency.dev/armored-witness/firmware_transparency/ci/1'
- _LOG_PUBLIC_KEY: 'transparency.dev-aw-ftlog-ci+f5479c1e+AR6gW0mycDtL17iM2uvQUThJsoiuSRirstEj9a5AdCCu'
- _APPLET_PUBLIC_KEY: 'transparency.dev-aw-applet-ci+3ff32e2c+AV1fgxtByjXuPjPfi0/7qTbEBlPGGCyxqr6ZlppoLOz3'
- _OS_PUBLIC_KEY1: 'transparency.dev-aw-os1-ci+7a0eaef3+AcsqvmrcKIbs21H2Bm2fWb6oFWn/9MmLGNc6NLJty2eQ'
- _OS_PUBLIC_KEY2: 'transparency.dev-aw-os2-ci+af8e4114+AbBJk5MgxRB+68KhGojhUdSt1ts5GAdRIT1Eq9zEkgQh'
- _DEBUG: '1'
diff --git a/release/cloudbuild_withsecure_signature.yaml b/release/cloudbuild_withsecure_signature.yaml
deleted file mode 100644
index 361e63a..0000000
--- a/release/cloudbuild_withsecure_signature.yaml
+++ /dev/null
@@ -1,105 +0,0 @@
-# See README.md in this directory for an overview of the release process.
-#
-# This Cloud Build trigger:
-# 1. copies the manifest of a Trusted OS release signed in the
-# [note format](https://pkg.go.dev/golang.org/x/mod/sumdb/note) by
-# WithSecure and Transparency.dev to a corresponding Google Cloud Storage
-# bucket (and "subdir"). This bucket should already contain the Trusted OS
-# elf file as built by transparency.dev.
-# 2. writes the signed manifest to the Armored Witness firmware transparency
-# log.
-#
-# This is the second Cloud Build trigger for a given release. The first should
-# have already created the Trusted OS elf file.
-steps:
- ### Copy the signed manifest to the artifacts bucket containing the ELF.
- # Get version number (expected to be in the `X.X.X` format) from the tag name
- # by removing the `withsecure_v` prefix. The version number is used as the
- # "subdir" under _TRUSTED_OS_BUCKET.
- - name: gcr.io/cloud-builders/gcloud
- entrypoint: sh
- args:
- - -c
- - >-
- gcloud storage cp ${_WITHSECURE_DIR}/${_TEST_TAG_NAME}
- gs://${_FIRMWARE_BUCKET}/${_FIRMWARE_COMPONENT}/$(echo ${_TEST_TAG_NAME} | sed -e "s/^withsecure_v//")/trusted_os_manifest
- ### Delete the manifest that was only signed by Transparency.dev, since the
- ### manifest above should be signed by both Transparency.dev and WithSecure.
- - name: gcr.io/cloud-builders/gcloud
- entrypoint: sh
- args:
- - -c
- - >-
- gcloud storage rm
- gs://${_FIRMWARE_BUCKET}/${_FIRMWARE_COMPONENT}/$(echo ${_TEST_TAG_NAME} | sed -e "s/^withsecure_v//")/trusted_os_manifest_transparency_dev
- # TODO: write a check for 1) both signatures are present and valid and 2) the
- # message in the note is identical to the one in our signed manifest (in case
- # e.g WS were to accidentally upload an "old" countersigned manifest)
-
- ### Write the firmware release to the transparency log.
- # Copy the signed note to the sequence bucket, preparing to write to log.
- - name: gcr.io/cloud-builders/gcloud
- args:
- - storage
- - cp
- - ${_WITHSECURE_DIR}/${_TEST_TAG_NAME}
- - gs://${_LOG_NAME}/${_ENTRIES_DIR}/trusted_os_manifest
- # Sequence log entry.
- # TODO(jayhou): switch the KMS args to prod.
- - name: gcr.io/cloud-builders/gcloud
- args:
- - functions
- - call
- - sequence
- - --data
- - >-
- {
- "entriesDir": "${_ENTRIES_DIR}",
- "origin": "${_ORIGIN}",
- "bucket": "${_LOG_NAME}",
- "kmsKeyName": "ft-log-ci",
- "kmsKeyRing": "firmware-release-ci",
- "kmsKeyVersion": ${_KEY_VERSION},
- "kmsKeyLocation": "global",
- "noteKeyName": "transparency.dev-aw-ftlog-ci",
- "checkpointCacheControl": "${_CHECKPOINT_CACHE}"
- }
- # Integrate log entry.
- # TODO(jayhou): switch the KMS args to prod.
- - name: gcr.io/cloud-builders/gcloud
- args:
- - functions
- - call
- - integrate
- - --data
- - >-
- {
- "origin": "${_ORIGIN}",
- "bucket": "${_LOG_NAME}",
- "kmsKeyName": "ft-log-ci",
- "kmsKeyRing": "firmware-release-ci",
- "kmsKeyVersion": ${_KEY_VERSION},
- "kmsKeyLocation": "global",
- "noteKeyName": "transparency.dev-aw-ftlog-ci",
- "checkpointCacheControl": "${_CHECKPOINT_CACHE}"
- }
-substitutions:
- # Note that to be a valid CloudBuild config these MUST all be strings.
- # Without explicit quotes, some things may be interpreted as other types since
- # this is a YAML file, so to avoid future tears let's keep these all quoted.
- #
- # TODO(jayhou): do not use CI bucket when we flip this trigger to prod.
- _FIRMWARE_BUCKET: 'armored-witness-firmware-ci-1'
- _FIRMWARE_COMPONENT: 'trusted-os'
- _WITHSECURE_DIR: 'release/withsecure'
- # TODO(jayhou): remove this when we flip this trigger to prod.
- _TEST_TAG_NAME: 'withsecure_v0.1.2'
- # Log-related.
- _ENTRIES_DIR: 'firmware-log-sequence'
- # TODO(jayhou): switch to prod origin.
- _ORIGIN: 'transparency.dev/armored-witness/firmware_transparency/ci/1'
- # TODO(jayhou): do not use CI bucket when we flip this trigger to prod.
- _LOG_NAME: 'armored-witness-firmware-log-ci-1'
- # This must correspond with the trailing number on the _FIRMWARE_BUCKET, _ORIGIN, _LOG_NAME values.
- _KEY_VERSION: '1'
- _CHECKPOINT_CACHE: 'public, max-age=30'