genode/repos/gems/run/file_vault.inc

415 lines
13 KiB
PHP
Raw Normal View History

file_vault: version 23.05 * ARM support and detaching from Ada/SPARK * Remove all CBE-related code - especially the Ada/SPARK-based CBE library. * We have no means or motivation of further maintaining big projects in Ada/SPARK (the core Genode team is native to C++). * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an important architecture for Genode. This would mean extra commitment in Ada/SPARK. * We realize that block encryption more and more becomes a fundamental feature of Genode systems. * Implement a new block encryption library named Tresor that is inspired by the design and feature set of the former CBE library and that is entirely C++ and part of the Genode gems repository. * The Tresor block encryption is backwards-compatible with the on-disk data layout of the former CBE block encryption. * Except from the snapshot management and the "dump" tool, the Tresor block encryption provides the same feature set as the former CBE block encryption and accepts the same user requests at the level of the Tresor library API. * So far, the Tresor block encryption does not support the creation of user-defined snapshots. * In contrast to the former CBE, the Tresor ecosystem has no "dump" tool beause with the CBE library it turned out to be rarely of use. * In contrast to the Block back-end of the CBE "init" tool, the Tresor "init" tool uses a File System back-end. * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin. * The Tresor-VFS plugin in general is similar to the former CBE VFS but has a slightly different API when it comes to re-keying and re-sizing. Each of these operations now is controlled via two files. The first file is named <operation> and the user writes the start command to it. The user must then read this file once in order to drive the operation. The read returns the result of the operation, once it is finished. The second file is named <operation>_progress and can be watched and read for obtaining the progress of the operation as percentage. * The file vault is adapted to use the new Tresor ecosystem instead of the former CBE ecosystem and thereby also gains ARM support. * The former CBE tester and CBE VFS-tests are replaced by equivalent Tresor variants and are now run on ARM as well (testing with a persistent storage back-end is supported only when running on Linux). * So far, the new Tresor block encryption has no internal cache for meta data blocks like the former CBE. * Add config/report user interface * Add a second option for the administration front end to the file vault named "config and report". With this front end the File Vault communicates with the user via XML strings. A ROM session is requested for user input and a Report session for user output. The front end type must be set at startup via the component config and is a static setting. The graphical front end that was used up to now is named "menu view" and remains the default. * The File Vault can now reflect its internal state and user input ("config and report" mode only) at the LOG session via two new static config attributes "verbose_state" and "verbose_ui_config" (both defaulting to "no"). * The Shutdown button in "menu view" mode is replaced with a Lock button. The new button doesn't terminate the File Vault but merely lock the encrypted container and return to a cleared passphrase input. The same transition is also provided in "config and report" mode. * The file_vault.run script is replaced with file_vault_menu_view.run and file_vault_cfg_report.run that address the two front end modes. In contrast to the former script, which is interactive, the latter script is suitable for automatic testing. * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does the same as file_vault_cfg_report.run but uses the File Vault package and can be executed with the Depot Autopilot. The new test package is added to the default test list of depot_autopilot.run * The File Vault README is updated to the new version of the component and has gained a chapter "functional description". * Fixes a regression with the cbe_init_trust_anchor component that prevented reacting to a failed unlock attempt in the File Vault. * The new Tresor software Trust Anchor has an optional deterministic mode in which it replaces the normally randomized symmetric keys with 0. This mode comes in handy for debugging. However, it should never be activated in productive systems. When activated, the user is warned extensively on the LOG that this system mode is insecure. Ref #4819
2023-05-22 12:37:13 +00:00
proc ui_is { arg } {
global ui
return [string equal $arg $ui ]
}
build { app/file_vault }
create_boot_directory
append archives "
[depot_user]/src/[base_src]
[depot_user]/src/init
[depot_user]/src/libc
[depot_user]/src/zlib
[depot_user]/src/fs_query
[depot_user]/src/tresor
[depot_user]/src/vfs_block
[depot_user]/src/vfs_jitterentropy
[depot_user]/src/vfs
[depot_user]/src/openssl
[depot_user]/src/fs_tool
[depot_user]/src/fs_utils
[depot_user]/src/posix
[depot_user]/src/rump
[depot_user]/src/sandbox
"
lappend_if [ui_is menu_view] archives [depot_user]/src/nitpicker
lappend_if [ui_is menu_view] archives [depot_user]/src/menu_view
lappend_if [ui_is menu_view] archives [depot_user]/src/libpng
lappend_if [ui_is menu_view] archives [depot_user]/pkg/fonts_fs
lappend_if [ui_is menu_view] archives [depot_user]/pkg/[drivers_interactive_pkg]
lappend_if [ui_is config_and_report] archives [depot_user]/src/report_rom
lappend_if [ui_is config_and_report] archives [depot_user]/src/dynamic_rom
lappend_if [have_board linux] archives [depot_user]/src/lx_fs
import_from_depot $archives
append config {
<config>
<parent-provides>
<service name="ROM"/>
<service name="LOG"/>
<service name="RM"/>
<service name="CPU"/>
<service name="PD"/>
<service name="IRQ"/>
<service name="IO_MEM"/>
<service name="IO_PORT"/>
</parent-provides>
<start name="timer" caps="200">
file_vault: version 23.05 * ARM support and detaching from Ada/SPARK * Remove all CBE-related code - especially the Ada/SPARK-based CBE library. * We have no means or motivation of further maintaining big projects in Ada/SPARK (the core Genode team is native to C++). * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an important architecture for Genode. This would mean extra commitment in Ada/SPARK. * We realize that block encryption more and more becomes a fundamental feature of Genode systems. * Implement a new block encryption library named Tresor that is inspired by the design and feature set of the former CBE library and that is entirely C++ and part of the Genode gems repository. * The Tresor block encryption is backwards-compatible with the on-disk data layout of the former CBE block encryption. * Except from the snapshot management and the "dump" tool, the Tresor block encryption provides the same feature set as the former CBE block encryption and accepts the same user requests at the level of the Tresor library API. * So far, the Tresor block encryption does not support the creation of user-defined snapshots. * In contrast to the former CBE, the Tresor ecosystem has no "dump" tool beause with the CBE library it turned out to be rarely of use. * In contrast to the Block back-end of the CBE "init" tool, the Tresor "init" tool uses a File System back-end. * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin. * The Tresor-VFS plugin in general is similar to the former CBE VFS but has a slightly different API when it comes to re-keying and re-sizing. Each of these operations now is controlled via two files. The first file is named <operation> and the user writes the start command to it. The user must then read this file once in order to drive the operation. The read returns the result of the operation, once it is finished. The second file is named <operation>_progress and can be watched and read for obtaining the progress of the operation as percentage. * The file vault is adapted to use the new Tresor ecosystem instead of the former CBE ecosystem and thereby also gains ARM support. * The former CBE tester and CBE VFS-tests are replaced by equivalent Tresor variants and are now run on ARM as well (testing with a persistent storage back-end is supported only when running on Linux). * So far, the new Tresor block encryption has no internal cache for meta data blocks like the former CBE. * Add config/report user interface * Add a second option for the administration front end to the file vault named "config and report". With this front end the File Vault communicates with the user via XML strings. A ROM session is requested for user input and a Report session for user output. The front end type must be set at startup via the component config and is a static setting. The graphical front end that was used up to now is named "menu view" and remains the default. * The File Vault can now reflect its internal state and user input ("config and report" mode only) at the LOG session via two new static config attributes "verbose_state" and "verbose_ui_config" (both defaulting to "no"). * The Shutdown button in "menu view" mode is replaced with a Lock button. The new button doesn't terminate the File Vault but merely lock the encrypted container and return to a cleared passphrase input. The same transition is also provided in "config and report" mode. * The file_vault.run script is replaced with file_vault_menu_view.run and file_vault_cfg_report.run that address the two front end modes. In contrast to the former script, which is interactive, the latter script is suitable for automatic testing. * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does the same as file_vault_cfg_report.run but uses the File Vault package and can be executed with the Depot Autopilot. The new test package is added to the default test list of depot_autopilot.run * The File Vault README is updated to the new version of the component and has gained a chapter "functional description". * Fixes a regression with the cbe_init_trust_anchor component that prevented reacting to a failed unlock attempt in the File Vault. * The new Tresor software Trust Anchor has an optional deterministic mode in which it replaces the normally randomized symmetric keys with 0. This mode comes in handy for debugging. However, it should never be activated in productive systems. When activated, the user is warned extensively on the LOG that this system mode is insecure. Ref #4819
2023-05-22 12:37:13 +00:00
<resource name="RAM" quantum="1M"/>
<resource name="CPU" quantum="5"/>
file_vault: version 23.05 * ARM support and detaching from Ada/SPARK * Remove all CBE-related code - especially the Ada/SPARK-based CBE library. * We have no means or motivation of further maintaining big projects in Ada/SPARK (the core Genode team is native to C++). * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an important architecture for Genode. This would mean extra commitment in Ada/SPARK. * We realize that block encryption more and more becomes a fundamental feature of Genode systems. * Implement a new block encryption library named Tresor that is inspired by the design and feature set of the former CBE library and that is entirely C++ and part of the Genode gems repository. * The Tresor block encryption is backwards-compatible with the on-disk data layout of the former CBE block encryption. * Except from the snapshot management and the "dump" tool, the Tresor block encryption provides the same feature set as the former CBE block encryption and accepts the same user requests at the level of the Tresor library API. * So far, the Tresor block encryption does not support the creation of user-defined snapshots. * In contrast to the former CBE, the Tresor ecosystem has no "dump" tool beause with the CBE library it turned out to be rarely of use. * In contrast to the Block back-end of the CBE "init" tool, the Tresor "init" tool uses a File System back-end. * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin. * The Tresor-VFS plugin in general is similar to the former CBE VFS but has a slightly different API when it comes to re-keying and re-sizing. Each of these operations now is controlled via two files. The first file is named <operation> and the user writes the start command to it. The user must then read this file once in order to drive the operation. The read returns the result of the operation, once it is finished. The second file is named <operation>_progress and can be watched and read for obtaining the progress of the operation as percentage. * The file vault is adapted to use the new Tresor ecosystem instead of the former CBE ecosystem and thereby also gains ARM support. * The former CBE tester and CBE VFS-tests are replaced by equivalent Tresor variants and are now run on ARM as well (testing with a persistent storage back-end is supported only when running on Linux). * So far, the new Tresor block encryption has no internal cache for meta data blocks like the former CBE. * Add config/report user interface * Add a second option for the administration front end to the file vault named "config and report". With this front end the File Vault communicates with the user via XML strings. A ROM session is requested for user input and a Report session for user output. The front end type must be set at startup via the component config and is a static setting. The graphical front end that was used up to now is named "menu view" and remains the default. * The File Vault can now reflect its internal state and user input ("config and report" mode only) at the LOG session via two new static config attributes "verbose_state" and "verbose_ui_config" (both defaulting to "no"). * The Shutdown button in "menu view" mode is replaced with a Lock button. The new button doesn't terminate the File Vault but merely lock the encrypted container and return to a cleared passphrase input. The same transition is also provided in "config and report" mode. * The file_vault.run script is replaced with file_vault_menu_view.run and file_vault_cfg_report.run that address the two front end modes. In contrast to the former script, which is interactive, the latter script is suitable for automatic testing. * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does the same as file_vault_cfg_report.run but uses the File Vault package and can be executed with the Depot Autopilot. The new test package is added to the default test list of depot_autopilot.run * The File Vault README is updated to the new version of the component and has gained a chapter "functional description". * Fixes a regression with the cbe_init_trust_anchor component that prevented reacting to a failed unlock attempt in the File Vault. * The new Tresor software Trust Anchor has an optional deterministic mode in which it replaces the normally randomized symmetric keys with 0. This mode comes in handy for debugging. However, it should never be activated in productive systems. When activated, the user is warned extensively on the LOG that this system mode is insecure. Ref #4819
2023-05-22 12:37:13 +00:00
<provides> <service name="Timer"/> </provides>
<route>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
<service name="IO_PORT"> <parent/> </service>
<service name="IRQ"> <parent/> </service>
file_vault: version 23.05 * ARM support and detaching from Ada/SPARK * Remove all CBE-related code - especially the Ada/SPARK-based CBE library. * We have no means or motivation of further maintaining big projects in Ada/SPARK (the core Genode team is native to C++). * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an important architecture for Genode. This would mean extra commitment in Ada/SPARK. * We realize that block encryption more and more becomes a fundamental feature of Genode systems. * Implement a new block encryption library named Tresor that is inspired by the design and feature set of the former CBE library and that is entirely C++ and part of the Genode gems repository. * The Tresor block encryption is backwards-compatible with the on-disk data layout of the former CBE block encryption. * Except from the snapshot management and the "dump" tool, the Tresor block encryption provides the same feature set as the former CBE block encryption and accepts the same user requests at the level of the Tresor library API. * So far, the Tresor block encryption does not support the creation of user-defined snapshots. * In contrast to the former CBE, the Tresor ecosystem has no "dump" tool beause with the CBE library it turned out to be rarely of use. * In contrast to the Block back-end of the CBE "init" tool, the Tresor "init" tool uses a File System back-end. * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin. * The Tresor-VFS plugin in general is similar to the former CBE VFS but has a slightly different API when it comes to re-keying and re-sizing. Each of these operations now is controlled via two files. The first file is named <operation> and the user writes the start command to it. The user must then read this file once in order to drive the operation. The read returns the result of the operation, once it is finished. The second file is named <operation>_progress and can be watched and read for obtaining the progress of the operation as percentage. * The file vault is adapted to use the new Tresor ecosystem instead of the former CBE ecosystem and thereby also gains ARM support. * The former CBE tester and CBE VFS-tests are replaced by equivalent Tresor variants and are now run on ARM as well (testing with a persistent storage back-end is supported only when running on Linux). * So far, the new Tresor block encryption has no internal cache for meta data blocks like the former CBE. * Add config/report user interface * Add a second option for the administration front end to the file vault named "config and report". With this front end the File Vault communicates with the user via XML strings. A ROM session is requested for user input and a Report session for user output. The front end type must be set at startup via the component config and is a static setting. The graphical front end that was used up to now is named "menu view" and remains the default. * The File Vault can now reflect its internal state and user input ("config and report" mode only) at the LOG session via two new static config attributes "verbose_state" and "verbose_ui_config" (both defaulting to "no"). * The Shutdown button in "menu view" mode is replaced with a Lock button. The new button doesn't terminate the File Vault but merely lock the encrypted container and return to a cleared passphrase input. The same transition is also provided in "config and report" mode. * The file_vault.run script is replaced with file_vault_menu_view.run and file_vault_cfg_report.run that address the two front end modes. In contrast to the former script, which is interactive, the latter script is suitable for automatic testing. * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does the same as file_vault_cfg_report.run but uses the File Vault package and can be executed with the Depot Autopilot. The new test package is added to the default test list of depot_autopilot.run * The File Vault README is updated to the new version of the component and has gained a chapter "functional description". * Fixes a regression with the cbe_init_trust_anchor component that prevented reacting to a failed unlock attempt in the File Vault. * The new Tresor software Trust Anchor has an optional deterministic mode in which it replaces the normally randomized symmetric keys with 0. This mode comes in handy for debugging. However, it should never be activated in productive systems. When activated, the user is warned extensively on the LOG that this system mode is insecure. Ref #4819
2023-05-22 12:37:13 +00:00
</route>
</start>
}
append_if [ui_is menu_view] config {
<start name="drivers" caps="1500" managing_system="yes">
<resource name="RAM" quantum="64M"/>
<binary name="init"/>
<route>
<service name="Timer"> <child name="timer"/> </service>
<service name="Capture"> <child name="nitpicker"/> </service>
<service name="Event"> <child name="nitpicker"/> </service>
<service name="ROM" label="config"> <parent label="drivers.config"/> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
<service name="RM"> <parent/> </service>
<service name="IO_MEM"> <parent/> </service>
<service name="IO_PORT"> <parent/> </service>
<service name="IRQ"> <parent/> </service>
</route>
</start>
<start name="nitpicker" caps="100">
<resource name="RAM" quantum="4M"/>
<provides>
<service name="Gui"/> <service name="Capture"/> <service name="Event"/>
</provides>
<config focus="rom">
<capture/> <event/>
<background color="#123456"/>
<domain name="pointer" layer="1" content="client" label="no" origin="pointer" />
<domain name="default" layer="3" content="client" label="no" hover="always" />
<domain name="second" layer="2" xpos="200" ypos="300" content="client" label="no" hover="always" />
<policy label_prefix="pointer" domain="pointer"/>
<policy label_prefix="text_area.2" domain="second"/>
<default-policy domain="default"/>
</config>
<route>
<service name="Timer"> <child name="timer" /> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start>
<start name="pointer" caps="100">
<resource name="RAM" quantum="1M"/>
<route>
<service name="Gui"> <child name="nitpicker" /> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start>
<start name="fonts_fs" caps="150">
<binary name="vfs"/>
<resource name="RAM" quantum="4M"/>
<provides>
<service name="File_system"/>
</provides>
<config>
<vfs>
<rom name="Vera.ttf"/>
<rom name="VeraMono.ttf"/>
<dir name="fonts">
<dir name="title">
<ttf name="regular" path="/Vera.ttf" size_px="18" cache="256K"/>
</dir>
<dir name="text">
<ttf name="regular" path="/Vera.ttf" size_px="14" cache="256K"/>
</dir>
<dir name="annotation">
<ttf name="regular" path="/Vera.ttf" size_px="11" cache="256K"/>
</dir>
<dir name="monospace">
<ttf name="regular" path="/VeraMono.ttf" size_px="14" cache="256K"/>
</dir>
</dir>
</vfs>
<policy label="file_vault -> fonts" root="/fonts" />
</config>
<route>
<service name="ROM" label="config"> <parent label="fonts_fs.config"/> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start>
}
append_if [ui_is config_and_report] config {
<start name="dynamic_rom" caps="100">
<resource name="RAM" quantum="4M"/>
<provides><service name="ROM"/> </provides>
<config verbose="no">
<rom name="file_vault_ui_config">
<inline>
<ui_config version="step_1_wait"/>
</inline>
<sleep milliseconds="6000"/>
file_vault: version 23.05 * ARM support and detaching from Ada/SPARK * Remove all CBE-related code - especially the Ada/SPARK-based CBE library. * We have no means or motivation of further maintaining big projects in Ada/SPARK (the core Genode team is native to C++). * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an important architecture for Genode. This would mean extra commitment in Ada/SPARK. * We realize that block encryption more and more becomes a fundamental feature of Genode systems. * Implement a new block encryption library named Tresor that is inspired by the design and feature set of the former CBE library and that is entirely C++ and part of the Genode gems repository. * The Tresor block encryption is backwards-compatible with the on-disk data layout of the former CBE block encryption. * Except from the snapshot management and the "dump" tool, the Tresor block encryption provides the same feature set as the former CBE block encryption and accepts the same user requests at the level of the Tresor library API. * So far, the Tresor block encryption does not support the creation of user-defined snapshots. * In contrast to the former CBE, the Tresor ecosystem has no "dump" tool beause with the CBE library it turned out to be rarely of use. * In contrast to the Block back-end of the CBE "init" tool, the Tresor "init" tool uses a File System back-end. * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin. * The Tresor-VFS plugin in general is similar to the former CBE VFS but has a slightly different API when it comes to re-keying and re-sizing. Each of these operations now is controlled via two files. The first file is named <operation> and the user writes the start command to it. The user must then read this file once in order to drive the operation. The read returns the result of the operation, once it is finished. The second file is named <operation>_progress and can be watched and read for obtaining the progress of the operation as percentage. * The file vault is adapted to use the new Tresor ecosystem instead of the former CBE ecosystem and thereby also gains ARM support. * The former CBE tester and CBE VFS-tests are replaced by equivalent Tresor variants and are now run on ARM as well (testing with a persistent storage back-end is supported only when running on Linux). * So far, the new Tresor block encryption has no internal cache for meta data blocks like the former CBE. * Add config/report user interface * Add a second option for the administration front end to the file vault named "config and report". With this front end the File Vault communicates with the user via XML strings. A ROM session is requested for user input and a Report session for user output. The front end type must be set at startup via the component config and is a static setting. The graphical front end that was used up to now is named "menu view" and remains the default. * The File Vault can now reflect its internal state and user input ("config and report" mode only) at the LOG session via two new static config attributes "verbose_state" and "verbose_ui_config" (both defaulting to "no"). * The Shutdown button in "menu view" mode is replaced with a Lock button. The new button doesn't terminate the File Vault but merely lock the encrypted container and return to a cleared passphrase input. The same transition is also provided in "config and report" mode. * The file_vault.run script is replaced with file_vault_menu_view.run and file_vault_cfg_report.run that address the two front end modes. In contrast to the former script, which is interactive, the latter script is suitable for automatic testing. * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does the same as file_vault_cfg_report.run but uses the File Vault package and can be executed with the Depot Autopilot. The new test package is added to the default test list of depot_autopilot.run * The File Vault README is updated to the new version of the component and has gained a chapter "functional description". * Fixes a regression with the cbe_init_trust_anchor component that prevented reacting to a failed unlock attempt in the File Vault. * The new Tresor software Trust Anchor has an optional deterministic mode in which it replaces the normally randomized symmetric keys with 0. This mode comes in handy for debugging. However, it should never be activated in productive systems. When activated, the user is warned extensively on the LOG that this system mode is insecure. Ref #4819
2023-05-22 12:37:13 +00:00
<inline>
<ui_config version="step_2_init" passphrase="abcdefgh"
client_fs_size="1M"
journaling_buf_size="1M"/>
</inline>
<sleep milliseconds="10000"/>
file_vault: version 23.05 * ARM support and detaching from Ada/SPARK * Remove all CBE-related code - especially the Ada/SPARK-based CBE library. * We have no means or motivation of further maintaining big projects in Ada/SPARK (the core Genode team is native to C++). * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an important architecture for Genode. This would mean extra commitment in Ada/SPARK. * We realize that block encryption more and more becomes a fundamental feature of Genode systems. * Implement a new block encryption library named Tresor that is inspired by the design and feature set of the former CBE library and that is entirely C++ and part of the Genode gems repository. * The Tresor block encryption is backwards-compatible with the on-disk data layout of the former CBE block encryption. * Except from the snapshot management and the "dump" tool, the Tresor block encryption provides the same feature set as the former CBE block encryption and accepts the same user requests at the level of the Tresor library API. * So far, the Tresor block encryption does not support the creation of user-defined snapshots. * In contrast to the former CBE, the Tresor ecosystem has no "dump" tool beause with the CBE library it turned out to be rarely of use. * In contrast to the Block back-end of the CBE "init" tool, the Tresor "init" tool uses a File System back-end. * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin. * The Tresor-VFS plugin in general is similar to the former CBE VFS but has a slightly different API when it comes to re-keying and re-sizing. Each of these operations now is controlled via two files. The first file is named <operation> and the user writes the start command to it. The user must then read this file once in order to drive the operation. The read returns the result of the operation, once it is finished. The second file is named <operation>_progress and can be watched and read for obtaining the progress of the operation as percentage. * The file vault is adapted to use the new Tresor ecosystem instead of the former CBE ecosystem and thereby also gains ARM support. * The former CBE tester and CBE VFS-tests are replaced by equivalent Tresor variants and are now run on ARM as well (testing with a persistent storage back-end is supported only when running on Linux). * So far, the new Tresor block encryption has no internal cache for meta data blocks like the former CBE. * Add config/report user interface * Add a second option for the administration front end to the file vault named "config and report". With this front end the File Vault communicates with the user via XML strings. A ROM session is requested for user input and a Report session for user output. The front end type must be set at startup via the component config and is a static setting. The graphical front end that was used up to now is named "menu view" and remains the default. * The File Vault can now reflect its internal state and user input ("config and report" mode only) at the LOG session via two new static config attributes "verbose_state" and "verbose_ui_config" (both defaulting to "no"). * The Shutdown button in "menu view" mode is replaced with a Lock button. The new button doesn't terminate the File Vault but merely lock the encrypted container and return to a cleared passphrase input. The same transition is also provided in "config and report" mode. * The file_vault.run script is replaced with file_vault_menu_view.run and file_vault_cfg_report.run that address the two front end modes. In contrast to the former script, which is interactive, the latter script is suitable for automatic testing. * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does the same as file_vault_cfg_report.run but uses the File Vault package and can be executed with the Depot Autopilot. The new test package is added to the default test list of depot_autopilot.run * The File Vault README is updated to the new version of the component and has gained a chapter "functional description". * Fixes a regression with the cbe_init_trust_anchor component that prevented reacting to a failed unlock attempt in the File Vault. * The new Tresor software Trust Anchor has an optional deterministic mode in which it replaces the normally randomized symmetric keys with 0. This mode comes in handy for debugging. However, it should never be activated in productive systems. When activated, the user is warned extensively on the LOG that this system mode is insecure. Ref #4819
2023-05-22 12:37:13 +00:00
<inline>
<ui_config version="step_3_lock"/>
</inline>
<sleep milliseconds="6000"/>
file_vault: version 23.05 * ARM support and detaching from Ada/SPARK * Remove all CBE-related code - especially the Ada/SPARK-based CBE library. * We have no means or motivation of further maintaining big projects in Ada/SPARK (the core Genode team is native to C++). * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an important architecture for Genode. This would mean extra commitment in Ada/SPARK. * We realize that block encryption more and more becomes a fundamental feature of Genode systems. * Implement a new block encryption library named Tresor that is inspired by the design and feature set of the former CBE library and that is entirely C++ and part of the Genode gems repository. * The Tresor block encryption is backwards-compatible with the on-disk data layout of the former CBE block encryption. * Except from the snapshot management and the "dump" tool, the Tresor block encryption provides the same feature set as the former CBE block encryption and accepts the same user requests at the level of the Tresor library API. * So far, the Tresor block encryption does not support the creation of user-defined snapshots. * In contrast to the former CBE, the Tresor ecosystem has no "dump" tool beause with the CBE library it turned out to be rarely of use. * In contrast to the Block back-end of the CBE "init" tool, the Tresor "init" tool uses a File System back-end. * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin. * The Tresor-VFS plugin in general is similar to the former CBE VFS but has a slightly different API when it comes to re-keying and re-sizing. Each of these operations now is controlled via two files. The first file is named <operation> and the user writes the start command to it. The user must then read this file once in order to drive the operation. The read returns the result of the operation, once it is finished. The second file is named <operation>_progress and can be watched and read for obtaining the progress of the operation as percentage. * The file vault is adapted to use the new Tresor ecosystem instead of the former CBE ecosystem and thereby also gains ARM support. * The former CBE tester and CBE VFS-tests are replaced by equivalent Tresor variants and are now run on ARM as well (testing with a persistent storage back-end is supported only when running on Linux). * So far, the new Tresor block encryption has no internal cache for meta data blocks like the former CBE. * Add config/report user interface * Add a second option for the administration front end to the file vault named "config and report". With this front end the File Vault communicates with the user via XML strings. A ROM session is requested for user input and a Report session for user output. The front end type must be set at startup via the component config and is a static setting. The graphical front end that was used up to now is named "menu view" and remains the default. * The File Vault can now reflect its internal state and user input ("config and report" mode only) at the LOG session via two new static config attributes "verbose_state" and "verbose_ui_config" (both defaulting to "no"). * The Shutdown button in "menu view" mode is replaced with a Lock button. The new button doesn't terminate the File Vault but merely lock the encrypted container and return to a cleared passphrase input. The same transition is also provided in "config and report" mode. * The file_vault.run script is replaced with file_vault_menu_view.run and file_vault_cfg_report.run that address the two front end modes. In contrast to the former script, which is interactive, the latter script is suitable for automatic testing. * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does the same as file_vault_cfg_report.run but uses the File Vault package and can be executed with the Depot Autopilot. The new test package is added to the default test list of depot_autopilot.run * The File Vault README is updated to the new version of the component and has gained a chapter "functional description". * Fixes a regression with the cbe_init_trust_anchor component that prevented reacting to a failed unlock attempt in the File Vault. * The new Tresor software Trust Anchor has an optional deterministic mode in which it replaces the normally randomized symmetric keys with 0. This mode comes in handy for debugging. However, it should never be activated in productive systems. When activated, the user is warned extensively on the LOG that this system mode is insecure. Ref #4819
2023-05-22 12:37:13 +00:00
<inline>
<ui_config version="step_4_bad_unlock" passphrase="00000001"/>
file_vault: version 23.05 * ARM support and detaching from Ada/SPARK * Remove all CBE-related code - especially the Ada/SPARK-based CBE library. * We have no means or motivation of further maintaining big projects in Ada/SPARK (the core Genode team is native to C++). * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an important architecture for Genode. This would mean extra commitment in Ada/SPARK. * We realize that block encryption more and more becomes a fundamental feature of Genode systems. * Implement a new block encryption library named Tresor that is inspired by the design and feature set of the former CBE library and that is entirely C++ and part of the Genode gems repository. * The Tresor block encryption is backwards-compatible with the on-disk data layout of the former CBE block encryption. * Except from the snapshot management and the "dump" tool, the Tresor block encryption provides the same feature set as the former CBE block encryption and accepts the same user requests at the level of the Tresor library API. * So far, the Tresor block encryption does not support the creation of user-defined snapshots. * In contrast to the former CBE, the Tresor ecosystem has no "dump" tool beause with the CBE library it turned out to be rarely of use. * In contrast to the Block back-end of the CBE "init" tool, the Tresor "init" tool uses a File System back-end. * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin. * The Tresor-VFS plugin in general is similar to the former CBE VFS but has a slightly different API when it comes to re-keying and re-sizing. Each of these operations now is controlled via two files. The first file is named <operation> and the user writes the start command to it. The user must then read this file once in order to drive the operation. The read returns the result of the operation, once it is finished. The second file is named <operation>_progress and can be watched and read for obtaining the progress of the operation as percentage. * The file vault is adapted to use the new Tresor ecosystem instead of the former CBE ecosystem and thereby also gains ARM support. * The former CBE tester and CBE VFS-tests are replaced by equivalent Tresor variants and are now run on ARM as well (testing with a persistent storage back-end is supported only when running on Linux). * So far, the new Tresor block encryption has no internal cache for meta data blocks like the former CBE. * Add config/report user interface * Add a second option for the administration front end to the file vault named "config and report". With this front end the File Vault communicates with the user via XML strings. A ROM session is requested for user input and a Report session for user output. The front end type must be set at startup via the component config and is a static setting. The graphical front end that was used up to now is named "menu view" and remains the default. * The File Vault can now reflect its internal state and user input ("config and report" mode only) at the LOG session via two new static config attributes "verbose_state" and "verbose_ui_config" (both defaulting to "no"). * The Shutdown button in "menu view" mode is replaced with a Lock button. The new button doesn't terminate the File Vault but merely lock the encrypted container and return to a cleared passphrase input. The same transition is also provided in "config and report" mode. * The file_vault.run script is replaced with file_vault_menu_view.run and file_vault_cfg_report.run that address the two front end modes. In contrast to the former script, which is interactive, the latter script is suitable for automatic testing. * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does the same as file_vault_cfg_report.run but uses the File Vault package and can be executed with the Depot Autopilot. The new test package is added to the default test list of depot_autopilot.run * The File Vault README is updated to the new version of the component and has gained a chapter "functional description". * Fixes a regression with the cbe_init_trust_anchor component that prevented reacting to a failed unlock attempt in the File Vault. * The new Tresor software Trust Anchor has an optional deterministic mode in which it replaces the normally randomized symmetric keys with 0. This mode comes in handy for debugging. However, it should never be activated in productive systems. When activated, the user is warned extensively on the LOG that this system mode is insecure. Ref #4819
2023-05-22 12:37:13 +00:00
</inline>
<sleep milliseconds="6000"/>
file_vault: version 23.05 * ARM support and detaching from Ada/SPARK * Remove all CBE-related code - especially the Ada/SPARK-based CBE library. * We have no means or motivation of further maintaining big projects in Ada/SPARK (the core Genode team is native to C++). * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an important architecture for Genode. This would mean extra commitment in Ada/SPARK. * We realize that block encryption more and more becomes a fundamental feature of Genode systems. * Implement a new block encryption library named Tresor that is inspired by the design and feature set of the former CBE library and that is entirely C++ and part of the Genode gems repository. * The Tresor block encryption is backwards-compatible with the on-disk data layout of the former CBE block encryption. * Except from the snapshot management and the "dump" tool, the Tresor block encryption provides the same feature set as the former CBE block encryption and accepts the same user requests at the level of the Tresor library API. * So far, the Tresor block encryption does not support the creation of user-defined snapshots. * In contrast to the former CBE, the Tresor ecosystem has no "dump" tool beause with the CBE library it turned out to be rarely of use. * In contrast to the Block back-end of the CBE "init" tool, the Tresor "init" tool uses a File System back-end. * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin. * The Tresor-VFS plugin in general is similar to the former CBE VFS but has a slightly different API when it comes to re-keying and re-sizing. Each of these operations now is controlled via two files. The first file is named <operation> and the user writes the start command to it. The user must then read this file once in order to drive the operation. The read returns the result of the operation, once it is finished. The second file is named <operation>_progress and can be watched and read for obtaining the progress of the operation as percentage. * The file vault is adapted to use the new Tresor ecosystem instead of the former CBE ecosystem and thereby also gains ARM support. * The former CBE tester and CBE VFS-tests are replaced by equivalent Tresor variants and are now run on ARM as well (testing with a persistent storage back-end is supported only when running on Linux). * So far, the new Tresor block encryption has no internal cache for meta data blocks like the former CBE. * Add config/report user interface * Add a second option for the administration front end to the file vault named "config and report". With this front end the File Vault communicates with the user via XML strings. A ROM session is requested for user input and a Report session for user output. The front end type must be set at startup via the component config and is a static setting. The graphical front end that was used up to now is named "menu view" and remains the default. * The File Vault can now reflect its internal state and user input ("config and report" mode only) at the LOG session via two new static config attributes "verbose_state" and "verbose_ui_config" (both defaulting to "no"). * The Shutdown button in "menu view" mode is replaced with a Lock button. The new button doesn't terminate the File Vault but merely lock the encrypted container and return to a cleared passphrase input. The same transition is also provided in "config and report" mode. * The file_vault.run script is replaced with file_vault_menu_view.run and file_vault_cfg_report.run that address the two front end modes. In contrast to the former script, which is interactive, the latter script is suitable for automatic testing. * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does the same as file_vault_cfg_report.run but uses the File Vault package and can be executed with the Depot Autopilot. The new test package is added to the default test list of depot_autopilot.run * The File Vault README is updated to the new version of the component and has gained a chapter "functional description". * Fixes a regression with the cbe_init_trust_anchor component that prevented reacting to a failed unlock attempt in the File Vault. * The new Tresor software Trust Anchor has an optional deterministic mode in which it replaces the normally randomized symmetric keys with 0. This mode comes in handy for debugging. However, it should never be activated in productive systems. When activated, the user is warned extensively on the LOG that this system mode is insecure. Ref #4819
2023-05-22 12:37:13 +00:00
<inline>
<ui_config version="step_5_wait"/>
file_vault: version 23.05 * ARM support and detaching from Ada/SPARK * Remove all CBE-related code - especially the Ada/SPARK-based CBE library. * We have no means or motivation of further maintaining big projects in Ada/SPARK (the core Genode team is native to C++). * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an important architecture for Genode. This would mean extra commitment in Ada/SPARK. * We realize that block encryption more and more becomes a fundamental feature of Genode systems. * Implement a new block encryption library named Tresor that is inspired by the design and feature set of the former CBE library and that is entirely C++ and part of the Genode gems repository. * The Tresor block encryption is backwards-compatible with the on-disk data layout of the former CBE block encryption. * Except from the snapshot management and the "dump" tool, the Tresor block encryption provides the same feature set as the former CBE block encryption and accepts the same user requests at the level of the Tresor library API. * So far, the Tresor block encryption does not support the creation of user-defined snapshots. * In contrast to the former CBE, the Tresor ecosystem has no "dump" tool beause with the CBE library it turned out to be rarely of use. * In contrast to the Block back-end of the CBE "init" tool, the Tresor "init" tool uses a File System back-end. * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin. * The Tresor-VFS plugin in general is similar to the former CBE VFS but has a slightly different API when it comes to re-keying and re-sizing. Each of these operations now is controlled via two files. The first file is named <operation> and the user writes the start command to it. The user must then read this file once in order to drive the operation. The read returns the result of the operation, once it is finished. The second file is named <operation>_progress and can be watched and read for obtaining the progress of the operation as percentage. * The file vault is adapted to use the new Tresor ecosystem instead of the former CBE ecosystem and thereby also gains ARM support. * The former CBE tester and CBE VFS-tests are replaced by equivalent Tresor variants and are now run on ARM as well (testing with a persistent storage back-end is supported only when running on Linux). * So far, the new Tresor block encryption has no internal cache for meta data blocks like the former CBE. * Add config/report user interface * Add a second option for the administration front end to the file vault named "config and report". With this front end the File Vault communicates with the user via XML strings. A ROM session is requested for user input and a Report session for user output. The front end type must be set at startup via the component config and is a static setting. The graphical front end that was used up to now is named "menu view" and remains the default. * The File Vault can now reflect its internal state and user input ("config and report" mode only) at the LOG session via two new static config attributes "verbose_state" and "verbose_ui_config" (both defaulting to "no"). * The Shutdown button in "menu view" mode is replaced with a Lock button. The new button doesn't terminate the File Vault but merely lock the encrypted container and return to a cleared passphrase input. The same transition is also provided in "config and report" mode. * The file_vault.run script is replaced with file_vault_menu_view.run and file_vault_cfg_report.run that address the two front end modes. In contrast to the former script, which is interactive, the latter script is suitable for automatic testing. * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does the same as file_vault_cfg_report.run but uses the File Vault package and can be executed with the Depot Autopilot. The new test package is added to the default test list of depot_autopilot.run * The File Vault README is updated to the new version of the component and has gained a chapter "functional description". * Fixes a regression with the cbe_init_trust_anchor component that prevented reacting to a failed unlock attempt in the File Vault. * The new Tresor software Trust Anchor has an optional deterministic mode in which it replaces the normally randomized symmetric keys with 0. This mode comes in handy for debugging. However, it should never be activated in productive systems. When activated, the user is warned extensively on the LOG that this system mode is insecure. Ref #4819
2023-05-22 12:37:13 +00:00
</inline>
<sleep milliseconds="6000"/>
file_vault: version 23.05 * ARM support and detaching from Ada/SPARK * Remove all CBE-related code - especially the Ada/SPARK-based CBE library. * We have no means or motivation of further maintaining big projects in Ada/SPARK (the core Genode team is native to C++). * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an important architecture for Genode. This would mean extra commitment in Ada/SPARK. * We realize that block encryption more and more becomes a fundamental feature of Genode systems. * Implement a new block encryption library named Tresor that is inspired by the design and feature set of the former CBE library and that is entirely C++ and part of the Genode gems repository. * The Tresor block encryption is backwards-compatible with the on-disk data layout of the former CBE block encryption. * Except from the snapshot management and the "dump" tool, the Tresor block encryption provides the same feature set as the former CBE block encryption and accepts the same user requests at the level of the Tresor library API. * So far, the Tresor block encryption does not support the creation of user-defined snapshots. * In contrast to the former CBE, the Tresor ecosystem has no "dump" tool beause with the CBE library it turned out to be rarely of use. * In contrast to the Block back-end of the CBE "init" tool, the Tresor "init" tool uses a File System back-end. * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin. * The Tresor-VFS plugin in general is similar to the former CBE VFS but has a slightly different API when it comes to re-keying and re-sizing. Each of these operations now is controlled via two files. The first file is named <operation> and the user writes the start command to it. The user must then read this file once in order to drive the operation. The read returns the result of the operation, once it is finished. The second file is named <operation>_progress and can be watched and read for obtaining the progress of the operation as percentage. * The file vault is adapted to use the new Tresor ecosystem instead of the former CBE ecosystem and thereby also gains ARM support. * The former CBE tester and CBE VFS-tests are replaced by equivalent Tresor variants and are now run on ARM as well (testing with a persistent storage back-end is supported only when running on Linux). * So far, the new Tresor block encryption has no internal cache for meta data blocks like the former CBE. * Add config/report user interface * Add a second option for the administration front end to the file vault named "config and report". With this front end the File Vault communicates with the user via XML strings. A ROM session is requested for user input and a Report session for user output. The front end type must be set at startup via the component config and is a static setting. The graphical front end that was used up to now is named "menu view" and remains the default. * The File Vault can now reflect its internal state and user input ("config and report" mode only) at the LOG session via two new static config attributes "verbose_state" and "verbose_ui_config" (both defaulting to "no"). * The Shutdown button in "menu view" mode is replaced with a Lock button. The new button doesn't terminate the File Vault but merely lock the encrypted container and return to a cleared passphrase input. The same transition is also provided in "config and report" mode. * The file_vault.run script is replaced with file_vault_menu_view.run and file_vault_cfg_report.run that address the two front end modes. In contrast to the former script, which is interactive, the latter script is suitable for automatic testing. * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does the same as file_vault_cfg_report.run but uses the File Vault package and can be executed with the Depot Autopilot. The new test package is added to the default test list of depot_autopilot.run * The File Vault README is updated to the new version of the component and has gained a chapter "functional description". * Fixes a regression with the cbe_init_trust_anchor component that prevented reacting to a failed unlock attempt in the File Vault. * The new Tresor software Trust Anchor has an optional deterministic mode in which it replaces the normally randomized symmetric keys with 0. This mode comes in handy for debugging. However, it should never be activated in productive systems. When activated, the user is warned extensively on the LOG that this system mode is insecure. Ref #4819
2023-05-22 12:37:13 +00:00
<inline>
<ui_config version="step_6_unlock" passphrase="abcdefgh"/>
file_vault: version 23.05 * ARM support and detaching from Ada/SPARK * Remove all CBE-related code - especially the Ada/SPARK-based CBE library. * We have no means or motivation of further maintaining big projects in Ada/SPARK (the core Genode team is native to C++). * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an important architecture for Genode. This would mean extra commitment in Ada/SPARK. * We realize that block encryption more and more becomes a fundamental feature of Genode systems. * Implement a new block encryption library named Tresor that is inspired by the design and feature set of the former CBE library and that is entirely C++ and part of the Genode gems repository. * The Tresor block encryption is backwards-compatible with the on-disk data layout of the former CBE block encryption. * Except from the snapshot management and the "dump" tool, the Tresor block encryption provides the same feature set as the former CBE block encryption and accepts the same user requests at the level of the Tresor library API. * So far, the Tresor block encryption does not support the creation of user-defined snapshots. * In contrast to the former CBE, the Tresor ecosystem has no "dump" tool beause with the CBE library it turned out to be rarely of use. * In contrast to the Block back-end of the CBE "init" tool, the Tresor "init" tool uses a File System back-end. * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin. * The Tresor-VFS plugin in general is similar to the former CBE VFS but has a slightly different API when it comes to re-keying and re-sizing. Each of these operations now is controlled via two files. The first file is named <operation> and the user writes the start command to it. The user must then read this file once in order to drive the operation. The read returns the result of the operation, once it is finished. The second file is named <operation>_progress and can be watched and read for obtaining the progress of the operation as percentage. * The file vault is adapted to use the new Tresor ecosystem instead of the former CBE ecosystem and thereby also gains ARM support. * The former CBE tester and CBE VFS-tests are replaced by equivalent Tresor variants and are now run on ARM as well (testing with a persistent storage back-end is supported only when running on Linux). * So far, the new Tresor block encryption has no internal cache for meta data blocks like the former CBE. * Add config/report user interface * Add a second option for the administration front end to the file vault named "config and report". With this front end the File Vault communicates with the user via XML strings. A ROM session is requested for user input and a Report session for user output. The front end type must be set at startup via the component config and is a static setting. The graphical front end that was used up to now is named "menu view" and remains the default. * The File Vault can now reflect its internal state and user input ("config and report" mode only) at the LOG session via two new static config attributes "verbose_state" and "verbose_ui_config" (both defaulting to "no"). * The Shutdown button in "menu view" mode is replaced with a Lock button. The new button doesn't terminate the File Vault but merely lock the encrypted container and return to a cleared passphrase input. The same transition is also provided in "config and report" mode. * The file_vault.run script is replaced with file_vault_menu_view.run and file_vault_cfg_report.run that address the two front end modes. In contrast to the former script, which is interactive, the latter script is suitable for automatic testing. * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does the same as file_vault_cfg_report.run but uses the File Vault package and can be executed with the Depot Autopilot. The new test package is added to the default test list of depot_autopilot.run * The File Vault README is updated to the new version of the component and has gained a chapter "functional description". * Fixes a regression with the cbe_init_trust_anchor component that prevented reacting to a failed unlock attempt in the File Vault. * The new Tresor software Trust Anchor has an optional deterministic mode in which it replaces the normally randomized symmetric keys with 0. This mode comes in handy for debugging. However, it should never be activated in productive systems. When activated, the user is warned extensively on the LOG that this system mode is insecure. Ref #4819
2023-05-22 12:37:13 +00:00
</inline>
<sleep milliseconds="600000"/>
</rom>
</config>
<route>
<service name="Timer"> <child name="timer"/> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start>
<start name="report_rom" caps="70">
<resource name="RAM" quantum="1M"/>
<provides>
<service name="ROM" />
<service name="Report" />
</provides>
<config verbose="yes"/>
<route>
<service name="LOG"> <parent/> </service>
<service name="PD"> <parent/> </service>
<service name="CPU"> <parent/> </service>
<service name="ROM"> <parent/> </service>
</route>
</start>
}
if {[have_board linux]} {
append config {
<start name="data_fs" caps="200" ld="no">
<binary name="lx_fs"/>
<resource name="RAM" quantum="4M"/>
<provides>
<service name="File_system"/>
</provides>
<config>
<policy label="file_vault -> data"
root="/file_vault_dir/data"
writeable="yes"/>
</config>
<route>
<service name="Timer"> <child name="timer"/> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start>
<start name="trust_anchor_fs" caps="200" ld="no">
<binary name="lx_fs"/>
<resource name="RAM" quantum="4M"/>
<provides>
<service name="File_system"/>
</provides>
<config>
<policy label="file_vault -> trust_anchor"
root="/file_vault_dir/trust_anchor"
writeable="yes"/>
</config>
<route>
<service name="Timer"> <child name="timer"/> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start>
}
} else {
append config {
<start name="data_fs" caps="2000">
<binary name="vfs"/>
<resource name="RAM" quantum="200M"/>
<provides><service name="File_system"/></provides>
<config>
<vfs>
<dir name="data">
<ram/>
</dir>
</vfs>
<policy label="file_vault -> data" root="/data" writeable="yes"/>
</config>
<route>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start>
<start name="trust_anchor_fs" caps="100">
<binary name="vfs"/>
<resource name="RAM" quantum="5M"/>
<provides><service name="File_system"/></provides>
<config>
<vfs>
<dir name="trust_anchor">
<ram/>
</dir>
</vfs>
<policy label="file_vault -> trust_anchor" root="/trust_anchor" writeable="yes"/>
</config>
<route>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start>
}
}
append config {
<start name="file_vault" caps="2000">
<resource name="RAM" quantum="200M"/>
<config user_interface="} $ui {">
<vfs>
<dir name="tresor">
<fs label="tresor"/>
</dir>
</vfs>
</config>
<route>
}
append_if [ui_is menu_view] config {
<service name="File_system" label="menu_view -> fonts"> <child name="fonts_fs" label="file_vault -> fonts"/> </service>
<service name="Gui"> <child name="nitpicker"/> </service>
}
append_if [ui_is config_and_report] config {
<service name="ROM" label="ui_config"> <child name="dynamic_rom" label="file_vault_ui_config"/> </service>
<service name="Report" label="ui_report"> <child name="report_rom"/> </service>
}
append config {
<service name="File_system" label="tresor_trust_anchor_vfs -> storage_dir"> <child name="trust_anchor_fs" label="file_vault -> trust_anchor"/> </service>
<service name="File_system" label="tresor_init -> "> <child name="data_fs" label="file_vault -> data"/> </service>
<service name="File_system" label="tresor"> <child name="data_fs" label="file_vault -> data"/> </service>
<service name="File_system" label="fs_query -> "> <child name="data_fs" label="file_vault -> data"/> </service>
<service name="File_system" label="image_fs_query -> "> <child name="data_fs" label="file_vault -> data"/> </service>
<service name="File_system" label="tresor_vfs -> tresor_fs"> <child name="data_fs" label="file_vault -> data"/> </service>
<service name="File_system" label="truncate_file -> tresor"> <child name="data_fs" label="file_vault -> data"/> </service>
<service name="Timer"> <child name="timer"/> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="CPU"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="RM"> <parent/> </service>
</route>
</start>
</config>
}
install_config $config
if {[have_board linux]} {
if {[ui_is config_and_report]} {
exec rm -rf bin/file_vault_dir
}
exec mkdir -p bin/file_vault_dir/data
exec mkdir -p bin/file_vault_dir/trust_anchor
}
append boot_modules {
file_vault
file_vault-sync_to_tresor_vfs_init
file_vault-truncate_file
}
lappend_if [have_board linux] boot_modules file_vault_dir
if {[ui_is menu_view]} {
set fd [open [run_dir]/genode/focus w]
puts $fd "<focus label=\"file_vault -> \"/>"
close $fd
append qemu_args " -display gtk "
build_boot_image $boot_modules
run_genode_until forever
}
if {[ui_is config_and_report]} {
build_boot_image $boot_modules
append exp_output {.*<ui_report version=\"step_.*\" state=\"uninitialized\"/>.*\n}
append exp_output {.*<ui_report version=\"step_.*\" state=\"initializing\"/>.*\n}
append exp_output {.*<ui_report version=\"step_.*\" state=\"unlocked\"/>.*\n}
append exp_output {.*<ui_report version=\"step_.*\" state=\"locked\"/>.*\n}
append exp_output {.*<ui_report version=\"step_.*\" state=\"unlocked\"/>.*\n}
append qemu_args " -display none "
run_genode_until $exp_output 70
file_vault: version 23.05 * ARM support and detaching from Ada/SPARK * Remove all CBE-related code - especially the Ada/SPARK-based CBE library. * We have no means or motivation of further maintaining big projects in Ada/SPARK (the core Genode team is native to C++). * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an important architecture for Genode. This would mean extra commitment in Ada/SPARK. * We realize that block encryption more and more becomes a fundamental feature of Genode systems. * Implement a new block encryption library named Tresor that is inspired by the design and feature set of the former CBE library and that is entirely C++ and part of the Genode gems repository. * The Tresor block encryption is backwards-compatible with the on-disk data layout of the former CBE block encryption. * Except from the snapshot management and the "dump" tool, the Tresor block encryption provides the same feature set as the former CBE block encryption and accepts the same user requests at the level of the Tresor library API. * So far, the Tresor block encryption does not support the creation of user-defined snapshots. * In contrast to the former CBE, the Tresor ecosystem has no "dump" tool beause with the CBE library it turned out to be rarely of use. * In contrast to the Block back-end of the CBE "init" tool, the Tresor "init" tool uses a File System back-end. * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin. * The Tresor-VFS plugin in general is similar to the former CBE VFS but has a slightly different API when it comes to re-keying and re-sizing. Each of these operations now is controlled via two files. The first file is named <operation> and the user writes the start command to it. The user must then read this file once in order to drive the operation. The read returns the result of the operation, once it is finished. The second file is named <operation>_progress and can be watched and read for obtaining the progress of the operation as percentage. * The file vault is adapted to use the new Tresor ecosystem instead of the former CBE ecosystem and thereby also gains ARM support. * The former CBE tester and CBE VFS-tests are replaced by equivalent Tresor variants and are now run on ARM as well (testing with a persistent storage back-end is supported only when running on Linux). * So far, the new Tresor block encryption has no internal cache for meta data blocks like the former CBE. * Add config/report user interface * Add a second option for the administration front end to the file vault named "config and report". With this front end the File Vault communicates with the user via XML strings. A ROM session is requested for user input and a Report session for user output. The front end type must be set at startup via the component config and is a static setting. The graphical front end that was used up to now is named "menu view" and remains the default. * The File Vault can now reflect its internal state and user input ("config and report" mode only) at the LOG session via two new static config attributes "verbose_state" and "verbose_ui_config" (both defaulting to "no"). * The Shutdown button in "menu view" mode is replaced with a Lock button. The new button doesn't terminate the File Vault but merely lock the encrypted container and return to a cleared passphrase input. The same transition is also provided in "config and report" mode. * The file_vault.run script is replaced with file_vault_menu_view.run and file_vault_cfg_report.run that address the two front end modes. In contrast to the former script, which is interactive, the latter script is suitable for automatic testing. * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does the same as file_vault_cfg_report.run but uses the File Vault package and can be executed with the Depot Autopilot. The new test package is added to the default test list of depot_autopilot.run * The File Vault README is updated to the new version of the component and has gained a chapter "functional description". * Fixes a regression with the cbe_init_trust_anchor component that prevented reacting to a failed unlock attempt in the File Vault. * The new Tresor software Trust Anchor has an optional deterministic mode in which it replaces the normally randomized symmetric keys with 0. This mode comes in handy for debugging. However, it should never be activated in productive systems. When activated, the user is warned extensively on the LOG that this system mode is insecure. Ref #4819
2023-05-22 12:37:13 +00:00
}