genode/repos/gems/run/vfs_tresor.run

assert_spec linux

create_boot_directory

proc tresor_image_file { } {
	return "vfs_tresor_block.img"
}

set use_interactively [expr ![get_cmd_switch --autopilot]]

import_from_depot [depot_user]/pkg/[drivers_interactive_pkg] \
                  [depot_user]/pkg/terminal \
                  [depot_user]/src/ncurses \
                  [depot_user]/src/bash \
                  [depot_user]/src/coreutils \
                  [depot_user]/src/nitpicker


build {
	core
	timer
	init
	server/lx_fs
	lib/vfs_tresor
	lib/vfs_tresor_crypto_aes_cbc
	lib/vfs_tresor_crypto_memcopy
	lib/vfs_tresor_trust_anchor
	lib/vfs_import
	lib/vfs_jitterentropy
	lib/vfs_pipe
	test/vfs_stress
	test/libc
	server/log_terminal
	server/report_rom
	server/fs_rom
	app/tresor_init_trust_anchor
	app/sequence
}

set config {
<config verbose="yes">
	<parent-provides>
		<service name="ROM"/>
		<service name="IRQ"/>
		<service name="IO_MEM"/>
		<service name="IO_PORT"/>
		<service name="PD"/>
		<service name="RM"/>
		<service name="CPU"/>
		<service name="LOG"/>
	</parent-provides>

	<default-route>
		<any-service> <parent/> <any-child/> </any-service>
	</default-route>

	<default caps="100"/>
	<start name="timer">
		<resource name="RAM" quantum="1M"/>
		<provides><service name="Timer"/></provides>
	</start>

	<start name="drivers" caps="1000" managing_system="yes">
		<resource name="RAM" quantum="32M"/>
		<binary name="init"/>
		<route>
			<service name="ROM" label="config"> <parent label="drivers.config"/> </service>
			<service name="Timer"> <child name="timer"/> </service>
			<service name="Capture"> <child name="nitpicker"/> </service>
			<service name="Event">   <child name="nitpicker"/> </service>
			<any-service> <parent/> </any-service>
		</route>
	</start>

	<start name="nitpicker">
		<resource name="RAM" quantum="4M"/>
		<provides>
			<service name="Gui"/>
			<service name="Capture"/>
			<service name="Event"/>
		</provides>
		<config focus="rom" request_framebuffer="no" request_input="no">
			<capture/> <event/>
			<domain name="default" layer="2" content="client" label="no" hover="always"/>
			<default-policy domain="default"/>
		</config>
		<route>
			<any-service> <parent/> <any-child/> </any-service>
		</route>
	</start>}

append_if $use_interactively config {

	<start name="terminal_service" caps="110">
		<binary name="terminal"/>
		<resource name="RAM" quantum="12M"/>
		<provides><service name="Terminal"/></provides>
		<route>
			<service name="ROM" label="config"> <parent label="terminal.config"/> </service>
			<service name="Gui"> <child name="nitpicker"/> </service>
			<any-service> <parent/> <any-child/> </any-service>
		</route>
	</start>}

append_if [expr !$use_interactively] config {
	<start name="terminal_service" caps="110">
		<binary name="log_terminal"/>
		<resource name="RAM" quantum="2M"/>
		<provides><service name="Terminal"/></provides>
		<route>
			<any-service> <parent/> <any-child/> </any-service>
		</route>
	</start>}

append config {
	<start name="lx_fs" ld="no">
		<resource name="RAM" quantum="4M"/>
		<provides> <service name="File_system"/> </provides>
		<config>
			<default-policy root="/" writeable="yes"/>
		</config>
	</start>

	<start name="vfs_tresor_trust_anchor" caps="120">
		<binary name="vfs"/>
		<resource name="RAM" quantum="16M"/>
		<provides><service name="File_system"/></provides>
		<config>
			<vfs>
				<ram/>
				<import>
					<rom name="encrypted_private_key"/>
					<rom name="superblock_hash"/>
				</import>

				<dir name="dev">
					<jitterentropy/>
					<tresor_trust_anchor name="tresor_trust_anchor"
					                  storage_dir="/"/>
				</dir>
			</vfs>

			<default-policy root="/dev/tresor_trust_anchor" writeable="yes"/>
		</config>
		<route>
			<any-service> <parent/> </any-service>
		</route>
	</start>

	<start name="initialize_tresor" caps="3000">
		<binary name="sequence"/>
		<resource name="RAM" quantum="300M"/>
		<config>

			<start name="tresor_init_trust_anchor">
				<resource name="RAM" quantum="4M"/>
				<config passphrase="foobar" trust_anchor_dir="/trust_anchor">
					<vfs>
						<dir name="trust_anchor">
							<fs label="ta"/>
						</dir>
					</vfs>
				</config>
			</start>

			<start name="init" caps="1600">
				<resource name="RAM" quantum="256M"/>
				<config verbose="yes">

					<parent-provides>
						<service name="ROM"/>
						<service name="PD"/>
						<service name="RM"/>
						<service name="CPU"/>
						<service name="LOG"/>
						<service name="Nic"/>
						<service name="Timer"/>
						<service name="File_system"/>
						<service name="Terminal"/>
					</parent-provides>

					<default-route> <any-service> <parent/> </any-service> </default-route>

					<default caps="100"/>

					<start name="vfs_tresor" caps="200">
						<binary name="vfs"/>
						<resource name="RAM" quantum="16M"/>
						<provides><service name="File_system"/></provides>
						<config>
							<vfs>
								<fs buffer_size="1M" label="fs_backend"/>
								<tresor_crypto_aes_cbc name="tresor_crypto"/>
								<dir name="ta"> <fs buffer_size="1M" label="ta"/> </dir>
								<dir name="dev">
									<tresor name="tresor" debug="no" verbose="yes"
										 block="/} [tresor_image_file] {"
										 crypto="/tresor_crypto"
										 trust_anchor="/ta"/>
								</dir>
							</vfs>

							<default-policy root="/dev" writeable="yes"/>
						</config>
						<route>
							<service name="File_system" label="fs_backend"> <parent label="fs"/> </service>
							<service name="File_system" label="ta">         <parent label="ta"/> </service>
							<any-service> <parent/> </any-service>
						</route>
					</start>

					<start name="vfs" caps="120">
						<resource name="RAM" quantum="30M"/>
						<provides><service name="File_system"/></provides>
						<config>
							<vfs>
								<tar name="coreutils.tar"/>
								<tar name="bash.tar"/>

								<dir name="home"> <ram/> </dir>
								<dir name="share"> </dir>
								<dir name="tmp"> <ram/> </dir>
								<dir name="dev">
									<zero/> <null/> <terminal/>
									<dir name="pipe"> <pipe/> </dir>
									<inline name="rtc">2018-01-01 00:01</inline>
								</dir>
							</vfs>

							<policy label_prefix="vfs_rom" root="/"/>
							<default-policy root="/" writeable="yes"/>
						</config>
						<route>
							<service name="Terminal"> <parent label="terminal_service"/> </service>
							<service name="Timer"> <child name="timer"/> </service>
							<any-service> <parent/> </any-service>
						</route>
					</start>

					<start name="vfs_rom">
						<resource name="RAM" quantum="30M"/>
						<binary name="fs_rom"/>
						<provides> <service name="ROM"/> </provides>
						<config/>
						<route>
							<service name="File_system"> <child name="vfs"/> </service>
							<any-service> <parent/> </any-service>
						</route>
					</start>

					<start name="/bin/bash" caps="1000">
						<resource name="RAM" quantum="64M"/>
						<config ld_verbose="yes">
							<libc stdin="/dev/terminal" stdout="/dev/terminal"
								  stderr="/dev/terminal" rtc="/dev/rtc" pipe="/dev/pipe"/>
							<vfs>
								<fs label="shell" buffer_size="1M"/>
								<dir name="dev">
									<fs label="tresor" buffer_size="1M"/>
								</dir>
								<rom name=".profile" label="vfs_tresor.sh"/>
							</vfs>
							<arg value="bash"/>
							<arg value="--login"/>
							<env key="TERM" value="screen"/>
							<env key="HOME" value="/"/>
							<env key="PATH" value="/bin"/>
						</config>
						<route>
							<service name="File_system" label="shell">  <child name="vfs"/> </service>
							<service name="File_system" label="tresor">    <child name="vfs_tresor"/> </service>
							<service name="ROM" label_suffix=".lib.so"> <parent/> </service>
							<service name="ROM" label_last="/bin/bash"> <child name="vfs_rom"/> </service>
							<service name="ROM" label_prefix="/bin">    <child name="vfs_rom"/> </service>
							<any-service> <parent/> <any-child/> </any-service>
						</route>
					</start>
				</config>
			</start>
		</config>
		<route>
			<service name="Terminal"> <child name="terminal_service"/> </service>
			<service name="File_system" label_last="fs"> <child name="lx_fs"/> </service>
			<service name="File_system" label_last="ta"> <child name="vfs_tresor_trust_anchor"/> </service>
			<service name="Timer"> <child name="timer"/> </service>
			<any-service> <parent/> </any-service>
		</route>
	</start>

</config>}

install_config $config

set shell_script "run/vfs_tresor.sh"
set repo "[repository_contains $shell_script]"
exec cp $repo/$shell_script bin/

append boot_modules {
	lx_fs
	tresor_init_trust_anchor
	vfs_tresor.lib.so
	vfs_tresor_crypto_aes_cbc.lib.so
	vfs_tresor_crypto_memcopy.lib.so
	vfs_tresor_trust_anchor.lib.so
	vfs_tresor.sh
	vfs.lib.so
	vfs_import.lib.so
	vfs_jitterentropy.lib.so
	vfs_pipe.lib.so
	posix.lib.so
	libc.lib.so
	libcrypto.lib.so
	log_terminal
	fs_rom
	report_rom
	sequence
	init
	core
	timer
	ld.lib.so
}

append boot_modules {
	encrypted_private_key superblock_hash
}
append boot_modules [tresor_image_file]

set fd [open [run_dir]/genode/focus w]
puts $fd "<focus label=\"terminal_service -> \" domain=\"default\"/>"
close $fd

build_boot_image $boot_modules

if {$use_interactively} {
	run_genode_until forever
} else {
	run_genode_until {.*--- Automated Tresor testing finished.*} 1800
}