Original post

tamago | https://github.com/f-secure-foundry/tamago

Copyright (c) F-Secure Corporation

TamaGo gopher

Andrea Barisani
andrea.barisani@f-secure.com | andrea@inversepath.com

Andrej Rosano
andrej.rosano@f-secure.com | andrej@inversepath.com

TamaGo is a framework that enables compilation and execution of unencumbered applications on bare metal ARM System-on-Chip (SoC) components.

The projects spawns from the desire of reducing the attack surface of embedded systems firmware by removing any runtime dependency on C code and Operating Systems.

The TamaGo framework consists of the following components:

  • A modified Go distribution which extends GOOS support to the tamago target, allowing bare metal execution.

  • Go packages for SoC driver support.

  • Go packages for board support.

The modifications are meant to be minimal for both the Go distribution (< ~4000 LOC changed) and the target application (one import required), with a clean separation from other architectures.

Strong emphasis is placed on code re-use from existing architectures already included within the standard Go runtime, see Internals.

Both aspects are motivated by the desire of providing a framework that allows secure Go firmware development on embedded systems.

The current release for the TamaGo modified Go distribution is tamago1.15.2, which adds GOOS=tamago support to go1.15.2.

Binary releases for amd64 and armv7l Linux hosts are available.

The main documentation can be found on the project wiki.

The package API documentation can be found on pkg.go.dev.

The following table summarizes currently supported SoCs and boards.

Go applications are simply required to import, the relevant board package to ensure that hardware initialization and runtime support takes place:

import (
        // Example for USB armory Mk II
        _ "github.com/f-secure-foundry/tamago/board/f-secure/usbarmory/mark-two"

Build the TamaGo compiler (or use the latest binary release):

git clone https://github.com/f-secure-foundry/tamago-go -b latest
cd tamago-go/src && ./all.bash
cd ../bin && export TAMAGO=`pwd`/go

Go applications can be compiled with the compiler built in the previous step, with the addition of a few flags/variables:

# Example for USB armory Mk II
  ${TAMAGO} build -ldflags "-T 0x80010000  -E _rt0_arm_tamago -R 0x1000"

See the respective board package README file for compilation information for each specific target.

See the respective board package README file for execution and debugging information for each specific target (real or emulated).

The example application provides sample driver usage and instructions for native as well as emulated execution.

tamago | https://github.com/f-secure-foundry/tamago
Copyright (c) F-Secure Corporation

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation under version 3 of the License.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

See accompanying LICENSE file for full details.

The TamaGo logo is adapted from the Go gopher designed by Renee French and licensed under the Creative Commons 3.0 Attributions license. Go Gopher vector illustration by Hugo Arganda.