genode/repos/gems/run/file_vault.run

assert_spec x86_64

build { app/file_vault }

create_boot_directory

append archives "
	[depot_user]/src/[base_src]
	[depot_user]/pkg/[drivers_interactive_pkg]
	[depot_user]/pkg/fonts_fs
	[depot_user]/src/init
	[depot_user]/src/nitpicker
	[depot_user]/src/libc
	[depot_user]/src/libpng
	[depot_user]/src/zlib
	[depot_user]/src/fs_query
	[depot_user]/src/menu_view
	[depot_user]/src/cbe
	[depot_user]/src/spark
	[depot_user]/src/libsparkcrypto
	[depot_user]/src/vfs_block
	[depot_user]/src/vfs_jitterentropy
	[depot_user]/src/vfs
	[depot_user]/src/openssl
	[depot_user]/src/fs_tool
	[depot_user]/src/fs_utils
	[depot_user]/src/posix
	[depot_user]/src/rump
	[depot_user]/src/sandbox
"

append_if [have_board linux] archives [depot_user]/src/lx_fs

import_from_depot $archives

append config {

	<config>

		<parent-provides>
			<service name="ROM"/>
			<service name="LOG"/>
			<service name="RM"/>
			<service name="CPU"/>
			<service name="PD"/>
			<service name="IRQ"/>
			<service name="IO_MEM"/>
			<service name="IO_PORT"/>
		</parent-provides>

		<start name="timer" caps="100">
			<resource name="RAM" quantum="1M"/>
			<provides> <service name="Timer"/> </provides>
			<route>
				<service name="PD">  <parent/> </service>
				<service name="ROM"> <parent/> </service>
				<service name="LOG"> <parent/> </service>
				<service name="CPU"> <parent/> </service>
			</route>
		</start>

		<start name="drivers" caps="1500" managing_system="yes">
			<resource name="RAM" quantum="64M"/>
			<binary name="init"/>
			<route>
				<service name="Timer">              <child name="timer"/> </service>
				<service name="Capture">            <child name="nitpicker"/> </service>
				<service name="Event">              <child name="nitpicker"/> </service>
				<service name="ROM" label="config"> <parent label="drivers.config"/> </service>
				<service name="PD">                 <parent/> </service>
				<service name="ROM">                <parent/> </service>
				<service name="LOG">                <parent/> </service>
				<service name="CPU">                <parent/> </service>
				<service name="RM">                 <parent/> </service>
				<service name="IO_MEM">             <parent/> </service>
				<service name="IO_PORT">            <parent/> </service>
				<service name="IRQ">                <parent/> </service>
			</route>
		</start>

		<start name="nitpicker" caps="100">
			<resource name="RAM" quantum="4M"/>
			<provides>
				<service name="Gui"/> <service name="Capture"/> <service name="Event"/>
			</provides>
			<config focus="rom">
				<capture/> <event/>
				<background color="#123456"/>
				<domain name="pointer" layer="1" content="client" label="no" origin="pointer" />
				<domain name="default" layer="3" content="client" label="no" hover="always" />
				<domain name="second" layer="2" xpos="200" ypos="300" content="client" label="no" hover="always" />

				<policy label_prefix="pointer" domain="pointer"/>
				<policy label_prefix="text_area.2" domain="second"/>
				<default-policy domain="default"/>
			</config>
			<route>
				<service name="Timer">  <child name="timer" /> </service>
				<service name="PD">     <parent/> </service>
				<service name="ROM">    <parent/> </service>
				<service name="LOG">    <parent/> </service>
				<service name="CPU">    <parent/> </service>
			</route>
		</start>

		<start name="pointer" caps="100">
			<resource name="RAM" quantum="1M"/>
			<route>
				<service name="Gui"> <child name="nitpicker" /> </service>
				<service name="PD">  <parent/> </service>
				<service name="ROM"> <parent/> </service>
				<service name="LOG"> <parent/> </service>
				<service name="CPU"> <parent/> </service>
			</route>
		</start>
}
if {[have_board linux]} {

	append config {

		<start name="data_fs" caps="200" ld="no">
			<binary name="lx_fs"/>
			<resource name="RAM" quantum="4M"/>
			<provides>
				<service name="File_system"/>
			</provides>
			<config>
				<policy label="file_vault -> data"
				        root="/file_vault_dir/data"
				        writeable="yes"/>
			</config>
			<route>
				<service name="Timer"> <child name="timer"/> </service>
				<service name="PD">  <parent/> </service>
				<service name="ROM"> <parent/> </service>
				<service name="LOG"> <parent/> </service>
				<service name="CPU"> <parent/> </service>
			</route>
		</start>

		<start name="trust_anchor_fs" caps="200" ld="no">
			<binary name="lx_fs"/>
			<resource name="RAM" quantum="4M"/>
			<provides>
				<service name="File_system"/>
			</provides>
			<config>
				<policy label="file_vault -> trust_anchor"
				        root="/file_vault_dir/trust_anchor"
				        writeable="yes"/>
			</config>
			<route>
				<service name="Timer"> <child name="timer"/> </service>
				<service name="PD">  <parent/> </service>
				<service name="ROM"> <parent/> </service>
				<service name="LOG"> <parent/> </service>
				<service name="CPU"> <parent/> </service>
			</route>
		</start>
	}

} else {

	append config {

		<start name="data_fs" caps="2000">
			<binary name="vfs"/>
			<resource name="RAM" quantum="200M"/>
			<provides><service name="File_system"/></provides>
			<config>
				<vfs>
					<dir name="data">
						<ram/>
					</dir>
				</vfs>
				<policy label="file_vault -> data" root="/data" writeable="yes"/>
			</config>
			<route>
				<service name="PD">  <parent/> </service>
				<service name="ROM"> <parent/> </service>
				<service name="LOG"> <parent/> </service>
				<service name="CPU"> <parent/> </service>
			</route>
		</start>

		<start name="trust_anchor_fs" caps="100">
			<binary name="vfs"/>
			<resource name="RAM" quantum="5M"/>
			<provides><service name="File_system"/></provides>
			<config>
				<vfs>
					<dir name="trust_anchor">
						<ram/>
					</dir>
				</vfs>
				<policy label="file_vault -> trust_anchor" root="/trust_anchor" writeable="yes"/>
			</config>
			<route>
				<service name="PD">  <parent/> </service>
				<service name="ROM"> <parent/> </service>
				<service name="LOG"> <parent/> </service>
				<service name="CPU"> <parent/> </service>
			</route>
		</start>
	}
}
append config {

		<start name="fonts_fs" caps="150">
			<binary name="vfs"/>
			<resource name="RAM" quantum="4M"/>
			<provides>
				<service name="File_system"/>
			</provides>
			<config>
				<vfs>
					<rom name="Vera.ttf"/>
					<rom name="VeraMono.ttf"/>
					<dir name="fonts">
						<dir name="title">
							<ttf name="regular" path="/Vera.ttf" size_px="18" cache="256K"/>
						</dir>
						<dir name="text">
							<ttf name="regular" path="/Vera.ttf" size_px="14" cache="256K"/>
						</dir>
						<dir name="annotation">
							<ttf name="regular" path="/Vera.ttf" size_px="11" cache="256K"/>
						</dir>
						<dir name="monospace">
							<ttf name="regular" path="/VeraMono.ttf" size_px="14" cache="256K"/>
						</dir>
					</dir>
				</vfs>

				<policy label="file_vault -> fonts" root="/fonts" />
			</config>
			<route>
				<service name="ROM" label="config"> <parent label="fonts_fs.config"/> </service>
				<service name="PD">                 <parent/> </service>
				<service name="ROM">                <parent/> </service>
				<service name="LOG">                <parent/> </service>
				<service name="CPU">                <parent/> </service>
			</route>
		</start>

		<start name="file_vault" caps="2000">
			<resource name="RAM" quantum="200M"/>
			<config>
				<vfs>
					<dir name="cbe">
						<fs label="cbe"/>
					</dir>
				</vfs>
			</config>
			<route>
				<service name="File_system" label="cbe_trust_anchor_vfs -> storage_dir"> <child name="trust_anchor_fs" label="file_vault -> trust_anchor"/> </service>
				<service name="File_system" label="vfs_block -> ">                       <child name="data_fs"         label="file_vault -> data"/> </service>
				<service name="File_system" label="cbe">                                 <child name="data_fs"         label="file_vault -> data"/> </service>
				<service name="File_system" label="fs_query -> ">                        <child name="data_fs"         label="file_vault -> data"/> </service>
				<service name="File_system" label="image_fs_query -> ">                  <child name="data_fs"         label="file_vault -> data"/> </service>
				<service name="File_system" label="cbe_vfs -> cbe_fs">                   <child name="data_fs"         label="file_vault -> data"/> </service>
				<service name="File_system" label="truncate_file -> cbe">                <child name="data_fs"         label="file_vault -> data"/> </service>
				<service name="File_system" label="menu_view -> fonts">                  <child name="fonts_fs"        label="file_vault -> fonts"/> </service>
				<service name="Timer">                                                   <child name="timer"/> </service>
				<service name="Gui">                                                     <child name="nitpicker"/> </service>
				<service name="PD">                                                      <parent/> </service>
				<service name="ROM">                                                     <parent/> </service>
				<service name="CPU">                                                     <parent/> </service>
				<service name="LOG">                                                     <parent/> </service>
				<service name="RM">                                                      <parent/> </service>
			</route>
		</start>

	</config>
}

install_config $config

set fd [open [run_dir]/genode/focus w]
puts $fd "<focus label=\"file_vault -> \"/>"
close $fd

if {[have_board linux]} {
	exec mkdir -p bin/file_vault_dir/data
	exec mkdir -p bin/file_vault_dir/trust_anchor
}

append boot_modules {
	file_vault
	file_vault-sync_to_cbe_vfs_init
	file_vault-truncate_file
}

append qemu_args " -display gtk "

append_if [have_board linux] boot_modules file_vault_dir

build_boot_image $boot_modules

run_genode_until forever
file_vault: GUI control for encrypted virtual FS's Warning! The current version of the file vault is not thought for productive use but for mere demonstrational purpose! Please refrain from storing sensitive data with it! The File Vault component implements a graphical frontend for setting up and controlling encrypted virtual file systems using the Consistent Block Encrypter (CBE) for encryption and snapshot management. For more details see 'repos/gems/src/app/file_vault/README'. Fixes #4032 2021-02-24 16:06:40 +00:00			`assert_spec x86_64`

			`build { app/file_vault }`

			`create_boot_directory`

			`append archives "`
			`[depot_user]/src/[base_src]`
			`[depot_user]/pkg/[drivers_interactive_pkg]`
			`[depot_user]/pkg/fonts_fs`
			`[depot_user]/src/init`
			`[depot_user]/src/nitpicker`
			`[depot_user]/src/libc`
			`[depot_user]/src/libpng`
			`[depot_user]/src/zlib`
			`[depot_user]/src/fs_query`
			`[depot_user]/src/menu_view`
			`[depot_user]/src/cbe`
			`[depot_user]/src/spark`
			`[depot_user]/src/libsparkcrypto`
			`[depot_user]/src/vfs_block`
			`[depot_user]/src/vfs_jitterentropy`
			`[depot_user]/src/vfs`
			`[depot_user]/src/openssl`
			`[depot_user]/src/fs_tool`
			`[depot_user]/src/fs_utils`
			`[depot_user]/src/posix`
			`[depot_user]/src/rump`
			`[depot_user]/src/sandbox`
			`"`

			`append_if [have_board linux] archives [depot_user]/src/lx_fs`

			`import_from_depot $archives`

			`append config {`

			`<config>`

			`<parent-provides>`
			`<service name="ROM"/>`
			`<service name="LOG"/>`
			`<service name="RM"/>`
			`<service name="CPU"/>`
			`<service name="PD"/>`
			`<service name="IRQ"/>`
			`<service name="IO_MEM"/>`
			`<service name="IO_PORT"/>`
			`</parent-provides>`

			`<start name="timer" caps="100">`
			`<resource name="RAM" quantum="1M"/>`
			`<provides> <service name="Timer"/> </provides>`
			`<route>`
			`<service name="PD"> <parent/> </service>`
			`<service name="ROM"> <parent/> </service>`
			`<service name="LOG"> <parent/> </service>`
			`<service name="CPU"> <parent/> </service>`
			`</route>`
			`</start>`

			`<start name="drivers" caps="1500" managing_system="yes">`
			`<resource name="RAM" quantum="64M"/>`
			`<binary name="init"/>`
			`<route>`
			`<service name="Timer"> <child name="timer"/> </service>`
			`<service name="Capture"> <child name="nitpicker"/> </service>`
			`<service name="Event"> <child name="nitpicker"/> </service>`
			`<service name="ROM" label="config"> <parent label="drivers.config"/> </service>`
			`<service name="PD"> <parent/> </service>`
			`<service name="ROM"> <parent/> </service>`
			`<service name="LOG"> <parent/> </service>`
			`<service name="CPU"> <parent/> </service>`
			`<service name="RM"> <parent/> </service>`
			`<service name="IO_MEM"> <parent/> </service>`
			`<service name="IO_PORT"> <parent/> </service>`
			`<service name="IRQ"> <parent/> </service>`
			`</route>`
			`</start>`

			`<start name="nitpicker" caps="100">`
			`<resource name="RAM" quantum="4M"/>`
			`<provides>`
			`<service name="Gui"/> <service name="Capture"/> <service name="Event"/>`
			`</provides>`
			`<config focus="rom">`
			`<capture/> <event/>`
			`<background color="#123456"/>`
			`<domain name="pointer" layer="1" content="client" label="no" origin="pointer" />`
			`<domain name="default" layer="3" content="client" label="no" hover="always" />`
			`<domain name="second" layer="2" xpos="200" ypos="300" content="client" label="no" hover="always" />`

			`<policy label_prefix="pointer" domain="pointer"/>`
			`<policy label_prefix="text_area.2" domain="second"/>`
			`<default-policy domain="default"/>`
			`</config>`
			`<route>`
			`<service name="Timer"> <child name="timer" /> </service>`
			`<service name="PD"> <parent/> </service>`
			`<service name="ROM"> <parent/> </service>`
			`<service name="LOG"> <parent/> </service>`
			`<service name="CPU"> <parent/> </service>`
			`</route>`
			`</start>`

			`<start name="pointer" caps="100">`
			`<resource name="RAM" quantum="1M"/>`
			`<route>`
			`<service name="Gui"> <child name="nitpicker" /> </service>`
			`<service name="PD"> <parent/> </service>`
			`<service name="ROM"> <parent/> </service>`
			`<service name="LOG"> <parent/> </service>`
			`<service name="CPU"> <parent/> </service>`
			`</route>`
			`</start>`
			`}`
			`if {[have_board linux]} {`

			`append config {`

			`<start name="data_fs" caps="200" ld="no">`
			`<binary name="lx_fs"/>`
			`<resource name="RAM" quantum="4M"/>`
			`<provides>`
			`<service name="File_system"/>`
			`</provides>`
			`<config>`
			`<policy label="file_vault -> data"`
			`root="/file_vault_dir/data"`
			`writeable="yes"/>`
			`</config>`
			`<route>`
			`<service name="Timer"> <child name="timer"/> </service>`
			`<service name="PD"> <parent/> </service>`
			`<service name="ROM"> <parent/> </service>`
			`<service name="LOG"> <parent/> </service>`
			`<service name="CPU"> <parent/> </service>`
			`</route>`
			`</start>`

			`<start name="trust_anchor_fs" caps="200" ld="no">`
			`<binary name="lx_fs"/>`
			`<resource name="RAM" quantum="4M"/>`
			`<provides>`
			`<service name="File_system"/>`
			`</provides>`
			`<config>`
			`<policy label="file_vault -> trust_anchor"`
			`root="/file_vault_dir/trust_anchor"`
			`writeable="yes"/>`
			`</config>`
			`<route>`
			`<service name="Timer"> <child name="timer"/> </service>`
			`<service name="PD"> <parent/> </service>`
			`<service name="ROM"> <parent/> </service>`
			`<service name="LOG"> <parent/> </service>`
			`<service name="CPU"> <parent/> </service>`
			`</route>`
			`</start>`
			`}`

			`} else {`

			`append config {`

			`<start name="data_fs" caps="2000">`
			`<binary name="vfs"/>`
			`<resource name="RAM" quantum="200M"/>`
			`<provides><service name="File_system"/></provides>`
			`<config>`
			`<vfs>`
			`<dir name="data">`
			`<ram/>`
			`</dir>`
			`</vfs>`
			`<policy label="file_vault -> data" root="/data" writeable="yes"/>`
			`</config>`
			`<route>`
			`<service name="PD"> <parent/> </service>`
			`<service name="ROM"> <parent/> </service>`
			`<service name="LOG"> <parent/> </service>`
			`<service name="CPU"> <parent/> </service>`
			`</route>`
			`</start>`

			`<start name="trust_anchor_fs" caps="100">`
			`<binary name="vfs"/>`
			`<resource name="RAM" quantum="5M"/>`
			`<provides><service name="File_system"/></provides>`
			`<config>`
			`<vfs>`
			`<dir name="trust_anchor">`
			`<ram/>`
			`</dir>`
			`</vfs>`
			`<policy label="file_vault -> trust_anchor" root="/trust_anchor" writeable="yes"/>`
			`</config>`
			`<route>`
			`<service name="PD"> <parent/> </service>`
			`<service name="ROM"> <parent/> </service>`
			`<service name="LOG"> <parent/> </service>`
			`<service name="CPU"> <parent/> </service>`
			`</route>`
			`</start>`
			`}`
			`}`
			`append config {`

			`<start name="fonts_fs" caps="150">`
			`<binary name="vfs"/>`
			`<resource name="RAM" quantum="4M"/>`
			`<provides>`
			`<service name="File_system"/>`
			`</provides>`
			`<config>`
			`<vfs>`
			`<rom name="Vera.ttf"/>`
			`<rom name="VeraMono.ttf"/>`
			`<dir name="fonts">`
			`<dir name="title">`
			`<ttf name="regular" path="/Vera.ttf" size_px="18" cache="256K"/>`
			`</dir>`
			`<dir name="text">`
			`<ttf name="regular" path="/Vera.ttf" size_px="14" cache="256K"/>`
			`</dir>`
			`<dir name="annotation">`
			`<ttf name="regular" path="/Vera.ttf" size_px="11" cache="256K"/>`
			`</dir>`
			`<dir name="monospace">`
			`<ttf name="regular" path="/VeraMono.ttf" size_px="14" cache="256K"/>`
			`</dir>`
			`</dir>`
			`</vfs>`

			`<policy label="file_vault -> fonts" root="/fonts" />`
			`</config>`
			`<route>`
			`<service name="ROM" label="config"> <parent label="fonts_fs.config"/> </service>`
			`<service name="PD"> <parent/> </service>`
			`<service name="ROM"> <parent/> </service>`
			`<service name="LOG"> <parent/> </service>`
			`<service name="CPU"> <parent/> </service>`
			`</route>`
			`</start>`

			`<start name="file_vault" caps="2000">`
			`<resource name="RAM" quantum="200M"/>`
			`<config>`
			`<vfs>`
			`<dir name="cbe">`
			`<fs label="cbe"/>`
			`</dir>`
			`</vfs>`
			`</config>`
			`<route>`
			`<service name="File_system" label="cbe_trust_anchor_vfs -> storage_dir"> <child name="trust_anchor_fs" label="file_vault -> trust_anchor"/> </service>`
			`<service name="File_system" label="vfs_block -> "> <child name="data_fs" label="file_vault -> data"/> </service>`
			`<service name="File_system" label="cbe"> <child name="data_fs" label="file_vault -> data"/> </service>`
			`<service name="File_system" label="fs_query -> "> <child name="data_fs" label="file_vault -> data"/> </service>`
			`<service name="File_system" label="image_fs_query -> "> <child name="data_fs" label="file_vault -> data"/> </service>`
			`<service name="File_system" label="cbe_vfs -> cbe_fs"> <child name="data_fs" label="file_vault -> data"/> </service>`
			`<service name="File_system" label="truncate_file -> cbe"> <child name="data_fs" label="file_vault -> data"/> </service>`
			`<service name="File_system" label="menu_view -> fonts"> <child name="fonts_fs" label="file_vault -> fonts"/> </service>`
			`<service name="Timer"> <child name="timer"/> </service>`
			`<service name="Gui"> <child name="nitpicker"/> </service>`
			`<service name="PD"> <parent/> </service>`
			`<service name="ROM"> <parent/> </service>`
			`<service name="CPU"> <parent/> </service>`
			`<service name="LOG"> <parent/> </service>`
			`<service name="RM"> <parent/> </service>`
			`</route>`
			`</start>`

			`</config>`
			`}`

			`install_config $config`

			`set fd [open [run_dir]/genode/focus w]`
			`puts $fd "<focus label=\"file_vault -> \"/>"`
			`close $fd`

			`if {[have_board linux]} {`
			`exec mkdir -p bin/file_vault_dir/data`
			`exec mkdir -p bin/file_vault_dir/trust_anchor`
			`}`

			`append boot_modules {`
			`file_vault`
			`file_vault-sync_to_cbe_vfs_init`
			`file_vault-truncate_file`
			`}`

			`append qemu_args " -display gtk "`

			`append_if [have_board linux] boot_modules file_vault_dir`

			`build_boot_image $boot_modules`

			`run_genode_until forever`