ExternalVendorCode/genode
1
0
Fork 0
mirror of https://github.com/genodelabs/genode.git synced 2024-12-18 21:27:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

gems: import Genode-specific code of the CBE

Browse Source 
The CBE repository contained a lot of Genode-specific code despite the fact
that the CBE core logic is not bound to Genode in any way. Therefore the
Genode-specific CBE code is moved to the 'gems' repository to form part of
Genode mainline. The remaining CBE code becomes a port in Genode instead of
being invoked as sub-repository.

The commit combines the following work steps:

* add all files removed from CBE repository
* add CBE port files
* make all CBE libs and targets build again
* make all CBE run scripts succeed again
* make all CBE recipes build again
* make CBE autopilot succeed again
* let CBE autopilot use 'libsparcrypto' contrib dir and Genode build dir
  instead of '.ci' dir in CBE contrib dir (remove '.ci' dir from CBE repo)
* let CBE autopilot always check for all ports
* make CBE autopilot directly executable
* fix license headers in all Genode CBE files
* remove unused VFS replay component
* remove unused CBE test
* remove unused external crypto
* remove unused files in run dir
* remove unused external trust anchor
* add cbe_tester test to autopilot list
* get rid of directories 'include/cbe_*' and 'include/utils'

Fixes #3937
This commit is contained in:
Martin Stein 2020-11-10 11:57:26 +01:00 committed by Christian Helmuth
parent 24181f2bf6
commit 30b8f4efc8
136 changed files with 18863 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
repos/gems/include/cbe/check/library.h Normal file
View File

@ -0,0 +1,59 @@
/*
* \brief Integration of the Consistent Block Encrypter (CBE)
* \author Martin Stein
* \author Josef Soentgen
* \date 2020-11-10
*/
/*
* Copyright (C) 2020 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU Affero General Public License version 3.
*/
#ifndef _CBE__CHECK__LIBRARY_H_
#define _CBE__CHECK__LIBRARY_H_
/* CBE includes */
#include <cbe/types.h>
#include <cbe/spark_object.h>
extern "C" void cbe_check_cxx_init();
extern "C" void cbe_check_cxx_final();
namespace Cbe_check {
class Library;
Genode::uint32_t object_size(Library const &);
}
struct Cbe_check::Library : Cbe::Spark_object<46160>
{
Library();
bool client_request_acceptable() const;
void submit_client_request(Cbe::Request const &request);
Cbe::Request peek_completed_client_request() const;
void drop_completed_client_request(Cbe::Request const &req);
void execute(Cbe::Io_buffer const &io_buf);
bool execute_progress() const;
void io_request_completed(Cbe::Io_buffer::Index const &data_index,
bool const success);
void has_io_request(Cbe::Request &, Cbe::Io_buffer::Index &) const;
void io_request_in_progress(Cbe::Io_buffer::Index const &data_index);
};
#endif /* _CBE__CHECK__LIBRARY_H_ */

119
repos/gems/include/cbe/crypto/interface.h Normal file
View File

@ -0,0 +1,119 @@
/*
* \brief Integration of the Consistent Block Encrypter (CBE)
* \author Martin Stein
* \author Josef Soentgen
* \date 2020-11-10
*/
/*
* Copyright (C) 2020 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU Affero General Public License version 3.
*/
#ifndef _INCLUDE__CBE__CRYPTO__INTERFACE_H_
#define _INCLUDE__CBE__CRYPTO__INTERFACE_H_
/* Genode includes */
#include <base/exception.h>
#include <base/stdint.h>
namespace Cbe_crypto {
using uint32_t = Genode::uint32_t;
using uint64_t = Genode::uint64_t;
using size_t = Genode::size_t;
struct Interface;
Interface &get_interface();
enum { BLOCK_SIZE = 4096u };
} /* namespace Cbe_crypto */
struct Cbe_crypto::Interface
{
struct Buffer_too_small : Genode::Exception { };
struct Key_value_size_mismatch : Genode::Exception { };
struct Complete_request
{
bool const valid;
uint64_t const block_number;
};
struct Slots
{
enum { NUM_SLOTS = 2, };
uint32_t _store[NUM_SLOTS] { };
bool store(uint32_t const id)
{
for (uint32_t &slot : _store) {
if (slot == 0) {
slot = id;
return true;
}
}
return false;
}
void remove(uint32_t const id)
{
for (uint32_t &slot : _store) {
if (slot == id) {
slot = 0;
return;
}
}
}
template <typename FN>
void for_each_key(FN const &func)
{
for (uint32_t const slot : _store) {
if (slot != 0) {
func(slot);
}
}
}
};
Slots _slots { };
virtual ~Interface() { }
template <typename FN>
void for_each_key(FN const &func)
{
_slots.for_each_key(func);
}
virtual bool execute() = 0;
virtual bool add_key(uint32_t const id,
char const *value,
size_t value_len) = 0;
virtual bool remove_key(uint32_t const id) = 0;
virtual bool submit_encryption_request(uint64_t const block_number,
uint32_t const key_id,
char const *src,
size_t const src_len) = 0;
virtual Complete_request encryption_request_complete(char *dst, size_t const dst_len) = 0;
virtual bool submit_decryption_request(uint64_t const block_number,
uint32_t const key_id,
char const *src,
size_t const src_len) = 0;
virtual Complete_request decryption_request_complete(char *dst, size_t dst_len) = 0;
};
#endif /* _INCLUDE__CBE__CRYPTO__INTERFACE_H_ */

101
repos/gems/include/cbe/dump/configuration.h Normal file
View File

@ -0,0 +1,101 @@
/*
* \brief Integration of the Consistent Block Encrypter (CBE)
* \author Martin Stein
* \author Josef Soentgen
* \date 2020-11-10
*/
/*
* Copyright (C) 2020 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU Affero General Public License version 3.
*/
#ifndef _CBE__DUMP__CONFIGURATION_H_
#define _CBE__DUMP__CONFIGURATION_H_
/* Genode includes */
#include <util/xml_node.h>
namespace Cbe_dump { class Configuration; }
class Cbe_dump::Configuration
{
private:
bool _unused_nodes;
Genode::uint32_t _max_superblocks;
Genode::uint32_t _max_snapshots;
bool _vbd;
bool _vbd_pba_filter_enabled;
Genode::uint64_t _vbd_pba_filter;
bool _vbd_vba_filter_enabled;
Genode::uint64_t _vbd_vba_filter;
bool _free_tree;
bool _meta_tree;
bool _hashes;
public:
Configuration (Genode::Xml_node const &node)
:
_unused_nodes { node.attribute_value("unused_nodes", true) },
_max_superblocks { node.attribute_value("max_superblocks", ~(Genode::uint32_t)0) },
_max_snapshots { node.attribute_value("max_snapshots", ~(Genode::uint32_t)0) },
_vbd { node.attribute_value("vbd", true) },
_vbd_pba_filter_enabled { node.attribute_value("vbd_pba_filter_enabled", false) },
_vbd_pba_filter { node.attribute_value("vbd_pba_filter", (Genode::uint64_t)0) },
_vbd_vba_filter_enabled { node.attribute_value("vbd_vba_filter_enabled", false) },
_vbd_vba_filter { node.attribute_value("vbd_vba_filter", (Genode::uint64_t)0) },
_free_tree { node.attribute_value("free_tree", true) },
_meta_tree { node.attribute_value("meta_tree", true) },
_hashes { node.attribute_value("hashes", true) }
{ }
Configuration (Configuration const &other)
:
_unused_nodes { other._unused_nodes },
_max_superblocks { other._max_superblocks },
_max_snapshots { other._max_snapshots },
_vbd { other._vbd },
_vbd_pba_filter_enabled { other._vbd_pba_filter_enabled },
_vbd_pba_filter { other._vbd_pba_filter },
_vbd_vba_filter_enabled { other._vbd_vba_filter_enabled },
_vbd_vba_filter { other._vbd_vba_filter },
_free_tree { other._free_tree },
_meta_tree { other._meta_tree },
_hashes { other._hashes }
{ }
bool unused_nodes() const { return _unused_nodes; }
Genode::uint32_t max_superblocks() const { return _max_superblocks; }
Genode::uint32_t max_snapshots() const { return _max_snapshots; }
bool vbd() const { return _vbd; }
bool vbd_pba_filter_enabled() const { return _vbd_pba_filter_enabled; }
Genode::uint64_t vbd_pba_filter() const { return _vbd_pba_filter; }
bool vbd_vba_filter_enabled() const { return _vbd_vba_filter_enabled; }
Genode::uint64_t vbd_vba_filter() const { return _vbd_vba_filter; }
bool free_tree() const { return _free_tree; }
bool meta_tree() const { return _meta_tree; }
bool hashes() const { return _hashes; }
void print(Genode::Output &out) const
{
Genode::print(out,
"unused_nodes=", _unused_nodes ,
" max_superblocks=", _max_superblocks ,
" max_snapshots=", _max_snapshots ,
" vbd=", _vbd ,
" vbd_pba_filter_enabled=", _vbd_pba_filter_enabled,
" vbd_pba_filter=", _vbd_pba_filter ,
" vbd_vba_filter_enabled=", _vbd_vba_filter_enabled,
" vbd_vba_filter=", _vbd_vba_filter ,
" free_tree=", _free_tree ,
" meta_tree=", _meta_tree ,
" hashes=", _hashes );
}
} __attribute__((packed));
#endif /* _CBE__DUMP__CONFIGURATION_H_ */

63
repos/gems/include/cbe/dump/library.h Normal file
View File

@ -0,0 +1,63 @@
/*
* \brief Integration of the Consistent Block Encrypter (CBE)
* \author Martin Stein
* \author Josef Soentgen
* \date 2020-11-10
*/
/*
* Copyright (C) 2020 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU Affero General Public License version 3.
*/
#ifndef _CBE__DUMP__LIBRARY_H_
#define _CBE__DUMP__LIBRARY_H_
/* CBE includes */
#include <cbe/types.h>
#include <cbe/spark_object.h>
/* CBE dump includes */
#include <cbe/dump/configuration.h>
extern "C" void cbe_dump_cxx_init();
extern "C" void cbe_dump_cxx_final();
namespace Cbe_dump {
class Library;
Genode::uint32_t object_size(Library const &);
}
struct Cbe_dump::Library : Cbe::Spark_object<49240>
{
Library();
bool client_request_acceptable() const;
void submit_client_request(Cbe::Request const &request,
Configuration const &cfg);
Cbe::Request peek_completed_client_request() const;
void drop_completed_client_request(Cbe::Request const &req);
void execute(Cbe::Io_buffer const &io_buf);
bool execute_progress() const;
void io_request_completed(Cbe::Io_buffer::Index const &data_index,
bool const success);
void has_io_request(Cbe::Request &, Cbe::Io_buffer::Index &) const;
void io_request_in_progress(Cbe::Io_buffer::Index const &data_index);
};
#endif /* _CBE__DUMP__LIBRARY_H_ */

100
repos/gems/include/cbe/init/configuration.h Normal file
View File

@ -0,0 +1,100 @@
/*
* \brief Integration of the Consistent Block Encrypter (CBE)
* \author Martin Stein
* \author Josef Soentgen
* \date 2020-11-10
*/
/*
* Copyright (C) 2020 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU Affero General Public License version 3.
*/
#ifndef _CBE__INIT__CONFIGURATION_H_
#define _CBE__INIT__CONFIGURATION_H_
/* Genode includes */
#include <util/xml_node.h>
namespace Cbe_init { class Configuration; }
class Cbe_init::Configuration
{
private:
Genode::uint64_t _vbd_nr_of_lvls { 0 };
Genode::uint64_t _vbd_nr_of_children { 0 };
Genode::uint64_t _vbd_nr_of_leafs { 0 };
Genode::uint64_t _ft_nr_of_lvls { 0 };
Genode::uint64_t _ft_nr_of_children { 0 };
Genode::uint64_t _ft_nr_of_leafs { 0 };
public:
struct Invalid : Genode::Exception { };
Configuration (Genode::Xml_node const &node)
{
node.with_sub_node("virtual-block-device",
[&] (Genode::Xml_node const &vbd)
{
_vbd_nr_of_lvls =
vbd.attribute_value("nr_of_levels", (Genode::uint64_t)0);
_vbd_nr_of_children =
vbd.attribute_value("nr_of_children", (Genode::uint64_t)0);
_vbd_nr_of_leafs =
vbd.attribute_value("nr_of_leafs", (Genode::uint64_t)0);
});
node.with_sub_node("free-tree",
[&] (Genode::Xml_node const &ft)
{
_ft_nr_of_lvls =
ft.attribute_value("nr_of_levels", (Genode::uint64_t)0);
_ft_nr_of_children =
ft.attribute_value("nr_of_children", (Genode::uint64_t)0);
_ft_nr_of_leafs =
ft.attribute_value("nr_of_leafs", (Genode::uint64_t)0);
});
if (_vbd_nr_of_lvls == 0 ||
_vbd_nr_of_children == 0 ||
_vbd_nr_of_leafs == 0 ||
_ft_nr_of_lvls == 0 ||
_ft_nr_of_children == 0 ||
_ft_nr_of_leafs == 0)
{
throw Invalid();
}
}
Configuration (Configuration const &other)
{
_vbd_nr_of_lvls = other._vbd_nr_of_lvls ;
_vbd_nr_of_children = other._vbd_nr_of_children;
_vbd_nr_of_leafs = other._vbd_nr_of_leafs ;
_ft_nr_of_lvls = other._ft_nr_of_lvls ;
_ft_nr_of_children = other._ft_nr_of_children ;
_ft_nr_of_leafs = other._ft_nr_of_leafs ;
}
Genode::uint64_t vbd_nr_of_lvls () const { return _vbd_nr_of_lvls ; }
Genode::uint64_t vbd_nr_of_children () const { return _vbd_nr_of_children; }
Genode::uint64_t vbd_nr_of_leafs () const { return _vbd_nr_of_leafs ; }
Genode::uint64_t ft_nr_of_lvls () const { return _ft_nr_of_lvls ; }
Genode::uint64_t ft_nr_of_children () const { return _ft_nr_of_children ; }
Genode::uint64_t ft_nr_of_leafs () const { return _ft_nr_of_leafs ; }
void print(Genode::Output &out) const
{
Genode::print(out,
"vbd=(lvls=", _vbd_nr_of_lvls,
" children=", _vbd_nr_of_children,
" leafs=", _vbd_nr_of_leafs, ")",
" ft=(lvls=", _ft_nr_of_lvls,
" children=", _ft_nr_of_children,
" leafs=", _ft_nr_of_leafs, ")");
}
};
#endif /* _CBE__INIT__CONFIGURATION_H_ */

124
repos/gems/include/cbe/init/library.h Normal file
View File

@ -0,0 +1,124 @@
/*
* \brief Integration of the Consistent Block Encrypter (CBE)
* \author Martin Stein
* \author Josef Soentgen
* \date 2020-11-10
*/
/*
* Copyright (C) 2020 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU Affero General Public License version 3.
*/
#ifndef _CBE__INIT__LIBRARY_H_
#define _CBE__INIT__LIBRARY_H_
/* CBE includes */
#include <cbe/types.h>
#include <cbe/spark_object.h>
extern "C" void cbe_init_cxx_init();
extern "C" void cbe_init_cxx_final();
namespace Cbe_init {
class Library;
Genode::uint32_t object_size(Library const &);
}
struct Cbe_init::Library : Cbe::Spark_object<60960>
{
/*
* Ada/SPARK compatible bindings
*/
void _peek_generated_ta_request(Cbe::Trust_anchor_request &) const;
void _peek_generated_ta_sb_hash(Cbe::Trust_anchor_request const &, Cbe::Hash &) const;
void _peek_generated_ta_key_value_plaintext(Cbe::Trust_anchor_request const &,
Cbe::Key_plaintext_value &) const;
void _peek_generated_ta_key_value_ciphertext(Cbe::Trust_anchor_request const &,
Cbe::Key_ciphertext_value &) const;
Library();
bool client_request_acceptable() const;
void submit_client_request(Cbe::Request const &request,
Genode::uint64_t vbd_max_lvl_idx,
Genode::uint64_t vbd_degree,
Genode::uint64_t vbd_nr_of_leafs,
Genode::uint64_t ft_max_lvl_idx,
Genode::uint64_t ft_degree,
Genode::uint64_t ft_nr_of_leafs);
Cbe::Request peek_completed_client_request() const;
void drop_completed_client_request(Cbe::Request const &req);
void execute(Cbe::Io_buffer &io_buf);
bool execute_progress() const;
void io_request_completed(Cbe::Io_buffer::Index const &data_index,
bool const success);
void has_io_request(Cbe::Request &, Cbe::Io_buffer::Index &) const;
void io_request_in_progress(Cbe::Io_buffer::Index const &data_index);
Cbe::Trust_anchor_request peek_generated_ta_request() const
{
Cbe::Trust_anchor_request request { };
_peek_generated_ta_request(request);
return request;
}
void drop_generated_ta_request(Cbe::Trust_anchor_request const &request);
Cbe::Hash peek_generated_ta_sb_hash(Cbe::Trust_anchor_request const &request) const
{
Cbe::Hash hash { };
_peek_generated_ta_sb_hash(request, hash);
return hash;
}
void mark_generated_ta_secure_sb_request_complete(Cbe::Trust_anchor_request const &request);
void mark_generated_ta_create_key_request_complete(Cbe::Trust_anchor_request const &request,
Cbe::Key_plaintext_value const &key);
Cbe::Key_ciphertext_value peek_generated_ta_key_value_ciphertext(Cbe::Trust_anchor_request const &request) const
{
Cbe::Key_ciphertext_value ck { };
_peek_generated_ta_key_value_ciphertext(request, ck);
return ck;
}
Cbe::Key_plaintext_value peek_generated_ta_key_value_plaintext(Cbe::Trust_anchor_request const &request) const
{
Cbe::Key_plaintext_value pk { };
_peek_generated_ta_key_value_plaintext(request, pk);
return pk;
}
void mark_generated_ta_decrypt_key_request_complete(Cbe::Trust_anchor_request const &reference,
Cbe::Key_plaintext_value const &key);
void mark_generated_ta_encrypt_key_request_complete(Cbe::Trust_anchor_request const &request,
Cbe::Key_ciphertext_value const &key);
void mark_generated_ta_last_sb_hash_request_complete(Cbe::Trust_anchor_request const &,
Cbe::Hash const &)
{
struct Not_supported { };
throw Not_supported();
}
};
#endif /* _CBE__INIT__LIBRARY_H_ */

412
repos/gems/include/cbe/library.h Normal file
View File

@ -0,0 +1,412 @@
/*
* \brief Integration of the Consistent Block Encrypter (CBE)
* \author Martin Stein
* \author Josef Soentgen
* \date 2020-11-10
*/
/*
* Copyright (C) 2020 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU Affero General Public License version 3.
*/
#ifndef _CBE_LIBRARY_H_
#define _CBE_LIBRARY_H_
/* Genode includes */
#include <base/stdint.h>
#include <base/output.h>
/* CBE includes */
#include <cbe/types.h>
#include <cbe/spark_object.h>
extern "C" void cbe_cxx_init();
extern "C" void cbe_cxx_final();
namespace Cbe {
using namespace Genode;
class Library;
Genode::uint32_t object_size(Library const &);
} /* namespace Cbe */
class Cbe::Library : public Cbe::Spark_object<353944>
{
private:
/*
* Ada/SPARK compatible bindings
*
* Ada functions cannot have out parameters. Hence we call Ada
* procedures that return the 'progress' result as last out parameter.
*/
void _has_io_request(Request &, Io_buffer::Index &) const;
void _crypto_add_key_required(Request &, Key &) const;
void _crypto_remove_key_required(Request &, Key::Id &) const;
void _crypto_cipher_data_required(Request &, Crypto_plain_buffer::Index &) const;
void _crypto_plain_data_required(Request &, Crypto_cipher_buffer::Index &) const;
void _info(Info &) const;
void _peek_generated_ta_request(Trust_anchor_request &) const;
void _peek_generated_ta_sb_hash(Trust_anchor_request const &, Hash &) const;
void _peek_generated_ta_key_value_plaintext(Trust_anchor_request const &, Key_plaintext_value &) const;
void _peek_generated_ta_key_value_ciphertext(Trust_anchor_request const &, Key_ciphertext_value &) const;
public:
Library();
/**
* Get highest virtual-block-address useable by the current active snapshot
*
* \return highest addressable virtual-block-address
*/
Virtual_block_address max_vba() const;
/**
* Get information about the CBE
*
* \return information structure
*/
Info info() const
{
Info inf { };
_info(inf);
return inf;
}
void execute(Io_buffer &io_buf,
Crypto_plain_buffer &crypto_plain_buf,
Crypto_cipher_buffer &crypto_cipher_buf);
/**
* Return whether the last call to 'execute' has made progress or not
*/
bool execute_progress() const;
/**
* Check if the CBE can accept a new requeust
*
* \return true if a request can be accepted, otherwise false
*/
bool client_request_acceptable() const;
/**
* Submit a new request
*
* This method must only be called after executing 'request_acceptable'
* returned true.
*
* \param request block request
*/
void submit_client_request(Request const &request, uint32_t id);
/**
* Check for any completed request
*
* \return a valid block request will be returned if there is an
* completed request, otherwise an invalid one
*/
Request peek_completed_client_request() const;
/**
* Drops the completed request
*
* This method must only be called after executing
* 'peek_completed_request' returned a valid request.
*
*/
void drop_completed_client_request(Request const &req);
/*
* Backend block I/O
*/
/**
* Submit read request data from the backend block session to the CBE
*
* The given data will be transfered to the CBE.
*
* \param request reference to the request from the CBE
* \param data reference to the data associated with the
* request
*
* \return true if the CBE acknowledged the request
*/
void io_request_completed(Io_buffer::Index const &data_index,
bool const success);
/**
* Return a write request for the backend block session
*
* \param result valid request in case the is one pending that
* needs data, otherwise an invalid one is returned
*/
Request has_io_request(Io_buffer::Index &data_index) const
{
Request result { };
_has_io_request(result, data_index);
return result;
}
void has_io_request(Request &req, Io_buffer::Index &data_index) const
{
_has_io_request(req, data_index);
}
/**
* Obtain data for write request for the backend block session
*
* The CBE will transfer the payload to the given data.
*
* \param request reference to the Block::Request processed
* by the CBE
* \param data reference to the data associated with the
* Request
*
* \return true if the CBE could process the request
*/
void io_request_in_progress(Io_buffer::Index const &data_index);
void client_transfer_read_data_required(Request &,
uint64_t &,
Crypto_plain_buffer::Index &) const;
void client_transfer_read_data_in_progress(Crypto_plain_buffer::Index const &);
void client_transfer_read_data_completed(Crypto_plain_buffer::Index const &, bool);
void client_transfer_write_data_required(Request &,
uint64_t &,
Crypto_plain_buffer::Index &) const;
void client_transfer_write_data_in_progress(Crypto_plain_buffer::Index const &);
void client_transfer_write_data_completed(Crypto_plain_buffer::Index const &, bool);
/**
* Query list of active snapshots
*
* \param ids reference to destination buffer
*/
void active_snapshot_ids(Active_snapshot_ids &ids) const;
Request crypto_add_key_required(Key &key) const
{
Request result { };
_crypto_add_key_required(result, key);
return result;
}
void crypto_add_key_requested(Request const &req);
void crypto_add_key_completed(Request const &req);
Request crypto_remove_key_required(Key::Id &key_id) const
{
Request result { };
_crypto_remove_key_required(result, key_id);
return result;
}
void crypto_remove_key_requested(Request const &req);
void crypto_remove_key_completed(Request const &req);
/**
* CBE requests encrytion
*
* \param result valid request in case the is one pending that
* needs encrytion, otherwise an invalid one is
* returned
*/
Request crypto_cipher_data_required(Crypto_plain_buffer::Index &data_index) const
{
Request result { };
_crypto_cipher_data_required(result, data_index);
return result;
}
/**
* Return plain data for given encryption request
*
* \param request reference to the Block::Request processed
* by the CBE
* \param data reference to the data associated with the
* Block::Request
*/
void crypto_cipher_data_requested(
Crypto_plain_buffer::Index const &data_index);
/**
* Collect cipher data for given completed encryption request
*
* \param request reference to the Block::Request processed
* by the CBE
* \param data reference to the data associated with the
* Block::Request
*
* \return true if the CBE could obtain the encrypted data,
* otherwise false
*/
void supply_crypto_cipher_data(Crypto_cipher_buffer::Index const &data_index,
bool const data_valid);
/**
* CBE requests decryption
*
* \param result valid request in case the is one pending that
* needs decrytion, otherwise an invalid one is
* returned
*/
Request crypto_plain_data_required(Crypto_cipher_buffer::Index &data_index) const
{
Request result { };
_crypto_plain_data_required(result, data_index);
return result;
}
/**
* Return cipher data for given decryption request
*
* \param request reference to the Block::Request processed
* by the CBE
* \param data reference to the data associated with the
* Block::Request
*
* \return true if the CBE could supply the ciphr data,
* otherwise false
*/
void crypto_plain_data_requested(
Crypto_cipher_buffer::Index const &data_index);
/**
* Collect plain data for given completed decryption request
*
* \param request reference to the Block::Request processed
* by the CBE
* \param data reference to the data associated with the
* Block::Request
*
* \return true if the CBE could obtain the decrypted data,
* otherwise false
*/
void supply_crypto_plain_data(Crypto_plain_buffer::Index const &data_index,
bool const data_valid);
/**
* CBE trust anchor request
*
* \return valid TA request in case there is one pending, otherwise an
* invalid one is returned
*/
Trust_anchor_request peek_generated_ta_request() const
{
Trust_anchor_request request { };
_peek_generated_ta_request(request);
return request;
}
/**
* Drop generated TA request
*
* \param request reference to the request processed by the TA
*/
void drop_generated_ta_request(Trust_anchor_request const &request);
/**
* Peek generated TA superblock hash
*
* \param request reference to the request
* \return superblock hash
*/
Hash peek_generated_ta_sb_hash(Trust_anchor_request const &request) const
{
Cbe::Hash hash { };
_peek_generated_ta_sb_hash(request, hash);
return hash;
}
/**
* Mark generated TA secure superblock request complete
*
* \param request reference to the request completed by the TA
*/
void mark_generated_ta_secure_sb_request_complete(Trust_anchor_request const &request);
/**
* Mark generated TA create key request complete
*
* \param request reference to the request completed by the TA
* \param key reference to the key plaintext created by the TA
*/
void mark_generated_ta_create_key_request_complete(Trust_anchor_request const &request,
Key_plaintext_value const &key);
/**
* Peek generated TA key ciphertext
*
* \param request reference to the request
* \return key ciphertext
*/
Key_ciphertext_value peek_generated_ta_key_value_ciphertext(Trust_anchor_request const &request) const
{
Cbe::Key_ciphertext_value ck { };
_peek_generated_ta_key_value_ciphertext(request, ck);
return ck;
}
/**
* Peek generated TA key plaintext
*
* \param request reference to the request
* \return key plaintext
*/
Key_plaintext_value peek_generated_ta_key_value_plaintext(Trust_anchor_request const &request) const
{
Cbe::Key_plaintext_value pk { };
_peek_generated_ta_key_value_plaintext(request, pk);
return pk;
}
/**
* Mark generated TA decrypt key request complete
*
* \param request reference to the request completed by the TA
* \param key reference to the key plaintext decrypted by the TA
*/
void mark_generated_ta_decrypt_key_request_complete(Trust_anchor_request const &reference,
Key_plaintext_value const &key);
/**
* Mark generated TA encrypt key request complete
*
* \param request reference to the request completed by the TA
* \param key reference to the key ciphertext encrypted by the TA
*/
void mark_generated_ta_encrypt_key_request_complete(Trust_anchor_request const &request,
Key_ciphertext_value const &key);
/**
* Mark generated TA last superblock hash request complete
*
* \param request reference to the request completed by the TA
* \param hash reference to the superblock hash stored in the TA
*/
void mark_generated_ta_last_sb_hash_request_complete(Trust_anchor_request const &request,
Hash const &hash);
};
#endif /* _CBE_LIBRARY_H_ */

65
repos/gems/include/cbe/spark_object.h Normal file
View File

@ -0,0 +1,65 @@
/*
* \brief Integration of the Consistent Block Encrypter (CBE)
* \author Martin Stein
* \author Josef Soentgen
* \date 2020-11-10
*/
/*
* Copyright (C) 2020 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU Affero General Public License version 3.
*/
#ifndef _CBE_SPARK_OBJECT_H_
#define _CBE_SPARK_OBJECT_H_
/* Genode includes */
#include <base/stdint.h>
#include <base/output.h>
#include <base/log.h>
namespace Cbe {
/**
* Opaque object that contains the space needed to store a SPARK record.
*
* \param BYTES size of the SPARK record in bytes
*/
template <Genode::uint32_t BYTES>
struct Spark_object
{
/**
* Exception type
*/
struct Object_size_mismatch { };
static constexpr Genode::uint32_t bytes() { return BYTES; }
long _space[(BYTES + sizeof(long) - 1)/sizeof(long)] { };
};
template <typename T>
static inline void assert_valid_object_size()
{
if (object_size(*(T *)nullptr) > T::bytes()) {
Genode::error("need ", object_size(*(T *)nullptr),
" bytes, got ", T::bytes(), " bytes");
throw typename T::Object_size_mismatch();
}
}
template <typename T>
static inline void assert_same_object_size()
{
if (object_size(*(T *)nullptr) != T::bytes()) {
Genode::error("need ", object_size(*(T *)nullptr),
" bytes, got ", T::bytes(), " bytes");
throw typename T::Object_size_mismatch();
}
}
} /* namespace Cbe */
#endif /* _CBE_SPARK_OBJECT_H_ */

448
repos/gems/include/cbe/types.h Normal file
View File

@ -0,0 +1,448 @@
/*
* \brief Integration of the Consistent Block Encrypter (CBE)
* \author Martin Stein
* \author Josef Soentgen
* \date 2020-11-10
*/
/*
* Copyright (C) 2020 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU Affero General Public License version 3.
*/
#ifndef _CBE_TYPES_H_
#define _CBE_TYPES_H_
/* Genode includes */
#include <base/stdint.h>
#include <base/output.h>
#include <base/exception.h>
#include <util/string.h>
namespace Cbe {
using namespace Genode;
using Number_of_primitives = size_t;
using Physical_block_address = uint64_t;
using Virtual_block_address = uint64_t;
using Generation = uint64_t;
using Height = uint32_t;
using Number_of_leaves = uint64_t;
using Number_of_leafs = uint64_t;
using Number_of_blocks = uint64_t;
using Degree = uint32_t;
static constexpr uint32_t BLOCK_SIZE = 4096;
static constexpr uint32_t NR_OF_SNAPSHOTS = 48;
class Request
{
public:
enum class Operation : uint32_t {
INVALID = 0,
READ = 1,
WRITE = 2,
SYNC = 3,
CREATE_SNAPSHOT = 4,
DISCARD_SNAPSHOT = 5,
REKEY = 6,
EXTEND_VBD = 7,
EXTEND_FT = 8,
RESUME_REKEYING = 10,
DEINITIALIZE = 11,
INITIALIZE = 12,
};
private:
Operation _operation;
bool _success;
uint64_t _block_number;
uint64_t _offset;
Number_of_blocks _count;
uint32_t _key_id;
uint32_t _tag;
public:
Request(Operation operation,
bool success,
uint64_t block_number,
uint64_t offset,
Number_of_blocks count,
uint32_t key_id,
uint32_t tag)
:
_operation { operation },
_success { success },
_block_number { block_number },
_offset { offset },
_count { count },
_key_id { key_id },
_tag { tag }
{ }
Request()
:
_operation { Operation::INVALID },
_success { false },
_block_number { 0 },
_offset { 0 },
_count { 0 },
_key_id { 0 },
_tag { 0 }
{ }
bool valid() const
{
return _operation != Operation::INVALID;
}
void print(Genode::Output &out) const;
/***************
** Accessors **
***************/
bool read() const { return _operation == Operation::READ; }
bool write() const { return _operation == Operation::WRITE; }
bool sync() const { return _operation == Operation::SYNC; }
bool create_snapshot() const { return _operation == Operation::CREATE_SNAPSHOT; }
bool discard_snapshot() const { return _operation == Operation::DISCARD_SNAPSHOT; }
bool rekey() const { return _operation == Operation::REKEY; }
bool extend_vbd() const { return _operation == Operation::EXTEND_VBD; }
bool extend_ft() const { return _operation == Operation::EXTEND_FT; }
bool resume_rekeying() const { return _operation == Operation::RESUME_REKEYING; }
bool deinitialize() const { return _operation == Operation::DEINITIALIZE; }
bool initialize() const { return _operation == Operation::INITIALIZE; }
Operation operation() const { return _operation; }
bool success() const { return _success; }
uint64_t block_number() const { return _block_number; }
uint64_t offset() const { return _offset; }
Number_of_blocks count() const { return _count; }
uint32_t key_id() const { return _key_id; }
uint32_t tag() const { return _tag; }
void success(bool arg) { _success = arg; }
void tag(uint32_t arg) { _tag = arg; }
} __attribute__((packed));
class Trust_anchor_request
{
public:
enum class Operation : uint32_t {
INVALID = 0,
CREATE_KEY = 1,
SECURE_SUPERBLOCK = 2,
ENCRYPT_KEY = 3,
DECRYPT_KEY = 4,
LAST_SB_HASH = 5,
INITIALIZE = 6,
};
private:
Operation _operation;
bool _success;
uint32_t _tag;
public:
Trust_anchor_request()
:
_operation { Operation::INVALID },
_success { false },
_tag { 0 }
{ }
Trust_anchor_request(Operation operation,
bool success,
uint32_t tag)
:
_operation { operation },
_success { success },
_tag { tag }
{ }
void print(Genode::Output &out) const;
bool valid() const { return _operation != Operation::INVALID; }
bool create_key() const { return _operation == Operation::CREATE_KEY; }
bool secure_superblock() const { return _operation == Operation::SECURE_SUPERBLOCK; }
bool encrypt_key() const { return _operation == Operation::ENCRYPT_KEY; }
bool decrypt_key() const { return _operation == Operation::DECRYPT_KEY; }
bool last_sb_hash() const { return _operation == Operation::LAST_SB_HASH; }
bool initialize() const { return _operation == Operation::INITIALIZE; }
Operation operation() const { return _operation; }
bool success() const { return _success; }
uint32_t tag() const { return _tag; }
void tag(uint32_t arg) { _tag = arg; }
void success(bool arg) { _success = arg; }
} __attribute__((packed));
struct Block_data
{
char values[BLOCK_SIZE];
void print(Genode::Output &out) const
{
using namespace Genode;
for (char const c : values) {
Genode::print(out, Hex(c, Hex::OMIT_PREFIX, Hex::PAD), " ");
}
Genode::print(out, "\n");
}
} __attribute__((packed));
class Io_buffer
{
private:
Block_data items[1];
public:
struct Bad_index : Genode::Exception { };
struct Index
{
uint32_t value;
explicit Index(uint32_t value) : value(value) { }
} __attribute__((packed));
Block_data &item(Index const idx)
{
if (idx.value >= sizeof(items) / sizeof(items[0])) {
throw Bad_index();
}
return items[idx.value];
}
} __attribute__((packed));
class Crypto_plain_buffer
{
private:
Block_data items[1];
public:
struct Bad_index : Genode::Exception { };
struct Index
{
uint32_t value;
explicit Index(uint32_t value) : value(value) { }
} __attribute__((packed));
Block_data &item(Index const idx)
{
if (idx.value >= sizeof(items) / sizeof(items[0])) {
throw Bad_index();
}
return items[idx.value];
}
} __attribute__((packed));
class Crypto_cipher_buffer
{
private:
Block_data items[1];
public:
struct Bad_index : Genode::Exception { };
struct Index
{
uint32_t value;
explicit Index(uint32_t value) : value(value) { }
} __attribute__((packed));
Block_data &item(Index const idx)
{
if (idx.value >= sizeof(items) / sizeof(items[0])) {
throw Bad_index();
}
return items[idx.value];
}
} __attribute__((packed));
/*
* The Hash contains the hash of a node.
*/
struct Hash
{
enum { MAX_LENGTH = 32, };
char values[MAX_LENGTH];
/* hash as hex value plus "0x" prefix and terminating null */
using String = Genode::String<sizeof(values) * 2 + 3>;
/* debug */
void print(Genode::Output &out) const
{
using namespace Genode;
Genode::print(out, "0x");
bool leading_zero = true;
for (char const c : values) {
if (leading_zero) {
if (c) {
leading_zero = false;
Genode::print(out, Hex(c, Hex::OMIT_PREFIX));
}
} else {
Genode::print(out, Hex(c, Hex::OMIT_PREFIX, Hex::PAD));
}
}
if (leading_zero) {
Genode::print(out, "0");
}
}
};
struct Key_plaintext_value
{
enum { KEY_SIZE = 32 };
char value[KEY_SIZE];
};
struct Key_ciphertext_value
{
enum { KEY_SIZE = 32 };
char value[KEY_SIZE];
};
/*
* The Key contains the key-material that is used to
* process cipher-blocks.
*
* (For now it is not used but the ID field is already referenced
* by type 2 nodes.)
*/
struct Key
{
enum { KEY_SIZE = 32 };
char value[KEY_SIZE];
struct Id { uint32_t value; };
Id id;
using String = Genode::String<sizeof(value) * 2 + 3>;
void print(Genode::Output &out) const
{
using namespace Genode;
Genode::print(out, "[", id.value, ", ");
for (uint32_t i = 0; i < 4; i++) {
Genode::print(out, Hex(value[i], Hex::OMIT_PREFIX, Hex::PAD));
}
Genode::print(out, "...]");
}
} __attribute__((packed));
struct Active_snapshot_ids
{
uint64_t values[NR_OF_SNAPSHOTS];
} __attribute__((packed));
struct Info
{
bool valid;
bool rekeying;
bool extending_vbd;
bool extending_ft;
} __attribute__((packed));
}
inline char const *to_string(Cbe::Request::Operation op)
{
struct Unknown_operation_type : Genode::Exception { };
switch (op) {
case Cbe::Request::Operation::INVALID: return "invalid";
case Cbe::Request::Operation::READ: return "read";
case Cbe::Request::Operation::WRITE: return "write";
case Cbe::Request::Operation::SYNC: return "sync";
case Cbe::Request::Operation::CREATE_SNAPSHOT: return "create_snapshot";
case Cbe::Request::Operation::DISCARD_SNAPSHOT: return "discard_snapshot";
case Cbe::Request::Operation::REKEY: return "rekey";
case Cbe::Request::Operation::EXTEND_VBD: return "extend_vbd";
case Cbe::Request::Operation::EXTEND_FT: return "extend_ft";
case Cbe::Request::Operation::RESUME_REKEYING: return "resume_rekeying";
case Cbe::Request::Operation::DEINITIALIZE: return "deinitialize";
case Cbe::Request::Operation::INITIALIZE: return "initialize";
}
throw Unknown_operation_type();
}
inline char const *to_string(Cbe::Trust_anchor_request::Operation op)
{
struct Unknown_operation_type : Genode::Exception { };
switch (op) {
case Cbe::Trust_anchor_request::Operation::INVALID: return "invalid";
case Cbe::Trust_anchor_request::Operation::CREATE_KEY: return "create_key";
case Cbe::Trust_anchor_request::Operation::INITIALIZE: return "initialize";
case Cbe::Trust_anchor_request::Operation::SECURE_SUPERBLOCK: return "secure_superblock";
case Cbe::Trust_anchor_request::Operation::ENCRYPT_KEY: return "encrypt_key";
case Cbe::Trust_anchor_request::Operation::DECRYPT_KEY: return "decrypt_key";
case Cbe::Trust_anchor_request::Operation::LAST_SB_HASH: return "last_sb_hash";
}
throw Unknown_operation_type();
}
inline void Cbe::Request::print(Genode::Output &out) const
{
if (!valid()) {
Genode::print(out, "<invalid>");
return;
}
Genode::print(out, "op=", to_string (_operation));
Genode::print(out, " vba=", _block_number);
Genode::print(out, " cnt=", _count);
Genode::print(out, " tag=", _tag);
Genode::print(out, " key=", _key_id);
Genode::print(out, " off=", _offset);
Genode::print(out, " succ=", _success);
}
inline void Cbe::Trust_anchor_request::print(Genode::Output &out) const
{
if (!valid()) {
Genode::print(out, "<invalid>");
return;
}
Genode::print(out, "op=", to_string (_operation));
Genode::print(out, " tag=", _tag);
Genode::print(out, " succ=", _success);
}
#endif /* _CBE_TYPES_H_ */

314
repos/gems/include/cbe/vfs/io_job.h Normal file
View File

@ -0,0 +1,314 @@
/*
* \brief Integration of the Consistent Block Encrypter (CBE)
* \author Martin Stein
* \author Josef Soentgen
* \date 2020-11-10
*/
/*
* Copyright (C) 2020 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU Affero General Public License version 3.
*/
#ifndef _CBE__VFS__IO_JOB_H_
#define _CBE__VFS__IO_JOB_H_
/* Genode includes */
#include <vfs/types.h>
#include <vfs/vfs_handle.h>
namespace Util {
using file_size = Vfs::file_size;
using file_offset = Vfs::file_offset;
struct Io_job
{
struct Buffer
{
char *base;
file_size size;
};
enum class Operation { INVALID, READ, WRITE, SYNC };
static char const *to_string(Operation op)
{
using Op = Operation;
switch (op) {
case Op::READ: return "READ";
case Op::WRITE: return "WRITE";
case Op::SYNC: return "SYNC";
default: return "INVALID";
}
}
struct Unsupported_Operation : Genode::Exception { };
struct Invalid_state : Genode::Exception { };
enum State { PENDING, IN_PROGRESS, COMPLETE, };
static State _initial_state(Operation const op)
{
using Op = Operation;
switch (op) {
case Op::READ: return State::PENDING;
case Op::WRITE: return State::PENDING;
case Op::SYNC: return State::PENDING;
default: throw Unsupported_Operation();
}
}
static char const *_state_to_string(State s)
{
switch (s) {
case State::PENDING: return "PENDING";
case State::IN_PROGRESS: return "IN_PROGRESS";
case State::COMPLETE: return "COMPLETE";
}
throw Invalid_state();
}
enum class Partial_result { ALLOW, DENY };
Vfs::Vfs_handle &_handle;
Operation const _op;
State _state;
char *_data;
file_offset const _base_offset;
file_offset _current_offset;
file_size _current_count;
bool const _allow_partial;
bool _success;
bool _complete;
bool _read()
{
bool progress = false;
switch (_state) {
case State::PENDING:
_handle.seek(_base_offset + _current_offset);
if (!_handle.fs().queue_read(&_handle, _current_count)) {
return progress;
}
_state = State::IN_PROGRESS;
progress = true;
[[fallthrough]];
case State::IN_PROGRESS:
{
using Result = Vfs::File_io_service::Read_result;
bool completed = false;
file_size out = 0;
Result const result =
_handle.fs().complete_read(&_handle,
_data + _current_offset,
_current_count, out);
if ( result == Result::READ_QUEUED
|| result == Result::READ_ERR_INTERRUPT
|| result == Result::READ_ERR_AGAIN
|| result == Result::READ_ERR_WOULD_BLOCK) {
return progress;
} else
if (result == Result::READ_OK) {
_current_offset += out;
_current_count -= out;
_success = true;
} else
if ( result == Result::READ_ERR_IO
|| result == Result::READ_ERR_INVALID) {
_success = false;
completed = true;
}
if (_current_count == 0 || completed || (out == 0 && _allow_partial)) {
_state = State::COMPLETE;
} else {
_state = State::PENDING;
/* partial read, keep trying */
return true;
}
progress = true;
}
[[fallthrough]];
case State::COMPLETE:
_complete = true;
progress = true;
default: break;
}
return progress;
}
bool _write()
{
bool progress = false;
switch (_state) {
case State::PENDING:
_handle.seek(_base_offset + _current_offset);
_state = State::IN_PROGRESS;
progress = true;
[[fallthrough]];
case State::IN_PROGRESS:
{
using Result = Vfs::File_io_service::Write_result;
bool completed = false;
file_size out = 0;
Result result = Result::WRITE_ERR_INVALID;
try {
result = _handle.fs().write(&_handle,
_data + _current_offset,
_current_count, out);
} catch (Vfs::File_io_service::Insufficient_buffer) {
return progress;
}
if ( result == Result::WRITE_ERR_AGAIN
|| result == Result::WRITE_ERR_INTERRUPT
|| result == Result::WRITE_ERR_WOULD_BLOCK) {
return progress;
} else
if (result == Result::WRITE_OK) {
_current_offset += out;
_current_count -= out;
_success = true;
} else
if ( result == Result::WRITE_ERR_IO
|| result == Result::WRITE_ERR_INVALID) {
_success = false;
completed = true;
}
if (_current_count == 0 || completed || (out == 0 && _allow_partial)) {
_state = State::COMPLETE;
} else {
_state = State::PENDING;
/* partial write, keep trying */
return true;
}
progress = true;
}
[[fallthrough]];
case State::COMPLETE:
_complete = true;
progress = true;
default: break;
}
return progress;
}
bool _sync()
{
bool progress = false;
switch (_state) {
case State::PENDING:
if (!_handle.fs().queue_sync(&_handle)) {
return progress;
}
_state = State::IN_PROGRESS;
progress = true;
[[fallthrough]];
case State::IN_PROGRESS:
{
using Result = Vfs::File_io_service::Sync_result;
Result const result = _handle.fs().complete_sync(&_handle);
if (result == Result::SYNC_QUEUED) {
return progress;
} else
if (result == Result::SYNC_ERR_INVALID) {
_success = false;
} else
if (result == Result::SYNC_OK) {
_success = true;
}
_state = State::COMPLETE;
progress = true;
}
[[fallthrough]];
case State::COMPLETE:
_complete = true;
progress = true;
default: break;
}
return progress;
}
Io_job(Vfs::Vfs_handle &handle,
Operation op,
Buffer &buffer,
file_offset base_offset,
Partial_result partial_result = Partial_result::DENY)
:
_handle { handle },
_op { op },
_state { _initial_state(op) },
_data { buffer.base },
_base_offset { base_offset },
_current_offset { 0 },
_current_count { buffer.size },
_allow_partial { partial_result == Partial_result::ALLOW },
_success { false },
_complete { false }
{ }
bool completed() const { return _complete; }
bool succeeded() const { return _success; }
void print(Genode::Output &out) const
{
Genode::print(out, "(", to_string(_op), ")",
" state: ", _state_to_string(_state),
" current_offset: ", _current_offset,
" current_count: ", _current_count,
" success: ", _success,
" complete: ", _complete);
}
bool execute()
{
using Op = Operation;
switch (_op) {
case Op::READ: return _read();
case Op::WRITE: return _write();
case Op::SYNC: return _sync();
default: return false;
}
}
};
} /* namespace Util */
#endif /* _CBE__VFS__IO_JOB_H_ */

761
repos/gems/include/cbe/vfs/trust_anchor_vfs.h Normal file
View File

@ -0,0 +1,761 @@
/*
* \brief Integration of the Consistent Block Encrypter (CBE)
* \author Martin Stein
* \author Josef Soentgen
* \date 2020-11-10
*/
/*
* Copyright (C) 2020 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU Affero General Public License version 3.
*/
#ifndef _CBE__VFS__TRUST_ANCHOR_VFS_H_
#define _CBE__VFS__TRUST_ANCHOR_VFS_H_
/* local includes */
#include <cbe/vfs/io_job.h>
namespace Util {
using namespace Genode;
struct Trust_anchor_vfs;
}; /* namespace Util */
struct Util::Trust_anchor_vfs
{
struct Invalid_request : Genode::Exception { };
using Path = Genode::Path<256>;
Vfs::File_system &_vfs;
struct Io_response_handler : Vfs::Io_response_handler
{
Genode::Signal_context_capability _io_sigh;
Io_response_handler(Genode::Signal_context_capability io_sigh)
: _io_sigh(io_sigh) { }
void read_ready_response() override { }
void io_progress_response() override
{
if (_io_sigh.valid()) {
Genode::Signal_transmitter(_io_sigh).submit();
}
}
};
Io_response_handler _io_response_handler;
struct File
{
struct Could_not_open_file : Genode::Exception { };
struct Io_job_already_constructed : Genode::Exception { };
struct Cannot_drop_unconstructed_io_job : Genode::Exception { };
struct Completed_io_job
{
bool completed;
bool success;
};
File(File const &) = delete;
File &operator=(File const&) = delete;
Vfs::File_system &_vfs;
Vfs::Vfs_handle *_vfs_handle;
Genode::Constructible<Util::Io_job> _io_job { };
File(Path const &base_path,
char const *name,
Vfs::File_system &vfs,
Genode::Allocator &alloc,
Io_response_handler &io_response_handler)
:
_vfs { vfs },
_vfs_handle { nullptr }
{
using Result = Vfs::Directory_service::Open_result;
Path file_path = base_path;
file_path.append_element(name);
Result const res =
_vfs.open(file_path.string(),
Vfs::Directory_service::OPEN_MODE_RDWR,
(Vfs::Vfs_handle **)&_vfs_handle, alloc);
if (res != Result::OPEN_OK) {
error("could not open '", file_path.string(), "'");
throw Could_not_open_file();
}
_vfs_handle->handler(&io_response_handler);
}
~File()
{
_vfs.close(_vfs_handle);
}
bool submit_io_job(Util::Io_job::Buffer &buffer,
Util::Io_job::Operation op)
{
if (_io_job.constructed()) {
// throw Io_job_already_constructed();
return false;
}
_io_job.construct(*_vfs_handle, op, buffer, 0);
return true;
}
bool execute_io_job()
{
if (!_io_job.constructed()) {
return false;
}
return _io_job->execute();
}
void drop_io_job()
{
if (!_io_job.constructed()) {
throw Cannot_drop_unconstructed_io_job();
}
_io_job.destruct();
}
Completed_io_job completed_io_job()
{
if (!_io_job.constructed()) {
return { false, false };
}
return { _io_job->completed(), _io_job->succeeded() };
}
};
Util::Io_job::Buffer _init_io_buffer { };
Genode::Constructible<File> _init_file { };
Util::Io_job::Buffer _encrypt_io_buffer { };
Genode::Constructible<File> _encrypt_file { };
Util::Io_job::Buffer _decrypt_io_buffer { };
Genode::Constructible<File> _decrypt_file { };
Util::Io_job::Buffer _generate_key_io_buffer { };
Genode::Constructible<File> _generate_key_file { };
Util::Io_job::Buffer _last_hash_io_buffer { };
Genode::Constructible<File> _last_hash_file { };
Path _ta_dir { };
struct Job
{
enum class Type {
NONE,
DECRYPT_WRITE,
DECRYPT_READ,
ENCRYPT_WRITE,
ENCRYPT_READ,
GENERATE,
INIT_WRITE,
INIT_READ,
HASH_READ,
HASH_UPDATE_WRITE,
HASH_UPDATE_READ,
};
Type type { Type::NONE };
static char const *to_string(Type const type)
{
switch (type) {
case Type::NONE: return "NONE";
case Type::DECRYPT_WRITE: return "DECRYPT_WRITE";
case Type::DECRYPT_READ: return "DECRYPT_READ";
case Type::ENCRYPT_WRITE: return "ENCRYPT_WRITE";
case Type::ENCRYPT_READ: return "ENCRYPT_READ";
case Type::GENERATE: return "GENERATE";
case Type::INIT_WRITE: return "INIT_WRITE";
case Type::INIT_READ: return "INIT_READ";
case Type::HASH_READ: return "HASH_READ";
case Type::HASH_UPDATE_WRITE: return "HASH_UPDATE_WRITE";
case Type::HASH_UPDATE_READ: return "HASH_UPDATE_READ";
}
return nullptr;
}
enum class State {
NONE,
PENDING,
IN_PROGRESS,
COMPLETE
};
State state { State::NONE };
static char const *to_string(State const state)
{
switch (state) {
case State::NONE: return "NONE";
case State::PENDING: return "PENDING";
case State::IN_PROGRESS: return "IN_PROGRESS";
case State::COMPLETE: return "COMPLETE";
}
return nullptr;
}
Cbe::Hash hash;
Cbe::Key_plaintext_value plain;
Cbe::Key_ciphertext_value cipher;
Cbe::Trust_anchor_request request { };
bool success { false };
void reset()
{
type = Type::NONE;
state = State::NONE;
request = Cbe::Trust_anchor_request();
}
bool valid() const { return state != State::NONE; }
bool completed() const { return state == State::COMPLETE; }
bool equals(Cbe::Trust_anchor_request const &other) const
{
return request.operation() == other.operation()
&& request.tag() == other.tag();
}
void print(Genode::Output &out) const
{
if (!valid()) {
Genode::print(out, "<invalid>");
return;
}
Genode::print(out, "type: ", to_string(type));
Genode::print(out, " state: ", to_string(state));
Genode::print(out, " request: ", request);
}
};
Job _job { };
bool _execute_decrypt(Job &job, bool write)
{
bool progress = false;
File::Completed_io_job completed_io_job { false, false };
switch (job.state) {
case Job::State::PENDING:
{
using Op = Util::Io_job::Operation;
Op const op = write ? Op::WRITE : Op::READ;
if (!_decrypt_file->submit_io_job(_decrypt_io_buffer, op)) {
break;
}
job.state = Job::State::IN_PROGRESS;
progress |= true;
}
[[fallthrough]];
case Job::State::IN_PROGRESS:
if (!_decrypt_file->execute_io_job()) {
break;
}
progress |= true;
completed_io_job = _decrypt_file->completed_io_job();
if (!completed_io_job.completed) {
break;
}
_decrypt_file->drop_io_job();
/* setup second phase */
if (write) {
/*
* In case the write request was not successful it
* is not needed to try to read the result.
*/
if (!completed_io_job.success) {
job.state = Job::State::COMPLETE;
job.request.success(false);
break;
}
_decrypt_io_buffer = {
.base = _job.cipher.value,
.size = sizeof (_job.cipher)
};
job.type = Job::Type::DECRYPT_READ;
job.state = Job::State::PENDING;
break;
}
job.state = Job::State::COMPLETE;
job.success = completed_io_job.success;
job.request.success(job.success);
[[fallthrough]];
case Job::State::COMPLETE: break;
case Job::State::NONE: break;
}
return progress;
}
bool _execute_encrypt(Job &job, bool write)
{
bool progress = false;
File::Completed_io_job completed_io_job { false, false };
switch (job.state) {
case Job::State::PENDING:
{
using Op = Util::Io_job::Operation;
Op const op = write ? Op::WRITE : Op::READ;
if (!_encrypt_file->submit_io_job(_encrypt_io_buffer, op)) {
break;
}
job.state = Job::State::IN_PROGRESS;
progress |= true;
}
[[fallthrough]];
case Job::State::IN_PROGRESS:
if (!_encrypt_file->execute_io_job()) {
break;
}
progress |= true;
completed_io_job = _encrypt_file->completed_io_job();
if (!completed_io_job.completed) {
break;
}
_encrypt_file->drop_io_job();
/* setup second phase */
if (write) {
/*
* In case the write request was not successful it
* is not needed to try to read the result.
*/
if (!completed_io_job.success) {
job.state = Job::State::COMPLETE;
job.request.success(false);
break;
}
_encrypt_io_buffer = {
.base = _job.cipher.value,
.size = sizeof (_job.cipher)
};
job.type = Job::Type::ENCRYPT_READ;
job.state = Job::State::PENDING;
break;
}
job.state = Job::State::COMPLETE;
job.success = completed_io_job.success;
job.request.success(job.success);
[[fallthrough]];
case Job::State::COMPLETE: break;
case Job::State::NONE: break;
}
return progress;
}
bool _execute_generate(Job &job)
{
bool progress = false;
File::Completed_io_job completed_io_job { false, false };
switch (job.state) {
case Job::State::PENDING:
if (!_generate_key_file->submit_io_job(_generate_key_io_buffer,
Util::Io_job::Operation::READ)) {
break;
}
job.state = Job::State::IN_PROGRESS;
progress |= true;
[[fallthrough]];
case Job::State::IN_PROGRESS:
if (!_generate_key_file->execute_io_job()) {
break;
}
progress |= true;
completed_io_job = _generate_key_file->completed_io_job();
if (!completed_io_job.completed) {
break;
}
_generate_key_file->drop_io_job();
job.state = Job::State::COMPLETE;
job.success = completed_io_job.success;
job.request.success(job.success);
[[fallthrough]];
case Job::State::COMPLETE: break;
case Job::State::NONE: break;
}
return progress;
}
bool _execute_init(Job &job, bool write)
{
bool progress = false;
File::Completed_io_job completed_io_job { false, false };
switch (job.state) {
case Job::State::PENDING:
{
using Op = Util::Io_job::Operation;
Op const op = write ? Op::WRITE : Op::READ;
if (!_init_file->submit_io_job(_init_io_buffer, op)) {
break;
}
job.state = Job::State::IN_PROGRESS;
progress |= true;
}
[[fallthrough]];
case Job::State::IN_PROGRESS:
if (!_init_file->execute_io_job()) {
break;
}
progress |= true;
completed_io_job = _init_file->completed_io_job();
if (!completed_io_job.completed) {
break;
}
_init_file->drop_io_job();
/* setup second phase */
if (write) {
/*
* In case the write request was not successful it
* is not needed to try to read the result.
*/
if (!completed_io_job.success) {
job.state = Job::State::COMPLETE;
job.request.success(false);
break;
}
_init_io_buffer = {
.base = _job.cipher.value,
.size = sizeof (_job.cipher)
};
job.type = Job::Type::INIT_READ;
job.state = Job::State::PENDING;
break;
}
job.state = Job::State::COMPLETE;
job.success = completed_io_job.success;
job.request.success(job.success);
[[fallthrough]];
case Job::State::COMPLETE: break;
case Job::State::NONE: break;
}
return progress;
}
bool _execute_read_hash(Job &job)
{
bool progress = false;
File::Completed_io_job completed_io_job { false, false };
switch (job.state) {
case Job::State::PENDING:
if (!_last_hash_file->submit_io_job(_last_hash_io_buffer,
Util::Io_job::Operation::READ)) {
break;
}
job.state = Job::State::IN_PROGRESS;
progress |= true;
[[fallthrough]];
case Job::State::IN_PROGRESS:
if (!_last_hash_file->execute_io_job()) {
break;
}
progress |= true;
completed_io_job = _last_hash_file->completed_io_job();
if (!completed_io_job.completed) {
break;
}
_last_hash_file->drop_io_job();
job.state = Job::State::COMPLETE;
job.success = completed_io_job.success;
job.request.success(job.success);
[[fallthrough]];
case Job::State::COMPLETE: break;
case Job::State::NONE: break;
}
return progress;
}
bool _execute_update_hash(Job &job, bool write)
{
bool progress = false;
File::Completed_io_job completed_io_job { false, false };
switch (job.state) {
case Job::State::PENDING:
{
using Op = Util::Io_job::Operation;
Op const op = write ? Op::WRITE : Op::READ;
if (!_last_hash_file->submit_io_job(_last_hash_io_buffer, op)) {
break;
}
job.state = Job::State::IN_PROGRESS;
progress |= true;
}
[[fallthrough]];
case Job::State::IN_PROGRESS:
if (!_last_hash_file->execute_io_job()) {
break;
}
progress |= true;
completed_io_job = _last_hash_file->completed_io_job();
if (!completed_io_job.completed) {
break;
}
_last_hash_file->drop_io_job();
/* setup second phase */
if (write) {
/*
* In case the write request was not successful it
* is not needed to try to read the result.
*/
if (!completed_io_job.success) {
job.state = Job::State::COMPLETE;
job.request.success(false);
break;
}
_last_hash_io_buffer = {
.base = _job.hash.values,
.size = sizeof (_job.hash)
};
job.type = Job::Type::HASH_UPDATE_READ;
job.state = Job::State::PENDING;
break;
}
job.state = Job::State::COMPLETE;
job.success = completed_io_job.success;
job.request.success(job.success);
[[fallthrough]];
case Job::State::COMPLETE: break;
case Job::State::NONE: break;
}
return progress;
}
Trust_anchor_vfs(Vfs::File_system &vfs,
Genode::Allocator &alloc,
Path const &path,
Genode::Signal_context_capability io_sigh)
:
_vfs { vfs },
_io_response_handler { io_sigh },
_ta_dir { path }
{
_init_file.construct(path, "initialize", _vfs, alloc, _io_response_handler);
_encrypt_file.construct(path, "encrypt", _vfs, alloc, _io_response_handler);
_decrypt_file.construct(path, "decrypt", _vfs, alloc, _io_response_handler);
_generate_key_file.construct(path, "generate_key", _vfs, alloc, _io_response_handler);
_last_hash_file.construct(path, "hashsum", _vfs, alloc, _io_response_handler);
}
bool request_acceptable() const
{
return !_job.valid();
}
void submit_create_key_request(Cbe::Trust_anchor_request const &request)
{
_job = {
.type = Job::Type::GENERATE,
.state = Job::State::PENDING,
.hash = Cbe::Hash(),
.plain = Cbe::Key_plaintext_value(),
.cipher = Cbe::Key_ciphertext_value(),
.request = request,
.success = false,
};
_generate_key_io_buffer = {
.base = _job.plain.value,
.size = sizeof (_job.plain)
};
}
void submit_superblock_hash_request(Cbe::Trust_anchor_request const &request)
{
_job = {
.type = Job::Type::HASH_READ,
.state = Job::State::PENDING,
.hash = Cbe::Hash(),
.plain = Cbe::Key_plaintext_value(),
.cipher = Cbe::Key_ciphertext_value(),
.request = request,
.success = false,
};
_last_hash_io_buffer = {
.base = _job.hash.values,
.size = sizeof (_job.hash)
};
}
void submit_secure_superblock_request(Cbe::Trust_anchor_request const &request,
Cbe::Hash const &hash)
{
_job = {
.type = Job::Type::HASH_UPDATE_WRITE,
.state = Job::State::PENDING,
.hash = hash,
.plain = Cbe::Key_plaintext_value(),
.cipher = Cbe::Key_ciphertext_value(),
.request = request,
.success = false,
};
_last_hash_io_buffer = {
.base = _job.hash.values,
.size = sizeof (_job.hash)
};
}
void submit_encrypt_key_request(Cbe::Trust_anchor_request const &request,
Cbe::Key_plaintext_value const &plain)
{
_job = {
.type = Job::Type::ENCRYPT_WRITE,
.state = Job::State::PENDING,
.hash = Cbe::Hash(),
.plain = plain,
.cipher = Cbe::Key_ciphertext_value(),
.request = request,
.success = false,
};
_encrypt_io_buffer = {
.base = _job.plain.value,
.size = sizeof (_job.plain)
};
}
void submit_decrypt_key_request(Cbe::Trust_anchor_request const &request,
Cbe::Key_ciphertext_value const &cipher)
{
_job = {
.type = Job::Type::DECRYPT_WRITE,
.state = Job::State::PENDING,
.hash = Cbe::Hash(),
.plain = Cbe::Key_plaintext_value(),
.cipher = cipher,
.request = request,
.success = false,
};
_decrypt_io_buffer = {
.base = _job.cipher.value,
.size = sizeof (_job.cipher)
};
}
Cbe::Trust_anchor_request peek_completed_request()
{
return _job.completed() ? _job.request : Cbe::Trust_anchor_request();
}
void drop_completed_request(Cbe::Trust_anchor_request const &request)
{
if (!_job.equals(request)) {
throw Invalid_request();
}
_job.reset();
}
Cbe::Hash peek_completed_superblock_hash(Cbe::Trust_anchor_request const &request)
{
if (!_job.equals(request) || !_job.completed()) {
throw Invalid_request();
}
return _job.hash;
}
Cbe::Key_plaintext_value peek_completed_key_value_plaintext(Cbe::Trust_anchor_request const &request)
{
if (!_job.equals(request) || !_job.completed()) {
throw Invalid_request();
}
return _job.plain;
}
Cbe::Key_ciphertext_value peek_completed_key_value_ciphertext(Cbe::Trust_anchor_request const &request)
{
if (!_job.equals(request) || !_job.completed()) {
throw Invalid_request();
}
return _job.cipher;
}
bool execute()
{
bool progress = false;
switch (_job.type) {
case Job::Type::NONE: break;
case Job::Type::DECRYPT_WRITE: progress |= _execute_decrypt(_job, true); break;
case Job::Type::DECRYPT_READ: progress |= _execute_decrypt(_job, false); break;
case Job::Type::ENCRYPT_WRITE: progress |= _execute_encrypt(_job, true); break;
case Job::Type::ENCRYPT_READ: progress |= _execute_encrypt(_job, false); break;
case Job::Type::GENERATE: progress |= _execute_generate(_job); break;
case Job::Type::INIT_WRITE: progress |= _execute_init(_job, true); break;
case Job::Type::INIT_READ: progress |= _execute_init(_job, false); break;
case Job::Type::HASH_READ: progress |= _execute_read_hash(_job); break;
case Job::Type::HASH_UPDATE_WRITE: progress |= _execute_update_hash(_job, true); break;
case Job::Type::HASH_UPDATE_READ: progress |= _execute_update_hash(_job, false); break;
}
return progress;
}
};
#endif /* _CBE__VFS__TRUST_ANCHOR_VFS_H_ */

3
repos/gems/lib/import/import-cbe.mk Normal file
View File

@ -0,0 +1,3 @@
CBE_DIR = $(call select_from_ports,cbe)
INC_DIR += $(CBE_DIR)/src/lib/cbe

2
repos/gems/lib/import/import-cbe_check.mk Normal file
View File

@ -0,0 +1,2 @@
INC_DIR += $(call select_from_repositories,src/lib/cbe_check)

3
repos/gems/lib/import/import-cbe_common.mk Normal file
View File

@ -0,0 +1,3 @@
CBE_DIR = $(call select_from_ports,cbe)
INC_DIR += $(CBE_DIR)/src/lib/cbe_common

2
repos/gems/lib/import/import-cbe_dump.mk Normal file
View File

@ -0,0 +1,2 @@
INC_DIR += $(call select_from_repositories,src/lib/cbe_dump)

2
repos/gems/lib/import/import-cbe_init.mk Normal file
View File

@ -0,0 +1,2 @@
INC_DIR += $(call select_from_repositories,src/lib/cbe_init)

3
repos/gems/lib/import/import-sha256_4k.mk Normal file
View File

@ -0,0 +1,3 @@
CBE_DIR = $(call select_from_ports,cbe)
INC_DIR += $(CBE_DIR)/src/lib/sha256_4k

20
repos/gems/lib/mk/generate_ada_main_pkg.inc Normal file
View File

@ -0,0 +1,20 @@
ifeq ($(called_from_lib_mk),yes)
CUSTOM_BINDER_FLAGS ?= -n -we -D768k
ALIS := $(addsuffix .ali, $(basename $(SRC_ADS) $(SRC_ADB)))
ALI_DIRS := $(foreach LIB,$(LIBS),$(call select_from_repositories,lib/ali/$(LIB)))
BINDER_SEARCH_DIRS = $(addprefix -I$(BUILD_BASE_DIR)/var/libcache/, $(LIBS)) $(addprefix -aO, $(ALI_DIRS))
# declare after(!) $(ALIS) was evaluated
SRC_ADB += b~$(LIB).adb
BINDER_SRC := b~$(LIB).adb
$(BINDER_SRC): $(ALIS)
$(VERBOSE)$(GNATBIND) $(CUSTOM_BINDER_FLAGS) $(BINDER_SEARCH_DIRS) \
$(INCLUDES) --RTS=$(ADA_RTS) -L$(LIB)_ -o $@ $^
all: $(BINDER_SRC)
endif

12
repos/gems/lib/mk/sha256_4k.mk Normal file
View File

@ -0,0 +1,12 @@
CBE_DIR = $(call select_from_ports,cbe)
SRC_ADB := sha256_4k.adb
LIBS += spark libsparkcrypto
CC_ADA_OPT += -gnatec=$(CBE_DIR)/src/lib/sha256_4k/spark.adc
INC_DIR += $(CBE_DIR)/src/lib/sha256_4k
sha256_4k.o : $(CBE_DIR)/src/lib/sha256_4k/sha256_4k.ads
vpath % $(CBE_DIR)/src/lib/sha256_4k

23
repos/gems/lib/mk/spec/x86_64/cbe.mk Normal file
View File

@ -0,0 +1,23 @@
CBE_DIR = $(call select_from_ports,cbe)
LIBS += spark sha256_4k cbe_common
INC_DIR += $(CBE_DIR)/src/lib/cbe
SRC_ADB += cbe-library.adb
SRC_ADB += cbe-request_pool.adb
SRC_ADB += cbe-crypto.adb
SRC_ADB += cbe-tree_helper.adb
SRC_ADB += cbe-translation.adb
SRC_ADB += cbe-cache.adb
SRC_ADB += cbe-new_free_tree.adb
SRC_ADB += cbe-ft_resizing.adb
SRC_ADB += cbe-mt_resizing.adb
SRC_ADB += cbe-meta_tree.adb
SRC_ADB += cbe-generic_index_queue.adb
SRC_ADB += cbe-superblock_control.adb
SRC_ADB += cbe-vbd_rekeying.adb
vpath % $(CBE_DIR)/src/lib/cbe
CC_ADA_OPT += -gnatec=$(CBE_DIR)/src/lib/cbe/pragmas.adc

14
repos/gems/lib/mk/spec/x86_64/cbe_check.mk Normal file
View File

@ -0,0 +1,14 @@
CBE_DIR = $(call select_from_ports,cbe)
LIBS += spark sha256_4k cbe_common
INC_DIR += $(CBE_DIR)/src/lib/cbe_check
SRC_ADB += cbe-check_library.adb
SRC_ADB += cbe-superblock_check.adb
SRC_ADB += cbe-vbd_check.adb
SRC_ADB += cbe-free_tree_check.adb
vpath % $(CBE_DIR)/src/lib/cbe_check
CC_ADA_OPT += -gnatec=$(CBE_DIR)/src/lib/cbe_check/pragmas.adc

17
repos/gems/lib/mk/spec/x86_64/cbe_check_cxx.mk Normal file
View File

@ -0,0 +1,17 @@
CBE_DIR = $(call select_from_ports,cbe)
LIBS += spark libsparkcrypto sha256_4k cbe_common cbe_cxx_common
LIBS += cbe_check
INC_DIR += $(CBE_DIR)/src/lib/cbe_check
INC_DIR += $(CBE_DIR)/src/lib/cbe_common
INC_DIR += $(CBE_DIR)/src/lib/cbe_check_cxx
INC_DIR += $(CBE_DIR)/src/lib/cbe_cxx_common
SRC_ADB += cbe-cxx-cxx_check_library.adb
vpath % $(CBE_DIR)/src/lib/cbe_check_cxx
SHARED_LIB := yes
include $(REP_DIR)/lib/mk/generate_ada_main_pkg.inc

17
repos/gems/lib/mk/spec/x86_64/cbe_common.mk Normal file
View File

@ -0,0 +1,17 @@
CBE_DIR = $(call select_from_ports,cbe)
LIBS += spark sha256_4k
INC_DIR += $(CBE_DIR)/src/lib/cbe_common
SRC_ADB += cbe.adb
SRC_ADB += cbe-debug.adb
SRC_ADB += cbe-request.adb
SRC_ADB += cbe-primitive.adb
SRC_ADB += cbe-block_io.adb
SRC_ADB += cbe-ta_request.adb
SRC_ADB += cbe-trust_anchor.adb
vpath % $(CBE_DIR)/src/lib/cbe_common
CC_ADA_OPT += -gnatec=$(CBE_DIR)/src/lib/cbe_common/pragmas.adc

16
repos/gems/lib/mk/spec/x86_64/cbe_cxx.mk Normal file
View File

@ -0,0 +1,16 @@
CBE_DIR = $(call select_from_ports,cbe)
LIBS += spark libsparkcrypto sha256_4k cbe cbe_common cbe_cxx_common
INC_DIR += $(CBE_DIR)/src/lib/cbe
INC_DIR += $(CBE_DIR)/src/lib/cbe_common
INC_DIR += $(CBE_DIR)/src/lib/cbe_cxx
INC_DIR += $(CBE_DIR)/src/lib/cbe_cxx_common
SRC_ADB += cbe-cxx-cxx_library.adb
vpath % $(CBE_DIR)/src/lib/cbe_cxx
SHARED_LIB := yes
include $(REP_DIR)/lib/mk/generate_ada_main_pkg.inc

12
repos/gems/lib/mk/spec/x86_64/cbe_cxx_common.mk Normal file
View File

@ -0,0 +1,12 @@
CBE_DIR = $(call select_from_ports,cbe)
LIBS += spark cbe_common
INC_DIR += $(CBE_DIR)/src/lib/cbe_common
INC_DIR += $(CBE_DIR)/src/lib/cbe_cxx_common
SRC_ADB += cbe-cxx.adb
SRC_CC += print_cstring.cc
vpath % $(CBE_DIR)/src/lib/cbe_cxx_common

14
repos/gems/lib/mk/spec/x86_64/cbe_dump.mk Normal file
View File

@ -0,0 +1,14 @@
CBE_DIR = $(call select_from_ports,cbe)
LIBS += spark sha256_4k cbe_common
INC_DIR += $(CBE_DIR)/src/lib/cbe_dump
SRC_ADB += cbe-dump_library.adb
SRC_ADB += cbe-superblock_dump.adb
SRC_ADB += cbe-vbd_dump.adb
SRC_ADB += cbe-free_tree_dump.adb
vpath % $(CBE_DIR)/src/lib/cbe_dump
CC_ADA_OPT += -gnatec=$(CBE_DIR)/src/lib/cbe_dump/pragmas.adc

17
repos/gems/lib/mk/spec/x86_64/cbe_dump_cxx.mk Normal file
View File

@ -0,0 +1,17 @@
CBE_DIR = $(call select_from_ports,cbe)
LIBS += spark libsparkcrypto sha256_4k cbe_common cbe_cxx_common
LIBS += cbe_dump
INC_DIR += $(CBE_DIR)/src/lib/cbe_dump
INC_DIR += $(CBE_DIR)/src/lib/cbe_common
INC_DIR += $(CBE_DIR)/src/lib/cbe_dump_cxx
INC_DIR += $(CBE_DIR)/src/lib/cbe_cxx_common
SRC_ADB += cbe-cxx-cxx_dump_library.adb
vpath % $(CBE_DIR)/src/lib/cbe_dump_cxx
SHARED_LIB := yes
include $(REP_DIR)/lib/mk/generate_ada_main_pkg.inc

15
repos/gems/lib/mk/spec/x86_64/cbe_init.mk Normal file
View File

@ -0,0 +1,15 @@
CBE_DIR = $(call select_from_ports,cbe)
LIBS += spark sha256_4k cbe_common cbe_cxx_common
INC_DIR += $(CBE_DIR)/src/lib/cbe_init
SRC_ADB += cbe-init_library.adb
SRC_ADB += cbe-block_allocator.adb
SRC_ADB += cbe-superblock_initializer.adb
SRC_ADB += cbe-vbd_initializer.adb
SRC_ADB += cbe-free_tree_initializer.adb
vpath % $(CBE_DIR)/src/lib/cbe_init
CC_ADA_OPT += -gnatec=$(CBE_DIR)/src/lib/cbe_init/pragmas.adc

17
repos/gems/lib/mk/spec/x86_64/cbe_init_cxx.mk Normal file
View File

@ -0,0 +1,17 @@
CBE_DIR = $(call select_from_ports,cbe)
LIBS += spark libsparkcrypto sha256_4k cbe_common cbe_cxx_common
LIBS += cbe_init
INC_DIR += $(CBE_DIR)/src/lib/cbe_init
INC_DIR += $(CBE_DIR)/src/lib/cbe_common
INC_DIR += $(CBE_DIR)/src/lib/cbe_init_cxx
INC_DIR += $(CBE_DIR)/src/lib/cbe_cxx_common
SRC_ADB += cbe-cxx-cxx_init_library.adb
vpath % $(CBE_DIR)/src/lib/cbe_init_cxx
SHARED_LIB := yes
include $(REP_DIR)/lib/mk/generate_ada_main_pkg.inc

11
repos/gems/lib/mk/spec/x86_64/vfs_cbe.mk Normal file
View File

@ -0,0 +1,11 @@
SRC_CC = vfs.cc
INC_DIR += $(REP_DIR)/src/lib/vfs/cbe
LIBS += cbe_cxx
vpath % $(REP_DIR)/src/lib/vfs/cbe
SHARED_LIB := yes
CC_CXX_WARN_STRICT :=

9
repos/gems/lib/mk/spec/x86_64/vfs_cbe_crypto_aes_cbc.mk Normal file
View File

@ -0,0 +1,9 @@
SRC_CC := vfs.cc
SRC_CC += aes_cbc.cc
LIBS += aes_cbc_4k
vpath vfs.cc $(REP_DIR)/src/lib/vfs/cbe_crypto/
vpath % $(REP_DIR)/src/lib/vfs/cbe_crypto/aes_cbc
SHARED_LIB = yes

7
repos/gems/lib/mk/spec/x86_64/vfs_cbe_crypto_memcopy.mk Normal file
View File

@ -0,0 +1,7 @@
SRC_CC := vfs.cc
SRC_CC += memcopy.cc
vpath vfs.cc $(REP_DIR)/src/lib/vfs/cbe_crypto/
vpath %.cc $(REP_DIR)/src/lib/vfs/cbe_crypto/memcopy
SHARED_LIB = yes

5
repos/gems/lib/mk/spec/x86_64/vfs_cbe_trust_anchor.mk Normal file
View File

@ -0,0 +1,5 @@
SRC_CC = vfs.cc
vpath % $(REP_DIR)/src/lib/vfs/cbe_trust_anchor
SHARED_LIB := yes

14
repos/gems/lib/symbols/cbe_check_cxx Normal file
View File

@ -0,0 +1,14 @@
_ZN9Cbe_check11object_sizeERKNS_7LibraryE T
_ZN9Cbe_check7Library20io_request_completedERKN3Cbe9Io_buffer5IndexEb T
_ZN9Cbe_check7Library21submit_client_requestERKN3Cbe7RequestE T
_ZN9Cbe_check7Library22io_request_in_progressERKN3Cbe9Io_buffer5IndexE T
_ZN9Cbe_check7Library29drop_completed_client_requestERKN3Cbe7RequestE T
_ZN9Cbe_check7Library7executeERKN3Cbe9Io_bufferE T
_ZN9Cbe_check7LibraryC1Ev T
_ZN9Sha256_4k4hashERKNS_4DataERNS_4HashE T
_ZNK9Cbe_check7Library14has_io_requestERN3Cbe7RequestERNS1_9Io_buffer5IndexE T
_ZNK9Cbe_check7Library16execute_progressEv T
_ZNK9Cbe_check7Library25client_request_acceptableEv T
_ZNK9Cbe_check7Library29peek_completed_client_requestEv T
cbe_check_cxx_final T
cbe_check_cxx_init T

44
repos/gems/lib/symbols/cbe_cxx Normal file
View File

@ -0,0 +1,44 @@
_ZN3Cbe11object_sizeERKNS_7LibraryE T
_ZN3Cbe7Library20io_request_completedERKNS_9Io_buffer5IndexEb T
_ZN3Cbe7Library21submit_client_requestERKNS_7RequestEj T
_ZN3Cbe7Library22io_request_in_progressERKNS_9Io_buffer5IndexE T
_ZN3Cbe7Library24crypto_add_key_completedERKNS_7RequestE T
_ZN3Cbe7Library24crypto_add_key_requestedERKNS_7RequestE T
_ZN3Cbe7Library24supply_crypto_plain_dataERKNS_19Crypto_plain_buffer5IndexEb T
_ZN3Cbe7Library25drop_generated_ta_requestERKNS_20Trust_anchor_requestE T
_ZN3Cbe7Library25supply_crypto_cipher_dataERKNS_20Crypto_cipher_buffer5IndexEb T
_ZN3Cbe7Library27crypto_plain_data_requestedERKNS_20Crypto_cipher_buffer5IndexE T
_ZN3Cbe7Library27crypto_remove_key_completedERKNS_7RequestE T
_ZN3Cbe7Library27crypto_remove_key_requestedERKNS_7RequestE T
_ZN3Cbe7Library28crypto_cipher_data_requestedERKNS_19Crypto_plain_buffer5IndexE T
_ZN3Cbe7Library29drop_completed_client_requestERKNS_7RequestE T
_ZN3Cbe7Library35client_transfer_read_data_completedERKNS_19Crypto_plain_buffer5IndexEb T
_ZN3Cbe7Library36client_transfer_write_data_completedERKNS_19Crypto_plain_buffer5IndexEb T
_ZN3Cbe7Library37client_transfer_read_data_in_progressERKNS_19Crypto_plain_buffer5IndexE T
_ZN3Cbe7Library38client_transfer_write_data_in_progressERKNS_19Crypto_plain_buffer5IndexE T
_ZN3Cbe7Library44mark_generated_ta_secure_sb_request_completeERKNS_20Trust_anchor_requestE T
_ZN3Cbe7Library45mark_generated_ta_create_key_request_completeERKNS_20Trust_anchor_requestERKNS_19Key_plaintext_valueE T
_ZN3Cbe7Library46mark_generated_ta_decrypt_key_request_completeERKNS_20Trust_anchor_requestERKNS_19Key_plaintext_valueE T
_ZN3Cbe7Library46mark_generated_ta_encrypt_key_request_completeERKNS_20Trust_anchor_requestERKNS_20Key_ciphertext_valueE T
_ZN3Cbe7Library47mark_generated_ta_last_sb_hash_request_completeERKNS_20Trust_anchor_requestERKNS_4HashE T
_ZN3Cbe7Library7executeERNS_9Io_bufferERNS_19Crypto_plain_bufferERNS_20Crypto_cipher_bufferE T
_ZN3Cbe7LibraryC2Ev T
_ZNK3Cbe7Library15_has_io_requestERNS_7RequestERNS_9Io_buffer5IndexE T
_ZNK3Cbe7Library16execute_progressEv T
_ZNK3Cbe7Library19active_snapshot_idsERNS_19Active_snapshot_idsE T
_ZNK3Cbe7Library24_crypto_add_key_requiredERNS_7RequestERNS_3KeyE T
_ZNK3Cbe7Library25client_request_acceptableEv T
_ZNK3Cbe7Library26_peek_generated_ta_requestERNS_20Trust_anchor_requestE T
_ZNK3Cbe7Library26_peek_generated_ta_sb_hashERKNS_20Trust_anchor_requestERNS_4HashE T
_ZNK3Cbe7Library27_crypto_plain_data_requiredERNS_7RequestERNS_20Crypto_cipher_buffer5IndexE T
_ZNK3Cbe7Library27_crypto_remove_key_requiredERNS_7RequestERNS_3Key2IdE T
_ZNK3Cbe7Library28_crypto_cipher_data_requiredERNS_7RequestERNS_19Crypto_plain_buffer5IndexE T
_ZNK3Cbe7Library29peek_completed_client_requestEv T
_ZNK3Cbe7Library34client_transfer_read_data_requiredERNS_7RequestERyRNS_19Crypto_plain_buffer5IndexE T
_ZNK3Cbe7Library35client_transfer_write_data_requiredERNS_7RequestERyRNS_19Crypto_plain_buffer5IndexE T
_ZNK3Cbe7Library38_peek_generated_ta_key_value_plaintextERKNS_20Trust_anchor_requestERNS_19Key_plaintext_valueE T
_ZNK3Cbe7Library39_peek_generated_ta_key_value_ciphertextERKNS_20Trust_anchor_requestERNS_20Key_ciphertext_valueE T
_ZNK3Cbe7Library5_infoERNS_4InfoE T
_ZNK3Cbe7Library7max_vbaEv T
cbe_cxx_final T
cbe_cxx_init T

14
repos/gems/lib/symbols/cbe_dump_cxx Normal file
View File

@ -0,0 +1,14 @@
_ZN8Cbe_dump11object_sizeERKNS_7LibraryE T
_ZN8Cbe_dump7Library20io_request_completedERKN3Cbe9Io_buffer5IndexEb T
_ZN8Cbe_dump7Library21submit_client_requestERKN3Cbe7RequestERKNS_13ConfigurationE T
_ZN8Cbe_dump7Library22io_request_in_progressERKN3Cbe9Io_buffer5IndexE T
_ZN8Cbe_dump7Library29drop_completed_client_requestERKN3Cbe7RequestE T
_ZN8Cbe_dump7Library7executeERKN3Cbe9Io_bufferE T
_ZN8Cbe_dump7LibraryC1Ev T
_ZN9Sha256_4k4hashERKNS_4DataERNS_4HashE T
_ZNK8Cbe_dump7Library14has_io_requestERN3Cbe7RequestERNS1_9Io_buffer5IndexE T
_ZNK8Cbe_dump7Library16execute_progressEv T
_ZNK8Cbe_dump7Library25client_request_acceptableEv T
_ZNK8Cbe_dump7Library29peek_completed_client_requestEv T
cbe_dump_cxx_final T
cbe_dump_cxx_init T

25
repos/gems/lib/symbols/cbe_init_cxx Normal file
View File

@ -0,0 +1,25 @@
_ZN10Aes_cbc_4k7decryptERKNS_3KeyENS_12Block_numberERKNS_10CiphertextERNS_9PlaintextE T
_ZN10Aes_cbc_4k7encryptERKNS_3KeyENS_12Block_numberERKNS_9PlaintextERNS_10CiphertextE T
_ZN8Cbe_init11object_sizeERKNS_7LibraryE T
_ZN8Cbe_init7Library20io_request_completedERKN3Cbe9Io_buffer5IndexEb T
_ZN8Cbe_init7Library21submit_client_requestERKN3Cbe7RequestEyyyyyy T
_ZN8Cbe_init7Library22io_request_in_progressERKN3Cbe9Io_buffer5IndexE T
_ZN8Cbe_init7Library25drop_generated_ta_requestERKN3Cbe20Trust_anchor_requestE T
_ZN8Cbe_init7Library29drop_completed_client_requestERKN3Cbe7RequestE T
_ZN8Cbe_init7Library44mark_generated_ta_secure_sb_request_completeERKN3Cbe20Trust_anchor_requestE T
_ZN8Cbe_init7Library45mark_generated_ta_create_key_request_completeERKN3Cbe20Trust_anchor_requestERKNS1_19Key_plaintext_valueE T
_ZN8Cbe_init7Library46mark_generated_ta_decrypt_key_request_completeERKN3Cbe20Trust_anchor_requestERKNS1_19Key_plaintext_valueE T
_ZN8Cbe_init7Library46mark_generated_ta_encrypt_key_request_completeERKN3Cbe20Trust_anchor_requestERKNS1_20Key_ciphertext_valueE T
_ZN8Cbe_init7Library7executeERN3Cbe9Io_bufferE T
_ZN8Cbe_init7LibraryC1Ev T
_ZN9Sha256_4k4hashERKNS_4DataERNS_4HashE T
_ZNK8Cbe_init7Library14has_io_requestERN3Cbe7RequestERNS1_9Io_buffer5IndexE T
_ZNK8Cbe_init7Library16execute_progressEv T
_ZNK8Cbe_init7Library25client_request_acceptableEv T
_ZNK8Cbe_init7Library26_peek_generated_ta_requestERN3Cbe20Trust_anchor_requestE T
_ZNK8Cbe_init7Library26_peek_generated_ta_sb_hashERKN3Cbe20Trust_anchor_requestERNS1_4HashE T
_ZNK8Cbe_init7Library29peek_completed_client_requestEv T
_ZNK8Cbe_init7Library38_peek_generated_ta_key_value_plaintextERKN3Cbe20Trust_anchor_requestERNS1_19Key_plaintext_valueE T
_ZNK8Cbe_init7Library39_peek_generated_ta_key_value_ciphertextERKN3Cbe20Trust_anchor_requestERNS1_20Key_ciphertext_valueE T
cbe_init_cxx_final T
cbe_init_cxx_init T

1
repos/gems/ports/cbe.hash Normal file
View File

@ -0,0 +1 @@
7bef1d81eef5ca1e8b99305c7b32fe8302d4eead

12
repos/gems/ports/cbe.port Normal file
View File

@ -0,0 +1,12 @@
LICENSE := AGPLv3
VERSION := git
DOWNLOADS := cbe.git
URL(cbe) := https://github.com/m-stein/cbe.git
DIR(cbe) := cbe
REV(cbe) := 317ffc7c4c8779a4d3c59140b48ae461ec72df7a
default: symlinks
symlinks: $(DOWNLOADS)
ln -s cbe/src src

1
repos/gems/recipes/pkg/cbe_check/README Normal file
View File

@ -0,0 +1 @@
Runtime for deploying cbe_check component from the depot.

6
repos/gems/recipes/pkg/cbe_check/archives Normal file
View File

@ -0,0 +1,6 @@
_/src/cbe
_/src/libsparkcrypto
_/src/spark
_/src/init
_/src/vfs
_/src/vfs_block

1
repos/gems/recipes/pkg/cbe_check/hash Normal file
View File

@ -0,0 +1 @@
2020-11-03 495df004fdd7a4433a783e224cc85bbcfba67593

63
repos/gems/recipes/pkg/cbe_check/runtime Normal file
View File

@ -0,0 +1,63 @@
<runtime ram="10M" caps="250" binary="init" config="init.config">
<requires>
<file_system label="cbe_fs"/>
</requires>
<content>
<rom label="cbe_check"/>
<rom label="init"/>
<rom label="init.config"/>
<rom label="ld.lib.so"/>
<rom label="cbe_check_cxx.lib.so"/>
<rom label="libsparkcrypto.lib.so"/>
<rom label="spark.lib.so"/>
<rom label="vfs.lib.so"/>
<rom label="vfs_block"/>
</content>
<config verbose="yes">
<parent-provides>
<service name="ROM"/>
<service name="PD"/>
<service name="RM"/>
<service name="CPU"/>
<service name="LOG"/>
<service name="Timer"/>
<service name="File_system"/>
</parent-provides>
<default-route> <any-service> <parent/> <any-child/> </any-service> </default-route>
<default caps="100"/>
<start name="cbe_check">
<resource name="RAM" quantum="4M"/>
<exit propagate="yes"/>
<config/>
<route>
<service name="Block"> <child name="vfs_block"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="vfs_block">
<resource name="RAM" quantum="4M"/>
<provides> <service name="Block"/> </provides>
<config>
<vfs>
<fs buffer_size="1M"/>
</vfs>
<policy label_prefix="cbe_check" block_size="512"
file="/cbe.img" writeable="yes"/>
</config>
<route>
<service name="File_system"> <parent label="cbe_fs"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
</config>
</runtime>

1
repos/gems/recipes/pkg/cbe_demo/README Normal file
View File

@ -0,0 +1 @@
CBE meta package

10
repos/gems/recipes/pkg/cbe_demo/archives Normal file
View File

@ -0,0 +1,10 @@
_/pkg/cbe_check
_/pkg/cbe_fs
_/pkg/cbe_ta_fs
_/pkg/cbe_init
_/pkg/cbe_shell
_/pkg/cbe_vbox5-nova
_/pkg/cbe_vfs
_/pkg/cbe_ta_vfs
_/pkg/cbe_vm_fs
_/pkg/download_coreplus

1
repos/gems/recipes/pkg/cbe_demo/hash Normal file
View File

@ -0,0 +1 @@
2020-11-03 ed2257ee606d05e5632527b4614c7c9e7e0205c9

2
repos/gems/recipes/pkg/cbe_fs/README Normal file
View File

@ -0,0 +1,2 @@
Runtime for deploying the chroot component configured for the CBE from
the depot.

1
repos/gems/recipes/pkg/cbe_fs/archives Normal file
View File

@ -0,0 +1 @@
_/src/chroot

1
repos/gems/recipes/pkg/cbe_fs/hash Normal file
View File

@ -0,0 +1 @@
2020-11-03 d13cb17d3fb6d2b939403c60b59748a83bdb68fb

15
repos/gems/recipes/pkg/cbe_fs/runtime Normal file
View File

@ -0,0 +1,15 @@
<runtime ram="1M" caps="100" binary="chroot">
<requires> <file_system/> </requires>
<provides> <file_system/> </provides>
<config>
<default-policy path="/cbe" writeable="yes"/>
</config>
<content>
<rom label="ld.lib.so"/>
<rom label="chroot"/>
</content>
</runtime>

1
repos/gems/recipes/pkg/cbe_init/README Normal file
View File

@ -0,0 +1 @@
Runtime for deploying cbe_init component from the depot.

6
repos/gems/recipes/pkg/cbe_init/archives Normal file
View File

@ -0,0 +1,6 @@
_/src/cbe
_/src/libsparkcrypto
_/src/spark
_/src/init
_/src/vfs
_/src/vfs_block

1
repos/gems/recipes/pkg/cbe_init/hash Normal file
View File

@ -0,0 +1 @@
2020-11-03 49f70906f96793c36b0363f14d78792c0abe1667

71
repos/gems/recipes/pkg/cbe_init/runtime Normal file
View File

@ -0,0 +1,71 @@
<runtime ram="10M" caps="300" binary="init" config="init.config">
<requires>
<file_system label="cbe_fs"/>
</requires>
<content>
<rom label="cbe_init"/>
<rom label="init"/>
<rom label="init.config"/>
<rom label="ld.lib.so"/>
<rom label="cbe_init_cxx.lib.so"/>
<rom label="libsparkcrypto.lib.so"/>
<rom label="spark.lib.so"/>
<rom label="vfs.lib.so"/>
<rom label="vfs_block"/>
</content>
<config verbose="yes">
<parent-provides>
<service name="ROM"/>
<service name="PD"/>
<service name="RM"/>
<service name="CPU"/>
<service name="LOG"/>
<service name="Timer"/>
<service name="File_system"/>
</parent-provides>
<default-route> <any-service> <parent/> <any-child/> </any-service> </default-route>
<default caps="100"/>
<start name="cbe_init">
<resource name="RAM" quantum="4M"/>
<exit propagate="yes"/>
<config>
<key id="23"/>
<!-- VBD is 1GiB (~16MiB MD) -->
<virtual-block-device nr_of_levels="5" nr_of_children="64"
nr_of_leafs="262144"/>
<!-- FT is 128MiB (~2MiB MD) -->
<free-tree nr_of_levels="4" nr_of_children="64"
nr_of_leafs="32768"/>
</config>
<route>
<service name="Block"> <child name="vfs_block"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="vfs_block">
<resource name="RAM" quantum="4M"/>
<provides> <service name="Block"/> </provides>
<config>
<vfs>
<fs buffer_size="1M"/>
</vfs>
<policy label_prefix="cbe_init" block_size="512"
file="/cbe.img" writeable="yes"/>
</config>
<route>
<service name="File_system"> <parent label="cbe_fs"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
</config>
</runtime>

1
repos/gems/recipes/pkg/cbe_shell/README Normal file
View File

@ -0,0 +1 @@
Unix runtime that allows the user to interact with the CBE.

11
repos/gems/recipes/pkg/cbe_shell/archives Normal file
View File

@ -0,0 +1,11 @@
_/src/bash-minimal
_/src/coreutils
_/src/libc
_/src/posix
_/src/ncurses
_/src/gui_fb
_/src/terminal
_/src/init
_/src/vfs
_/src/vfs_pipe
_/src/cached_fs_rom

1
repos/gems/recipes/pkg/cbe_shell/hash Normal file
View File

@ -0,0 +1 @@
2020-11-03 5b89c2d378281c2fb2cfb74edfb2cd439e13b90b

135
repos/gems/recipes/pkg/cbe_shell/runtime Normal file
View File

@ -0,0 +1,135 @@
<runtime ram="76M" caps="1000" binary="init" config="cbe_shell.config">
<requires>
<gui/>
<timer/>
<file_system label="cbe" writeable="yes"/>
<file_system label="fonts" writeable="no"/>
<rom label="clipboard"/>
<report label="clipboard"/>
<rm/>
</requires>
<content>
<rom label="cbe_shell.config"/>
<rom label="ld.lib.so"/>
<rom label="libc.lib.so"/>
<rom label="libm.lib.so"/>
<rom label="init"/>
<rom label="gui_fb"/>
<rom label="vfs"/>
<rom label="vfs_pipe.lib.so"/>
<rom label="cached_fs_rom"/>
<rom label="terminal"/>
<rom label="posix.lib.so"/>
<rom label="ncurses.lib.so"/>
<rom label="bash-minimal.tar"/>
<rom label="coreutils.tar"/>
<rom label="vfs.lib.so"/>
</content>
<config>
<parent-provides>
<service name="ROM"/>
<service name="PD"/>
<service name="RM"/>
<service name="CPU"/>
<service name="LOG"/>
<service name="Timer"/>
<service name="File_system"/>
<service name="Gui"/>
<service name="Report"/>
</parent-provides>
<default-route> <any-service> <parent/> <any-child/> </any-service> </default-route>
<default caps="100"/>
<start name="gui_fb">
<resource name="RAM" quantum="8M"/>
<provides> <service name="Framebuffer"/> <service name="Input"/> </provides>
<config xpos="10" ypos="10" initial_width="800" initial_height="600"/>
<route>
<service name="Gui"> <parent label="terminal"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="terminal">
<resource name="RAM" quantum="4M"/>
<provides> <service name="Terminal"/> </provides>
<config copy="yes" paste="yes">
<vfs> <dir name="fonts"> <fs/> </dir> </vfs>
</config>
<route>
<service name="File_system"> <parent label="fonts"/> </service>
<service name="Report" label="clipboard"> <parent label="clipboard"/> </service>
<service name="ROM" label="clipboard"> <parent label="clipboard"/> </service>
<any-service> <parent/> <any-child/> </any-service>
</route>
</start>
<start name="vfs" caps="150">
<resource name="RAM" quantum="12M"/>
<provides><service name="File_system"/></provides>
<config>
<vfs>
<tar name="bash-minimal.tar" />
<tar name="coreutils.tar" />
<dir name="dev">
<zero/> <null/> <terminal/>
<inline name="rtc">2018-01-01 00:01</inline>
</dir>
<dir name="pipe"> <pipe/> </dir>
<dir name="tmp"> <ram /> </dir>
</vfs>
<policy label_prefix="vfs_rom" root="/"/>
<default-policy root="/" writeable="yes"/>
</config>
<route>
<service name="Terminal"> <child name="terminal"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="vfs_rom">
<resource name="RAM" quantum="16M"/>
<binary name="cached_fs_rom"/>
<provides> <service name="ROM"/> </provides>
<config/>
<route>
<service name="File_system"> <child name="vfs"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="/bin/bash" caps="450">
<resource name="RAM" quantum="28M" />
<exit propagate="yes"/>
<config>
<libc stdin="/dev/terminal" stdout="/dev/terminal"
stderr="/dev/terminal" rtc="/dev/rtc" pipe="/pipe"/>
<vfs>
<fs buffer_size="1M" label="shell"/>
<dir name="cbe"> <fs buffer_size="4M" label="cbe"/> </dir>
</vfs>
<arg value="bash"/>
<env key="HOME" value="/"/>
<env key="TERM" value="screen"/>
<env key="PATH" value="/bin" />
<env key="PS1" value="cbe:$PWD> "/>
</config>
<route>
<service name="File_system" label="cbe"> <parent label="cbe"/> </service>
<service name="File_system" label="shell"> <child name="vfs"/> </service>
<service name="ROM" label_suffix=".lib.so"> <parent/> </service>
<service name="ROM" label_last="/bin/bash"> <child name="vfs_rom"/> </service>
<service name="ROM" label_prefix="/bin"> <child name="vfs_rom"/> </service>
<any-service> <parent/> <any-child/> </any-service>
</route>
</start>
</config>
</runtime>

2
repos/gems/recipes/pkg/cbe_ta_fs/README Normal file
View File

@ -0,0 +1,2 @@
Runtime for deploying the chroot component configured for the CBE
trust-anchor from the depot.

1
repos/gems/recipes/pkg/cbe_ta_fs/archives Normal file
View File

@ -0,0 +1 @@
_/src/chroot

1
repos/gems/recipes/pkg/cbe_ta_fs/hash Normal file
View File

@ -0,0 +1 @@
2020-11-03 8e4e4c9286335360b754ec50ae12acaf43385e99

15
repos/gems/recipes/pkg/cbe_ta_fs/runtime Normal file
View File

@ -0,0 +1,15 @@
<runtime ram="1M" caps="100" binary="chroot">
<requires> <file_system/> </requires>
<provides> <file_system/> </provides>
<config>
<default-policy path="/cbe_ta" writeable="yes"/>
</config>
<content>
<rom label="ld.lib.so"/>
<rom label="chroot"/>
</content>
</runtime>

1
repos/gems/recipes/pkg/cbe_ta_vfs/README Normal file
View File

@ -0,0 +1 @@
Runtime for deploying the CBE trust-anchor vfs component from the depot.

2
repos/gems/recipes/pkg/cbe_ta_vfs/archives Normal file
View File

@ -0,0 +1,2 @@
_/src/vfs
_/src/cbe

1
repos/gems/recipes/pkg/cbe_ta_vfs/hash Normal file
View File

@ -0,0 +1 @@
2020-11-03 b8e50b12ac45cae558da999afc6beac8dec19893

23
repos/gems/recipes/pkg/cbe_ta_vfs/runtime Normal file
View File

@ -0,0 +1,23 @@
<runtime ram="8M" caps="200" binary="vfs">
<requires> <log/> <file_system label="cbe_ta_fs"/> </requires>
<provides> <file_system/> </provides>
<config>
<vfs>
<fs buffer_size="1M" label="cbe_ta_fs"/>
<dir name="dev">
<cbe_trust_anchor name="cbe_trust_anchor" storage_dir="/"/>
</dir>
</vfs>
<policy label_prefix="cbe_init_trust_anchor" root="/dev" writeable="yes"/>
</config>
<content>
<rom label="ld.lib.so"/>
<rom label="vfs_cbe_trust_anchor.lib.so"/>
<rom label="vfs"/>
</content>
</runtime>

2
repos/gems/recipes/pkg/cbe_vbox5-nova/README Normal file
View File

@ -0,0 +1,2 @@
VirtualBox runtime for using a VM with Block session disk access

9
repos/gems/recipes/pkg/cbe_vbox5-nova/archives Normal file
View File

@ -0,0 +1,9 @@
_/src/vbox5-nova
_/src/base-nova
_/src/libc
_/src/init
_/src/posix
_/src/zlib
_/src/libiconv
_/src/stdcxx
_/src/vfs

1
repos/gems/recipes/pkg/cbe_vbox5-nova/hash Normal file
View File

@ -0,0 +1 @@
2020-11-03 59f5c91d5f4ceb803ba54a5fa476e70957522d4f

104
repos/gems/recipes/pkg/cbe_vbox5-nova/runtime Normal file
View File

@ -0,0 +1,104 @@
<runtime ram="1500M" caps="1500" binary="init" config="init.config">
<requires>
<file_system label="cbe"/>
<file_system label="vm"/>
<file_system label="shared"/>
<gui/>
<nic/>
<rom label="capslock"/>
<rom label="platform_info"/>
<report label="shape"/>
<report label="clipboard"/>
<rom label="clipboard"/>
<rm/>
<rtc/>
<rom label="usb_devices"/>
<usb/>
</requires>
<content>
<rom label="init.config"/>
<rom label="ld.lib.so"/>
<rom label="init"/>
<rom label="timer"/>
<rom label="virtualbox5-nova"/>
<rom label="libc.lib.so"/>
<rom label="libm.lib.so"/>
<rom label="libiconv.lib.so"/>
<rom label="qemu-usb.lib.so"/>
<rom label="stdcxx.lib.so"/>
<rom label="vfs.lib.so"/>
</content>
<config verbose="yes" prio_levels="2">
<parent-provides>
<service name="ROM"/>
<service name="PD"/>
<service name="RM"/>
<service name="CPU"/>
<service name="LOG"/>
<service name="Gui"/>
<service name="Timer"/>
<service name="Rtc"/>
<service name="Report"/>
<service name="File_system"/>
<service name="Usb"/>
<service name="Nic"/>
</parent-provides>
<default-route> <any-service> <parent/> <any-child/> </any-service> </default-route>
<default caps="100"/>
<start name="timer">
<resource name="RAM" quantum="1M"/>
<provides><service name="Timer"/></provides>
<config/>
<route>
<service name="ROM" label="platform_info">
<parent label="platform_info"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="vbox" priority="-1" caps="1000">
<binary name="virtualbox5-nova" />
<resource name="RAM" quantum="8G"/>
<exit propagate="yes"/>
<config vbox_file="machine.vbox" xhci="yes" vm_name="linux" capslock="ROM">
<vfs>
<dir name="dev">
<dir name="cbe">
<fs label="cbe" buffer_size="4M" writeable="yes"/>
</dir>
<log/>
<rtc/>
</dir>
<dir name="shared"> <fs label="shared" writeable="yes"/> </dir>
<fs writeable="yes" label="vm" buffer_size="4M" />
</vfs>
<libc stdout="/dev/log" stderr="/dev/log" rtc="/dev/rtc"/>
</config>
<route>
<service name="Audio_out"> <parent/> </service>
<service name="File_system" label="shared"> <parent label="shared"/> </service>
<service name="File_system" label="vm"> <parent label="vm"/> </service>
<service name="ROM" label="usb_devices"> <parent label="usb_devices"/> </service>
<service name="ROM" label="capslock"> <parent label="capslock"/> </service>
<service name="ROM" label="platform_info">
<parent label="platform_info"/> </service>
<service name="Nic"> <parent/> </service>
<service name="Report" label="shape"> <parent label="shape"/> </service>
<service name="ROM" label="clipboard"> <parent label="clipboard"/> </service>
<service name="Report" label="clipboard"> <parent label="clipboard"/> </service>
<service name="Gui"> <parent label=""/> </service>
<service name="File_system" label="cbe"> <parent label="cbe"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
</config>
</runtime>

2
repos/gems/recipes/pkg/cbe_vfs/README Normal file
View File

@ -0,0 +1,2 @@
Runtime for deploying the vfs component configured for the CBE from
the depot.

4
repos/gems/recipes/pkg/cbe_vfs/archives Normal file
View File

@ -0,0 +1,4 @@
_/src/vfs
_/src/cbe
_/src/spark
_/src/libcrypto

1
repos/gems/recipes/pkg/cbe_vfs/hash Normal file
View File

@ -0,0 +1 @@
2020-11-03 fac7defdc3e6e631cb2e24386c42d29fa2447151

30
repos/gems/recipes/pkg/cbe_vfs/runtime Normal file
View File

@ -0,0 +1,30 @@
<runtime ram="64M" caps="200" binary="vfs">
<requires> <log/> <file_system label="cbe_fs"/> </requires>
<provides> <file_system/> </provides>
<config>
<vfs>
<fs buffer_size="1M" label="cbe_fs"/>
<cbe_crypto_aes_cbc name="cbe_crypto"/>
<dir name="ta"> <fs buffer_size="1M" label="ta"/> </dir>
<dir name="dev">
<cbe name="cbe" verbose="no" debug="no" block="/cbe.img"
crypto="/cbe_crypto" trust_anchor="/ta"/>
</dir>
</vfs>
<policy label_prefix="cbe_vbox5-nova" root="/dev/cbe/current" writeable="yes"/>
<policy label_prefix="cbe_shell" root="/dev" writeable="yes"/>
</config>
<content>
<rom label="cbe_cxx.lib.so"/>
<rom label="ld.lib.so"/>
<rom label="libcrypto.lib.so"/>
<rom label="spark.lib.so"/>
<rom label="vfs"/>
<rom label="vfs_cbe.lib.so"/>
<rom label="vfs_cbe_crypto_aes_cbc.lib.so"/>
</content>
</runtime>

2
repos/gems/recipes/pkg/cbe_vm_fs/README Normal file
View File

@ -0,0 +1,2 @@
Runtime for deploying the chroot component configured for the VM
running on top the CBE from the depot.

1
repos/gems/recipes/pkg/cbe_vm_fs/archives Normal file
View File

@ -0,0 +1 @@
_/src/chroot

1
repos/gems/recipes/pkg/cbe_vm_fs/hash Normal file
View File

@ -0,0 +1 @@
2020-11-03 203f5c9953bf13e046452ae9e3cd6694a35c4bfa

15
repos/gems/recipes/pkg/cbe_vm_fs/runtime Normal file
View File

@ -0,0 +1,15 @@
<runtime ram="1M" caps="100" binary="chroot">
<requires> <file_system/> </requires>
<provides> <file_system/> </provides>
<config>
<default-policy path="/vm/cbe" writeable="yes"/>
</config>
<content>
<rom label="ld.lib.so"/>
<rom label="chroot"/>
</content>
</runtime>

1
repos/gems/recipes/pkg/download_coreplus/README Normal file
View File

@ -0,0 +1 @@
This package is used to prepare the assets for the TinyCore+ VM.

20
repos/gems/recipes/pkg/download_coreplus/archives Normal file
View File

@ -0,0 +1,20 @@
_/raw/download_coreplus
_/src/libc
_/src/vfs_lxip
_/src/bash-minimal
_/src/coreutils-minimal
_/src/curl
_/src/fetchurl
_/src/init
_/src/libcrypto
_/src/libssh
_/src/libssl
_/src/ncurses
_/src/gui_fb
_/src/posix
_/src/report_rom
_/src/terminal
_/src/terminal_log
_/src/vfs
_/src/zlib
_/src/cached_fs_rom

1
repos/gems/recipes/pkg/download_coreplus/hash Normal file
View File

@ -0,0 +1 @@
2020-11-03 0b391915cc6c8905cb1840f7716cf9d58742e8f1

40
repos/gems/recipes/pkg/download_coreplus/runtime Normal file
View File

@ -0,0 +1,40 @@
<runtime ram="80M" caps="1500" binary="init" config="init.config">
<requires>
<gui/>
<nic/>
<timer/>
<rm/>
<file_system label="target" writeable="yes"/>
<file_system label="fonts" writeable="no"/>
</requires>
<content>
<rom label="init.config"/>
<rom label="ld.lib.so"/>
<rom label="libc.lib.so"/>
<rom label="libm.lib.so"/>
<rom label="init"/>
<rom label="gui_fb"/>
<rom label="terminal"/>
<rom label="posix.lib.so"/>
<rom label="ncurses.lib.so"/>
<rom label="bash-minimal.tar"/>
<rom label="coreutils-minimal.tar"/>
<rom label="vfs"/>
<rom label="vfs.lib.so"/>
<rom label="terminal_log"/>
<rom label="report_rom"/>
<rom label="fetchurl"/>
<rom label="lxip.lib.so"/>
<rom label="vfs_lxip.lib.so"/>
<rom label="libssl.lib.so"/>
<rom label="libssh.lib.so"/>
<rom label="curl.lib.so"/>
<rom label="libcrypto.lib.so"/>
<rom label="zlib.lib.so"/>
<rom label="assets.tar"/>
<rom label="cached_fs_rom"/>
</content>
</runtime>

8
repos/gems/recipes/raw/download_coreplus/content.mk Normal file
View File

@ -0,0 +1,8 @@
content: init.config assets.tar
init.config:
cp $(REP_DIR)/recipes/raw/download_coreplus/$@ $@
assets.tar:
tar --mtime='2018-05-29 00:00Z' -cf $@ -C $(REP_DIR)/recipes/raw/download_coreplus machine.vbox
tar --mtime='2018-05-29 00:00Z' -rf $@ -C $(REP_DIR)/recipes/raw/download_coreplus disk0.vmdk

24
repos/gems/recipes/raw/download_coreplus/disk0.vmdk Normal file
View File

@ -0,0 +1,24 @@
# Disk DescriptorFile
version=1
CID=e2776b25
parentCID=ffffffff
createType="fullDevice"
# Extent description
RW 2097152 FLAT "/dev/cbe/data" 0
# The disk Data Base
#DDB
ddb.virtualHWVersion = "4"
ddb.adapterType="ide"
ddb.geometry.cylinders="16383"
ddb.geometry.heads="16"
ddb.geometry.sectors="63"
ddb.uuid.image="05efe683-df7a-43e0-b8f8-0ee9f689a785"
ddb.uuid.parent="00000000-0000-0000-0000-000000000000"
ddb.uuid.modification="254ef0be-7de8-419f-961b-03ae474d08ce"
ddb.uuid.parentmodification="00000000-0000-0000-0000-000000000000"
ddb.geometry.biosCylinders="1024"
ddb.geometry.biosHeads="255"
ddb.geometry.biosSectors="63"

1
repos/gems/recipes/raw/download_coreplus/hash Normal file
View File

@ -0,0 +1 @@
2020-08-20-m d6fe379ab9410910da99798bb9b8264fc34be587

153
repos/gems/recipes/raw/download_coreplus/init.config Normal file
View File

@ -0,0 +1,153 @@
<config>
<parent-provides>
<service name="ROM"/>
<service name="PD"/>
<service name="RM"/>
<service name="CPU"/>
<service name="LOG"/>
<service name="Timer"/>
<service name="File_system"/>
<service name="Gui"/>
<service name="Nic"/>
</parent-provides>
<default-route> <any-service> <parent/> </any-service> </default-route>
<default caps="100"/>
<start name="gui_fb">
<resource name="RAM" quantum="4M"/>
<provides>
<service name="Framebuffer"/>
<service name="Input"/>
</provides>
<config xpos="10" ypos="10" initial_width="900" initial_height="200"/>
</start>
<start name="vfs">
<resource name="RAM" quantum="10M"/>
<provides><service name="File_system"/></provides>
<config>
<vfs>
<tar name="bash-minimal.tar"/>
<tar name="coreutils-minimal.tar"/>
<tar name="assets.tar"/>
<dir name="dev">
<log/>
<zero/>
<null/>
</dir>
<dir name="vm">
<fs label="target"/>
</dir>
<inline name=".profile">
cp /machine.vbox /disk0.vmdk /vm
</inline>
</vfs>
<policy label_prefix="vfs_rom" root="/"/>
<default-policy root="/" writeable="yes"/>
</config>
<route>
<service name="File_system" label="target">
<parent label="target"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="vfs_rom">
<resource name="RAM" quantum="4M"/>
<binary name="cached_fs_rom"/>
<provides> <service name="ROM"/> </provides>
<config/>
<route>
<service name="File_system"> <child name="vfs"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="/bin/bash" caps="450">
<resource name="RAM" quantum="10M" />
<exit propagate="yes"/>
<config>
<libc stdin="/dev/null" stdout="/dev/null" stderr="/dev/null"/>
<vfs> <fs/> </vfs>
<arg value="bash"/>
<arg value="--login"/>
<env key="TERM" value="screen"/>
<env key="HOME" value="/"/>
<env key="PATH" value="/bin" />
<env key="PS1" value="system:$PWD> " />
</config>
<route>
<service name="File_system"> <child name="vfs"/> </service>
<service name="ROM" label_suffix=".lib.so"> <parent/> </service>
<service name="ROM" label_last="/bin/bash"> <child name="vfs_rom"/> </service>
<service name="ROM" label_prefix="/bin"> <child name="vfs_rom"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="terminal">
<resource name="RAM" quantum="4M"/>
<provides> <service name="Terminal"/> </provides>
<config>
<vfs> <dir name="fonts"> <fs/> </dir> </vfs>
</config>
<route>
<service name="Input"> <child name="gui_fb" /> </service>
<service name="Framebuffer"> <child name="gui_fb" /> </service>
<service name="File_system"> <parent label="fonts"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="terminal_log">
<resource name="RAM" quantum="1M"/>
<provides> <service name="LOG"/> </provides>
<config/>
<route>
<service name="Terminal"> <child name="terminal"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="report">
<binary name="report_rom"/>
<resource name="RAM" quantum="1M"/>
<provides> <service name="Report"/> <service name="ROM"/> </provides>
<config verbose="yes"/>
<route>
<service name="LOG"> <child name="terminal_log"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="download" caps="300">
<exit propagate="yes"/>
<binary name="fetchurl"/>
<resource name="RAM" quantum="40M"/>
<config>
<report progress="yes"/>
<vfs>
<dir name="dev">
<log/> <null/>
<inline name="rtc">2019-07-04 12:00</inline>
<inline name="random">01234567890123456789</inline>
</dir>
<dir name="socket"> <lxip dhcp="yes"/> </dir>
<dir name="vm"> <fs label="target"/> </dir>
</vfs>
<libc stdout="/dev/log" stderr="/dev/log" rtc="/dev/rtc" socket="/socket"/>
<fetch url="http://tinycorelinux.net/11.x/x86/release/CorePlus-current.iso"
path="/vm/installer.iso" retry="3"/>
</config>
<route>
<service name="File_system" label="target">
<parent label="target"/> </service>
<service name="LOG"> <parent/> </service>
<service name="Report"> <child name="report"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
</config>

61
repos/gems/recipes/raw/download_coreplus/machine.vbox Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0"?>
<!--
** DO NOT EDIT THIS FILE.
** If you make changes to this file while any VirtualBox related application
** is running, your changes will be overwritten later, without taking effect.
** Use VBoxManage or the VirtualBox Manager GUI to make changes.
-->
<VirtualBox xmlns="http://www.virtualbox.org/" version="1.14-freebsd">
<Machine uuid="{03ba59c2-4476-4bb2-ba12-d63ec11e20d6}" name="VM" OSType="Ubuntu_64" snapshotFolder="Snapshots" lastStateChange="2018-04-18T09:20:00Z">
<MediaRegistry>
<HardDisks>
<HardDisk uuid="{05efe683-df7a-43e0-b8f8-0ee9f689a785}" location="/disk0.vmdk" format="VMDK" type="Normal"/>
</HardDisks>
<DVDImages>
<Image uuid="{725cbad6-206e-4e36-b628-c1a6f41b8b9e}" location="/installer.iso"/>
</DVDImages>
</MediaRegistry>
<Hardware>
<CPU count="2">
<PAE enabled="true"/>
<LongMode enabled="true"/>
<HardwareVirtExLargePages enabled="false"/>
</CPU>
<Memory RAMSize="1024"/>
<HID Pointing="USBTablet"/>
<Display VRAMSize="20"/>
<RemoteDisplay enabled="false"/>
<Chipset type="PIIX3"/>
<BIOS>
<IOAPIC enabled="true"/>
</BIOS>
<USB>
<Controllers>
<Controller name="OHCI" type="OHCI"/>
</Controllers>
</USB>
<Network>
<Adapter slot="0" enabled="true" MACAddress="0800271D7901" cable="true" type="82540EM">
<BridgedInterface/>
</Adapter>
</Network>
<AudioAdapter controller="HDA" driver="OSS" enabled="false"/>
<RTC localOrUTC="UTC"/>
<SharedFolders>
<SharedFolder name="shared" hostPath="/shared" writable="true" autoMount="true"/>
</SharedFolders>
</Hardware>
<StorageControllers>
<StorageController name="IDE" type="PIIX4" PortCount="2" useHostIOCache="true" Bootable="false">
<AttachedDevice passthrough="false" type="DVD" port="1" device="0">
<Image uuid="{725cbad6-206e-4e36-b628-c1a6f41b8b9e}" location="/installer.iso"/>
</AttachedDevice>
</StorageController>
<StorageController name="SATA" type="AHCI" PortCount="2" useHostIOCache="true" Bootable="true" IDE0MasterEmulationPort="0" IDE0SlaveEmulationPort="1" IDE1MasterEmulationPort="2" IDE1SlaveEmulationPort="3">
<AttachedDevice type="HardDisk" port="0" device="0">
<Image uuid="{05efe683-df7a-43e0-b8f8-0ee9f689a785}"/>
</AttachedDevice>
</StorageController>
</StorageControllers>
</Machine>
</VirtualBox>

74
repos/gems/recipes/src/cbe/content.mk Normal file
View File

@ -0,0 +1,74 @@
BUILD_LIBS := \
cbe_cxx \
cbe_init_cxx \
cbe_dump_cxx \
cbe_check_cxx
MIRROR_FROM_CBE_DIR := \
src/lib/cbe \
src/lib/cbe_common \
src/lib/cbe_cxx \
src/lib/cbe_cxx_common \
src/lib/cbe_init \
src/lib/cbe_init_cxx \
src/lib/cbe_dump \
src/lib/cbe_dump_cxx \
src/lib/cbe_check \
src/lib/cbe_check_cxx \
src/lib/sha256_4k
MIRROR_FROM_REP_DIR := \
lib/import/import-cbe.mk \
lib/import/import-cbe_common.mk \
lib/import/import-cbe_init.mk \
lib/import/import-cbe_dump.mk \
lib/import/import-cbe_check.mk \
lib/import/import-sha256_4k.mk \
lib/mk/spec/x86_64/cbe.mk \
lib/mk/spec/x86_64/cbe_common.mk \
lib/mk/spec/x86_64/cbe_cxx.mk \
lib/mk/spec/x86_64/cbe_cxx_common.mk \
lib/mk/spec/x86_64/cbe_init.mk \
lib/mk/spec/x86_64/cbe_init_cxx.mk \
lib/mk/spec/x86_64/cbe_dump.mk \
lib/mk/spec/x86_64/cbe_dump_cxx.mk \
lib/mk/spec/x86_64/cbe_check.mk \
lib/mk/spec/x86_64/cbe_check_cxx.mk \
lib/mk/spec/x86_64/vfs_cbe.mk \
lib/mk/spec/x86_64/vfs_cbe_crypto_aes_cbc.mk \
lib/mk/spec/x86_64/vfs_cbe_crypto_memcopy.mk \
lib/mk/spec/x86_64/vfs_cbe_trust_anchor.mk \
lib/mk/generate_ada_main_pkg.inc \
lib/mk/sha256_4k.mk \
lib/symbols/cbe_check_cxx \
lib/symbols/cbe_dump_cxx \
lib/symbols/cbe_init_cxx \
src/lib/vfs/cbe \
src/lib/vfs/cbe_crypto/vfs.cc \
src/lib/vfs/cbe_crypto/aes_cbc \
src/lib/vfs/cbe_crypto/memcopy \
src/lib/vfs/cbe_trust_anchor \
src/app/cbe_check \
src/app/cbe_dump \
src/app/cbe_init \
src/app/cbe_tester \
include/cbe
CBE_DIR := $(call port_dir,$(REP_DIR)/ports/cbe)
content: $(MIRROR_FROM_REP_DIR) $(MIRROR_FROM_CBE_DIR) LICENSE src/lib/cbe/target.mk
$(MIRROR_FROM_REP_DIR):
$(mirror_from_rep_dir)
$(MIRROR_FROM_CBE_DIR):
mkdir -p $(dir $@)
cp -r $(CBE_DIR)/$@ $(dir $@)
src/lib/cbe/target.mk:
mkdir -p $(dir $@)
echo "REQUIRES += x86_64" > $@
echo "LIBS += $(BUILD_LIBS)" >> $@
LICENSE:
cp $(GENODE_DIR)/LICENSE $@

1
repos/gems/recipes/src/cbe/hash Normal file
View File

@ -0,0 +1 @@
2020-11-23-v b0420c400f8d8f766d55f96837f867600f8e22b9

9
repos/gems/recipes/src/cbe/used_apis Normal file
View File

@ -0,0 +1,9 @@
base
block_session
os
vfs
aes_cbc_4k
libcrypto
so
spark
libsparkcrypto

1042
repos/gems/run/cbe_tester.run Normal file
View File

File diff suppressed because it is too large Load Diff

361
repos/gems/run/vfs_cbe.run Normal file
View File

@ -0,0 +1,361 @@
assert_spec linux
if {[expr ![info exists ::env(CBE_KEEP)]]} {
exec rm -rf var/libcache/cbe
exec rm -rf var/libcache/cbe_cxx
exec rm -rf var/libcache/cbe_common
exec rm -rf var/libcache/cbe_common_cxx
exec rm -rf var/libcache/cbe_init
exec rm -rf var/libcache/cbe_init_cxx
exec rm -rf var/libcache/cbe_check
exec rm -rf var/libcache/cbe_check_cxx
exec rm -rf var/libcache/cbe_dump
exec rm -rf var/libcache/cbe_dump_cxx
}
create_boot_directory
proc cbe_image_file { } {
return "vfs_cbe_block.img"
}
set use_interactively [expr ![get_cmd_switch --autopilot]]
import_from_depot [depot_user]/pkg/[drivers_interactive_pkg] \
[depot_user]/pkg/terminal \
[depot_user]/src/ncurses \
[depot_user]/src/bash \
[depot_user]/src/coreutils \
[depot_user]/src/nitpicker \
[depot_user]/src/gui_fb
build {
core
timer
init
server/lx_fs
lib/vfs/cbe
lib/vfs/cbe_crypto/aes_cbc
lib/vfs/cbe_crypto/memcopy
lib/vfs/cbe_trust_anchor
lib/vfs/import
lib/vfs/pipe
test/vfs_stress
test/libc
server/log_terminal
server/report_rom
server/fs_rom
}
set config {
<config verbose="yes">
<parent-provides>
<service name="ROM"/>
<service name="RAM"/>
<service name="IRQ"/>
<service name="IO_MEM"/>
<service name="IO_PORT"/>
<service name="PD"/>
<service name="RM"/>
<service name="CPU"/>
<service name="LOG"/>
</parent-provides>
<default-route>
<any-service> <parent/> <any-child/> </any-service>
</default-route>
<default caps="100"/>
<start name="timer">
<resource name="RAM" quantum="1M"/>
<provides><service name="Timer"/></provides>
</start>
<start name="drivers" caps="1000" managing_system="yes">
<resource name="RAM" quantum="32M"/>
<binary name="init"/>
<route>
<service name="ROM" label="config"> <parent label="drivers.config"/> </service>
<service name="Timer"> <child name="timer"/> </service>
<service name="Capture"> <child name="nitpicker"/> </service>
<service name="Event"> <child name="nitpicker"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>}
append_if $use_interactively config {
<start name="nitpicker">
<resource name="RAM" quantum="4M"/>
<provides>
<service name="Gui"/>
<service name="Capture"/>
<service name="Event"/>
</provides>
<config focus="rom" request_framebuffer="no" request_input="no">
<capture/> <event/>
<domain name="default" layer="2" content="client" label="no" hover="always"/>
<default-policy domain="default"/>
</config>
<route>
<any-service> <parent/> <any-child/> </any-service>
</route>
</start>
<start name="gui_fb">
<resource name="RAM" quantum="4M"/>
<provides> <service name="Framebuffer"/> <service name="Input"/> </provides>
<config/>
<route>
<service name="Gui"> <child name="nitpicker"/> </service>
<any-service> <parent/> <any-child/> </any-service>
</route>
</start>
<start name="terminal_service" caps="110">
<binary name="terminal"/>
<resource name="RAM" quantum="2M"/>
<provides><service name="Terminal"/></provides>
<route>
<service name="ROM" label="config"> <parent label="terminal.config"/> </service>
<service name="Input"> <child name="gui_fb"/> </service>
<service name="Framebuffer"> <child name="gui_fb"/> </service>
<any-service> <parent/> <any-child/> </any-service>
</route>
</start>}
append_if [expr !$use_interactively] config {
<start name="terminal_service" caps="110">
<binary name="log_terminal"/>
<resource name="RAM" quantum="2M"/>
<provides><service name="Terminal"/></provides>
<route>
<any-service> <parent/> <any-child/> </any-service>
</route>
</start>}
append config {
<start name="lx_fs" ld="no">
<resource name="RAM" quantum="4M"/>
<provides> <service name="File_system"/> </provides>
<config>
<default-policy root="/" writeable="yes"/>
</config>
</start>
<start name="vfs_cbe_trust_anchor" caps="120">
<binary name="vfs"/>
<resource name="RAM" quantum="16M"/>
<provides><service name="File_system"/></provides>
<config>
<vfs>
<ram/>
<import>
<rom name="keyfile"/>
<rom name="secured_superblock"/>
</import>
<dir name="dev">
<cbe_trust_anchor name="cbe_trust_anchor"
storage_dir="/"/>
</dir>
</vfs>
<default-policy root="/dev/cbe_trust_anchor" writeable="yes"/>
</config>
<route>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="initialize_cbe" caps="3000">
<binary name="sequence"/>
<resource name="RAM" quantum="300M"/>
<config>
<start name="cbe_init_trust_anchor">
<resource name="RAM" quantum="4M"/>
<config passphrase="foobar" trust_anchor_dir="/trust_anchor">
<vfs>
<dir name="trust_anchor">
<fs label="ta"/>
</dir>
</vfs>
</config>
</start>
<start name="init" caps="1600">
<resource name="RAM" quantum="256M"/>
<config verbose="yes">
<parent-provides>
<service name="ROM"/>
<service name="PD"/>
<service name="RM"/>
<service name="CPU"/>
<service name="LOG"/>
<service name="Nic"/>
<service name="Timer"/>
<service name="File_system"/>
<service name="Terminal"/>
</parent-provides>
<default-route> <any-service> <parent/> </any-service> </default-route>
<default caps="100"/>
<start name="vfs_cbe" caps="200">
<binary name="vfs"/>
<resource name="RAM" quantum="16M"/>
<provides><service name="File_system"/></provides>
<config>
<vfs>
<fs buffer_size="1M" label="fs_backend"/>
<cbe_crypto_aes_cbc name="cbe_crypto"/>
<dir name="ta"> <fs buffer_size="1M" label="ta"/> </dir>
<dir name="dev">
<cbe name="cbe" debug="no" verbose="yes"
block="/} [cbe_image_file] {"
crypto="/cbe_crypto"
trust_anchor="/ta"/>
</dir>
</vfs>
<default-policy root="/dev" writeable="yes"/>
</config>
<route>
<service name="File_system" label="fs_backend"> <parent label="fs"/> </service>
<service name="File_system" label="ta"> <parent label="ta"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="vfs" caps="120">
<resource name="RAM" quantum="30M"/>
<provides><service name="File_system"/></provides>
<config>
<vfs>
<tar name="coreutils.tar"/>
<tar name="bash.tar"/>
<dir name="home"> <ram/> </dir>
<dir name="share"> </dir>
<dir name="tmp"> <ram/> </dir>
<dir name="dev">
<zero/> <null/> <terminal/>
<dir name="pipe"> <pipe/> </dir>
<inline name="rtc">2018-01-01 00:01</inline>
</dir>
</vfs>
<policy label_prefix="vfs_rom" root="/"/>
<default-policy root="/" writeable="yes"/>
</config>
<route>
<service name="Terminal"> <parent label="terminal_service"/> </service>
<service name="Timer"> <child name="timer"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="vfs_rom">
<resource name="RAM" quantum="30M"/>
<binary name="fs_rom"/>
<provides> <service name="ROM"/> </provides>
<config/>
<route>
<service name="File_system"> <child name="vfs"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="/bin/bash" caps="1000">
<resource name="RAM" quantum="64M"/>
<config ld_verbose="yes">
<libc stdin="/dev/terminal" stdout="/dev/terminal"
stderr="/dev/terminal" rtc="/dev/rtc" pipe="/dev/pipe"/>
<vfs>
<fs label="shell" buffer_size="1M"/>
<dir name="dev">
<fs label="cbe" buffer_size="1M"/>
</dir>
<rom name=".bashrc" label="vfs_cbe.sh"/>
</vfs>
<arg value="bash"/>
<env key="TERM" value="screen"/>
<env key="HOME" value="/"/>
<env key="PATH" value="/bin"/>
</config>
<route>
<service name="File_system" label="shell"> <child name="vfs"/> </service>
<service name="File_system" label="cbe"> <child name="vfs_cbe"/> </service>
<service name="ROM" label_suffix=".lib.so"> <parent/> </service>
<service name="ROM" label_last="/bin/bash"> <child name="vfs_rom"/> </service>
<service name="ROM" label_prefix="/bin"> <child name="vfs_rom"/> </service>
<any-service> <parent/> <any-child/> </any-service>
</route>
</start>
</config>
</start>
</config>
<route>
<service name="Terminal"> <child name="terminal_service"/> </service>
<service name="File_system" label_last="fs"> <child name="lx_fs"/> </service>
<service name="File_system" label_last="ta"> <child name="vfs_cbe_trust_anchor"/> </service>
<service name="Timer"> <child name="timer"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
</config>}
install_config $config
set shell_script "run/vfs_cbe.sh"
set repo "[repository_contains $shell_script]"
exec cp $repo/$shell_script bin/
append boot_modules {
lx_fs
cbe_init_trust_anchor
spark.lib.so
libsparkcrypto.lib.so
cbe_cxx.lib.so
vfs_cbe.lib.so
vfs_cbe_crypto_aes_cbc.lib.so
vfs_cbe_crypto_memcopy.lib.so
vfs_cbe_trust_anchor.lib.so
vfs_cbe.sh
vfs.lib.so
vfs_import.lib.so
vfs_pipe.lib.so
posix.lib.so
libc.lib.so
libcrypto.lib.so
log_terminal
fs_rom
report_rom
sequence
init
core
timer
ld.lib.so
}
append boot_modules {
keyfile secured_superblock
}
append boot_modules [cbe_image_file]
set fd [open [run_dir]/genode/focus w]
puts $fd "<focus label=\"gui_fb -> \" domain=\"default\"/>"
close $fd
build_boot_image $boot_modules
if {$use_interactively} {
run_genode_until forever
} else {
run_genode_until {.*--- Automated CBE testing finished.*} 1800
}

252
repos/gems/run/vfs_cbe.sh Normal file
View File

@ -0,0 +1,252 @@
#!/bin/bash
echo "--- Automated CBE testing ---"
produce_pattern() {
local pattern="$1"
local size="$2"
[ "$pattern" = "" ] && exit 1
local tmp_file="/tmp/pattern.tmp"
local N=1041
# prints numbers until N and uses pattern as delimiter and
# generates about 4 KiB of data with a 1 byte pattern
seq -s "$pattern" $N > $tmp_file
dd if=$tmp_file count=1 bs=$size 2>/dev/null
}
test_write_1() {
local data_file="$1"
local offset=$2
local pattern_file="/tmp/pattern"
dd bs=4096 count=1 if=$pattern_file of=$data_file seek=$offset 2>/dev/null || exit 1
}
test_read_compare_1() {
local data_file="$1"
local offset=$2
local pattern_file="/tmp/pattern"
rm $pattern_file.out 2>/dev/null
dd bs=4096 count=1 if=$data_file of=$pattern_file.out skip=$offset 2>/dev/null || exit 1
local sha1=$(sha1sum $pattern_file)
local sha1_sum=${sha1:0:40}
local sha1out=$(sha1sum $pattern_file.out)
local sha1out_sum=${sha1out:0:40}
if [ "$sha1_sum" != "$sha1out_sum" ]; then
echo "mismatch for block $offset:"
echo " expected: $sha1_sum"
echo -n " "
dd if=$pattern_file bs=32 count=1 2>/dev/null; echo
echo " got: $sha1out_sum"
echo -n " "
dd if=$pattern_file.out bs=32 count=1 2>/dev/null; echo
return 1
fi
}
test_create_snapshot() {
local cbe_dir="$1"
echo "Create snapshot"
echo true > $cbe_dir/control/create_snapshot
}
test_list_snapshots() {
local cbe_dir="$1"
echo "List content of '$cbe_dir'"
ls -l $cbe_dir/snapshots
}
test_discard_snapshot() {
local cbe_dir="$1"
local snap_id=$2
echo "Discard snapshot with id: $snap_id"
echo $snap_id > $cbe_dir/control/discard_snapshot
}
test_rekey() {
local cbe_dir="$1"
echo "Start rekeying"
echo on > $cbe_dir/control/rekey
echo "Reykeying started"
}
test_vbd_extension() {
local cbe_dir="$1"
local nr_of_phys_blocks="$2"
echo "Start extending VBD"
echo tree=vbd, blocks=$nr_of_phys_blocks > $cbe_dir/control/extend
echo "VBD extension started"
}
test_ft_extension() {
local cbe_dir="$1"
local nr_of_phys_blocks="$2"
echo "Start extending FT"
echo tree=ft, blocks=$nr_of_phys_blocks > $cbe_dir/control/extend
echo "FT extension started"
}
test_rekey_state() {
local cbe_dir="$1"
local state="$(< $cbe_dir/control/rekey)"
echo "Rekeying state: $state"
}
test_rekey_state() {
local cbe_dir="$1"
local state="$(< $cbe_dir/control/rekey)"
echo "Rekeying state: $state"
}
wait_for_rekeying() {
local cbe_dir="$1"
echo "Wait for rekeying to finish..."
while : ; do
local file_content="$(< $cbe_dir/control/rekey)"
local state="${file_content:0:4}"
if [ "$state" = "idle" ]; then
local result="${file_content:5}"
echo "Reykeying done: $result"
break;
fi
sleep 2
done
}
wait_for_vbd_extension() {
local cbe_dir="$1"
echo "Wait for VBD extension to finish..."
while : ; do
local file_content="$(< $cbe_dir/control/extend)"
local state="${file_content:0:4}"
if [ "$state" = "idle" ]; then
local result="${file_content:5}"
echo "VBD extension done: $result"
break;
fi
sleep 2
done
}
wait_for_ft_extension() {
local cbe_dir="$1"
echo "Wait for FT extension to finish..."
while : ; do
local file_content="$(< $cbe_dir/control/extend)"
local state="${file_content:0:4}"
if [ "$state" = "idle" ]; then
local result="${file_content:5}"
echo "VBD extension done: $result"
break;
fi
sleep 2
done
}
main() {
local cbe_dir="/dev/cbe"
local data_file="$cbe_dir/current/data"
ls -l $cbe_dir
for i in $(seq 3); do
echo "--> Run $i:"
local pattern_file="/tmp/pattern"
produce_pattern "$i" "4096" > $pattern_file
test_write_1 "$data_file" "419"
test_write_1 "$data_file" "63"
test_write_1 "$data_file" "333"
test_vbd_extension "$cbe_dir" "1000"
test_read_compare_1 "$data_file" "63"
test_write_1 "$data_file" "175"
test_read_compare_1 "$data_file" "419"
test_write_1 "$data_file" "91"
test_read_compare_1 "$data_file" "175"
test_read_compare_1 "$data_file" "91"
test_read_compare_1 "$data_file" "333"
wait_for_vbd_extension "$cbe_dir"
test_write_1 "$data_file" "32"
test_write_1 "$data_file" "77"
test_write_1 "$data_file" "199"
test_ft_extension "$cbe_dir" "1000"
test_read_compare_1 "$data_file" "32"
test_write_1 "$data_file" "211"
test_read_compare_1 "$data_file" "77"
test_write_1 "$data_file" "278"
test_read_compare_1 "$data_file" "199"
test_read_compare_1 "$data_file" "278"
test_read_compare_1 "$data_file" "211"
wait_for_ft_extension "$cbe_dir"
test_write_1 "$data_file" "0"
test_write_1 "$data_file" "8"
test_write_1 "$data_file" "16"
test_write_1 "$data_file" "490"
test_write_1 "$data_file" "468"
test_read_compare_1 "$data_file" "0"
test_read_compare_1 "$data_file" "8"
test_read_compare_1 "$data_file" "16"
test_read_compare_1 "$data_file" "490"
test_rekey "$cbe_dir"
test_write_1 "$data_file" "0"
test_rekey_state "$cbe_dir"
test_read_compare_1 "$data_file" "490"
test_rekey_state "$cbe_dir"
test_write_1 "$data_file" "16"
test_rekey_state "$cbe_dir"
test_read_compare_1 "$data_file" "468"
test_rekey_state "$cbe_dir"
test_read_compare_1 "$data_file" "8"
test_rekey_state "$cbe_dir"
test_read_compare_1 "$data_file" "16"
test_rekey_state "$cbe_dir"
test_read_compare_1 "$data_file" "0"
test_write_1 "$data_file" "300"
test_write_1 "$data_file" "240"
test_write_1 "$data_file" "201"
test_write_1 "$data_file" "328"
wait_for_rekeying "$cbe_dir"
echo "--> Run $i done"
done
echo "--> Read/Compare test"
test_read_compare_1 "$data_file" "0"
test_read_compare_1 "$data_file" "490"
test_read_compare_1 "$data_file" "468"
test_read_compare_1 "$data_file" "8"
test_read_compare_1 "$data_file" "16"
echo "--> Read/Compare test done"
echo "--- Automated CBE testing finished, shell is yours ---"
}
main "$@"
# just drop into shell
# exit 0

176
repos/gems/run/vfs_cbe_init.run Normal file
View File

@ -0,0 +1,176 @@
assert_spec linux
if {[expr ![info exists ::env(CBE_KEEP)]]} {
exec rm -rf var/libcache/cbe
exec rm -rf var/libcache/cbe_cxx
exec rm -rf var/libcache/cbe_common
exec rm -rf var/libcache/cbe_common_cxx
exec rm -rf var/libcache/cbe_init
exec rm -rf var/libcache/cbe_init_cxx
exec rm -rf var/libcache/cbe_check
exec rm -rf var/libcache/cbe_check_cxx
exec rm -rf var/libcache/cbe_dump
exec rm -rf var/libcache/cbe_dump_cxx
}
proc cbe_image_file { } {
return "vfs_cbe_block.img"
}
set image_size 32
proc cbe_image_size_mb { } {
global image_size
return $image_size
}
append build_components {
core init timer
server/lx_block
server/lx_fs
server/vfs
app/sequence
app/cbe_init_trust_anchor
app/cbe_init
lib/vfs/cbe_trust_anchor
}
build $build_components
create_boot_directory
append config {
<config verbose="yes">
<parent-provides>
<service name="ROM"/>
<service name="RAM"/>
<service name="IRQ"/>
<service name="IO_MEM"/>
<service name="IO_PORT"/>
<service name="PD"/>
<service name="RM"/>
<service name="CPU"/>
<service name="LOG"/>
</parent-provides>
<default-route>
<any-service> <parent/> <any-child/> </any-service>
</default-route>
<default caps="100"/>
<start name="timer">
<resource name="RAM" quantum="1M"/>
<provides><service name="Timer"/></provides>
</start>
<start name="lx_block" ld="no">
<resource name="RAM" quantum="2M"/>
<provides> <service name="Block"/> </provides>
<config file="} [cbe_image_file] {" block_size="4K" writeable="yes"/>
</start>
<start name="lx_fs" ld="no">
<resource name="RAM" quantum="2M"/>
<provides> <service name="File_system"/> </provides>
<config>
<default-policy root="/" writeable="yes"/>
</config>
</start>
<start name="vfs_trust_anchor" caps="120">
<binary name="vfs"/>
<resource name="RAM" quantum="16M"/>
<provides><service name="File_system"/></provides>
<config>
<vfs>
<dir name="ta_storage">
<fs/>
</dir>
<dir name="dev">
<cbe_trust_anchor name="cbe_trust_anchor"
storage_dir="/ta_storage"/>
</dir>
</vfs>
<default-policy root="/dev/cbe_trust_anchor" writeable="yes"/>
</config>
<route>
<service name="File_system"> <child name="lx_fs"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
<start name="initialize_cbe" caps="200">
<binary name="sequence"/>
<resource name="RAM" quantum="128M"/>
<config>
<start name="cbe_init_trust_anchor">
<resource name="RAM" quantum="4M"/>
<config passphrase="foobar" trust_anchor_dir="/trust_anchor">
<vfs>
<dir name="trust_anchor">
<fs label="ta"/>
</dir>
</vfs>
</config>
</start>
<start name="cbe_init">
<resource name="RAM" quantum="4M"/>
<config trust_anchor_dir="/trust_anchor">
<vfs>
<dir name="trust_anchor">
<fs label="ta"/>
</dir>
</vfs>
<key id="12"/>
<virtual-block-device
nr_of_levels="3"
nr_of_children="64"
nr_of_leafs="512" />
<free-tree
nr_of_levels="3"
nr_of_children="64"
nr_of_leafs="2048" />
</config>
</start>
</config>
<route>
<service name="File_system" label_last="ta">
<child name="vfs_trust_anchor"/>
</service>
<service name="Block"> <child name="lx_block"/> </service>
<any-service> <parent/> </any-service>
</route>
</start>
</config>}
install_config $config
exec rm -rf bin/[cbe_image_file]
exec truncate -s [cbe_image_size_mb]M bin/[cbe_image_file]
append boot_modules {
core init timer lx_block lx_fs sequence
vfs vfs.lib.so
ld.lib.so spark.lib.so libsparkcrypto.lib.so
cbe_init_trust_anchor
cbe_init cbe_init_cxx.lib.so
vfs_cbe_trust_anchor.lib.so
}
append boot_modules [cbe_image_file]
build_boot_image $boot_modules
run_genode_until {.*child "initialize_cbe" exited with exit value 0.*\n} 240
exec cp [run_dir]/genode/keyfile bin
exec cp [run_dir]/genode/secured_superblock bin

19
repos/gems/src/app/cbe_check/README Normal file
View File

@ -0,0 +1,19 @@
The cbe_check component check the meta data of a CBE device. This includes
the tree for the virtual block device, free tree and meta tree. On success,
the component exits with exit value 0, otherwise with exit value -1.
Sessions
~~~~~~~~
This is an overview of the sessions required and provided by the
component apart from the environment sessions:
* Requires one Block session.
Examples
~~~~~~~~
An example of how to use the cbe_init component can be found in the test script
'cbe/run/cbe_check.run'.

7
repos/gems/src/app/cbe_check/config.xsd Normal file
View File

@ -0,0 +1,7 @@
<?xml version="1.0"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="config">
</xs:element><!-- config -->
</xs:schema>

215
repos/gems/src/app/cbe_check/main.cc Normal file
View File

@ -0,0 +1,215 @@
/*
* \brief Integration of the Consistent Block Encrypter (CBE)
* \author Martin Stein
* \author Josef Soentgen
* \date 2020-11-10
*/
/*
* Copyright (C) 2020 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU Affero General Public License version 3.
*/
/* Genode includes */
#include <base/attached_rom_dataspace.h>
#include <base/component.h>
#include <base/heap.h>
#include <block_session/connection.h>
#include <timer_session/connection.h>
/* CBE-init includes */
#include <cbe/check/library.h>
using namespace Genode;
class Main
{
private:
enum { TX_BUF_SIZE = Block::Session::TX_QUEUE_SIZE * Cbe::BLOCK_SIZE };
Env &_env;
Heap _heap { _env.ram(), _env.rm() };
Allocator_avl _blk_alloc { &_heap };
Block::Connection<> _blk { _env, &_blk_alloc, TX_BUF_SIZE };
Signal_handler<Main> _blk_handler { _env.ep(), *this, &Main::_execute };
Cbe::Request _blk_req { };
Cbe::Io_buffer _blk_buf { };
Cbe_check::Library _cbe_check { };
Genode::size_t _blk_ratio {
Cbe::BLOCK_SIZE / _blk.info().block_size };
void _execute()
{
for (bool progress { true }; progress; ) {
progress = false;
_cbe_check.execute(_blk_buf);
if (_cbe_check.execute_progress()) {
progress = true;
}
Cbe::Request const req {
_cbe_check.peek_completed_client_request() };
if (req.valid()) {
_cbe_check.drop_completed_client_request(req);
if (req.success()) {
_env.parent().exit(0);
} else {
error("request was not successful");;
_env.parent().exit(-1);
}
}
struct Invalid_io_request : Exception { };
while (_blk.tx()->ready_to_submit()) {
Cbe::Io_buffer::Index data_index { 0 };
Cbe::Request request { };
_cbe_check.has_io_request(request, data_index);
if (!request.valid()) {
break;
}
if (_blk_req.valid()) {
break;
}
try {
request.tag(data_index.value);
Block::Packet_descriptor::Opcode op;
switch (request.operation()) {
case Cbe::Request::Operation::READ:
op = Block::Packet_descriptor::READ;
break;
case Cbe::Request::Operation::WRITE:
op = Block::Packet_descriptor::WRITE;
break;
default:
throw Invalid_io_request();
}
Block::Packet_descriptor packet {
_blk.alloc_packet(Cbe::BLOCK_SIZE), op,
request.block_number() * _blk_ratio,
request.count() * _blk_ratio };
if (request.operation() == Cbe::Request::Operation::WRITE) {
*reinterpret_cast<Cbe::Block_data*>(
_blk.tx()->packet_content(packet)) =
_blk_buf.item(data_index);
}
_blk.tx()->try_submit_packet(packet);
_blk_req = request;
_cbe_check.io_request_in_progress(data_index);
progress = true;
}
catch (Block::Session::Tx::Source::Packet_alloc_failed) {
break;
}
}
while (_blk.tx()->ack_avail()) {
Block::Packet_descriptor packet =
_blk.tx()->try_get_acked_packet();
if (!_blk_req.valid()) {
break;
}
bool const read =
packet.operation() == Block::Packet_descriptor::READ;
bool const write =
packet.operation() == Block::Packet_descriptor::WRITE;
bool const op_match =
(read && _blk_req.read()) ||
(write && _blk_req.write());
bool const bn_match =
packet.block_number() / _blk_ratio == _blk_req.block_number();
if (!bn_match || !op_match) {
break;
}
_blk_req.success(packet.succeeded());
Cbe::Io_buffer::Index const data_index { _blk_req.tag() };
bool const success { _blk_req.success() };
if (read && success) {
_blk_buf.item(data_index) =
*reinterpret_cast<Cbe::Block_data*>(
_blk.tx()->packet_content(packet));
}
_cbe_check.io_request_completed(data_index, success);
_blk.tx()->release_packet(packet);
_blk_req = Cbe::Request();
progress = true;
}
}
_blk.tx()->wakeup();
}
public:
Main(Env &env)
:
_env { env }
{
if (_blk_ratio == 0) {
error("backend block size not supported");
_env.parent().exit(-1);
return;
}
if (!_cbe_check.client_request_acceptable()) {
error("failed to submit request");
_env.parent().exit(-1);
}
_cbe_check.submit_client_request(
Cbe::Request(
Cbe::Request::Operation::READ,
false, 0, 0, 0, 0, 0));
_blk.tx_channel()->sigh_ack_avail(_blk_handler);
_blk.tx_channel()->sigh_ready_to_submit(_blk_handler);
_execute();
}
~Main()
{
_blk.tx_channel()->sigh_ack_avail(Signal_context_capability());
_blk.tx_channel()->sigh_ready_to_submit(Signal_context_capability());
}
};
extern "C" int memcmp(const void *p0, const void *p1, Genode::size_t size)
{
return Genode::memcmp(p0, p1, size);
}
extern "C" void adainit();
void Component::construct(Genode::Env &env)
{
env.exec_static_constructors();
Timer::Connection timer { env };
timer.msleep(3000);
Genode::log("start checking");
Cbe::assert_valid_object_size<Cbe_check::Library>();
cbe_check_cxx_init();
static Main main(env);
}

9
repos/gems/src/app/cbe_check/target.mk Normal file
View File

@ -0,0 +1,9 @@
REQUIRES += x86_64
TARGET := cbe_check
SRC_CC += main.cc
INC_DIR += $(PRG_DIR)
LIBS += base cbe_check_cxx
CONFIG_XSD = config.xsd

72
repos/gems/src/app/cbe_dump/README Normal file
View File

@ -0,0 +1,72 @@
The cbe_dump component dumps the meta-data of a CBE device (virtual block
device, free tree and meta tree) according to the configured parameters.
On success, the component exits with exit value 0, otherwise with exit
value -1.
Configuration
~~~~~~~~~~~~~
This is an example configuration of the component that will dump the
last valid superblock and the its last valid snapshot:
! <config>
! <dump
! max_superblocks="1"
! max_snapshots="1"
! vbd="yes"
! free_tree="yes"
! meta_tree="yes"
! hashes="yes"/>
! </config>
This is a short description of the tags and attributes:
:config.free_tree:
Dump free tree nodes.
:config.meta_tree:
Dump meta tree nodes.
:config.hashes:
Show hashes in all tree dumps.
:config.max_superblocks:
Max number of superblocks to dump.
:config.max_snapshots:
Max number of snapshot to dump per superblock.
:config.unused_nodes:
Show unused nodes in all tree dumps.
:config.vbd:
Dump virtual block device tree nodes.
:config.vbd_pba_filter:
Only show sub-tree where the PBA matches.
:config.vbd_pba_filter_enabled:
Enable PBA filter.
:config.vbd_vba_filter:
Only show sub-tree where the VBA matches.
:config.vbd_vba_filter_enabled:
Enable VBA filter.
Sessions
~~~~~~~~
This is an overview of the sessions required and provided by the
component apart from the environment sessions:
* Requires one Block session.
Examples
~~~~~~~~
An example of how to use the cbe_dump component can be found in the test script
'cbe/run/cbe_dump.run'.

44
repos/gems/src/app/cbe_dump/config.xsd Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:include schemaLocation="base_types.xsd"/>
<xs:simpleType name="Max_superblocks">
<xs:restriction base="xs:integer">
<xs:minInclusive value="1"/>
<xs:maxInclusive value="8"/>
</xs:restriction>
</xs:simpleType><!-- Max_superblocks -->
<xs:simpleType name="Max_snapshots">
<xs:restriction base="xs:integer">
<xs:minInclusive value="1"/>
<xs:maxInclusive value="48"/>
</xs:restriction>
</xs:simpleType><!-- Max_snapshots -->
<xs:element name="config">
<xs:complexType>
<xs:choice minOccurs="1" maxOccurs="1">
<xs:element name="dump">
<xs:complexType>
<xs:attribute name="free_tree" type="Boolean"/>
<xs:attribute name="hashes" type="Boolean"/>
<xs:attribute name="max_snapshots" type="Max_snapshots"/>
<xs:attribute name="max_superblocks" type="Max_superblocks"/>
<xs:attribute name="meta_tree" type="Boolean"/>
<xs:attribute name="unused_nodes" type="Boolean"/>
<xs:attribute name="vbd" type="Boolean"/>
<xs:attribute name="vbd_pba_filter" type="xs:positiveInteger" />
<xs:attribute name="vbd_pba_filter_enabled" type="Boolean"/>
<xs:attribute name="vbd_vba_filter" type="xs:positiveInteger" />
<xs:attribute name="vbd_vba_filter_enabled" type="Boolean"/>
</xs:complexType>
</xs:element><!-- dump -->
</xs:choice>
</xs:complexType>
</xs:element><!-- config -->
</xs:schema>

Some files were not shown because too many files have changed in this diff Show More