Documentation
¶
Overview ¶
Package api contains public structures related to the log contents.
Index ¶
Constants ¶
View Source
const ( // FirmwareArtifactName is the name of the firmware image which is expected // to be present in the ArtifactSHA256 map of valid FirmwareRelease instances. FirmwareArtifactName = "armory-drive.imx" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Checkpoint ¶
type Checkpoint struct {
// Origin is the unique identifier for the log issuing this checkpoint.
Origin string
// Size is the number of entries in the log at this checkpoint.
Size uint64
// Hash is the hash which commits to the contents of the entire log.
Hash []byte
}
Checkpoint represents a minimal log checkpoint.
func (*Checkpoint) Unmarshal ¶
func (c *Checkpoint) Unmarshal(data []byte) error
Unmarshal parses the common formatted checkpoint data and stores the result in the Checkpoint.
The supplied data is expected to begin with the following 3 lines of text, each followed by a newline:
- <Origin string>
- <decimal representation of log size>
- <base64 representation of root hash>
There must be no extraneous trailing data.
type FirmwareRelease ¶
type FirmwareRelease struct {
// Description is a human readable description of the firmware release.
Description string `json:"description"`
// PlatformID identifies the hardware platform this release targets.
PlatformID string `json:"platform_id"`
// Revision identifies the revision of this release.
// e.g. "v2021.05.03"
Revision string `json:"revision"`
// ArtifactSHA256 contains the SHA256 hashes of the named release artifacts.
ArtifactSHA256 map[string][]byte `json:"artifact_sha256"`
// SourceURL is the location from which an archive of the source code used to
// produce this release can be downloaded.
SourceURL string `json:"source_url"`
// SourceSHA256 is the SHA256 hash of the contents of the source file at the location
// pointed to by SourceURL.
SourceSHA256 []byte `json:"source_sha256"`
// ToolChain identifies the toolchain used to build the release from the source.
ToolChain string `json:"tool_chain"`
// BuildArgs identifies the set of build arguments used to build the firmware from the source.
BuildArgs map[string]string `json:"build_args"`
}
FirmwareRelease represents a firmware release, and contains all of the information required to reconstruct the unsigned firmware image from source.
type ProofBundle ¶
type ProofBundle struct {
// NewCheckpoint is the signed checkpoint from the log covering the updated release.
//
// This is stored in the format specified at https://github.com/google/trillian-examples/tree/master/formats/log
NewCheckpoint []byte
// FirmwareRelease is the signed FirmwareRelease statement corresponding to the update.
//
// This is stored as a sumbdb signed note containing the JSON representation of the
// FirmwareRelease struct.
FirmwareRelease []byte
// LeafHashes contains all leaf hashes committed to by NewCheckpoint.
//
// This is to allow users who don't/cannot use a tool to install the firmware to verify
// consistency with any possible Checkpoint they may have on their device currently.
LeafHashes [][]byte
}
ProofBundle is written to the armory at update time so that the running firmware can convince itself of the discoverability of the update before installing it.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.