From c2b52525ecb56082ec111444624a8599e564e4fa Mon Sep 17 00:00:00 2001 From: Al Cutter Date: Fri, 22 Mar 2024 14:57:29 +0000 Subject: [PATCH] Remove HID OTA support (#225) --- api/api.go | 10 +- api/api.pb.go | 427 ++++++++--------------------------- api/api.proto | 92 -------- cmd/witnessctl/api.go | 139 +----------- cmd/witnessctl/witnessctl.go | 12 - trusted_os/flash.go | 104 --------- trusted_os/usb_hid.go | 4 - 7 files changed, 94 insertions(+), 694 deletions(-) diff --git a/api/api.go b/api/api.go index 8812f29..b1777da 100644 --- a/api/api.go +++ b/api/api.go @@ -41,8 +41,8 @@ const ( U2FHID_ARMORY_INF = iota + u2fhid.VendorCommandFirst // Trusted Applet configuration U2FHID_ARMORY_CFG - // Trusted Applet update - U2FHID_ARMORY_OTA + // Obsolete + U2FHID_ARMORY_OTA_UNUSED // Set HAB fuse to built-in SRK hash U2FHID_ARMORY_HAB // Fetch latest debug/console logs @@ -86,12 +86,6 @@ func (p *Configuration) Bytes() (buf []byte) { return } -// Bytes serializes an API message. -func (p *AppletUpdate) Bytes() (buf []byte) { - buf, _ = proto.Marshal(p) - return -} - // Print returns the Trusted OS status in textual format. func (p *Status) Print() string { var status bytes.Buffer diff --git a/api/api.pb.go b/api/api.pb.go index 9849bd3..a15b87c 100644 --- a/api/api.pb.go +++ b/api/api.pb.go @@ -83,199 +83,6 @@ func (ErrorCode) EnumDescriptor() ([]byte, []int) { return file_api_proto_rawDescGZIP(), []int{0} } -// -// -//AppletUpdate -// -//A `AppletUpdate` represents an OTA sequence applet slice. -// -//The `TotalChunks` value indicates the total number of chunks for the update, -//`Seq` is the transmitted AppletUpdate chunk number: -//- `0` indicates that the struct contains verification data in `Header`. -//- `1` onwards identifies the first, second, ... chunk of firmware image data. -// -type AppletUpdate struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Total uint32 `protobuf:"varint,1,opt,name=Total,proto3" json:"Total,omitempty"` - Seq uint32 `protobuf:"varint,2,opt,name=Seq,proto3" json:"Seq,omitempty"` - // Types that are assignable to Payload: - // *AppletUpdate_Data - // *AppletUpdate_Header - Payload isAppletUpdate_Payload `protobuf_oneof:"Payload"` -} - -func (x *AppletUpdate) Reset() { - *x = AppletUpdate{} - if protoimpl.UnsafeEnabled { - mi := &file_api_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *AppletUpdate) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*AppletUpdate) ProtoMessage() {} - -func (x *AppletUpdate) ProtoReflect() protoreflect.Message { - mi := &file_api_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use AppletUpdate.ProtoReflect.Descriptor instead. -func (*AppletUpdate) Descriptor() ([]byte, []int) { - return file_api_proto_rawDescGZIP(), []int{0} -} - -func (x *AppletUpdate) GetTotal() uint32 { - if x != nil { - return x.Total - } - return 0 -} - -func (x *AppletUpdate) GetSeq() uint32 { - if x != nil { - return x.Seq - } - return 0 -} - -func (m *AppletUpdate) GetPayload() isAppletUpdate_Payload { - if m != nil { - return m.Payload - } - return nil -} - -func (x *AppletUpdate) GetData() []byte { - if x, ok := x.GetPayload().(*AppletUpdate_Data); ok { - return x.Data - } - return nil -} - -func (x *AppletUpdate) GetHeader() *AppletUpdateHeader { - if x, ok := x.GetPayload().(*AppletUpdate_Header); ok { - return x.Header - } - return nil -} - -type isAppletUpdate_Payload interface { - isAppletUpdate_Payload() -} - -type AppletUpdate_Data struct { - Data []byte `protobuf:"bytes,3,opt,name=Data,proto3,oneof"` -} - -type AppletUpdate_Header struct { - Header *AppletUpdateHeader `protobuf:"bytes,4,opt,name=Header,proto3,oneof"` -} - -func (*AppletUpdate_Data) isAppletUpdate_Payload() {} - -func (*AppletUpdate_Header) isAppletUpdate_Payload() {} - -type AppletUpdateHeader struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Signature holds the signature over the applet. - Signature []byte `protobuf:"bytes,1,opt,name=Signature,proto3" json:"Signature,omitempty"` - // Checkpoint contains a note-formatted Log Checkpoint. - Checkpoint []byte `protobuf:"bytes,2,opt,name=Checkpoint,proto3" json:"Checkpoint,omitempty"` - // Manifest is metadata about the applet, which has been logged to a firmware - // transparency log. - Manifest []byte `protobuf:"bytes,3,opt,name=Manifest,proto3" json:"Manifest,omitempty"` - // InclusionProof is a log inclusion proof for Manifest committed to by - // Checkpoint. - InclusionProof [][]byte `protobuf:"bytes,4,rep,name=InclusionProof,proto3" json:"InclusionProof,omitempty"` - // LogIndex is the index of Manifest in the firmware transparency log. - LogIndex uint64 `protobuf:"varint,5,opt,name=LogIndex,proto3" json:"LogIndex,omitempty"` -} - -func (x *AppletUpdateHeader) Reset() { - *x = AppletUpdateHeader{} - if protoimpl.UnsafeEnabled { - mi := &file_api_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *AppletUpdateHeader) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*AppletUpdateHeader) ProtoMessage() {} - -func (x *AppletUpdateHeader) ProtoReflect() protoreflect.Message { - mi := &file_api_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use AppletUpdateHeader.ProtoReflect.Descriptor instead. -func (*AppletUpdateHeader) Descriptor() ([]byte, []int) { - return file_api_proto_rawDescGZIP(), []int{1} -} - -func (x *AppletUpdateHeader) GetSignature() []byte { - if x != nil { - return x.Signature - } - return nil -} - -func (x *AppletUpdateHeader) GetCheckpoint() []byte { - if x != nil { - return x.Checkpoint - } - return nil -} - -func (x *AppletUpdateHeader) GetManifest() []byte { - if x != nil { - return x.Manifest - } - return nil -} - -func (x *AppletUpdateHeader) GetInclusionProof() [][]byte { - if x != nil { - return x.InclusionProof - } - return nil -} - -func (x *AppletUpdateHeader) GetLogIndex() uint64 { - if x != nil { - return x.LogIndex - } - return 0 -} - // // //Status information @@ -305,7 +112,7 @@ type Status struct { func (x *Status) Reset() { *x = Status{} if protoimpl.UnsafeEnabled { - mi := &file_api_proto_msgTypes[2] + mi := &file_api_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -318,7 +125,7 @@ func (x *Status) String() string { func (*Status) ProtoMessage() {} func (x *Status) ProtoReflect() protoreflect.Message { - mi := &file_api_proto_msgTypes[2] + mi := &file_api_proto_msgTypes[0] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -331,7 +138,7 @@ func (x *Status) ProtoReflect() protoreflect.Message { // Deprecated: Use Status.ProtoReflect.Descriptor instead. func (*Status) Descriptor() ([]byte, []int) { - return file_api_proto_rawDescGZIP(), []int{2} + return file_api_proto_rawDescGZIP(), []int{0} } func (x *Status) GetSerial() string { @@ -435,7 +242,7 @@ type WitnessStatus struct { func (x *WitnessStatus) Reset() { *x = WitnessStatus{} if protoimpl.UnsafeEnabled { - mi := &file_api_proto_msgTypes[3] + mi := &file_api_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -448,7 +255,7 @@ func (x *WitnessStatus) String() string { func (*WitnessStatus) ProtoMessage() {} func (x *WitnessStatus) ProtoReflect() protoreflect.Message { - mi := &file_api_proto_msgTypes[3] + mi := &file_api_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -461,7 +268,7 @@ func (x *WitnessStatus) ProtoReflect() protoreflect.Message { // Deprecated: Use WitnessStatus.ProtoReflect.Descriptor instead. func (*WitnessStatus) Descriptor() ([]byte, []int) { - return file_api_proto_rawDescGZIP(), []int{3} + return file_api_proto_rawDescGZIP(), []int{1} } func (x *WitnessStatus) GetIdentity() string { @@ -508,7 +315,7 @@ type Configuration struct { func (x *Configuration) Reset() { *x = Configuration{} if protoimpl.UnsafeEnabled { - mi := &file_api_proto_msgTypes[4] + mi := &file_api_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -521,7 +328,7 @@ func (x *Configuration) String() string { func (*Configuration) ProtoMessage() {} func (x *Configuration) ProtoReflect() protoreflect.Message { - mi := &file_api_proto_msgTypes[4] + mi := &file_api_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -534,7 +341,7 @@ func (x *Configuration) ProtoReflect() protoreflect.Message { // Deprecated: Use Configuration.ProtoReflect.Descriptor instead. func (*Configuration) Descriptor() ([]byte, []int) { - return file_api_proto_rawDescGZIP(), []int{4} + return file_api_proto_rawDescGZIP(), []int{2} } func (x *Configuration) GetDHCP() bool { @@ -590,7 +397,7 @@ type LogMessagesRequest struct { func (x *LogMessagesRequest) Reset() { *x = LogMessagesRequest{} if protoimpl.UnsafeEnabled { - mi := &file_api_proto_msgTypes[5] + mi := &file_api_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -603,7 +410,7 @@ func (x *LogMessagesRequest) String() string { func (*LogMessagesRequest) ProtoMessage() {} func (x *LogMessagesRequest) ProtoReflect() protoreflect.Message { - mi := &file_api_proto_msgTypes[5] + mi := &file_api_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -616,7 +423,7 @@ func (x *LogMessagesRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use LogMessagesRequest.ProtoReflect.Descriptor instead. func (*LogMessagesRequest) Descriptor() ([]byte, []int) { - return file_api_proto_rawDescGZIP(), []int{5} + return file_api_proto_rawDescGZIP(), []int{3} } func (x *LogMessagesRequest) GetContinue() bool { @@ -638,7 +445,7 @@ type LogMessagesResponse struct { func (x *LogMessagesResponse) Reset() { *x = LogMessagesResponse{} if protoimpl.UnsafeEnabled { - mi := &file_api_proto_msgTypes[6] + mi := &file_api_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -651,7 +458,7 @@ func (x *LogMessagesResponse) String() string { func (*LogMessagesResponse) ProtoMessage() {} func (x *LogMessagesResponse) ProtoReflect() protoreflect.Message { - mi := &file_api_proto_msgTypes[6] + mi := &file_api_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -664,7 +471,7 @@ func (x *LogMessagesResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use LogMessagesResponse.ProtoReflect.Descriptor instead. func (*LogMessagesResponse) Descriptor() ([]byte, []int) { - return file_api_proto_rawDescGZIP(), []int{6} + return file_api_proto_rawDescGZIP(), []int{4} } func (x *LogMessagesResponse) GetPayload() []byte { @@ -693,7 +500,7 @@ type Response struct { func (x *Response) Reset() { *x = Response{} if protoimpl.UnsafeEnabled { - mi := &file_api_proto_msgTypes[7] + mi := &file_api_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -706,7 +513,7 @@ func (x *Response) String() string { func (*Response) ProtoMessage() {} func (x *Response) ProtoReflect() protoreflect.Message { - mi := &file_api_proto_msgTypes[7] + mi := &file_api_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -719,7 +526,7 @@ func (x *Response) ProtoReflect() protoreflect.Message { // Deprecated: Use Response.ProtoReflect.Descriptor instead. func (*Response) Descriptor() ([]byte, []int) { - return file_api_proto_rawDescGZIP(), []int{7} + return file_api_proto_rawDescGZIP(), []int{5} } func (x *Response) GetError() ErrorCode { @@ -740,80 +547,59 @@ var File_api_proto protoreflect.FileDescriptor var file_api_proto_rawDesc = []byte{ 0x0a, 0x09, 0x61, 0x70, 0x69, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x03, 0x61, 0x70, 0x69, - 0x22, 0x8a, 0x01, 0x0a, 0x0c, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, - 0x65, 0x12, 0x14, 0x0a, 0x05, 0x54, 0x6f, 0x74, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, - 0x52, 0x05, 0x54, 0x6f, 0x74, 0x61, 0x6c, 0x12, 0x10, 0x0a, 0x03, 0x53, 0x65, 0x71, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x53, 0x65, 0x71, 0x12, 0x14, 0x0a, 0x04, 0x44, 0x61, 0x74, - 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x04, 0x44, 0x61, 0x74, 0x61, 0x12, - 0x31, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x17, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x74, 0x55, 0x70, 0x64, 0x61, - 0x74, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x48, 0x00, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x42, 0x09, 0x0a, 0x07, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0xb2, 0x01, - 0x0a, 0x12, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x65, - 0x61, 0x64, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, - 0x72, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x70, 0x6f, 0x69, 0x6e, 0x74, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x70, 0x6f, 0x69, - 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x4d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x4d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, 0x12, 0x26, - 0x0a, 0x0e, 0x49, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x6f, 0x66, - 0x18, 0x04, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x0e, 0x49, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, - 0x6e, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x12, 0x1a, 0x0a, 0x08, 0x4c, 0x6f, 0x67, 0x49, 0x6e, 0x64, - 0x65, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x08, 0x4c, 0x6f, 0x67, 0x49, 0x6e, 0x64, - 0x65, 0x78, 0x22, 0x9e, 0x02, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x16, 0x0a, - 0x06, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x53, - 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x10, 0x0a, 0x03, 0x48, 0x41, 0x42, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x03, 0x48, 0x41, 0x42, 0x12, 0x1a, 0x0a, 0x08, 0x52, 0x65, 0x76, 0x69, 0x73, - 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x52, 0x65, 0x76, 0x69, 0x73, - 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x42, 0x75, 0x69, 0x6c, 0x64, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x05, 0x42, 0x75, 0x69, 0x6c, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x56, 0x65, 0x72, - 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x56, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x06, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x12, 0x0a, - 0x04, 0x4c, 0x69, 0x6e, 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x4c, 0x69, 0x6e, - 0x6b, 0x12, 0x2c, 0x0a, 0x07, 0x57, 0x69, 0x74, 0x6e, 0x65, 0x73, 0x73, 0x18, 0x08, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x57, 0x69, 0x74, 0x6e, 0x65, 0x73, 0x73, - 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x07, 0x57, 0x69, 0x74, 0x6e, 0x65, 0x73, 0x73, 0x12, - 0x28, 0x0a, 0x0f, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x75, 0x6e, 0x74, - 0x65, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0f, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, - 0x74, 0x79, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x52, 0x4b, - 0x48, 0x61, 0x73, 0x68, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x53, 0x52, 0x4b, 0x48, - 0x61, 0x73, 0x68, 0x22, 0x89, 0x01, 0x0a, 0x0d, 0x57, 0x69, 0x74, 0x6e, 0x65, 0x73, 0x73, 0x53, - 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, - 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, - 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, - 0x50, 0x12, 0x2c, 0x0a, 0x11, 0x49, 0x44, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x50, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x49, 0x44, - 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, - 0x1e, 0x0a, 0x0a, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x65, 0x64, 0x49, 0x44, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0a, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x65, 0x64, 0x49, 0x44, 0x22, - 0xa1, 0x01, 0x0a, 0x0d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x44, 0x48, 0x43, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x04, 0x44, 0x48, 0x43, 0x50, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x18, 0x0a, 0x07, 0x4e, 0x65, 0x74, 0x6d, 0x61, 0x73, 0x6b, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x4e, 0x65, 0x74, 0x6d, 0x61, 0x73, 0x6b, 0x12, - 0x18, 0x0a, 0x07, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x07, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x52, 0x65, 0x73, - 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x52, 0x65, 0x73, - 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x54, 0x50, 0x53, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x54, 0x50, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x22, 0x30, 0x0a, 0x12, 0x4c, 0x6f, 0x67, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, - 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x43, 0x6f, 0x6e, - 0x74, 0x69, 0x6e, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x43, 0x6f, 0x6e, - 0x74, 0x69, 0x6e, 0x75, 0x65, 0x22, 0x43, 0x0a, 0x13, 0x4c, 0x6f, 0x67, 0x4d, 0x65, 0x73, 0x73, - 0x61, 0x67, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, - 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x50, - 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x4d, 0x6f, 0x72, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x4d, 0x6f, 0x72, 0x65, 0x22, 0x4a, 0x0a, 0x08, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0e, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x45, 0x72, 0x72, 0x6f, - 0x72, 0x43, 0x6f, 0x64, 0x65, 0x52, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x18, 0x0a, 0x07, - 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x50, - 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x2a, 0x28, 0x0a, 0x09, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x43, - 0x6f, 0x64, 0x65, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x11, 0x0a, - 0x0d, 0x47, 0x45, 0x4e, 0x45, 0x52, 0x49, 0x43, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x01, - 0x42, 0x08, 0x5a, 0x06, 0x2e, 0x2f, 0x3b, 0x61, 0x70, 0x69, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, + 0x22, 0x9e, 0x02, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x53, + 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x53, 0x65, 0x72, + 0x69, 0x61, 0x6c, 0x12, 0x10, 0x0a, 0x03, 0x48, 0x41, 0x42, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x03, 0x48, 0x41, 0x42, 0x12, 0x1a, 0x0a, 0x08, 0x52, 0x65, 0x76, 0x69, 0x73, 0x69, 0x6f, + 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x52, 0x65, 0x76, 0x69, 0x73, 0x69, 0x6f, + 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x42, 0x75, 0x69, 0x6c, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x42, 0x75, 0x69, 0x6c, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x56, 0x65, 0x72, 0x73, 0x69, + 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, + 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x07, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4c, + 0x69, 0x6e, 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x4c, 0x69, 0x6e, 0x6b, 0x12, + 0x2c, 0x0a, 0x07, 0x57, 0x69, 0x74, 0x6e, 0x65, 0x73, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x12, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x57, 0x69, 0x74, 0x6e, 0x65, 0x73, 0x73, 0x53, 0x74, + 0x61, 0x74, 0x75, 0x73, 0x52, 0x07, 0x57, 0x69, 0x74, 0x6e, 0x65, 0x73, 0x73, 0x12, 0x28, 0x0a, + 0x0f, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, + 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0f, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, + 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x52, 0x4b, 0x48, 0x61, + 0x73, 0x68, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x53, 0x52, 0x4b, 0x48, 0x61, 0x73, + 0x68, 0x22, 0x89, 0x01, 0x0a, 0x0d, 0x57, 0x69, 0x74, 0x6e, 0x65, 0x73, 0x73, 0x53, 0x74, 0x61, + 0x74, 0x75, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, + 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, + 0x2c, 0x0a, 0x11, 0x49, 0x44, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, + 0x63, 0x4b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x49, 0x44, 0x41, 0x74, + 0x74, 0x65, 0x73, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x1e, 0x0a, + 0x0a, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x65, 0x64, 0x49, 0x44, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0a, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x65, 0x64, 0x49, 0x44, 0x22, 0xa1, 0x01, + 0x0a, 0x0d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, + 0x12, 0x0a, 0x04, 0x44, 0x48, 0x43, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x44, + 0x48, 0x43, 0x50, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x02, 0x49, 0x50, 0x12, 0x18, 0x0a, 0x07, 0x4e, 0x65, 0x74, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x4e, 0x65, 0x74, 0x6d, 0x61, 0x73, 0x6b, 0x12, 0x18, 0x0a, + 0x07, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, + 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x6c, + 0x76, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x6c, + 0x76, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x54, 0x50, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x54, 0x50, 0x53, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x22, 0x30, 0x0a, 0x12, 0x4c, 0x6f, 0x67, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x73, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x43, 0x6f, 0x6e, 0x74, 0x69, + 0x6e, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x43, 0x6f, 0x6e, 0x74, 0x69, + 0x6e, 0x75, 0x65, 0x22, 0x43, 0x0a, 0x13, 0x4c, 0x6f, 0x67, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, + 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x50, 0x61, + 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x50, 0x61, 0x79, + 0x6c, 0x6f, 0x61, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x4d, 0x6f, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x04, 0x4d, 0x6f, 0x72, 0x65, 0x22, 0x4a, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0e, 0x32, 0x0e, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x43, + 0x6f, 0x64, 0x65, 0x52, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x50, 0x61, + 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x50, 0x61, 0x79, + 0x6c, 0x6f, 0x61, 0x64, 0x2a, 0x28, 0x0a, 0x09, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x43, 0x6f, 0x64, + 0x65, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x47, + 0x45, 0x4e, 0x45, 0x52, 0x49, 0x43, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x01, 0x42, 0x08, + 0x5a, 0x06, 0x2e, 0x2f, 0x3b, 0x61, 0x70, 0x69, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -829,27 +615,24 @@ func file_api_proto_rawDescGZIP() []byte { } var file_api_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_api_proto_msgTypes = make([]protoimpl.MessageInfo, 8) +var file_api_proto_msgTypes = make([]protoimpl.MessageInfo, 6) var file_api_proto_goTypes = []interface{}{ (ErrorCode)(0), // 0: api.ErrorCode - (*AppletUpdate)(nil), // 1: api.AppletUpdate - (*AppletUpdateHeader)(nil), // 2: api.AppletUpdateHeader - (*Status)(nil), // 3: api.Status - (*WitnessStatus)(nil), // 4: api.WitnessStatus - (*Configuration)(nil), // 5: api.Configuration - (*LogMessagesRequest)(nil), // 6: api.LogMessagesRequest - (*LogMessagesResponse)(nil), // 7: api.LogMessagesResponse - (*Response)(nil), // 8: api.Response + (*Status)(nil), // 1: api.Status + (*WitnessStatus)(nil), // 2: api.WitnessStatus + (*Configuration)(nil), // 3: api.Configuration + (*LogMessagesRequest)(nil), // 4: api.LogMessagesRequest + (*LogMessagesResponse)(nil), // 5: api.LogMessagesResponse + (*Response)(nil), // 6: api.Response } var file_api_proto_depIdxs = []int32{ - 2, // 0: api.AppletUpdate.Header:type_name -> api.AppletUpdateHeader - 4, // 1: api.Status.Witness:type_name -> api.WitnessStatus - 0, // 2: api.Response.Error:type_name -> api.ErrorCode - 3, // [3:3] is the sub-list for method output_type - 3, // [3:3] is the sub-list for method input_type - 3, // [3:3] is the sub-list for extension type_name - 3, // [3:3] is the sub-list for extension extendee - 0, // [0:3] is the sub-list for field type_name + 2, // 0: api.Status.Witness:type_name -> api.WitnessStatus + 0, // 1: api.Response.Error:type_name -> api.ErrorCode + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name } func init() { file_api_proto_init() } @@ -859,30 +642,6 @@ func file_api_proto_init() { } if !protoimpl.UnsafeEnabled { file_api_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AppletUpdate); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AppletUpdateHeader); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_api_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Status); i { case 0: return &v.state @@ -894,7 +653,7 @@ func file_api_proto_init() { return nil } } - file_api_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + file_api_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*WitnessStatus); i { case 0: return &v.state @@ -906,7 +665,7 @@ func file_api_proto_init() { return nil } } - file_api_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + file_api_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Configuration); i { case 0: return &v.state @@ -918,7 +677,7 @@ func file_api_proto_init() { return nil } } - file_api_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + file_api_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*LogMessagesRequest); i { case 0: return &v.state @@ -930,7 +689,7 @@ func file_api_proto_init() { return nil } } - file_api_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + file_api_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*LogMessagesResponse); i { case 0: return &v.state @@ -942,7 +701,7 @@ func file_api_proto_init() { return nil } } - file_api_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + file_api_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Response); i { case 0: return &v.state @@ -955,17 +714,13 @@ func file_api_proto_init() { } } } - file_api_proto_msgTypes[0].OneofWrappers = []interface{}{ - (*AppletUpdate_Data)(nil), - (*AppletUpdate_Header)(nil), - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_api_proto_rawDesc, NumEnums: 1, - NumMessages: 8, + NumMessages: 6, NumExtensions: 0, NumServices: 0, }, diff --git a/api/api.proto b/api/api.proto index 0473207..aad39c0 100644 --- a/api/api.proto +++ b/api/api.proto @@ -22,98 +22,6 @@ option go_package = "./;api"; /* -Trusted Applet updates are supported with a sequence that splits the applet -payload as follows: - -``` - host > armory: AppletUpdate{ - Total: , - Seq: 0, - Payload: , - } - - host > armory: AppletUpdate{ - Total , - Seq: 1, - Payload: , - } - -... - - host > armory: AppletUpdate{ - Total: , - Seq: , - Payload: , - } -``` - -The host PC software is responsible for extracting the invidual protobuf -messages already pre-assembled in the applet update file, to transmit them -individually. - -The applet image includes a signature for pre-flashing verification in the -first chunk. This signature is verified with a minisign public key stored -within the Trusted OS. - -Once all applet chunks are received the Trusted OS verifies the received -firmware signature and, if successful, it flashes it on the internal eMMC card. - -Such change also updates the internal eMMC RPMB protected applet version value, -which is checked at each boot. - -The applet chunk message is sent with the `U2FHID_ARMORY_OTA` vendor specific -command. - -*/ - -/* - -AppletUpdate - -A `AppletUpdate` represents an OTA sequence applet slice. - -The `TotalChunks` value indicates the total number of chunks for the update, -`Seq` is the transmitted AppletUpdate chunk number: - - `0` indicates that the struct contains verification data in `Header`. - - `1` onwards identifies the first, second, ... chunk of firmware image data. - -*/ -message AppletUpdate { - uint32 Total = 1; - uint32 Seq = 2; - oneof Payload { - bytes Data = 3; - AppletUpdateHeader Header = 4; - } -} - -/* - -AppletUpdateHeader - -An `AppletUpdateHeader` contains verification material for an applet update. -It's sent in the zero-th `AppletUpdate` message during an OTA. - - -*/ - -message AppletUpdateHeader { - // Signature holds the signature over the applet. - bytes Signature = 1; - // Checkpoint contains a note-formatted Log Checkpoint. - bytes Checkpoint = 2; - // Manifest is metadata about the applet, which has been logged to a firmware - // transparency log. - bytes Manifest = 3; - // InclusionProof is a log inclusion proof for Manifest committed to by - // Checkpoint. - repeated bytes InclusionProof = 4; - // LogIndex is the index of Manifest in the firmware transparency log. - uint64 LogIndex = 5; -} - -/* - Status information The status information format is returned on any message sent with the diff --git a/cmd/witnessctl/api.go b/cmd/witnessctl/api.go index 5e92c56..2da0e4a 100644 --- a/cmd/witnessctl/api.go +++ b/cmd/witnessctl/api.go @@ -24,10 +24,8 @@ import ( "io" "log" "net" - "os" "time" - "github.com/cheggaaa/pb/v3" flynn_hid "github.com/flynn/hid" "github.com/flynn/u2f/u2fhid" "google.golang.org/protobuf/proto" @@ -109,7 +107,7 @@ func (d Device) getLogMessages(cmd byte) (string, error) { req.Continue = true // Don't overload the HID endpoint - time.Sleep(10 * time.Millisecond) + time.Sleep(20 * time.Millisecond) } }() @@ -137,141 +135,6 @@ func (d Device) crashLogs() (string, error) { return d.getLogMessages(api.U2FHID_ARMORY_CRASH_LOGS) } -func (d Device) sendUpdateHeader(signature []byte, total int) (err error) { - update := &api.AppletUpdate{ - Total: uint32(total), - Seq: uint32(0), // MUST be 0 - Payload: &api.AppletUpdate_Header{ - Header: &api.AppletUpdateHeader{ - Signature: signature, - // TODO: fill this out - }, - }, - } - - buf, err := d.u2f.Command(api.U2FHID_ARMORY_OTA, []byte(update.Bytes())) - - if err != nil { - return err - } - - res := &api.Response{} - - if err = proto.Unmarshal(buf, res); err != nil { - return err - } - - if res.Error != api.ErrorCode_NONE { - return fmt.Errorf("%+v", res) - } - - return -} - -func (d Device) sendUpdateChunk(data []byte, seq int, total int) (err error) { - if seq <= 0 { - return fmt.Errorf("seq is %d, it must be >= 0 to send update chunks", seq) - } - update := &api.AppletUpdate{ - Total: uint32(total), - Seq: uint32(seq), - Payload: &api.AppletUpdate_Data{ - Data: data, - }, - } - - buf, err := d.u2f.Command(api.U2FHID_ARMORY_OTA, []byte(update.Bytes())) - - if err != nil { - return err - } - - res := &api.Response{} - - if err = proto.Unmarshal(buf, res); err != nil { - return err - } - - if res.Error != api.ErrorCode_NONE { - return fmt.Errorf("%+v", res) - } - - return -} - -func (d Device) ota(taELFPath string, taSigPath string) (err error) { - if len(taELFPath) == 0 { - return errors.New("trusted applet payload path must be specified (-o)") - } - - if len(taSigPath) == 0 { - return errors.New("trusted applet signature path must be specified (-O)") - } - - taELF, err := os.ReadFile(taELFPath) - - if err != nil { - return - } - - taSig, err := os.ReadFile(taSigPath) - - if err != nil { - return - } - - chunkSize := maxChunkSize - totalSize := len(taELF) - - total := totalSize / chunkSize - seq := 0 - - if total == 0 { - total = 1 - } else if totalSize%chunkSize != 0 { - total += 1 - } - - if len(taSig) > maxChunkSize { - return errors.New("signature size exceeds maximum update chunk size") - } - - log.Printf("sending trusted applet signature to armored witness") - - if err = d.sendUpdateHeader(taSig, total); err != nil { - return - } - - bar := pb.StartNew(totalSize) - bar.SetWriter(os.Stdout) - bar.Set(pb.Bytes, true) - - start := time.Now() - - defer func(start time.Time) { - log.Printf("sent %d bytes in %v", totalSize, time.Since(start)) - }(start) - defer bar.Finish() - - log.Printf("sending trusted applet payload to armored witness") - - for i := 0; i < totalSize; i += chunkSize { - seq += 1 - - if i+chunkSize > totalSize { - chunkSize = totalSize - i - } - - if err = d.sendUpdateChunk(taELF[i:i+chunkSize], seq, total); err != nil { - return - } - - bar.Add(chunkSize) - } - - return -} - func (d Device) cfg(dhcp bool, ip string, mask string, gw string, dns string, ntp string) error { if len(ip) == 0 || len(gw) == 0 || len(dns) == 0 { return errors.New("trusted applet IP, gatewy and DNS addresses must all be specified for configuration change (flags: -a -g -r)") diff --git a/cmd/witnessctl/witnessctl.go b/cmd/witnessctl/witnessctl.go index 99ce959..7dab2c4 100644 --- a/cmd/witnessctl/witnessctl.go +++ b/cmd/witnessctl/witnessctl.go @@ -60,9 +60,6 @@ type Config struct { crashLogs bool hab bool - otaELF string - otaSig string - dhcp bool ip string gw string @@ -84,8 +81,6 @@ func init() { flag.BoolVar(&conf.consoleLogs, "l", false, "get witness console/debug logs") flag.BoolVar(&conf.crashLogs, "L", false, "get crash logs from most recent witness failure") flag.BoolVar(&conf.hab, "H", false, "set HAB fuses") - flag.StringVar(&conf.otaELF, "o", "", "trusted applet payload") - flag.StringVar(&conf.otaSig, "O", "", "trusted applet signature") flag.BoolVar(&conf.dhcp, "A", true, "enable DHCP") flag.StringVar(&conf.ip, "a", "10.0.0.1", "set IP address") flag.StringVar(&conf.mask, "m", "255.255.255.0", "set Netmask") @@ -182,13 +177,6 @@ func main() { } log.Printf("%s\n\n", s) } - case len(conf.otaELF) > 0 || len(conf.otaSig) > 0: - if len(conf.devs) != 1 { - log.Fatal("Please specify which device to OTA using -d") - } - if err := conf.devs[0].ota(conf.otaELF, conf.otaSig); err != nil { - log.Fatalf("%v", err) - } case conf.dhcp || len(conf.ip) > 0 || len(conf.gw) > 0 || len(conf.dns) > 0 || len(conf.ntp) > 0: if len(conf.devs) != 1 { log.Fatal("Please specify which device to configure using -d") diff --git a/trusted_os/flash.go b/trusted_os/flash.go index 59f79e6..7385c58 100644 --- a/trusted_os/flash.go +++ b/trusted_os/flash.go @@ -16,21 +16,16 @@ package main import ( "bytes" - "errors" "fmt" "log" "runtime" "time" - "google.golang.org/protobuf/proto" - usbarmory "github.com/usbarmory/tamago/board/usbarmory/mk2" "github.com/usbarmory/tamago/soc/nxp/usdhc" "github.com/transparency-dev/armored-witness-boot/config" "github.com/transparency-dev/armored-witness-common/release/firmware" - - "github.com/transparency-dev/armored-witness-os/api" ) // imx6_usdhc: 15 GB/14 GiB card detected {MMC:true SD:false HC:true HS:true DDR:false Rate:150 BlockSize:512 Blocks:30576640 @@ -371,102 +366,3 @@ func retrieveLastCrashLog(storage Card) ([]byte, error) { } return r, nil } - -// Update is the handler for U2FHID_ARMORY_OTA requests, which consist of -// applet updates. -func (ctl *controlInterface) Update(req []byte) (res []byte) { - var err error - - defer func() { - if err != nil { - log.Printf("applet update error, %v", err) - res = api.ErrorResponse(err) - } else { - resMsg := &api.Response{} - res = resMsg.Bytes() - } - }() - - update := &api.AppletUpdate{} - - if err = proto.Unmarshal(req, update); err != nil { - return - } - - ctl.Lock() - defer ctl.Unlock() - - if update.Seq == 0 { - payload, ok := update.Payload.(*api.AppletUpdate_Header) - if !ok || payload == nil { - err = errors.New("invalid update, seq 0 did not have update header") - return - } - ctl.ota = &otaBuffer{ - total: update.Total, - sig: payload.Header.Signature, - bundle: &config.ProofBundle{ - Checkpoint: payload.Header.Checkpoint, - InclusionProof: payload.Header.InclusionProof, - LogIndex: payload.Header.LogIndex, - Manifest: payload.Header.Manifest, - }, - } - - log.Printf("starting applet update (%d chunks)", ctl.ota.total) - return - } else if ctl.ota == nil || - update.Seq != ctl.ota.seq+1 || - update.Total != ctl.ota.total { - - err = errors.New("invalid firmware update sequence") - return - } - - if len(ctl.ota.buf) > otaLimit { - err = errors.New("size limit exceeded") - return - } - - payload, ok := update.Payload.(*api.AppletUpdate_Data) - if !ok || payload == nil { - err = fmt.Errorf("invalid update, seq > %d did not have update data chunk", update.Seq) - return - } - - ctl.ota.seq = update.Seq - ctl.ota.buf = append(ctl.ota.buf, payload.Data...) - - if ctl.ota.seq%100 == 0 { - log.Printf("received %d/%d applet update chunks", ctl.ota.seq, ctl.ota.total) - } - - if ctl.ota.seq == ctl.ota.total { - log.Printf("received all %d firmware update chunks", ctl.ota.total) - - go func(buf []byte, pb config.ProofBundle) { - // avoid USB control interface timeout - time.Sleep(500 * time.Millisecond) - - if err = updateApplet(ctl.RPC.Storage, buf, pb); err != nil { - log.Printf("firmware update error, %v", err) - } - - if ctl.RPC.Ctx != nil { - log.Printf("SM received applet update, restarting applet") - ctl.RPC.Ctx.Stop() - } - - // FIXME: restarting the applet results in networking - // issues, investigate (or just reboot?). - - if _, err = loadApplet(taELF, ctl); err != nil { - log.Printf("SM applet execution error, %v", err) - } - }(ctl.ota.buf, *ctl.ota.bundle) - - ctl.ota = nil - } - - return -} diff --git a/trusted_os/usb_hid.go b/trusted_os/usb_hid.go index 46159ab..ed1048b 100644 --- a/trusted_os/usb_hid.go +++ b/trusted_os/usb_hid.go @@ -113,10 +113,6 @@ func configureHID(device *usb.Device, ctl *controlInterface) (err error) { return } - if err = hid.AddMapping(api.U2FHID_ARMORY_OTA, ctl.Update); err != nil { - return - } - if err = hid.AddMapping(api.U2FHID_ARMORY_HAB, ctl.HAB); err != nil { return }