mirror of
https://github.com/genodelabs/genode.git
synced 2024-12-26 00:41:08 +00:00
file_vault: version 23.05
* ARM support and detaching from Ada/SPARK * Remove all CBE-related code - especially the Ada/SPARK-based CBE library. * We have no means or motivation of further maintaining big projects in Ada/SPARK (the core Genode team is native to C++). * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an important architecture for Genode. This would mean extra commitment in Ada/SPARK. * We realize that block encryption more and more becomes a fundamental feature of Genode systems. * Implement a new block encryption library named Tresor that is inspired by the design and feature set of the former CBE library and that is entirely C++ and part of the Genode gems repository. * The Tresor block encryption is backwards-compatible with the on-disk data layout of the former CBE block encryption. * Except from the snapshot management and the "dump" tool, the Tresor block encryption provides the same feature set as the former CBE block encryption and accepts the same user requests at the level of the Tresor library API. * So far, the Tresor block encryption does not support the creation of user-defined snapshots. * In contrast to the former CBE, the Tresor ecosystem has no "dump" tool beause with the CBE library it turned out to be rarely of use. * In contrast to the Block back-end of the CBE "init" tool, the Tresor "init" tool uses a File System back-end. * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin. * The Tresor-VFS plugin in general is similar to the former CBE VFS but has a slightly different API when it comes to re-keying and re-sizing. Each of these operations now is controlled via two files. The first file is named <operation> and the user writes the start command to it. The user must then read this file once in order to drive the operation. The read returns the result of the operation, once it is finished. The second file is named <operation>_progress and can be watched and read for obtaining the progress of the operation as percentage. * The file vault is adapted to use the new Tresor ecosystem instead of the former CBE ecosystem and thereby also gains ARM support. * The former CBE tester and CBE VFS-tests are replaced by equivalent Tresor variants and are now run on ARM as well (testing with a persistent storage back-end is supported only when running on Linux). * So far, the new Tresor block encryption has no internal cache for meta data blocks like the former CBE. * Add config/report user interface * Add a second option for the administration front end to the file vault named "config and report". With this front end the File Vault communicates with the user via XML strings. A ROM session is requested for user input and a Report session for user output. The front end type must be set at startup via the component config and is a static setting. The graphical front end that was used up to now is named "menu view" and remains the default. * The File Vault can now reflect its internal state and user input ("config and report" mode only) at the LOG session via two new static config attributes "verbose_state" and "verbose_ui_config" (both defaulting to "no"). * The Shutdown button in "menu view" mode is replaced with a Lock button. The new button doesn't terminate the File Vault but merely lock the encrypted container and return to a cleared passphrase input. The same transition is also provided in "config and report" mode. * The file_vault.run script is replaced with file_vault_menu_view.run and file_vault_cfg_report.run that address the two front end modes. In contrast to the former script, which is interactive, the latter script is suitable for automatic testing. * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does the same as file_vault_cfg_report.run but uses the File Vault package and can be executed with the Depot Autopilot. The new test package is added to the default test list of depot_autopilot.run * The File Vault README is updated to the new version of the component and has gained a chapter "functional description". * Fixes a regression with the cbe_init_trust_anchor component that prevented reacting to a failed unlock attempt in the File Vault. * The new Tresor software Trust Anchor has an optional deterministic mode in which it replaces the normally randomized symmetric keys with 0. This mode comes in handy for debugging. However, it should never be activated in productive systems. When activated, the user is warned extensively on the LOG that this system mode is insecure. Ref #4819
This commit is contained in:
parent
d3d3351b99
commit
aeb65d6b1b
repos/gems
include/cbe
lib
import
import-cbe.mkimport-cbe_check.mkimport-cbe_common.mkimport-cbe_dump.mkimport-cbe_init.mkimport-sha256_4k.mkimport-tresor.mk
mk
sha256_4k.mk
spec/x86_64
cbe.mkcbe_check.mkcbe_check_cxx.mkcbe_common.mkcbe_cxx.mkcbe_cxx_common.mkcbe_dump.mkcbe_dump_cxx.mkcbe_init.mkcbe_init_cxx.mkvfs_cbe.mkvfs_cbe_crypto_aes_cbc.mkvfs_cbe_crypto_memcopy.mk
tresor.mkvfs_tresor.mkvfs_tresor_crypto_aes_cbc.mkvfs_tresor_crypto_memcopy.mkvfs_tresor_trust_anchor.mksymbols
ports
recipes
api/tresor
pkg
cbe_check
cbe_demo
cbe_fs
cbe_init
cbe_shell
cbe_ta_fs
cbe_ta_vfs
cbe_vbox5-nova
cbe_vfs
cbe_vm_fs
download_coreplus
file_vault
file_vault_config_report
sculpt
test-file_vault_config_report
raw/download_coreplus
src/cbe
@ -1,59 +0,0 @@
|
||||
/*
|
||||
* \brief Integration of the Consistent Block Encrypter (CBE)
|
||||
* \author Martin Stein
|
||||
* \author Josef Soentgen
|
||||
* \date 2020-11-10
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2020 Genode Labs GmbH
|
||||
*
|
||||
* This file is part of the Genode OS framework, which is distributed
|
||||
* under the terms of the GNU Affero General Public License version 3.
|
||||
*/
|
||||
|
||||
#ifndef _CBE__CHECK__LIBRARY_H_
|
||||
#define _CBE__CHECK__LIBRARY_H_
|
||||
|
||||
/* CBE includes */
|
||||
#include <cbe/types.h>
|
||||
#include <cbe/spark_object.h>
|
||||
|
||||
|
||||
extern "C" void cbe_check_cxx_init();
|
||||
extern "C" void cbe_check_cxx_final();
|
||||
|
||||
|
||||
namespace Cbe_check {
|
||||
|
||||
class Library;
|
||||
|
||||
Genode::uint32_t object_size(Library const &);
|
||||
|
||||
}
|
||||
|
||||
struct Cbe_check::Library : Cbe::Spark_object<46160>
|
||||
{
|
||||
Library();
|
||||
|
||||
bool client_request_acceptable() const;
|
||||
|
||||
void submit_client_request(Cbe::Request const &request);
|
||||
|
||||
Cbe::Request peek_completed_client_request() const;
|
||||
|
||||
void drop_completed_client_request(Cbe::Request const &req);
|
||||
|
||||
void execute(Cbe::Io_buffer const &io_buf);
|
||||
|
||||
bool execute_progress() const;
|
||||
|
||||
void io_request_completed(Cbe::Io_buffer::Index const &data_index,
|
||||
bool const success);
|
||||
|
||||
void has_io_request(Cbe::Request &, Cbe::Io_buffer::Index &) const;
|
||||
|
||||
void io_request_in_progress(Cbe::Io_buffer::Index const &data_index);
|
||||
};
|
||||
|
||||
#endif /* _CBE__CHECK__LIBRARY_H_ */
|
@ -1,101 +0,0 @@
|
||||
/*
|
||||
* \brief Integration of the Consistent Block Encrypter (CBE)
|
||||
* \author Martin Stein
|
||||
* \author Josef Soentgen
|
||||
* \date 2020-11-10
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2020 Genode Labs GmbH
|
||||
*
|
||||
* This file is part of the Genode OS framework, which is distributed
|
||||
* under the terms of the GNU Affero General Public License version 3.
|
||||
*/
|
||||
|
||||
#ifndef _CBE__DUMP__CONFIGURATION_H_
|
||||
#define _CBE__DUMP__CONFIGURATION_H_
|
||||
|
||||
/* Genode includes */
|
||||
#include <util/xml_node.h>
|
||||
|
||||
namespace Cbe_dump { class Configuration; }
|
||||
|
||||
class Cbe_dump::Configuration
|
||||
{
|
||||
private:
|
||||
|
||||
bool _unused_nodes;
|
||||
Genode::uint32_t _max_superblocks;
|
||||
Genode::uint32_t _max_snapshots;
|
||||
bool _vbd;
|
||||
bool _vbd_pba_filter_enabled;
|
||||
Genode::uint64_t _vbd_pba_filter;
|
||||
bool _vbd_vba_filter_enabled;
|
||||
Genode::uint64_t _vbd_vba_filter;
|
||||
bool _free_tree;
|
||||
bool _meta_tree;
|
||||
bool _hashes;
|
||||
|
||||
public:
|
||||
|
||||
Configuration (Genode::Xml_node const &node)
|
||||
:
|
||||
_unused_nodes { node.attribute_value("unused_nodes", true) },
|
||||
_max_superblocks { node.attribute_value("max_superblocks", ~(Genode::uint32_t)0) },
|
||||
_max_snapshots { node.attribute_value("max_snapshots", ~(Genode::uint32_t)0) },
|
||||
_vbd { node.attribute_value("vbd", true) },
|
||||
_vbd_pba_filter_enabled { node.attribute_value("vbd_pba_filter_enabled", false) },
|
||||
_vbd_pba_filter { node.attribute_value("vbd_pba_filter", (Genode::uint64_t)0) },
|
||||
_vbd_vba_filter_enabled { node.attribute_value("vbd_vba_filter_enabled", false) },
|
||||
_vbd_vba_filter { node.attribute_value("vbd_vba_filter", (Genode::uint64_t)0) },
|
||||
_free_tree { node.attribute_value("free_tree", true) },
|
||||
_meta_tree { node.attribute_value("meta_tree", true) },
|
||||
_hashes { node.attribute_value("hashes", true) }
|
||||
{ }
|
||||
|
||||
Configuration (Configuration const &other)
|
||||
:
|
||||
_unused_nodes { other._unused_nodes },
|
||||
_max_superblocks { other._max_superblocks },
|
||||
_max_snapshots { other._max_snapshots },
|
||||
_vbd { other._vbd },
|
||||
_vbd_pba_filter_enabled { other._vbd_pba_filter_enabled },
|
||||
_vbd_pba_filter { other._vbd_pba_filter },
|
||||
_vbd_vba_filter_enabled { other._vbd_vba_filter_enabled },
|
||||
_vbd_vba_filter { other._vbd_vba_filter },
|
||||
_free_tree { other._free_tree },
|
||||
_meta_tree { other._meta_tree },
|
||||
_hashes { other._hashes }
|
||||
{ }
|
||||
|
||||
bool unused_nodes() const { return _unused_nodes; }
|
||||
Genode::uint32_t max_superblocks() const { return _max_superblocks; }
|
||||
Genode::uint32_t max_snapshots() const { return _max_snapshots; }
|
||||
bool vbd() const { return _vbd; }
|
||||
bool vbd_pba_filter_enabled() const { return _vbd_pba_filter_enabled; }
|
||||
Genode::uint64_t vbd_pba_filter() const { return _vbd_pba_filter; }
|
||||
bool vbd_vba_filter_enabled() const { return _vbd_vba_filter_enabled; }
|
||||
Genode::uint64_t vbd_vba_filter() const { return _vbd_vba_filter; }
|
||||
bool free_tree() const { return _free_tree; }
|
||||
bool meta_tree() const { return _meta_tree; }
|
||||
bool hashes() const { return _hashes; }
|
||||
|
||||
void print(Genode::Output &out) const
|
||||
{
|
||||
Genode::print(out,
|
||||
"unused_nodes=", _unused_nodes ,
|
||||
" max_superblocks=", _max_superblocks ,
|
||||
" max_snapshots=", _max_snapshots ,
|
||||
" vbd=", _vbd ,
|
||||
" vbd_pba_filter_enabled=", _vbd_pba_filter_enabled,
|
||||
" vbd_pba_filter=", _vbd_pba_filter ,
|
||||
" vbd_vba_filter_enabled=", _vbd_vba_filter_enabled,
|
||||
" vbd_vba_filter=", _vbd_vba_filter ,
|
||||
" free_tree=", _free_tree ,
|
||||
" meta_tree=", _meta_tree ,
|
||||
" hashes=", _hashes );
|
||||
}
|
||||
|
||||
} __attribute__((packed));
|
||||
|
||||
#endif /* _CBE__DUMP__CONFIGURATION_H_ */
|
@ -1,63 +0,0 @@
|
||||
/*
|
||||
* \brief Integration of the Consistent Block Encrypter (CBE)
|
||||
* \author Martin Stein
|
||||
* \author Josef Soentgen
|
||||
* \date 2020-11-10
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2020 Genode Labs GmbH
|
||||
*
|
||||
* This file is part of the Genode OS framework, which is distributed
|
||||
* under the terms of the GNU Affero General Public License version 3.
|
||||
*/
|
||||
|
||||
#ifndef _CBE__DUMP__LIBRARY_H_
|
||||
#define _CBE__DUMP__LIBRARY_H_
|
||||
|
||||
/* CBE includes */
|
||||
#include <cbe/types.h>
|
||||
#include <cbe/spark_object.h>
|
||||
|
||||
/* CBE dump includes */
|
||||
#include <cbe/dump/configuration.h>
|
||||
|
||||
|
||||
extern "C" void cbe_dump_cxx_init();
|
||||
extern "C" void cbe_dump_cxx_final();
|
||||
|
||||
|
||||
namespace Cbe_dump {
|
||||
|
||||
class Library;
|
||||
|
||||
Genode::uint32_t object_size(Library const &);
|
||||
|
||||
}
|
||||
|
||||
struct Cbe_dump::Library : Cbe::Spark_object<49240>
|
||||
{
|
||||
Library();
|
||||
|
||||
bool client_request_acceptable() const;
|
||||
|
||||
void submit_client_request(Cbe::Request const &request,
|
||||
Configuration const &cfg);
|
||||
|
||||
Cbe::Request peek_completed_client_request() const;
|
||||
|
||||
void drop_completed_client_request(Cbe::Request const &req);
|
||||
|
||||
void execute(Cbe::Io_buffer const &io_buf);
|
||||
|
||||
bool execute_progress() const;
|
||||
|
||||
void io_request_completed(Cbe::Io_buffer::Index const &data_index,
|
||||
bool const success);
|
||||
|
||||
void has_io_request(Cbe::Request &, Cbe::Io_buffer::Index &) const;
|
||||
|
||||
void io_request_in_progress(Cbe::Io_buffer::Index const &data_index);
|
||||
};
|
||||
|
||||
#endif /* _CBE__DUMP__LIBRARY_H_ */
|
@ -1,100 +0,0 @@
|
||||
/*
|
||||
* \brief Integration of the Consistent Block Encrypter (CBE)
|
||||
* \author Martin Stein
|
||||
* \author Josef Soentgen
|
||||
* \date 2020-11-10
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2020 Genode Labs GmbH
|
||||
*
|
||||
* This file is part of the Genode OS framework, which is distributed
|
||||
* under the terms of the GNU Affero General Public License version 3.
|
||||
*/
|
||||
|
||||
#ifndef _CBE__INIT__CONFIGURATION_H_
|
||||
#define _CBE__INIT__CONFIGURATION_H_
|
||||
|
||||
/* Genode includes */
|
||||
#include <util/xml_node.h>
|
||||
|
||||
namespace Cbe_init { class Configuration; }
|
||||
|
||||
class Cbe_init::Configuration
|
||||
{
|
||||
private:
|
||||
|
||||
Genode::uint64_t _vbd_nr_of_lvls { 0 };
|
||||
Genode::uint64_t _vbd_nr_of_children { 0 };
|
||||
Genode::uint64_t _vbd_nr_of_leafs { 0 };
|
||||
Genode::uint64_t _ft_nr_of_lvls { 0 };
|
||||
Genode::uint64_t _ft_nr_of_children { 0 };
|
||||
Genode::uint64_t _ft_nr_of_leafs { 0 };
|
||||
|
||||
public:
|
||||
|
||||
struct Invalid : Genode::Exception { };
|
||||
|
||||
Configuration (Genode::Xml_node const &node)
|
||||
{
|
||||
node.with_optional_sub_node("virtual-block-device",
|
||||
[&] (Genode::Xml_node const &vbd)
|
||||
{
|
||||
_vbd_nr_of_lvls =
|
||||
vbd.attribute_value("nr_of_levels", (Genode::uint64_t)0);
|
||||
_vbd_nr_of_children =
|
||||
vbd.attribute_value("nr_of_children", (Genode::uint64_t)0);
|
||||
_vbd_nr_of_leafs =
|
||||
vbd.attribute_value("nr_of_leafs", (Genode::uint64_t)0);
|
||||
});
|
||||
node.with_optional_sub_node("free-tree",
|
||||
[&] (Genode::Xml_node const &ft)
|
||||
{
|
||||
_ft_nr_of_lvls =
|
||||
ft.attribute_value("nr_of_levels", (Genode::uint64_t)0);
|
||||
_ft_nr_of_children =
|
||||
ft.attribute_value("nr_of_children", (Genode::uint64_t)0);
|
||||
_ft_nr_of_leafs =
|
||||
ft.attribute_value("nr_of_leafs", (Genode::uint64_t)0);
|
||||
});
|
||||
if (_vbd_nr_of_lvls == 0 ||
|
||||
_vbd_nr_of_children == 0 ||
|
||||
_vbd_nr_of_leafs == 0 ||
|
||||
_ft_nr_of_lvls == 0 ||
|
||||
_ft_nr_of_children == 0 ||
|
||||
_ft_nr_of_leafs == 0)
|
||||
{
|
||||
throw Invalid();
|
||||
}
|
||||
}
|
||||
|
||||
Configuration (Configuration const &other)
|
||||
{
|
||||
_vbd_nr_of_lvls = other._vbd_nr_of_lvls ;
|
||||
_vbd_nr_of_children = other._vbd_nr_of_children;
|
||||
_vbd_nr_of_leafs = other._vbd_nr_of_leafs ;
|
||||
_ft_nr_of_lvls = other._ft_nr_of_lvls ;
|
||||
_ft_nr_of_children = other._ft_nr_of_children ;
|
||||
_ft_nr_of_leafs = other._ft_nr_of_leafs ;
|
||||
}
|
||||
|
||||
Genode::uint64_t vbd_nr_of_lvls () const { return _vbd_nr_of_lvls ; }
|
||||
Genode::uint64_t vbd_nr_of_children () const { return _vbd_nr_of_children; }
|
||||
Genode::uint64_t vbd_nr_of_leafs () const { return _vbd_nr_of_leafs ; }
|
||||
Genode::uint64_t ft_nr_of_lvls () const { return _ft_nr_of_lvls ; }
|
||||
Genode::uint64_t ft_nr_of_children () const { return _ft_nr_of_children ; }
|
||||
Genode::uint64_t ft_nr_of_leafs () const { return _ft_nr_of_leafs ; }
|
||||
|
||||
void print(Genode::Output &out) const
|
||||
{
|
||||
Genode::print(out,
|
||||
"vbd=(lvls=", _vbd_nr_of_lvls,
|
||||
" children=", _vbd_nr_of_children,
|
||||
" leafs=", _vbd_nr_of_leafs, ")",
|
||||
" ft=(lvls=", _ft_nr_of_lvls,
|
||||
" children=", _ft_nr_of_children,
|
||||
" leafs=", _ft_nr_of_leafs, ")");
|
||||
}
|
||||
};
|
||||
|
||||
#endif /* _CBE__INIT__CONFIGURATION_H_ */
|
@ -1,124 +0,0 @@
|
||||
/*
|
||||
* \brief Integration of the Consistent Block Encrypter (CBE)
|
||||
* \author Martin Stein
|
||||
* \author Josef Soentgen
|
||||
* \date 2020-11-10
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2020 Genode Labs GmbH
|
||||
*
|
||||
* This file is part of the Genode OS framework, which is distributed
|
||||
* under the terms of the GNU Affero General Public License version 3.
|
||||
*/
|
||||
|
||||
#ifndef _CBE__INIT__LIBRARY_H_
|
||||
#define _CBE__INIT__LIBRARY_H_
|
||||
|
||||
/* CBE includes */
|
||||
#include <cbe/types.h>
|
||||
#include <cbe/spark_object.h>
|
||||
|
||||
|
||||
extern "C" void cbe_init_cxx_init();
|
||||
extern "C" void cbe_init_cxx_final();
|
||||
|
||||
|
||||
namespace Cbe_init {
|
||||
|
||||
class Library;
|
||||
|
||||
Genode::uint32_t object_size(Library const &);
|
||||
|
||||
}
|
||||
|
||||
struct Cbe_init::Library : Cbe::Spark_object<60960>
|
||||
{
|
||||
/*
|
||||
* Ada/SPARK compatible bindings
|
||||
*/
|
||||
|
||||
void _peek_generated_ta_request(Cbe::Trust_anchor_request &) const;
|
||||
void _peek_generated_ta_sb_hash(Cbe::Trust_anchor_request const &, Cbe::Hash &) const;
|
||||
void _peek_generated_ta_key_value_plaintext(Cbe::Trust_anchor_request const &,
|
||||
Cbe::Key_plaintext_value &) const;
|
||||
void _peek_generated_ta_key_value_ciphertext(Cbe::Trust_anchor_request const &,
|
||||
Cbe::Key_ciphertext_value &) const;
|
||||
|
||||
Library();
|
||||
|
||||
bool client_request_acceptable() const;
|
||||
|
||||
void submit_client_request(Cbe::Request const &request,
|
||||
Genode::uint64_t vbd_max_lvl_idx,
|
||||
Genode::uint64_t vbd_degree,
|
||||
Genode::uint64_t vbd_nr_of_leafs,
|
||||
Genode::uint64_t ft_max_lvl_idx,
|
||||
Genode::uint64_t ft_degree,
|
||||
Genode::uint64_t ft_nr_of_leafs);
|
||||
|
||||
Cbe::Request peek_completed_client_request() const;
|
||||
|
||||
void drop_completed_client_request(Cbe::Request const &req);
|
||||
|
||||
void execute(Cbe::Io_buffer &io_buf);
|
||||
|
||||
bool execute_progress() const;
|
||||
|
||||
void io_request_completed(Cbe::Io_buffer::Index const &data_index,
|
||||
bool const success);
|
||||
|
||||
void has_io_request(Cbe::Request &, Cbe::Io_buffer::Index &) const;
|
||||
|
||||
void io_request_in_progress(Cbe::Io_buffer::Index const &data_index);
|
||||
|
||||
Cbe::Trust_anchor_request peek_generated_ta_request() const
|
||||
{
|
||||
Cbe::Trust_anchor_request request { };
|
||||
_peek_generated_ta_request(request);
|
||||
return request;
|
||||
}
|
||||
|
||||
void drop_generated_ta_request(Cbe::Trust_anchor_request const &request);
|
||||
|
||||
Cbe::Hash peek_generated_ta_sb_hash(Cbe::Trust_anchor_request const &request) const
|
||||
{
|
||||
Cbe::Hash hash { };
|
||||
_peek_generated_ta_sb_hash(request, hash);
|
||||
return hash;
|
||||
}
|
||||
|
||||
void mark_generated_ta_secure_sb_request_complete(Cbe::Trust_anchor_request const &request);
|
||||
|
||||
void mark_generated_ta_create_key_request_complete(Cbe::Trust_anchor_request const &request,
|
||||
Cbe::Key_plaintext_value const &key);
|
||||
|
||||
Cbe::Key_ciphertext_value peek_generated_ta_key_value_ciphertext(Cbe::Trust_anchor_request const &request) const
|
||||
{
|
||||
Cbe::Key_ciphertext_value ck { };
|
||||
_peek_generated_ta_key_value_ciphertext(request, ck);
|
||||
return ck;
|
||||
}
|
||||
|
||||
Cbe::Key_plaintext_value peek_generated_ta_key_value_plaintext(Cbe::Trust_anchor_request const &request) const
|
||||
{
|
||||
Cbe::Key_plaintext_value pk { };
|
||||
_peek_generated_ta_key_value_plaintext(request, pk);
|
||||
return pk;
|
||||
}
|
||||
|
||||
void mark_generated_ta_decrypt_key_request_complete(Cbe::Trust_anchor_request const &reference,
|
||||
Cbe::Key_plaintext_value const &key);
|
||||
|
||||
void mark_generated_ta_encrypt_key_request_complete(Cbe::Trust_anchor_request const &request,
|
||||
Cbe::Key_ciphertext_value const &key);
|
||||
|
||||
void mark_generated_ta_last_sb_hash_request_complete(Cbe::Trust_anchor_request const &,
|
||||
Cbe::Hash const &)
|
||||
{
|
||||
struct Not_supported { };
|
||||
throw Not_supported();
|
||||
}
|
||||
};
|
||||
|
||||
#endif /* _CBE__INIT__LIBRARY_H_ */
|
@ -1,412 +0,0 @@
|
||||
/*
|
||||
* \brief Integration of the Consistent Block Encrypter (CBE)
|
||||
* \author Martin Stein
|
||||
* \author Josef Soentgen
|
||||
* \date 2020-11-10
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2020 Genode Labs GmbH
|
||||
*
|
||||
* This file is part of the Genode OS framework, which is distributed
|
||||
* under the terms of the GNU Affero General Public License version 3.
|
||||
*/
|
||||
|
||||
#ifndef _CBE_LIBRARY_H_
|
||||
#define _CBE_LIBRARY_H_
|
||||
|
||||
/* Genode includes */
|
||||
#include <base/stdint.h>
|
||||
#include <base/output.h>
|
||||
|
||||
/* CBE includes */
|
||||
#include <cbe/types.h>
|
||||
#include <cbe/spark_object.h>
|
||||
|
||||
|
||||
extern "C" void cbe_cxx_init();
|
||||
extern "C" void cbe_cxx_final();
|
||||
|
||||
|
||||
namespace Cbe {
|
||||
|
||||
using namespace Genode;
|
||||
|
||||
class Library;
|
||||
|
||||
Genode::uint32_t object_size(Library const &);
|
||||
|
||||
} /* namespace Cbe */
|
||||
|
||||
|
||||
class Cbe::Library : public Cbe::Spark_object<353944>
|
||||
{
|
||||
private:
|
||||
|
||||
/*
|
||||
* Ada/SPARK compatible bindings
|
||||
*
|
||||
* Ada functions cannot have out parameters. Hence we call Ada
|
||||
* procedures that return the 'progress' result as last out parameter.
|
||||
*/
|
||||
|
||||
void _has_io_request(Request &, Io_buffer::Index &) const;
|
||||
|
||||
void _crypto_add_key_required(Request &, Key &) const;
|
||||
void _crypto_remove_key_required(Request &, Key::Id &) const;
|
||||
|
||||
void _crypto_cipher_data_required(Request &, Crypto_plain_buffer::Index &) const;
|
||||
void _crypto_plain_data_required(Request &, Crypto_cipher_buffer::Index &) const;
|
||||
|
||||
void _info(Info &) const;
|
||||
|
||||
void _peek_generated_ta_request(Trust_anchor_request &) const;
|
||||
void _peek_generated_ta_sb_hash(Trust_anchor_request const &, Hash &) const;
|
||||
void _peek_generated_ta_key_value_plaintext(Trust_anchor_request const &, Key_plaintext_value &) const;
|
||||
void _peek_generated_ta_key_value_ciphertext(Trust_anchor_request const &, Key_ciphertext_value &) const;
|
||||
|
||||
public:
|
||||
|
||||
Library();
|
||||
|
||||
/**
|
||||
* Get highest virtual-block-address useable by the current active snapshot
|
||||
*
|
||||
* \return highest addressable virtual-block-address
|
||||
*/
|
||||
Virtual_block_address max_vba() const;
|
||||
|
||||
/**
|
||||
* Get information about the CBE
|
||||
*
|
||||
* \return information structure
|
||||
*/
|
||||
Info info() const
|
||||
{
|
||||
Info inf { };
|
||||
_info(inf);
|
||||
return inf;
|
||||
}
|
||||
|
||||
void execute(Io_buffer &io_buf,
|
||||
Crypto_plain_buffer &crypto_plain_buf,
|
||||
Crypto_cipher_buffer &crypto_cipher_buf);
|
||||
|
||||
/**
|
||||
* Return whether the last call to 'execute' has made progress or not
|
||||
*/
|
||||
bool execute_progress() const;
|
||||
|
||||
/**
|
||||
* Check if the CBE can accept a new requeust
|
||||
*
|
||||
* \return true if a request can be accepted, otherwise false
|
||||
*/
|
||||
bool client_request_acceptable() const;
|
||||
|
||||
/**
|
||||
* Submit a new request
|
||||
*
|
||||
* This method must only be called after executing 'request_acceptable'
|
||||
* returned true.
|
||||
*
|
||||
* \param request block request
|
||||
*/
|
||||
void submit_client_request(Request const &request, uint32_t id);
|
||||
|
||||
/**
|
||||
* Check for any completed request
|
||||
*
|
||||
* \return a valid block request will be returned if there is an
|
||||
* completed request, otherwise an invalid one
|
||||
*/
|
||||
Request peek_completed_client_request() const;
|
||||
|
||||
/**
|
||||
* Drops the completed request
|
||||
*
|
||||
* This method must only be called after executing
|
||||
* 'peek_completed_request' returned a valid request.
|
||||
*
|
||||
*/
|
||||
void drop_completed_client_request(Request const &req);
|
||||
|
||||
/*
|
||||
* Backend block I/O
|
||||
*/
|
||||
|
||||
/**
|
||||
* Submit read request data from the backend block session to the CBE
|
||||
*
|
||||
* The given data will be transfered to the CBE.
|
||||
*
|
||||
* \param request reference to the request from the CBE
|
||||
* \param data reference to the data associated with the
|
||||
* request
|
||||
*
|
||||
* \return true if the CBE acknowledged the request
|
||||
*/
|
||||
void io_request_completed(Io_buffer::Index const &data_index,
|
||||
bool const success);
|
||||
|
||||
/**
|
||||
* Return a write request for the backend block session
|
||||
*
|
||||
* \param result valid request in case the is one pending that
|
||||
* needs data, otherwise an invalid one is returned
|
||||
*/
|
||||
Request has_io_request(Io_buffer::Index &data_index) const
|
||||
{
|
||||
Request result { };
|
||||
_has_io_request(result, data_index);
|
||||
return result;
|
||||
}
|
||||
void has_io_request(Request &req, Io_buffer::Index &data_index) const
|
||||
{
|
||||
_has_io_request(req, data_index);
|
||||
}
|
||||
|
||||
/**
|
||||
* Obtain data for write request for the backend block session
|
||||
*
|
||||
* The CBE will transfer the payload to the given data.
|
||||
*
|
||||
* \param request reference to the Block::Request processed
|
||||
* by the CBE
|
||||
* \param data reference to the data associated with the
|
||||
* Request
|
||||
*
|
||||
* \return true if the CBE could process the request
|
||||
*/
|
||||
void io_request_in_progress(Io_buffer::Index const &data_index);
|
||||
|
||||
void client_transfer_read_data_required(Request &,
|
||||
uint64_t &,
|
||||
Crypto_plain_buffer::Index &) const;
|
||||
|
||||
void client_transfer_read_data_in_progress(Crypto_plain_buffer::Index const &);
|
||||
|
||||
void client_transfer_read_data_completed(Crypto_plain_buffer::Index const &, bool);
|
||||
|
||||
void client_transfer_write_data_required(Request &,
|
||||
uint64_t &,
|
||||
Crypto_plain_buffer::Index &) const;
|
||||
|
||||
void client_transfer_write_data_in_progress(Crypto_plain_buffer::Index const &);
|
||||
|
||||
void client_transfer_write_data_completed(Crypto_plain_buffer::Index const &, bool);
|
||||
|
||||
/**
|
||||
* Query list of active snapshots
|
||||
*
|
||||
* \param ids reference to destination buffer
|
||||
*/
|
||||
void active_snapshot_ids(Active_snapshot_ids &ids) const;
|
||||
|
||||
Request crypto_add_key_required(Key &key) const
|
||||
{
|
||||
Request result { };
|
||||
_crypto_add_key_required(result, key);
|
||||
return result;
|
||||
}
|
||||
|
||||
void crypto_add_key_requested(Request const &req);
|
||||
|
||||
void crypto_add_key_completed(Request const &req);
|
||||
|
||||
Request crypto_remove_key_required(Key::Id &key_id) const
|
||||
{
|
||||
Request result { };
|
||||
_crypto_remove_key_required(result, key_id);
|
||||
return result;
|
||||
}
|
||||
|
||||
void crypto_remove_key_requested(Request const &req);
|
||||
|
||||
void crypto_remove_key_completed(Request const &req);
|
||||
|
||||
/**
|
||||
* CBE requests encrytion
|
||||
*
|
||||
* \param result valid request in case the is one pending that
|
||||
* needs encrytion, otherwise an invalid one is
|
||||
* returned
|
||||
*/
|
||||
Request crypto_cipher_data_required(Crypto_plain_buffer::Index &data_index) const
|
||||
{
|
||||
Request result { };
|
||||
_crypto_cipher_data_required(result, data_index);
|
||||
return result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return plain data for given encryption request
|
||||
*
|
||||
* \param request reference to the Block::Request processed
|
||||
* by the CBE
|
||||
* \param data reference to the data associated with the
|
||||
* Block::Request
|
||||
*/
|
||||
void crypto_cipher_data_requested(
|
||||
Crypto_plain_buffer::Index const &data_index);
|
||||
|
||||
/**
|
||||
* Collect cipher data for given completed encryption request
|
||||
*
|
||||
* \param request reference to the Block::Request processed
|
||||
* by the CBE
|
||||
* \param data reference to the data associated with the
|
||||
* Block::Request
|
||||
*
|
||||
* \return true if the CBE could obtain the encrypted data,
|
||||
* otherwise false
|
||||
*/
|
||||
void supply_crypto_cipher_data(Crypto_cipher_buffer::Index const &data_index,
|
||||
bool const data_valid);
|
||||
|
||||
/**
|
||||
* CBE requests decryption
|
||||
*
|
||||
* \param result valid request in case the is one pending that
|
||||
* needs decrytion, otherwise an invalid one is
|
||||
* returned
|
||||
*/
|
||||
Request crypto_plain_data_required(Crypto_cipher_buffer::Index &data_index) const
|
||||
{
|
||||
Request result { };
|
||||
_crypto_plain_data_required(result, data_index);
|
||||
return result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return cipher data for given decryption request
|
||||
*
|
||||
* \param request reference to the Block::Request processed
|
||||
* by the CBE
|
||||
* \param data reference to the data associated with the
|
||||
* Block::Request
|
||||
*
|
||||
* \return true if the CBE could supply the ciphr data,
|
||||
* otherwise false
|
||||
*/
|
||||
void crypto_plain_data_requested(
|
||||
Crypto_cipher_buffer::Index const &data_index);
|
||||
|
||||
/**
|
||||
* Collect plain data for given completed decryption request
|
||||
*
|
||||
* \param request reference to the Block::Request processed
|
||||
* by the CBE
|
||||
* \param data reference to the data associated with the
|
||||
* Block::Request
|
||||
*
|
||||
* \return true if the CBE could obtain the decrypted data,
|
||||
* otherwise false
|
||||
*/
|
||||
void supply_crypto_plain_data(Crypto_plain_buffer::Index const &data_index,
|
||||
bool const data_valid);
|
||||
|
||||
/**
|
||||
* CBE trust anchor request
|
||||
*
|
||||
* \return valid TA request in case there is one pending, otherwise an
|
||||
* invalid one is returned
|
||||
*/
|
||||
Trust_anchor_request peek_generated_ta_request() const
|
||||
{
|
||||
Trust_anchor_request request { };
|
||||
_peek_generated_ta_request(request);
|
||||
return request;
|
||||
}
|
||||
|
||||
/**
|
||||
* Drop generated TA request
|
||||
*
|
||||
* \param request reference to the request processed by the TA
|
||||
*/
|
||||
void drop_generated_ta_request(Trust_anchor_request const &request);
|
||||
|
||||
/**
|
||||
* Peek generated TA superblock hash
|
||||
*
|
||||
* \param request reference to the request
|
||||
* \return superblock hash
|
||||
*/
|
||||
Hash peek_generated_ta_sb_hash(Trust_anchor_request const &request) const
|
||||
{
|
||||
Cbe::Hash hash { };
|
||||
_peek_generated_ta_sb_hash(request, hash);
|
||||
return hash;
|
||||
}
|
||||
|
||||
/**
|
||||
* Mark generated TA secure superblock request complete
|
||||
*
|
||||
* \param request reference to the request completed by the TA
|
||||
*/
|
||||
void mark_generated_ta_secure_sb_request_complete(Trust_anchor_request const &request);
|
||||
|
||||
/**
|
||||
* Mark generated TA create key request complete
|
||||
*
|
||||
* \param request reference to the request completed by the TA
|
||||
* \param key reference to the key plaintext created by the TA
|
||||
*/
|
||||
void mark_generated_ta_create_key_request_complete(Trust_anchor_request const &request,
|
||||
Key_plaintext_value const &key);
|
||||
|
||||
/**
|
||||
* Peek generated TA key ciphertext
|
||||
*
|
||||
* \param request reference to the request
|
||||
* \return key ciphertext
|
||||
*/
|
||||
Key_ciphertext_value peek_generated_ta_key_value_ciphertext(Trust_anchor_request const &request) const
|
||||
{
|
||||
Cbe::Key_ciphertext_value ck { };
|
||||
_peek_generated_ta_key_value_ciphertext(request, ck);
|
||||
return ck;
|
||||
}
|
||||
|
||||
/**
|
||||
* Peek generated TA key plaintext
|
||||
*
|
||||
* \param request reference to the request
|
||||
* \return key plaintext
|
||||
*/
|
||||
Key_plaintext_value peek_generated_ta_key_value_plaintext(Trust_anchor_request const &request) const
|
||||
{
|
||||
Cbe::Key_plaintext_value pk { };
|
||||
_peek_generated_ta_key_value_plaintext(request, pk);
|
||||
return pk;
|
||||
}
|
||||
|
||||
/**
|
||||
* Mark generated TA decrypt key request complete
|
||||
*
|
||||
* \param request reference to the request completed by the TA
|
||||
* \param key reference to the key plaintext decrypted by the TA
|
||||
*/
|
||||
void mark_generated_ta_decrypt_key_request_complete(Trust_anchor_request const &reference,
|
||||
Key_plaintext_value const &key);
|
||||
|
||||
/**
|
||||
* Mark generated TA encrypt key request complete
|
||||
*
|
||||
* \param request reference to the request completed by the TA
|
||||
* \param key reference to the key ciphertext encrypted by the TA
|
||||
*/
|
||||
void mark_generated_ta_encrypt_key_request_complete(Trust_anchor_request const &request,
|
||||
Key_ciphertext_value const &key);
|
||||
|
||||
/**
|
||||
* Mark generated TA last superblock hash request complete
|
||||
*
|
||||
* \param request reference to the request completed by the TA
|
||||
* \param hash reference to the superblock hash stored in the TA
|
||||
*/
|
||||
void mark_generated_ta_last_sb_hash_request_complete(Trust_anchor_request const &request,
|
||||
Hash const &hash);
|
||||
};
|
||||
|
||||
#endif /* _CBE_LIBRARY_H_ */
|
@ -1,65 +0,0 @@
|
||||
/*
|
||||
* \brief Integration of the Consistent Block Encrypter (CBE)
|
||||
* \author Martin Stein
|
||||
* \author Josef Soentgen
|
||||
* \date 2020-11-10
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2020 Genode Labs GmbH
|
||||
*
|
||||
* This file is part of the Genode OS framework, which is distributed
|
||||
* under the terms of the GNU Affero General Public License version 3.
|
||||
*/
|
||||
|
||||
#ifndef _CBE_SPARK_OBJECT_H_
|
||||
#define _CBE_SPARK_OBJECT_H_
|
||||
|
||||
/* Genode includes */
|
||||
#include <base/stdint.h>
|
||||
#include <base/output.h>
|
||||
#include <base/log.h>
|
||||
|
||||
namespace Cbe {
|
||||
|
||||
/**
|
||||
* Opaque object that contains the space needed to store a SPARK record.
|
||||
*
|
||||
* \param BYTES size of the SPARK record in bytes
|
||||
*/
|
||||
template <Genode::uint32_t BYTES>
|
||||
struct Spark_object
|
||||
{
|
||||
/**
|
||||
* Exception type
|
||||
*/
|
||||
struct Object_size_mismatch { };
|
||||
|
||||
static constexpr Genode::uint32_t bytes() { return BYTES; }
|
||||
|
||||
long _space[(BYTES + sizeof(long) - 1)/sizeof(long)] { };
|
||||
};
|
||||
|
||||
template <typename T>
|
||||
static inline void assert_valid_object_size()
|
||||
{
|
||||
if (object_size(*(T *)nullptr) > T::bytes()) {
|
||||
Genode::error("need ", object_size(*(T *)nullptr),
|
||||
" bytes, got ", T::bytes(), " bytes");
|
||||
throw typename T::Object_size_mismatch();
|
||||
}
|
||||
}
|
||||
|
||||
template <typename T>
|
||||
static inline void assert_same_object_size()
|
||||
{
|
||||
if (object_size(*(T *)nullptr) != T::bytes()) {
|
||||
Genode::error("need ", object_size(*(T *)nullptr),
|
||||
" bytes, got ", T::bytes(), " bytes");
|
||||
throw typename T::Object_size_mismatch();
|
||||
}
|
||||
}
|
||||
|
||||
} /* namespace Cbe */
|
||||
|
||||
#endif /* _CBE_SPARK_OBJECT_H_ */
|
@ -1,451 +0,0 @@
|
||||
/*
|
||||
* \brief Integration of the Consistent Block Encrypter (CBE)
|
||||
* \author Martin Stein
|
||||
* \author Josef Soentgen
|
||||
* \date 2020-11-10
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2020 Genode Labs GmbH
|
||||
*
|
||||
* This file is part of the Genode OS framework, which is distributed
|
||||
* under the terms of the GNU Affero General Public License version 3.
|
||||
*/
|
||||
|
||||
#ifndef _CBE_TYPES_H_
|
||||
#define _CBE_TYPES_H_
|
||||
|
||||
/* Genode includes */
|
||||
#include <base/stdint.h>
|
||||
#include <base/output.h>
|
||||
#include <base/exception.h>
|
||||
#include <util/string.h>
|
||||
|
||||
namespace Cbe {
|
||||
|
||||
enum { INVALID_GENERATION = 0 };
|
||||
|
||||
using namespace Genode;
|
||||
using Number_of_primitives = size_t;
|
||||
using Physical_block_address = uint64_t;
|
||||
using Virtual_block_address = uint64_t;
|
||||
using Generation = uint64_t;
|
||||
using Generation_string = String<21>;
|
||||
using Height = uint32_t;
|
||||
using Number_of_leaves = uint64_t;
|
||||
using Number_of_leafs = uint64_t;
|
||||
using Number_of_blocks = uint64_t;
|
||||
using Degree = uint32_t;
|
||||
|
||||
static constexpr uint32_t BLOCK_SIZE = 4096;
|
||||
static constexpr uint32_t NR_OF_SNAPSHOTS = 48;
|
||||
|
||||
|
||||
class Request
|
||||
{
|
||||
public:
|
||||
|
||||
enum class Operation : uint32_t {
|
||||
INVALID = 0,
|
||||
READ = 1,
|
||||
WRITE = 2,
|
||||
SYNC = 3,
|
||||
CREATE_SNAPSHOT = 4,
|
||||
DISCARD_SNAPSHOT = 5,
|
||||
REKEY = 6,
|
||||
EXTEND_VBD = 7,
|
||||
EXTEND_FT = 8,
|
||||
RESUME_REKEYING = 10,
|
||||
DEINITIALIZE = 11,
|
||||
INITIALIZE = 12,
|
||||
};
|
||||
|
||||
private:
|
||||
|
||||
Operation _operation;
|
||||
bool _success;
|
||||
uint64_t _block_number;
|
||||
uint64_t _offset;
|
||||
Number_of_blocks _count;
|
||||
uint32_t _key_id;
|
||||
uint32_t _tag;
|
||||
|
||||
public:
|
||||
|
||||
Request(Operation operation,
|
||||
bool success,
|
||||
uint64_t block_number,
|
||||
uint64_t offset,
|
||||
Number_of_blocks count,
|
||||
uint32_t key_id,
|
||||
uint32_t tag)
|
||||
:
|
||||
_operation { operation },
|
||||
_success { success },
|
||||
_block_number { block_number },
|
||||
_offset { offset },
|
||||
_count { count },
|
||||
_key_id { key_id },
|
||||
_tag { tag }
|
||||
{ }
|
||||
|
||||
Request()
|
||||
:
|
||||
_operation { Operation::INVALID },
|
||||
_success { false },
|
||||
_block_number { 0 },
|
||||
_offset { 0 },
|
||||
_count { 0 },
|
||||
_key_id { 0 },
|
||||
_tag { 0 }
|
||||
{ }
|
||||
|
||||
bool valid() const
|
||||
{
|
||||
return _operation != Operation::INVALID;
|
||||
}
|
||||
|
||||
void print(Genode::Output &out) const;
|
||||
|
||||
|
||||
/***************
|
||||
** Accessors **
|
||||
***************/
|
||||
|
||||
bool read() const { return _operation == Operation::READ; }
|
||||
bool write() const { return _operation == Operation::WRITE; }
|
||||
bool sync() const { return _operation == Operation::SYNC; }
|
||||
bool create_snapshot() const { return _operation == Operation::CREATE_SNAPSHOT; }
|
||||
bool discard_snapshot() const { return _operation == Operation::DISCARD_SNAPSHOT; }
|
||||
bool rekey() const { return _operation == Operation::REKEY; }
|
||||
bool extend_vbd() const { return _operation == Operation::EXTEND_VBD; }
|
||||
bool extend_ft() const { return _operation == Operation::EXTEND_FT; }
|
||||
bool resume_rekeying() const { return _operation == Operation::RESUME_REKEYING; }
|
||||
bool deinitialize() const { return _operation == Operation::DEINITIALIZE; }
|
||||
bool initialize() const { return _operation == Operation::INITIALIZE; }
|
||||
|
||||
Operation operation() const { return _operation; }
|
||||
bool success() const { return _success; }
|
||||
uint64_t block_number() const { return _block_number; }
|
||||
uint64_t offset() const { return _offset; }
|
||||
Number_of_blocks count() const { return _count; }
|
||||
uint32_t key_id() const { return _key_id; }
|
||||
uint32_t tag() const { return _tag; }
|
||||
|
||||
void success(bool arg) { _success = arg; }
|
||||
void tag(uint32_t arg) { _tag = arg; }
|
||||
|
||||
} __attribute__((packed));
|
||||
|
||||
class Trust_anchor_request
|
||||
{
|
||||
public:
|
||||
|
||||
enum class Operation : uint32_t {
|
||||
INVALID = 0,
|
||||
CREATE_KEY = 1,
|
||||
SECURE_SUPERBLOCK = 2,
|
||||
ENCRYPT_KEY = 3,
|
||||
DECRYPT_KEY = 4,
|
||||
LAST_SB_HASH = 5,
|
||||
INITIALIZE = 6,
|
||||
};
|
||||
|
||||
private:
|
||||
|
||||
Operation _operation;
|
||||
bool _success;
|
||||
uint32_t _tag;
|
||||
|
||||
public:
|
||||
|
||||
Trust_anchor_request()
|
||||
:
|
||||
_operation { Operation::INVALID },
|
||||
_success { false },
|
||||
_tag { 0 }
|
||||
{ }
|
||||
|
||||
Trust_anchor_request(Operation operation,
|
||||
bool success,
|
||||
uint32_t tag)
|
||||
:
|
||||
_operation { operation },
|
||||
_success { success },
|
||||
_tag { tag }
|
||||
{ }
|
||||
|
||||
void print(Genode::Output &out) const;
|
||||
|
||||
bool valid() const { return _operation != Operation::INVALID; }
|
||||
bool create_key() const { return _operation == Operation::CREATE_KEY; }
|
||||
bool secure_superblock() const { return _operation == Operation::SECURE_SUPERBLOCK; }
|
||||
bool encrypt_key() const { return _operation == Operation::ENCRYPT_KEY; }
|
||||
bool decrypt_key() const { return _operation == Operation::DECRYPT_KEY; }
|
||||
bool last_sb_hash() const { return _operation == Operation::LAST_SB_HASH; }
|
||||
bool initialize() const { return _operation == Operation::INITIALIZE; }
|
||||
|
||||
Operation operation() const { return _operation; }
|
||||
bool success() const { return _success; }
|
||||
uint32_t tag() const { return _tag; }
|
||||
|
||||
void tag(uint32_t arg) { _tag = arg; }
|
||||
void success(bool arg) { _success = arg; }
|
||||
|
||||
} __attribute__((packed));
|
||||
|
||||
|
||||
struct Block_data
|
||||
{
|
||||
char values[BLOCK_SIZE];
|
||||
|
||||
void print(Genode::Output &out) const
|
||||
{
|
||||
using namespace Genode;
|
||||
for (char const c : values) {
|
||||
Genode::print(out, Hex(c, Hex::OMIT_PREFIX, Hex::PAD), " ");
|
||||
}
|
||||
Genode::print(out, "\n");
|
||||
}
|
||||
} __attribute__((packed));
|
||||
|
||||
|
||||
class Io_buffer
|
||||
{
|
||||
private:
|
||||
|
||||
Block_data items[1];
|
||||
|
||||
public:
|
||||
|
||||
struct Bad_index : Genode::Exception { };
|
||||
|
||||
struct Index
|
||||
{
|
||||
uint32_t value;
|
||||
|
||||
explicit Index(uint32_t value) : value(value) { }
|
||||
|
||||
} __attribute__((packed));
|
||||
|
||||
Block_data &item(Index const idx)
|
||||
{
|
||||
if (idx.value >= sizeof(items) / sizeof(items[0])) {
|
||||
throw Bad_index();
|
||||
}
|
||||
return items[idx.value];
|
||||
}
|
||||
|
||||
} __attribute__((packed));
|
||||
|
||||
|
||||
class Crypto_plain_buffer
|
||||
{
|
||||
private:
|
||||
|
||||
Block_data items[1];
|
||||
|
||||
public:
|
||||
|
||||
struct Bad_index : Genode::Exception { };
|
||||
|
||||
struct Index
|
||||
{
|
||||
uint32_t value;
|
||||
|
||||
explicit Index(uint32_t value) : value(value) { }
|
||||
|
||||
} __attribute__((packed));
|
||||
|
||||
Block_data &item(Index const idx)
|
||||
{
|
||||
if (idx.value >= sizeof(items) / sizeof(items[0])) {
|
||||
throw Bad_index();
|
||||
}
|
||||
return items[idx.value];
|
||||
}
|
||||
|
||||
} __attribute__((packed));
|
||||
|
||||
|
||||
class Crypto_cipher_buffer
|
||||
{
|
||||
private:
|
||||
|
||||
Block_data items[1];
|
||||
|
||||
public:
|
||||
|
||||
struct Bad_index : Genode::Exception { };
|
||||
|
||||
struct Index
|
||||
{
|
||||
uint32_t value;
|
||||
|
||||
explicit Index(uint32_t value) : value(value) { }
|
||||
|
||||
} __attribute__((packed));
|
||||
|
||||
Block_data &item(Index const idx)
|
||||
{
|
||||
if (idx.value >= sizeof(items) / sizeof(items[0])) {
|
||||
throw Bad_index();
|
||||
}
|
||||
return items[idx.value];
|
||||
}
|
||||
} __attribute__((packed));
|
||||
|
||||
|
||||
/*
|
||||
* The Hash contains the hash of a node.
|
||||
*/
|
||||
struct Hash
|
||||
{
|
||||
enum { MAX_LENGTH = 32, };
|
||||
char values[MAX_LENGTH];
|
||||
|
||||
/* hash as hex value plus "0x" prefix and terminating null */
|
||||
using String = Genode::String<sizeof(values) * 2 + 3>;
|
||||
|
||||
/* debug */
|
||||
void print(Genode::Output &out) const
|
||||
{
|
||||
using namespace Genode;
|
||||
Genode::print(out, "0x");
|
||||
bool leading_zero = true;
|
||||
for (char const c : values) {
|
||||
if (leading_zero) {
|
||||
if (c) {
|
||||
leading_zero = false;
|
||||
Genode::print(out, Hex(c, Hex::OMIT_PREFIX));
|
||||
}
|
||||
} else {
|
||||
Genode::print(out, Hex(c, Hex::OMIT_PREFIX, Hex::PAD));
|
||||
}
|
||||
}
|
||||
if (leading_zero) {
|
||||
Genode::print(out, "0");
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
struct Key_plaintext_value
|
||||
{
|
||||
enum { KEY_SIZE = 32 };
|
||||
char value[KEY_SIZE];
|
||||
};
|
||||
|
||||
struct Key_ciphertext_value
|
||||
{
|
||||
enum { KEY_SIZE = 32 };
|
||||
char value[KEY_SIZE];
|
||||
};
|
||||
|
||||
/*
|
||||
* The Key contains the key-material that is used to
|
||||
* process cipher-blocks.
|
||||
*
|
||||
* (For now it is not used but the ID field is already referenced
|
||||
* by type 2 nodes.)
|
||||
*/
|
||||
struct Key
|
||||
{
|
||||
enum { KEY_SIZE = 32 };
|
||||
char value[KEY_SIZE];
|
||||
|
||||
struct Id { uint32_t value; };
|
||||
Id id;
|
||||
|
||||
using String = Genode::String<sizeof(value) * 2 + 3>;
|
||||
|
||||
void print(Genode::Output &out) const
|
||||
{
|
||||
using namespace Genode;
|
||||
Genode::print(out, "[", id.value, ", ");
|
||||
for (uint32_t i = 0; i < 4; i++) {
|
||||
Genode::print(out, Hex(value[i], Hex::OMIT_PREFIX, Hex::PAD));
|
||||
}
|
||||
Genode::print(out, "...]");
|
||||
}
|
||||
} __attribute__((packed));
|
||||
|
||||
|
||||
struct Active_snapshot_ids
|
||||
{
|
||||
uint64_t values[NR_OF_SNAPSHOTS];
|
||||
} __attribute__((packed));
|
||||
|
||||
|
||||
struct Info
|
||||
{
|
||||
bool valid;
|
||||
bool rekeying;
|
||||
bool extending_vbd;
|
||||
bool extending_ft;
|
||||
} __attribute__((packed));
|
||||
}
|
||||
|
||||
|
||||
inline char const *to_string(Cbe::Request::Operation op)
|
||||
{
|
||||
struct Unknown_operation_type : Genode::Exception { };
|
||||
switch (op) {
|
||||
case Cbe::Request::Operation::INVALID: return "invalid";
|
||||
case Cbe::Request::Operation::READ: return "read";
|
||||
case Cbe::Request::Operation::WRITE: return "write";
|
||||
case Cbe::Request::Operation::SYNC: return "sync";
|
||||
case Cbe::Request::Operation::CREATE_SNAPSHOT: return "create_snapshot";
|
||||
case Cbe::Request::Operation::DISCARD_SNAPSHOT: return "discard_snapshot";
|
||||
case Cbe::Request::Operation::REKEY: return "rekey";
|
||||
case Cbe::Request::Operation::EXTEND_VBD: return "extend_vbd";
|
||||
case Cbe::Request::Operation::EXTEND_FT: return "extend_ft";
|
||||
case Cbe::Request::Operation::RESUME_REKEYING: return "resume_rekeying";
|
||||
case Cbe::Request::Operation::DEINITIALIZE: return "deinitialize";
|
||||
case Cbe::Request::Operation::INITIALIZE: return "initialize";
|
||||
}
|
||||
throw Unknown_operation_type();
|
||||
}
|
||||
|
||||
|
||||
inline char const *to_string(Cbe::Trust_anchor_request::Operation op)
|
||||
{
|
||||
struct Unknown_operation_type : Genode::Exception { };
|
||||
switch (op) {
|
||||
case Cbe::Trust_anchor_request::Operation::INVALID: return "invalid";
|
||||
case Cbe::Trust_anchor_request::Operation::CREATE_KEY: return "create_key";
|
||||
case Cbe::Trust_anchor_request::Operation::INITIALIZE: return "initialize";
|
||||
case Cbe::Trust_anchor_request::Operation::SECURE_SUPERBLOCK: return "secure_superblock";
|
||||
case Cbe::Trust_anchor_request::Operation::ENCRYPT_KEY: return "encrypt_key";
|
||||
case Cbe::Trust_anchor_request::Operation::DECRYPT_KEY: return "decrypt_key";
|
||||
case Cbe::Trust_anchor_request::Operation::LAST_SB_HASH: return "last_sb_hash";
|
||||
}
|
||||
throw Unknown_operation_type();
|
||||
}
|
||||
|
||||
|
||||
inline void Cbe::Request::print(Genode::Output &out) const
|
||||
{
|
||||
if (!valid()) {
|
||||
Genode::print(out, "<invalid>");
|
||||
return;
|
||||
}
|
||||
Genode::print(out, "op=", to_string (_operation));
|
||||
Genode::print(out, " vba=", _block_number);
|
||||
Genode::print(out, " cnt=", _count);
|
||||
Genode::print(out, " tag=", _tag);
|
||||
Genode::print(out, " key=", _key_id);
|
||||
Genode::print(out, " off=", _offset);
|
||||
Genode::print(out, " succ=", _success);
|
||||
}
|
||||
|
||||
inline void Cbe::Trust_anchor_request::print(Genode::Output &out) const
|
||||
{
|
||||
if (!valid()) {
|
||||
Genode::print(out, "<invalid>");
|
||||
return;
|
||||
}
|
||||
Genode::print(out, "op=", to_string (_operation));
|
||||
Genode::print(out, " tag=", _tag);
|
||||
Genode::print(out, " succ=", _success);
|
||||
}
|
||||
#endif /* _CBE_TYPES_H_ */
|
@ -1,728 +0,0 @@
|
||||
/*
|
||||
* \brief Integration of the Consistent Block Encrypter (CBE)
|
||||
* \author Martin Stein
|
||||
* \author Josef Soentgen
|
||||
* \date 2020-11-10
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2020 Genode Labs GmbH
|
||||
*
|
||||
* This file is part of the Genode OS framework, which is distributed
|
||||
* under the terms of the GNU Affero General Public License version 3.
|
||||
*/
|
||||
|
||||
#ifndef _CBE__VFS__TRUST_ANCHOR_VFS_H_
|
||||
#define _CBE__VFS__TRUST_ANCHOR_VFS_H_
|
||||
|
||||
/* local includes */
|
||||
#include <cbe/vfs/io_job.h>
|
||||
|
||||
namespace Util {
|
||||
|
||||
using namespace Genode;
|
||||
|
||||
struct Trust_anchor_vfs;
|
||||
|
||||
}; /* namespace Util */
|
||||
|
||||
|
||||
struct Util::Trust_anchor_vfs
|
||||
{
|
||||
struct Invalid_request : Genode::Exception { };
|
||||
|
||||
using Path = Genode::Path<256>;
|
||||
|
||||
Vfs::File_system &_vfs;
|
||||
Allocator &_alloc;
|
||||
|
||||
struct File
|
||||
{
|
||||
struct Could_not_open_file : Genode::Exception { };
|
||||
struct Io_job_already_constructed : Genode::Exception { };
|
||||
struct Cannot_drop_unconstructed_io_job : Genode::Exception { };
|
||||
|
||||
struct Completed_io_job
|
||||
{
|
||||
bool completed;
|
||||
bool success;
|
||||
};
|
||||
|
||||
File(File const &) = delete;
|
||||
File &operator=(File const&) = delete;
|
||||
|
||||
Vfs::File_system &_vfs;
|
||||
Vfs::Vfs_handle *_vfs_handle;
|
||||
|
||||
Genode::Constructible<Util::Io_job> _io_job { };
|
||||
|
||||
File(Path const &base_path,
|
||||
char const *name,
|
||||
Vfs::File_system &vfs,
|
||||
Genode::Allocator &alloc)
|
||||
:
|
||||
_vfs { vfs },
|
||||
_vfs_handle { nullptr }
|
||||
{
|
||||
using Result = Vfs::Directory_service::Open_result;
|
||||
|
||||
Path file_path = base_path;
|
||||
file_path.append_element(name);
|
||||
|
||||
Result const res =
|
||||
_vfs.open(file_path.string(),
|
||||
Vfs::Directory_service::OPEN_MODE_RDWR,
|
||||
(Vfs::Vfs_handle **)&_vfs_handle, alloc);
|
||||
if (res != Result::OPEN_OK) {
|
||||
error("could not open '", file_path.string(), "'");
|
||||
throw Could_not_open_file();
|
||||
}
|
||||
}
|
||||
|
||||
~File()
|
||||
{
|
||||
_vfs.close(_vfs_handle);
|
||||
}
|
||||
|
||||
bool submit_io_job(Util::Io_job::Buffer &buffer,
|
||||
Util::Io_job::Operation op)
|
||||
{
|
||||
if (_io_job.constructed()) {
|
||||
// throw Io_job_already_constructed();
|
||||
return false;
|
||||
}
|
||||
|
||||
_io_job.construct(*_vfs_handle, op, buffer, 0);
|
||||
return true;
|
||||
}
|
||||
|
||||
bool execute_io_job()
|
||||
{
|
||||
if (!_io_job.constructed()) {
|
||||
return false;
|
||||
}
|
||||
return _io_job->execute();
|
||||
}
|
||||
|
||||
void drop_io_job()
|
||||
{
|
||||
if (!_io_job.constructed()) {
|
||||
throw Cannot_drop_unconstructed_io_job();
|
||||
}
|
||||
_io_job.destruct();
|
||||
}
|
||||
|
||||
Completed_io_job completed_io_job()
|
||||
{
|
||||
if (!_io_job.constructed()) {
|
||||
return { false, false };
|
||||
}
|
||||
|
||||
return { _io_job->completed(), _io_job->succeeded() };
|
||||
}
|
||||
};
|
||||
|
||||
Path const _ta_dir;
|
||||
|
||||
Util::Io_job::Buffer _init_io_buffer { };
|
||||
Util::Io_job::Buffer _encrypt_io_buffer { };
|
||||
Util::Io_job::Buffer _decrypt_io_buffer { };
|
||||
Util::Io_job::Buffer _generate_key_io_buffer { };
|
||||
Util::Io_job::Buffer _last_hash_io_buffer { };
|
||||
|
||||
File _init_file { _ta_dir, "initialize", _vfs, _alloc };
|
||||
File _encrypt_file { _ta_dir, "encrypt", _vfs, _alloc };
|
||||
File _decrypt_file { _ta_dir, "decrypt", _vfs, _alloc };
|
||||
File _generate_key_file { _ta_dir, "generate_key", _vfs, _alloc };
|
||||
File _last_hash_file { _ta_dir, "hashsum", _vfs, _alloc };
|
||||
|
||||
struct Job
|
||||
{
|
||||
enum class Type {
|
||||
NONE,
|
||||
DECRYPT_WRITE,
|
||||
DECRYPT_READ,
|
||||
ENCRYPT_WRITE,
|
||||
ENCRYPT_READ,
|
||||
GENERATE,
|
||||
INIT_WRITE,
|
||||
INIT_READ,
|
||||
HASH_READ,
|
||||
HASH_UPDATE_WRITE,
|
||||
HASH_UPDATE_READ,
|
||||
};
|
||||
Type type { Type::NONE };
|
||||
|
||||
static char const *to_string(Type const type)
|
||||
{
|
||||
switch (type) {
|
||||
case Type::NONE: return "NONE";
|
||||
case Type::DECRYPT_WRITE: return "DECRYPT_WRITE";
|
||||
case Type::DECRYPT_READ: return "DECRYPT_READ";
|
||||
case Type::ENCRYPT_WRITE: return "ENCRYPT_WRITE";
|
||||
case Type::ENCRYPT_READ: return "ENCRYPT_READ";
|
||||
case Type::GENERATE: return "GENERATE";
|
||||
case Type::INIT_WRITE: return "INIT_WRITE";
|
||||
case Type::INIT_READ: return "INIT_READ";
|
||||
case Type::HASH_READ: return "HASH_READ";
|
||||
case Type::HASH_UPDATE_WRITE: return "HASH_UPDATE_WRITE";
|
||||
case Type::HASH_UPDATE_READ: return "HASH_UPDATE_READ";
|
||||
}
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
enum class State {
|
||||
NONE,
|
||||
PENDING,
|
||||
IN_PROGRESS,
|
||||
COMPLETE
|
||||
};
|
||||
State state { State::NONE };
|
||||
|
||||
static char const *to_string(State const state)
|
||||
{
|
||||
switch (state) {
|
||||
case State::NONE: return "NONE";
|
||||
case State::PENDING: return "PENDING";
|
||||
case State::IN_PROGRESS: return "IN_PROGRESS";
|
||||
case State::COMPLETE: return "COMPLETE";
|
||||
}
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
Cbe::Hash hash;
|
||||
Cbe::Key_plaintext_value plain;
|
||||
Cbe::Key_ciphertext_value cipher;
|
||||
|
||||
Cbe::Trust_anchor_request request { };
|
||||
bool success { false };
|
||||
|
||||
void reset()
|
||||
{
|
||||
type = Type::NONE;
|
||||
state = State::NONE;
|
||||
request = Cbe::Trust_anchor_request();
|
||||
}
|
||||
|
||||
bool valid() const { return state != State::NONE; }
|
||||
|
||||
bool completed() const { return state == State::COMPLETE; }
|
||||
|
||||
bool equals(Cbe::Trust_anchor_request const &other) const
|
||||
{
|
||||
return request.operation() == other.operation()
|
||||
&& request.tag() == other.tag();
|
||||
}
|
||||
|
||||
void print(Genode::Output &out) const
|
||||
{
|
||||
if (!valid()) {
|
||||
Genode::print(out, "<invalid>");
|
||||
return;
|
||||
}
|
||||
|
||||
Genode::print(out, "type: ", to_string(type));
|
||||
Genode::print(out, " state: ", to_string(state));
|
||||
Genode::print(out, " request: ", request);
|
||||
}
|
||||
};
|
||||
|
||||
Job _job { };
|
||||
|
||||
bool _execute_decrypt(Job &job, bool write)
|
||||
{
|
||||
bool progress = false;
|
||||
File::Completed_io_job completed_io_job { false, false };
|
||||
|
||||
switch (job.state) {
|
||||
case Job::State::PENDING:
|
||||
{
|
||||
using Op = Util::Io_job::Operation;
|
||||
|
||||
Op const op = write ? Op::WRITE : Op::READ;
|
||||
if (!_decrypt_file.submit_io_job(_decrypt_io_buffer, op)) {
|
||||
break;
|
||||
}
|
||||
job.state = Job::State::IN_PROGRESS;
|
||||
progress |= true;
|
||||
}
|
||||
[[fallthrough]];
|
||||
case Job::State::IN_PROGRESS:
|
||||
if (!_decrypt_file.execute_io_job()) {
|
||||
break;
|
||||
}
|
||||
|
||||
progress |= true;
|
||||
|
||||
completed_io_job = _decrypt_file.completed_io_job();
|
||||
if (!completed_io_job.completed) {
|
||||
break;
|
||||
}
|
||||
_decrypt_file.drop_io_job();
|
||||
|
||||
/* setup second phase */
|
||||
if (write) {
|
||||
|
||||
/*
|
||||
* In case the write request was not successful it
|
||||
* is not needed to try to read the result.
|
||||
*/
|
||||
if (!completed_io_job.success) {
|
||||
job.state = Job::State::COMPLETE;
|
||||
job.request.success(false);
|
||||
break;
|
||||
}
|
||||
|
||||
_decrypt_io_buffer = {
|
||||
.base = _job.plain.value,
|
||||
.size = sizeof (_job.plain)
|
||||
};
|
||||
|
||||
job.type = Job::Type::DECRYPT_READ;
|
||||
job.state = Job::State::PENDING;
|
||||
break;
|
||||
}
|
||||
|
||||
job.state = Job::State::COMPLETE;
|
||||
job.success = completed_io_job.success;
|
||||
job.request.success(job.success);
|
||||
[[fallthrough]];
|
||||
case Job::State::COMPLETE: break;
|
||||
case Job::State::NONE: break;
|
||||
}
|
||||
return progress;
|
||||
}
|
||||
|
||||
bool _execute_encrypt(Job &job, bool write)
|
||||
{
|
||||
bool progress = false;
|
||||
File::Completed_io_job completed_io_job { false, false };
|
||||
|
||||
switch (job.state) {
|
||||
case Job::State::PENDING:
|
||||
{
|
||||
using Op = Util::Io_job::Operation;
|
||||
|
||||
Op const op = write ? Op::WRITE : Op::READ;
|
||||
if (!_encrypt_file.submit_io_job(_encrypt_io_buffer, op)) {
|
||||
break;
|
||||
}
|
||||
job.state = Job::State::IN_PROGRESS;
|
||||
progress |= true;
|
||||
}
|
||||
[[fallthrough]];
|
||||
case Job::State::IN_PROGRESS:
|
||||
if (!_encrypt_file.execute_io_job()) {
|
||||
break;
|
||||
}
|
||||
|
||||
progress |= true;
|
||||
|
||||
completed_io_job = _encrypt_file.completed_io_job();
|
||||
if (!completed_io_job.completed) {
|
||||
break;
|
||||
}
|
||||
_encrypt_file.drop_io_job();
|
||||
|
||||
/* setup second phase */
|
||||
if (write) {
|
||||
|
||||
/*
|
||||
* In case the write request was not successful it
|
||||
* is not needed to try to read the result.
|
||||
*/
|
||||
if (!completed_io_job.success) {
|
||||
job.state = Job::State::COMPLETE;
|
||||
job.request.success(false);
|
||||
break;
|
||||
}
|
||||
|
||||
_encrypt_io_buffer = {
|
||||
.base = _job.cipher.value,
|
||||
.size = sizeof (_job.cipher)
|
||||
};
|
||||
|
||||
job.type = Job::Type::ENCRYPT_READ;
|
||||
job.state = Job::State::PENDING;
|
||||
break;
|
||||
}
|
||||
|
||||
job.state = Job::State::COMPLETE;
|
||||
job.success = completed_io_job.success;
|
||||
job.request.success(job.success);
|
||||
[[fallthrough]];
|
||||
case Job::State::COMPLETE: break;
|
||||
case Job::State::NONE: break;
|
||||
}
|
||||
return progress;
|
||||
}
|
||||
|
||||
bool _execute_generate(Job &job)
|
||||
{
|
||||
bool progress = false;
|
||||
File::Completed_io_job completed_io_job { false, false };
|
||||
|
||||
switch (job.state) {
|
||||
case Job::State::PENDING:
|
||||
if (!_generate_key_file.submit_io_job(_generate_key_io_buffer,
|
||||
Util::Io_job::Operation::READ)) {
|
||||
break;
|
||||
}
|
||||
job.state = Job::State::IN_PROGRESS;
|
||||
progress |= true;
|
||||
[[fallthrough]];
|
||||
case Job::State::IN_PROGRESS:
|
||||
if (!_generate_key_file.execute_io_job()) {
|
||||
break;
|
||||
}
|
||||
|
||||
progress |= true;
|
||||
|
||||
completed_io_job = _generate_key_file.completed_io_job();
|
||||
if (!completed_io_job.completed) {
|
||||
break;
|
||||
}
|
||||
_generate_key_file.drop_io_job();
|
||||
|
||||
job.state = Job::State::COMPLETE;
|
||||
job.success = completed_io_job.success;
|
||||
job.request.success(job.success);
|
||||
[[fallthrough]];
|
||||
case Job::State::COMPLETE: break;
|
||||
case Job::State::NONE: break;
|
||||
}
|
||||
return progress;
|
||||
}
|
||||
|
||||
bool _execute_init(Job &job, bool write)
|
||||
{
|
||||
bool progress = false;
|
||||
File::Completed_io_job completed_io_job { false, false };
|
||||
|
||||
switch (job.state) {
|
||||
case Job::State::PENDING:
|
||||
{
|
||||
using Op = Util::Io_job::Operation;
|
||||
|
||||
Op const op = write ? Op::WRITE : Op::READ;
|
||||
if (!_init_file.submit_io_job(_init_io_buffer, op)) {
|
||||
break;
|
||||
}
|
||||
job.state = Job::State::IN_PROGRESS;
|
||||
progress |= true;
|
||||
}
|
||||
[[fallthrough]];
|
||||
case Job::State::IN_PROGRESS:
|
||||
if (!_init_file.execute_io_job()) {
|
||||
break;
|
||||
}
|
||||
|
||||
progress |= true;
|
||||
|
||||
completed_io_job = _init_file.completed_io_job();
|
||||
if (!completed_io_job.completed) {
|
||||
break;
|
||||
}
|
||||
_init_file.drop_io_job();
|
||||
|
||||
/* setup second phase */
|
||||
if (write) {
|
||||
|
||||
/*
|
||||
* In case the write request was not successful it
|
||||
* is not needed to try to read the result.
|
||||
*/
|
||||
if (!completed_io_job.success) {
|
||||
job.state = Job::State::COMPLETE;
|
||||
job.request.success(false);
|
||||
break;
|
||||
}
|
||||
|
||||
_init_io_buffer = {
|
||||
.base = _job.cipher.value,
|
||||
.size = sizeof (_job.cipher)
|
||||
};
|
||||
|
||||
job.type = Job::Type::INIT_READ;
|
||||
job.state = Job::State::PENDING;
|
||||
break;
|
||||
}
|
||||
|
||||
job.state = Job::State::COMPLETE;
|
||||
job.success = completed_io_job.success;
|
||||
job.request.success(job.success);
|
||||
[[fallthrough]];
|
||||
case Job::State::COMPLETE: break;
|
||||
case Job::State::NONE: break;
|
||||
}
|
||||
return progress;
|
||||
}
|
||||
|
||||
bool _execute_read_hash(Job &job)
|
||||
{
|
||||
bool progress = false;
|
||||
File::Completed_io_job completed_io_job { false, false };
|
||||
|
||||
switch (job.state) {
|
||||
case Job::State::PENDING:
|
||||
if (!_last_hash_file.submit_io_job(_last_hash_io_buffer,
|
||||
Util::Io_job::Operation::READ)) {
|
||||
break;
|
||||
}
|
||||
job.state = Job::State::IN_PROGRESS;
|
||||
progress |= true;
|
||||
[[fallthrough]];
|
||||
case Job::State::IN_PROGRESS:
|
||||
if (!_last_hash_file.execute_io_job()) {
|
||||
break;
|
||||
}
|
||||
|
||||
progress |= true;
|
||||
|
||||
completed_io_job = _last_hash_file.completed_io_job();
|
||||
if (!completed_io_job.completed) {
|
||||
break;
|
||||
}
|
||||
_last_hash_file.drop_io_job();
|
||||
|
||||
job.state = Job::State::COMPLETE;
|
||||
job.success = completed_io_job.success;
|
||||
job.request.success(job.success);
|
||||
[[fallthrough]];
|
||||
case Job::State::COMPLETE: break;
|
||||
case Job::State::NONE: break;
|
||||
}
|
||||
return progress;
|
||||
}
|
||||
|
||||
bool _execute_update_hash(Job &job, bool write)
|
||||
{
|
||||
bool progress = false;
|
||||
File::Completed_io_job completed_io_job { false, false };
|
||||
|
||||
switch (job.state) {
|
||||
case Job::State::PENDING:
|
||||
{
|
||||
using Op = Util::Io_job::Operation;
|
||||
|
||||
Op const op = write ? Op::WRITE : Op::READ;
|
||||
if (!_last_hash_file.submit_io_job(_last_hash_io_buffer, op)) {
|
||||
break;
|
||||
}
|
||||
job.state = Job::State::IN_PROGRESS;
|
||||
progress |= true;
|
||||
}
|
||||
[[fallthrough]];
|
||||
case Job::State::IN_PROGRESS:
|
||||
if (!_last_hash_file.execute_io_job()) {
|
||||
break;
|
||||
}
|
||||
|
||||
progress |= true;
|
||||
|
||||
completed_io_job = _last_hash_file.completed_io_job();
|
||||
if (!completed_io_job.completed) {
|
||||
break;
|
||||
}
|
||||
_last_hash_file.drop_io_job();
|
||||
|
||||
/* setup second phase */
|
||||
if (write) {
|
||||
|
||||
/*
|
||||
* In case the write request was not successful it
|
||||
* is not needed to try to read the result.
|
||||
*/
|
||||
if (!completed_io_job.success) {
|
||||
job.state = Job::State::COMPLETE;
|
||||
job.request.success(false);
|
||||
break;
|
||||
}
|
||||
|
||||
_last_hash_io_buffer = {
|
||||
.base = _job.hash.values,
|
||||
.size = sizeof (_job.hash)
|
||||
};
|
||||
|
||||
job.type = Job::Type::HASH_UPDATE_READ;
|
||||
job.state = Job::State::PENDING;
|
||||
break;
|
||||
}
|
||||
|
||||
job.state = Job::State::COMPLETE;
|
||||
job.success = completed_io_job.success;
|
||||
job.request.success(job.success);
|
||||
[[fallthrough]];
|
||||
case Job::State::COMPLETE: break;
|
||||
case Job::State::NONE: break;
|
||||
}
|
||||
return progress;
|
||||
}
|
||||
|
||||
Trust_anchor_vfs(Vfs::File_system &vfs,
|
||||
Genode::Allocator &alloc,
|
||||
Path const &path)
|
||||
:
|
||||
_vfs(vfs), _alloc(alloc), _ta_dir(path)
|
||||
{ }
|
||||
|
||||
bool request_acceptable() const
|
||||
{
|
||||
return !_job.valid();
|
||||
}
|
||||
|
||||
void submit_create_key_request(Cbe::Trust_anchor_request const &request)
|
||||
{
|
||||
_job = {
|
||||
.type = Job::Type::GENERATE,
|
||||
.state = Job::State::PENDING,
|
||||
.hash = Cbe::Hash(),
|
||||
.plain = Cbe::Key_plaintext_value(),
|
||||
.cipher = Cbe::Key_ciphertext_value(),
|
||||
.request = request,
|
||||
.success = false,
|
||||
};
|
||||
|
||||
_generate_key_io_buffer = {
|
||||
.base = _job.plain.value,
|
||||
.size = sizeof (_job.plain)
|
||||
};
|
||||
}
|
||||
|
||||
void submit_superblock_hash_request(Cbe::Trust_anchor_request const &request)
|
||||
{
|
||||
_job = {
|
||||
.type = Job::Type::HASH_READ,
|
||||
.state = Job::State::PENDING,
|
||||
.hash = Cbe::Hash(),
|
||||
.plain = Cbe::Key_plaintext_value(),
|
||||
.cipher = Cbe::Key_ciphertext_value(),
|
||||
.request = request,
|
||||
.success = false,
|
||||
};
|
||||
|
||||
_last_hash_io_buffer = {
|
||||
.base = _job.hash.values,
|
||||
.size = sizeof (_job.hash)
|
||||
};
|
||||
}
|
||||
|
||||
void submit_secure_superblock_request(Cbe::Trust_anchor_request const &request,
|
||||
Cbe::Hash const &hash)
|
||||
{
|
||||
_job = {
|
||||
.type = Job::Type::HASH_UPDATE_WRITE,
|
||||
.state = Job::State::PENDING,
|
||||
.hash = hash,
|
||||
.plain = Cbe::Key_plaintext_value(),
|
||||
.cipher = Cbe::Key_ciphertext_value(),
|
||||
.request = request,
|
||||
.success = false,
|
||||
};
|
||||
|
||||
_last_hash_io_buffer = {
|
||||
.base = _job.hash.values,
|
||||
.size = sizeof (_job.hash)
|
||||
};
|
||||
}
|
||||
|
||||
void submit_encrypt_key_request(Cbe::Trust_anchor_request const &request,
|
||||
Cbe::Key_plaintext_value const &plain)
|
||||
{
|
||||
_job = {
|
||||
.type = Job::Type::ENCRYPT_WRITE,
|
||||
.state = Job::State::PENDING,
|
||||
.hash = Cbe::Hash(),
|
||||
.plain = plain,
|
||||
.cipher = Cbe::Key_ciphertext_value(),
|
||||
.request = request,
|
||||
.success = false,
|
||||
};
|
||||
|
||||
_encrypt_io_buffer = {
|
||||
.base = _job.plain.value,
|
||||
.size = sizeof (_job.plain)
|
||||
};
|
||||
}
|
||||
|
||||
void submit_decrypt_key_request(Cbe::Trust_anchor_request const &request,
|
||||
Cbe::Key_ciphertext_value const &cipher)
|
||||
{
|
||||
_job = {
|
||||
.type = Job::Type::DECRYPT_WRITE,
|
||||
.state = Job::State::PENDING,
|
||||
.hash = Cbe::Hash(),
|
||||
.plain = Cbe::Key_plaintext_value(),
|
||||
.cipher = cipher,
|
||||
.request = request,
|
||||
.success = false,
|
||||
};
|
||||
|
||||
_decrypt_io_buffer = {
|
||||
.base = _job.cipher.value,
|
||||
.size = sizeof (_job.cipher)
|
||||
};
|
||||
}
|
||||
|
||||
Cbe::Trust_anchor_request peek_completed_request()
|
||||
{
|
||||
return _job.completed() ? _job.request : Cbe::Trust_anchor_request();
|
||||
}
|
||||
|
||||
void drop_completed_request(Cbe::Trust_anchor_request const &request)
|
||||
{
|
||||
if (!_job.equals(request)) {
|
||||
throw Invalid_request();
|
||||
}
|
||||
|
||||
_job.reset();
|
||||
}
|
||||
|
||||
Cbe::Hash peek_completed_superblock_hash(Cbe::Trust_anchor_request const &request)
|
||||
{
|
||||
if (!_job.equals(request) || !_job.completed()) {
|
||||
throw Invalid_request();
|
||||
}
|
||||
|
||||
return _job.hash;
|
||||
}
|
||||
|
||||
Cbe::Key_plaintext_value peek_completed_key_value_plaintext(Cbe::Trust_anchor_request const &request)
|
||||
{
|
||||
if (!_job.equals(request) || !_job.completed()) {
|
||||
throw Invalid_request();
|
||||
}
|
||||
|
||||
return _job.plain;
|
||||
}
|
||||
|
||||
Cbe::Key_ciphertext_value peek_completed_key_value_ciphertext(Cbe::Trust_anchor_request const &request)
|
||||
{
|
||||
if (!_job.equals(request) || !_job.completed()) {
|
||||
throw Invalid_request();
|
||||
}
|
||||
return _job.cipher;
|
||||
}
|
||||
|
||||
bool execute()
|
||||
{
|
||||
bool progress = false;
|
||||
|
||||
switch (_job.type) {
|
||||
case Job::Type::NONE: break;
|
||||
case Job::Type::DECRYPT_WRITE: progress |= _execute_decrypt(_job, true); break;
|
||||
case Job::Type::DECRYPT_READ: progress |= _execute_decrypt(_job, false); break;
|
||||
case Job::Type::ENCRYPT_WRITE: progress |= _execute_encrypt(_job, true); break;
|
||||
case Job::Type::ENCRYPT_READ: progress |= _execute_encrypt(_job, false); break;
|
||||
case Job::Type::GENERATE: progress |= _execute_generate(_job); break;
|
||||
case Job::Type::INIT_WRITE: progress |= _execute_init(_job, true); break;
|
||||
case Job::Type::INIT_READ: progress |= _execute_init(_job, false); break;
|
||||
case Job::Type::HASH_READ: progress |= _execute_read_hash(_job); break;
|
||||
case Job::Type::HASH_UPDATE_WRITE: progress |= _execute_update_hash(_job, true); break;
|
||||
case Job::Type::HASH_UPDATE_READ: progress |= _execute_update_hash(_job, false); break;
|
||||
}
|
||||
return progress;
|
||||
}
|
||||
};
|
||||
|
||||
#endif /* _CBE__VFS__TRUST_ANCHOR_VFS_H_ */
|
@ -1,3 +0,0 @@
|
||||
CBE_DIR := $(call select_from_ports,cbe)
|
||||
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe
|
@ -1,2 +0,0 @@
|
||||
|
||||
INC_DIR += $(call select_from_repositories,src/lib/cbe_check)
|
@ -1,3 +0,0 @@
|
||||
CBE_DIR := $(call select_from_ports,cbe)
|
||||
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_common
|
@ -1,2 +0,0 @@
|
||||
|
||||
INC_DIR += $(call select_from_repositories,src/lib/cbe_dump)
|
@ -1,2 +0,0 @@
|
||||
|
||||
INC_DIR += $(call select_from_repositories,src/lib/cbe_init)
|
@ -1,3 +1,3 @@
|
||||
CBE_DIR := $(call select_from_ports,cbe)
|
||||
TRESOR_DIR := $(call select_from_ports,tresor)
|
||||
|
||||
INC_DIR += $(CBE_DIR)/src/lib/sha256_4k
|
||||
INC_DIR += $(TRESOR_DIR)/src/lib/sha256_4k
|
||||
|
1
repos/gems/lib/import/import-tresor.mk
Normal file
1
repos/gems/lib/import/import-tresor.mk
Normal file
@ -0,0 +1 @@
|
||||
INC_DIR += $(REP_DIR)/src/lib/tresor/include
|
@ -1,12 +0,0 @@
|
||||
CBE_DIR := $(call select_from_ports,cbe)
|
||||
|
||||
SRC_ADB := sha256_4k.adb
|
||||
LIBS += spark libsparkcrypto
|
||||
|
||||
CC_ADA_OPT += -gnatec=$(CBE_DIR)/src/lib/sha256_4k/spark.adc
|
||||
|
||||
INC_DIR += $(CBE_DIR)/src/lib/sha256_4k
|
||||
|
||||
sha256_4k.o : $(CBE_DIR)/src/lib/sha256_4k/sha256_4k.ads
|
||||
|
||||
vpath % $(CBE_DIR)/src/lib/sha256_4k
|
@ -1,23 +0,0 @@
|
||||
CBE_DIR := $(call select_from_ports,cbe)
|
||||
|
||||
LIBS += spark sha256_4k cbe_common
|
||||
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe
|
||||
|
||||
SRC_ADB += cbe-library.adb
|
||||
SRC_ADB += cbe-request_pool.adb
|
||||
SRC_ADB += cbe-crypto.adb
|
||||
SRC_ADB += cbe-tree_helper.adb
|
||||
SRC_ADB += cbe-translation.adb
|
||||
SRC_ADB += cbe-cache.adb
|
||||
SRC_ADB += cbe-new_free_tree.adb
|
||||
SRC_ADB += cbe-ft_resizing.adb
|
||||
SRC_ADB += cbe-mt_resizing.adb
|
||||
SRC_ADB += cbe-meta_tree.adb
|
||||
SRC_ADB += cbe-generic_index_queue.adb
|
||||
SRC_ADB += cbe-superblock_control.adb
|
||||
SRC_ADB += cbe-vbd_rekeying.adb
|
||||
|
||||
vpath % $(CBE_DIR)/src/lib/cbe
|
||||
|
||||
CC_ADA_OPT += -gnatec=$(CBE_DIR)/src/lib/cbe/pragmas.adc
|
@ -1,14 +0,0 @@
|
||||
CBE_DIR := $(call select_from_ports,cbe)
|
||||
|
||||
LIBS += spark sha256_4k cbe_common
|
||||
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_check
|
||||
|
||||
SRC_ADB += cbe-check_library.adb
|
||||
SRC_ADB += cbe-superblock_check.adb
|
||||
SRC_ADB += cbe-vbd_check.adb
|
||||
SRC_ADB += cbe-free_tree_check.adb
|
||||
|
||||
vpath % $(CBE_DIR)/src/lib/cbe_check
|
||||
|
||||
CC_ADA_OPT += -gnatec=$(CBE_DIR)/src/lib/cbe_check/pragmas.adc
|
@ -1,17 +0,0 @@
|
||||
CBE_DIR := $(call select_from_ports,cbe)
|
||||
|
||||
LIBS += spark libsparkcrypto sha256_4k cbe_common cbe_cxx_common
|
||||
LIBS += cbe_check
|
||||
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_check
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_common
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_check_cxx
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_cxx_common
|
||||
|
||||
SRC_ADB += cbe-cxx-cxx_check_library.adb
|
||||
|
||||
vpath % $(CBE_DIR)/src/lib/cbe_check_cxx
|
||||
|
||||
SHARED_LIB := yes
|
||||
|
||||
include $(REP_DIR)/lib/mk/generate_ada_main_pkg.inc
|
@ -1,17 +0,0 @@
|
||||
CBE_DIR := $(call select_from_ports,cbe)
|
||||
|
||||
LIBS += spark sha256_4k
|
||||
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_common
|
||||
|
||||
SRC_ADB += cbe.adb
|
||||
SRC_ADB += cbe-debug.adb
|
||||
SRC_ADB += cbe-request.adb
|
||||
SRC_ADB += cbe-primitive.adb
|
||||
SRC_ADB += cbe-block_io.adb
|
||||
SRC_ADB += cbe-ta_request.adb
|
||||
SRC_ADB += cbe-trust_anchor.adb
|
||||
|
||||
vpath % $(CBE_DIR)/src/lib/cbe_common
|
||||
|
||||
CC_ADA_OPT += -gnatec=$(CBE_DIR)/src/lib/cbe_common/pragmas.adc
|
@ -1,16 +0,0 @@
|
||||
CBE_DIR := $(call select_from_ports,cbe)
|
||||
|
||||
LIBS += spark libsparkcrypto sha256_4k cbe cbe_common cbe_cxx_common
|
||||
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_common
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_cxx
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_cxx_common
|
||||
|
||||
SRC_ADB += cbe-cxx-cxx_library.adb
|
||||
|
||||
vpath % $(CBE_DIR)/src/lib/cbe_cxx
|
||||
|
||||
SHARED_LIB := yes
|
||||
|
||||
include $(REP_DIR)/lib/mk/generate_ada_main_pkg.inc
|
@ -1,12 +0,0 @@
|
||||
CBE_DIR := $(call select_from_ports,cbe)
|
||||
|
||||
LIBS += spark cbe_common
|
||||
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_common
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_cxx_common
|
||||
|
||||
SRC_ADB += cbe-cxx.adb
|
||||
|
||||
SRC_CC += print_cstring.cc
|
||||
|
||||
vpath % $(CBE_DIR)/src/lib/cbe_cxx_common
|
@ -1,14 +0,0 @@
|
||||
CBE_DIR := $(call select_from_ports,cbe)
|
||||
|
||||
LIBS += spark sha256_4k cbe_common
|
||||
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_dump
|
||||
|
||||
SRC_ADB += cbe-dump_library.adb
|
||||
SRC_ADB += cbe-superblock_dump.adb
|
||||
SRC_ADB += cbe-vbd_dump.adb
|
||||
SRC_ADB += cbe-free_tree_dump.adb
|
||||
|
||||
vpath % $(CBE_DIR)/src/lib/cbe_dump
|
||||
|
||||
CC_ADA_OPT += -gnatec=$(CBE_DIR)/src/lib/cbe_dump/pragmas.adc
|
@ -1,17 +0,0 @@
|
||||
CBE_DIR := $(call select_from_ports,cbe)
|
||||
|
||||
LIBS += spark libsparkcrypto sha256_4k cbe_common cbe_cxx_common
|
||||
LIBS += cbe_dump
|
||||
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_dump
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_common
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_dump_cxx
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_cxx_common
|
||||
|
||||
SRC_ADB += cbe-cxx-cxx_dump_library.adb
|
||||
|
||||
vpath % $(CBE_DIR)/src/lib/cbe_dump_cxx
|
||||
|
||||
SHARED_LIB := yes
|
||||
|
||||
include $(REP_DIR)/lib/mk/generate_ada_main_pkg.inc
|
@ -1,15 +0,0 @@
|
||||
CBE_DIR := $(call select_from_ports,cbe)
|
||||
|
||||
LIBS += spark sha256_4k cbe_common cbe_cxx_common
|
||||
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_init
|
||||
|
||||
SRC_ADB += cbe-init_library.adb
|
||||
SRC_ADB += cbe-block_allocator.adb
|
||||
SRC_ADB += cbe-superblock_initializer.adb
|
||||
SRC_ADB += cbe-vbd_initializer.adb
|
||||
SRC_ADB += cbe-free_tree_initializer.adb
|
||||
|
||||
vpath % $(CBE_DIR)/src/lib/cbe_init
|
||||
|
||||
CC_ADA_OPT += -gnatec=$(CBE_DIR)/src/lib/cbe_init/pragmas.adc
|
@ -1,17 +0,0 @@
|
||||
CBE_DIR := $(call select_from_ports,cbe)
|
||||
|
||||
LIBS += spark libsparkcrypto sha256_4k cbe_common cbe_cxx_common
|
||||
LIBS += cbe_init
|
||||
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_init
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_common
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_init_cxx
|
||||
INC_DIR += $(CBE_DIR)/src/lib/cbe_cxx_common
|
||||
|
||||
SRC_ADB += cbe-cxx-cxx_init_library.adb
|
||||
|
||||
vpath % $(CBE_DIR)/src/lib/cbe_init_cxx
|
||||
|
||||
SHARED_LIB := yes
|
||||
|
||||
include $(REP_DIR)/lib/mk/generate_ada_main_pkg.inc
|
@ -1,11 +0,0 @@
|
||||
SRC_CC = vfs.cc
|
||||
|
||||
INC_DIR += $(REP_DIR)/src/lib/vfs/cbe
|
||||
|
||||
LIBS += cbe_cxx
|
||||
|
||||
vpath % $(REP_DIR)/src/lib/vfs/cbe
|
||||
|
||||
SHARED_LIB := yes
|
||||
|
||||
CC_CXX_WARN_STRICT :=
|
@ -1,9 +0,0 @@
|
||||
SRC_CC := vfs.cc
|
||||
SRC_CC += aes_cbc.cc
|
||||
|
||||
LIBS += aes_cbc_4k
|
||||
|
||||
vpath vfs.cc $(REP_DIR)/src/lib/vfs/cbe_crypto/
|
||||
vpath % $(REP_DIR)/src/lib/vfs/cbe_crypto/aes_cbc
|
||||
|
||||
SHARED_LIB = yes
|
@ -1,9 +0,0 @@
|
||||
SRC_CC := vfs.cc
|
||||
SRC_CC += memcopy.cc
|
||||
|
||||
vpath vfs.cc $(REP_DIR)/src/lib/vfs/cbe_crypto/
|
||||
vpath %.cc $(REP_DIR)/src/lib/vfs/cbe_crypto/memcopy
|
||||
|
||||
SHARED_LIB = yes
|
||||
|
||||
CC_CXX_WARN_STRICT_CONVERSION =
|
28
repos/gems/lib/mk/tresor.mk
Normal file
28
repos/gems/lib/mk/tresor.mk
Normal file
@ -0,0 +1,28 @@
|
||||
TRESOR_DIR := $(REP_DIR)/src/lib/tresor
|
||||
|
||||
SRC_CC += crypto.cc
|
||||
SRC_CC += request_pool.cc
|
||||
SRC_CC += sha256_4k_hash.cc
|
||||
SRC_CC += trust_anchor.cc
|
||||
SRC_CC += block_io.cc
|
||||
SRC_CC += meta_tree.cc
|
||||
SRC_CC += virtual_block_device.cc
|
||||
SRC_CC += superblock_control.cc
|
||||
SRC_CC += free_tree.cc
|
||||
SRC_CC += module.cc
|
||||
SRC_CC += block_allocator.cc
|
||||
SRC_CC += vbd_initializer.cc
|
||||
SRC_CC += ft_initializer.cc
|
||||
SRC_CC += sb_initializer.cc
|
||||
SRC_CC += vfs_utilities.cc
|
||||
SRC_CC += ft_resizing.cc
|
||||
SRC_CC += sb_check.cc
|
||||
SRC_CC += vbd_check.cc
|
||||
SRC_CC += ft_check.cc
|
||||
|
||||
vpath % $(TRESOR_DIR)
|
||||
|
||||
INC_DIR += $(TRESOR_DIR)/include
|
||||
|
||||
LIBS += libcrypto
|
||||
LIBS += vfs
|
11
repos/gems/lib/mk/vfs_tresor.mk
Normal file
11
repos/gems/lib/mk/vfs_tresor.mk
Normal file
@ -0,0 +1,11 @@
|
||||
LIB_DIR := $(REP_DIR)/src/lib/vfs/tresor
|
||||
|
||||
SRC_CC := vfs.cc
|
||||
|
||||
INC_DIR += $(LIB_DIR)
|
||||
|
||||
vpath % $(LIB_DIR)
|
||||
|
||||
LIBS += tresor
|
||||
|
||||
SHARED_LIB := yes
|
11
repos/gems/lib/mk/vfs_tresor_crypto_aes_cbc.mk
Normal file
11
repos/gems/lib/mk/vfs_tresor_crypto_aes_cbc.mk
Normal file
@ -0,0 +1,11 @@
|
||||
SRC_CC := vfs.cc
|
||||
SRC_CC += aes_cbc.cc
|
||||
|
||||
INC_DIR += $(REP_DIR)/src/lib/tresor/include
|
||||
|
||||
LIBS += aes_cbc_4k
|
||||
|
||||
vpath vfs.cc $(REP_DIR)/src/lib/vfs/tresor_crypto/
|
||||
vpath % $(REP_DIR)/src/lib/vfs/tresor_crypto/aes_cbc
|
||||
|
||||
SHARED_LIB = yes
|
9
repos/gems/lib/mk/vfs_tresor_crypto_memcopy.mk
Normal file
9
repos/gems/lib/mk/vfs_tresor_crypto_memcopy.mk
Normal file
@ -0,0 +1,9 @@
|
||||
SRC_CC := vfs.cc
|
||||
SRC_CC += memcopy.cc
|
||||
|
||||
INC_DIR += $(REP_DIR)/src/lib/tresor/include
|
||||
|
||||
vpath vfs.cc $(REP_DIR)/src/lib/vfs/tresor_crypto/
|
||||
vpath %.cc $(REP_DIR)/src/lib/vfs/tresor_crypto/memcopy
|
||||
|
||||
SHARED_LIB = yes
|
@ -4,11 +4,12 @@ SRC_CC += vfs.cc
|
||||
SRC_CC += aes_256.cc
|
||||
SRC_CC += integer.cc
|
||||
|
||||
INC_DIR += $(REP_DIR)/src/lib/vfs/cbe_trust_anchor
|
||||
INC_DIR += $(REP_DIR)/src/lib/vfs/tresor_trust_anchor
|
||||
INC_DIR += $(REP_DIR)/src/lib/tresor/include
|
||||
INC_DIR += $(OPENSSL_DIR)/include
|
||||
|
||||
LIBS += libcrypto
|
||||
|
||||
vpath % $(REP_DIR)/src/lib/vfs/cbe_trust_anchor
|
||||
vpath % $(REP_DIR)/src/lib/vfs/tresor_trust_anchor
|
||||
|
||||
SHARED_LIB := yes
|
@ -1,14 +0,0 @@
|
||||
_ZN9Cbe_check11object_sizeERKNS_7LibraryE T
|
||||
_ZN9Cbe_check7Library20io_request_completedERKN3Cbe9Io_buffer5IndexEb T
|
||||
_ZN9Cbe_check7Library21submit_client_requestERKN3Cbe7RequestE T
|
||||
_ZN9Cbe_check7Library22io_request_in_progressERKN3Cbe9Io_buffer5IndexE T
|
||||
_ZN9Cbe_check7Library29drop_completed_client_requestERKN3Cbe7RequestE T
|
||||
_ZN9Cbe_check7Library7executeERKN3Cbe9Io_bufferE T
|
||||
_ZN9Cbe_check7LibraryC1Ev T
|
||||
_ZN9Sha256_4k4hashERKNS_4DataERNS_4HashE T
|
||||
_ZNK9Cbe_check7Library14has_io_requestERN3Cbe7RequestERNS1_9Io_buffer5IndexE T
|
||||
_ZNK9Cbe_check7Library16execute_progressEv T
|
||||
_ZNK9Cbe_check7Library25client_request_acceptableEv T
|
||||
_ZNK9Cbe_check7Library29peek_completed_client_requestEv T
|
||||
cbe_check_cxx_final T
|
||||
cbe_check_cxx_init T
|
@ -1,44 +0,0 @@
|
||||
_ZN3Cbe11object_sizeERKNS_7LibraryE T
|
||||
_ZN3Cbe7Library20io_request_completedERKNS_9Io_buffer5IndexEb T
|
||||
_ZN3Cbe7Library21submit_client_requestERKNS_7RequestEj T
|
||||
_ZN3Cbe7Library22io_request_in_progressERKNS_9Io_buffer5IndexE T
|
||||
_ZN3Cbe7Library24crypto_add_key_completedERKNS_7RequestE T
|
||||
_ZN3Cbe7Library24crypto_add_key_requestedERKNS_7RequestE T
|
||||
_ZN3Cbe7Library24supply_crypto_plain_dataERKNS_19Crypto_plain_buffer5IndexEb T
|
||||
_ZN3Cbe7Library25drop_generated_ta_requestERKNS_20Trust_anchor_requestE T
|
||||
_ZN3Cbe7Library25supply_crypto_cipher_dataERKNS_20Crypto_cipher_buffer5IndexEb T
|
||||
_ZN3Cbe7Library27crypto_plain_data_requestedERKNS_20Crypto_cipher_buffer5IndexE T
|
||||
_ZN3Cbe7Library27crypto_remove_key_completedERKNS_7RequestE T
|
||||
_ZN3Cbe7Library27crypto_remove_key_requestedERKNS_7RequestE T
|
||||
_ZN3Cbe7Library28crypto_cipher_data_requestedERKNS_19Crypto_plain_buffer5IndexE T
|
||||
_ZN3Cbe7Library29drop_completed_client_requestERKNS_7RequestE T
|
||||
_ZN3Cbe7Library35client_transfer_read_data_completedERKNS_19Crypto_plain_buffer5IndexEb T
|
||||
_ZN3Cbe7Library36client_transfer_write_data_completedERKNS_19Crypto_plain_buffer5IndexEb T
|
||||
_ZN3Cbe7Library37client_transfer_read_data_in_progressERKNS_19Crypto_plain_buffer5IndexE T
|
||||
_ZN3Cbe7Library38client_transfer_write_data_in_progressERKNS_19Crypto_plain_buffer5IndexE T
|
||||
_ZN3Cbe7Library44mark_generated_ta_secure_sb_request_completeERKNS_20Trust_anchor_requestE T
|
||||
_ZN3Cbe7Library45mark_generated_ta_create_key_request_completeERKNS_20Trust_anchor_requestERKNS_19Key_plaintext_valueE T
|
||||
_ZN3Cbe7Library46mark_generated_ta_decrypt_key_request_completeERKNS_20Trust_anchor_requestERKNS_19Key_plaintext_valueE T
|
||||
_ZN3Cbe7Library46mark_generated_ta_encrypt_key_request_completeERKNS_20Trust_anchor_requestERKNS_20Key_ciphertext_valueE T
|
||||
_ZN3Cbe7Library47mark_generated_ta_last_sb_hash_request_completeERKNS_20Trust_anchor_requestERKNS_4HashE T
|
||||
_ZN3Cbe7Library7executeERNS_9Io_bufferERNS_19Crypto_plain_bufferERNS_20Crypto_cipher_bufferE T
|
||||
_ZN3Cbe7LibraryC2Ev T
|
||||
_ZNK3Cbe7Library15_has_io_requestERNS_7RequestERNS_9Io_buffer5IndexE T
|
||||
_ZNK3Cbe7Library16execute_progressEv T
|
||||
_ZNK3Cbe7Library19active_snapshot_idsERNS_19Active_snapshot_idsE T
|
||||
_ZNK3Cbe7Library24_crypto_add_key_requiredERNS_7RequestERNS_3KeyE T
|
||||
_ZNK3Cbe7Library25client_request_acceptableEv T
|
||||
_ZNK3Cbe7Library26_peek_generated_ta_requestERNS_20Trust_anchor_requestE T
|
||||
_ZNK3Cbe7Library26_peek_generated_ta_sb_hashERKNS_20Trust_anchor_requestERNS_4HashE T
|
||||
_ZNK3Cbe7Library27_crypto_plain_data_requiredERNS_7RequestERNS_20Crypto_cipher_buffer5IndexE T
|
||||
_ZNK3Cbe7Library27_crypto_remove_key_requiredERNS_7RequestERNS_3Key2IdE T
|
||||
_ZNK3Cbe7Library28_crypto_cipher_data_requiredERNS_7RequestERNS_19Crypto_plain_buffer5IndexE T
|
||||
_ZNK3Cbe7Library29peek_completed_client_requestEv T
|
||||
_ZNK3Cbe7Library34client_transfer_read_data_requiredERNS_7RequestERyRNS_19Crypto_plain_buffer5IndexE T
|
||||
_ZNK3Cbe7Library35client_transfer_write_data_requiredERNS_7RequestERyRNS_19Crypto_plain_buffer5IndexE T
|
||||
_ZNK3Cbe7Library38_peek_generated_ta_key_value_plaintextERKNS_20Trust_anchor_requestERNS_19Key_plaintext_valueE T
|
||||
_ZNK3Cbe7Library39_peek_generated_ta_key_value_ciphertextERKNS_20Trust_anchor_requestERNS_20Key_ciphertext_valueE T
|
||||
_ZNK3Cbe7Library5_infoERNS_4InfoE T
|
||||
_ZNK3Cbe7Library7max_vbaEv T
|
||||
cbe_cxx_final T
|
||||
cbe_cxx_init T
|
@ -1,14 +0,0 @@
|
||||
_ZN8Cbe_dump11object_sizeERKNS_7LibraryE T
|
||||
_ZN8Cbe_dump7Library20io_request_completedERKN3Cbe9Io_buffer5IndexEb T
|
||||
_ZN8Cbe_dump7Library21submit_client_requestERKN3Cbe7RequestERKNS_13ConfigurationE T
|
||||
_ZN8Cbe_dump7Library22io_request_in_progressERKN3Cbe9Io_buffer5IndexE T
|
||||
_ZN8Cbe_dump7Library29drop_completed_client_requestERKN3Cbe7RequestE T
|
||||
_ZN8Cbe_dump7Library7executeERKN3Cbe9Io_bufferE T
|
||||
_ZN8Cbe_dump7LibraryC1Ev T
|
||||
_ZN9Sha256_4k4hashERKNS_4DataERNS_4HashE T
|
||||
_ZNK8Cbe_dump7Library14has_io_requestERN3Cbe7RequestERNS1_9Io_buffer5IndexE T
|
||||
_ZNK8Cbe_dump7Library16execute_progressEv T
|
||||
_ZNK8Cbe_dump7Library25client_request_acceptableEv T
|
||||
_ZNK8Cbe_dump7Library29peek_completed_client_requestEv T
|
||||
cbe_dump_cxx_final T
|
||||
cbe_dump_cxx_init T
|
@ -1,25 +0,0 @@
|
||||
_ZN10Aes_cbc_4k7decryptERKNS_3KeyENS_12Block_numberERKNS_10CiphertextERNS_9PlaintextE T
|
||||
_ZN10Aes_cbc_4k7encryptERKNS_3KeyENS_12Block_numberERKNS_9PlaintextERNS_10CiphertextE T
|
||||
_ZN8Cbe_init11object_sizeERKNS_7LibraryE T
|
||||
_ZN8Cbe_init7Library20io_request_completedERKN3Cbe9Io_buffer5IndexEb T
|
||||
_ZN8Cbe_init7Library21submit_client_requestERKN3Cbe7RequestEyyyyyy T
|
||||
_ZN8Cbe_init7Library22io_request_in_progressERKN3Cbe9Io_buffer5IndexE T
|
||||
_ZN8Cbe_init7Library25drop_generated_ta_requestERKN3Cbe20Trust_anchor_requestE T
|
||||
_ZN8Cbe_init7Library29drop_completed_client_requestERKN3Cbe7RequestE T
|
||||
_ZN8Cbe_init7Library44mark_generated_ta_secure_sb_request_completeERKN3Cbe20Trust_anchor_requestE T
|
||||
_ZN8Cbe_init7Library45mark_generated_ta_create_key_request_completeERKN3Cbe20Trust_anchor_requestERKNS1_19Key_plaintext_valueE T
|
||||
_ZN8Cbe_init7Library46mark_generated_ta_decrypt_key_request_completeERKN3Cbe20Trust_anchor_requestERKNS1_19Key_plaintext_valueE T
|
||||
_ZN8Cbe_init7Library46mark_generated_ta_encrypt_key_request_completeERKN3Cbe20Trust_anchor_requestERKNS1_20Key_ciphertext_valueE T
|
||||
_ZN8Cbe_init7Library7executeERN3Cbe9Io_bufferE T
|
||||
_ZN8Cbe_init7LibraryC1Ev T
|
||||
_ZN9Sha256_4k4hashERKNS_4DataERNS_4HashE T
|
||||
_ZNK8Cbe_init7Library14has_io_requestERN3Cbe7RequestERNS1_9Io_buffer5IndexE T
|
||||
_ZNK8Cbe_init7Library16execute_progressEv T
|
||||
_ZNK8Cbe_init7Library25client_request_acceptableEv T
|
||||
_ZNK8Cbe_init7Library26_peek_generated_ta_requestERN3Cbe20Trust_anchor_requestE T
|
||||
_ZNK8Cbe_init7Library26_peek_generated_ta_sb_hashERKN3Cbe20Trust_anchor_requestERNS1_4HashE T
|
||||
_ZNK8Cbe_init7Library29peek_completed_client_requestEv T
|
||||
_ZNK8Cbe_init7Library38_peek_generated_ta_key_value_plaintextERKN3Cbe20Trust_anchor_requestERNS1_19Key_plaintext_valueE T
|
||||
_ZNK8Cbe_init7Library39_peek_generated_ta_key_value_ciphertextERKN3Cbe20Trust_anchor_requestERNS1_20Key_ciphertext_valueE T
|
||||
cbe_init_cxx_final T
|
||||
cbe_init_cxx_init T
|
@ -1 +0,0 @@
|
||||
56ab06c33f61345797baa22c8720e45212b4cb2c
|
@ -1,12 +0,0 @@
|
||||
LICENSE := AGPLv3
|
||||
VERSION := git
|
||||
DOWNLOADS := cbe.git
|
||||
|
||||
URL(cbe) := https://github.com/m-stein/cbe.git
|
||||
DIR(cbe) := cbe
|
||||
REV(cbe) := 805b0942fb0b34464354e59366ed23b412da2126
|
||||
|
||||
default: symlinks
|
||||
|
||||
symlinks: $(DOWNLOADS)
|
||||
ln -s cbe/src src
|
@ -1,5 +1,6 @@
|
||||
MIRROR_FROM_REP_DIR := \
|
||||
include/cbe/types.h
|
||||
src/lib/tresor/include \
|
||||
lib/import/import-tresor.mk
|
||||
|
||||
content: $(MIRROR_FROM_REP_DIR) LICENSE
|
||||
|
@ -2,9 +2,7 @@ aes_cbc_4k
|
||||
base
|
||||
block_session
|
||||
libc
|
||||
libsparkcrypto
|
||||
openssl
|
||||
os
|
||||
so
|
||||
spark
|
||||
vfs
|
@ -1 +0,0 @@
|
||||
Runtime for deploying cbe_check component from the depot.
|
@ -1,6 +0,0 @@
|
||||
_/src/cbe
|
||||
_/src/libsparkcrypto
|
||||
_/src/spark
|
||||
_/src/init
|
||||
_/src/vfs
|
||||
_/src/vfs_block
|
@ -1 +0,0 @@
|
||||
2023-04-27 9877b3a22e52463bfbbe9758642759532503e89f
|
@ -1,63 +0,0 @@
|
||||
<runtime ram="10M" caps="250" binary="init" config="init.config">
|
||||
|
||||
<requires>
|
||||
<file_system label="cbe_fs"/>
|
||||
</requires>
|
||||
|
||||
<content>
|
||||
<rom label="cbe_check"/>
|
||||
<rom label="init"/>
|
||||
<rom label="init.config"/>
|
||||
<rom label="ld.lib.so"/>
|
||||
<rom label="cbe_check_cxx.lib.so"/>
|
||||
<rom label="libsparkcrypto.lib.so"/>
|
||||
<rom label="spark.lib.so"/>
|
||||
<rom label="vfs.lib.so"/>
|
||||
<rom label="vfs_block"/>
|
||||
</content>
|
||||
|
||||
<config verbose="yes">
|
||||
|
||||
<parent-provides>
|
||||
<service name="ROM"/>
|
||||
<service name="PD"/>
|
||||
<service name="RM"/>
|
||||
<service name="CPU"/>
|
||||
<service name="LOG"/>
|
||||
<service name="Timer"/>
|
||||
<service name="File_system"/>
|
||||
</parent-provides>
|
||||
|
||||
<default-route> <any-service> <parent/> <any-child/> </any-service> </default-route>
|
||||
|
||||
<default caps="100"/>
|
||||
|
||||
<start name="cbe_check">
|
||||
<resource name="RAM" quantum="4M"/>
|
||||
<exit propagate="yes"/>
|
||||
<config/>
|
||||
<route>
|
||||
<service name="Block"> <child name="vfs_block"/> </service>
|
||||
<any-service> <parent/> </any-service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
<start name="vfs_block">
|
||||
<resource name="RAM" quantum="4M"/>
|
||||
<provides> <service name="Block"/> </provides>
|
||||
<config>
|
||||
<vfs>
|
||||
<fs buffer_size="1M"/>
|
||||
</vfs>
|
||||
<policy label_prefix="cbe_check" block_size="512"
|
||||
file="/cbe.img" writeable="yes"/>
|
||||
</config>
|
||||
<route>
|
||||
<service name="File_system"> <parent label="cbe_fs"/> </service>
|
||||
<any-service> <parent/> </any-service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
</config>
|
||||
|
||||
</runtime>
|
@ -1 +0,0 @@
|
||||
CBE meta package
|
@ -1,10 +0,0 @@
|
||||
_/pkg/cbe_check
|
||||
_/pkg/cbe_fs
|
||||
_/pkg/cbe_ta_fs
|
||||
_/pkg/cbe_init
|
||||
_/pkg/cbe_shell
|
||||
_/pkg/cbe_vbox5-nova
|
||||
_/pkg/cbe_vfs
|
||||
_/pkg/cbe_ta_vfs
|
||||
_/pkg/cbe_vm_fs
|
||||
_/pkg/download_coreplus
|
@ -1 +0,0 @@
|
||||
2023-04-27 9e98d42c5faeda078acd475c3e85998087cababc
|
@ -1,2 +0,0 @@
|
||||
Runtime for deploying the chroot component configured for the CBE from
|
||||
the depot.
|
@ -1 +0,0 @@
|
||||
_/src/chroot
|
@ -1 +0,0 @@
|
||||
2023-04-25 4ce6ffd14a3bbfc7f59416b6e3c2bf4e92d034ab
|
@ -1,15 +0,0 @@
|
||||
<runtime ram="1M" caps="100" binary="chroot">
|
||||
|
||||
<requires> <file_system/> </requires>
|
||||
<provides> <file_system/> </provides>
|
||||
|
||||
<config>
|
||||
<default-policy path="/cbe" writeable="yes"/>
|
||||
</config>
|
||||
|
||||
<content>
|
||||
<rom label="ld.lib.so"/>
|
||||
<rom label="chroot"/>
|
||||
</content>
|
||||
|
||||
</runtime>
|
@ -1 +0,0 @@
|
||||
Runtime for deploying cbe_init component from the depot.
|
@ -1,6 +0,0 @@
|
||||
_/src/cbe
|
||||
_/src/libsparkcrypto
|
||||
_/src/spark
|
||||
_/src/init
|
||||
_/src/vfs
|
||||
_/src/vfs_block
|
@ -1 +0,0 @@
|
||||
2023-04-27 8586c3f481575817c7822c2d82675a61d9797ae6
|
@ -1,71 +0,0 @@
|
||||
<runtime ram="10M" caps="300" binary="init" config="init.config">
|
||||
|
||||
<requires>
|
||||
<file_system label="cbe_fs"/>
|
||||
</requires>
|
||||
|
||||
<content>
|
||||
<rom label="cbe_init"/>
|
||||
<rom label="init"/>
|
||||
<rom label="init.config"/>
|
||||
<rom label="ld.lib.so"/>
|
||||
<rom label="cbe_init_cxx.lib.so"/>
|
||||
<rom label="libsparkcrypto.lib.so"/>
|
||||
<rom label="spark.lib.so"/>
|
||||
<rom label="vfs.lib.so"/>
|
||||
<rom label="vfs_block"/>
|
||||
</content>
|
||||
|
||||
<config verbose="yes">
|
||||
|
||||
<parent-provides>
|
||||
<service name="ROM"/>
|
||||
<service name="PD"/>
|
||||
<service name="RM"/>
|
||||
<service name="CPU"/>
|
||||
<service name="LOG"/>
|
||||
<service name="Timer"/>
|
||||
<service name="File_system"/>
|
||||
</parent-provides>
|
||||
|
||||
<default-route> <any-service> <parent/> <any-child/> </any-service> </default-route>
|
||||
|
||||
<default caps="100"/>
|
||||
|
||||
<start name="cbe_init">
|
||||
<resource name="RAM" quantum="4M"/>
|
||||
<exit propagate="yes"/>
|
||||
<config>
|
||||
<key id="23"/>
|
||||
<!-- VBD is 1GiB (~16MiB MD) -->
|
||||
<virtual-block-device nr_of_levels="5" nr_of_children="64"
|
||||
nr_of_leafs="262144"/>
|
||||
<!-- FT is 128MiB (~2MiB MD) -->
|
||||
<free-tree nr_of_levels="4" nr_of_children="64"
|
||||
nr_of_leafs="32768"/>
|
||||
</config>
|
||||
<route>
|
||||
<service name="Block"> <child name="vfs_block"/> </service>
|
||||
<any-service> <parent/> </any-service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
<start name="vfs_block">
|
||||
<resource name="RAM" quantum="4M"/>
|
||||
<provides> <service name="Block"/> </provides>
|
||||
<config>
|
||||
<vfs>
|
||||
<fs buffer_size="1M"/>
|
||||
</vfs>
|
||||
<policy label_prefix="cbe_init" block_size="512"
|
||||
file="/cbe.img" writeable="yes"/>
|
||||
</config>
|
||||
<route>
|
||||
<service name="File_system"> <parent label="cbe_fs"/> </service>
|
||||
<any-service> <parent/> </any-service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
</config>
|
||||
|
||||
</runtime>
|
@ -1 +0,0 @@
|
||||
Unix runtime that allows the user to interact with the CBE.
|
@ -1,10 +0,0 @@
|
||||
_/src/bash-minimal
|
||||
_/src/coreutils
|
||||
_/src/libc
|
||||
_/src/posix
|
||||
_/src/ncurses
|
||||
_/src/terminal
|
||||
_/src/init
|
||||
_/src/vfs
|
||||
_/src/vfs_pipe
|
||||
_/src/cached_fs_rom
|
@ -1 +0,0 @@
|
||||
2023-04-27 68a36802cd97b17f22737a674c5f8c089a307314
|
@ -1,126 +0,0 @@
|
||||
<runtime ram="76M" caps="1000" binary="init" config="cbe_shell.config">
|
||||
|
||||
<requires>
|
||||
<gui/>
|
||||
<timer/>
|
||||
<file_system label="cbe" writeable="yes"/>
|
||||
<file_system label="fonts" writeable="no"/>
|
||||
<rom label="clipboard"/>
|
||||
<report label="clipboard"/>
|
||||
<rm/>
|
||||
</requires>
|
||||
|
||||
<content>
|
||||
<rom label="cbe_shell.config"/>
|
||||
<rom label="ld.lib.so"/>
|
||||
<rom label="libc.lib.so"/>
|
||||
<rom label="libm.lib.so"/>
|
||||
<rom label="init"/>
|
||||
<rom label="vfs"/>
|
||||
<rom label="vfs_pipe.lib.so"/>
|
||||
<rom label="cached_fs_rom"/>
|
||||
<rom label="terminal"/>
|
||||
<rom label="posix.lib.so"/>
|
||||
<rom label="ncurses.lib.so"/>
|
||||
<rom label="bash-minimal.tar"/>
|
||||
<rom label="coreutils.tar"/>
|
||||
<rom label="vfs.lib.so"/>
|
||||
</content>
|
||||
|
||||
<config>
|
||||
<parent-provides>
|
||||
<service name="ROM"/>
|
||||
<service name="PD"/>
|
||||
<service name="RM"/>
|
||||
<service name="CPU"/>
|
||||
<service name="LOG"/>
|
||||
<service name="Timer"/>
|
||||
<service name="File_system"/>
|
||||
<service name="Gui"/>
|
||||
<service name="Report"/>
|
||||
</parent-provides>
|
||||
|
||||
<default-route> <any-service> <parent/> <any-child/> </any-service> </default-route>
|
||||
|
||||
<default caps="100"/>
|
||||
|
||||
<start name="terminal">
|
||||
<resource name="RAM" quantum="12M"/>
|
||||
<provides> <service name="Terminal"/> </provides>
|
||||
<config copy="yes" paste="yes">
|
||||
<initial width="800" height="600"/>
|
||||
<vfs> <dir name="fonts"> <fs/> </dir> </vfs>
|
||||
</config>
|
||||
<route>
|
||||
<service name="File_system"> <parent label="fonts"/> </service>
|
||||
<service name="Gui"> <parent label="terminal"/> </service>
|
||||
<service name="Report" label="clipboard"> <parent label="clipboard"/> </service>
|
||||
<service name="ROM" label="clipboard"> <parent label="clipboard"/> </service>
|
||||
<any-service> <parent/> <any-child/> </any-service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
<start name="vfs" caps="150">
|
||||
<resource name="RAM" quantum="12M"/>
|
||||
<provides><service name="File_system"/></provides>
|
||||
<config>
|
||||
<vfs>
|
||||
<tar name="bash-minimal.tar" />
|
||||
<tar name="coreutils.tar" />
|
||||
<dir name="dev">
|
||||
<zero/> <null/> <terminal/>
|
||||
<inline name="rtc">2018-01-01 00:01</inline>
|
||||
</dir>
|
||||
<dir name="pipe"> <pipe/> </dir>
|
||||
<dir name="tmp"> <ram /> </dir>
|
||||
</vfs>
|
||||
|
||||
<policy label_prefix="vfs_rom" root="/"/>
|
||||
<default-policy root="/" writeable="yes"/>
|
||||
</config>
|
||||
<route>
|
||||
<service name="Terminal"> <child name="terminal"/> </service>
|
||||
<any-service> <parent/> </any-service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
<start name="vfs_rom">
|
||||
<resource name="RAM" quantum="16M"/>
|
||||
<binary name="cached_fs_rom"/>
|
||||
<provides> <service name="ROM"/> </provides>
|
||||
<config/>
|
||||
<route>
|
||||
<service name="File_system"> <child name="vfs"/> </service>
|
||||
<any-service> <parent/> </any-service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
<start name="/bin/bash" caps="450">
|
||||
<resource name="RAM" quantum="28M" />
|
||||
<exit propagate="yes"/>
|
||||
<config>
|
||||
<libc stdin="/dev/terminal" stdout="/dev/terminal"
|
||||
stderr="/dev/terminal" rtc="/dev/rtc" pipe="/pipe"/>
|
||||
<vfs>
|
||||
<fs buffer_size="1M" label="shell"/>
|
||||
<dir name="cbe"> <fs buffer_size="4M" label="cbe"/> </dir>
|
||||
</vfs>
|
||||
<arg value="bash"/>
|
||||
<env key="HOME" value="/"/>
|
||||
<env key="TERM" value="screen"/>
|
||||
<env key="PATH" value="/bin" />
|
||||
<env key="PS1" value="cbe:$PWD> "/>
|
||||
</config>
|
||||
<route>
|
||||
<service name="File_system" label="cbe"> <parent label="cbe"/> </service>
|
||||
<service name="File_system" label="shell"> <child name="vfs"/> </service>
|
||||
<service name="ROM" label_suffix=".lib.so"> <parent/> </service>
|
||||
<service name="ROM" label_last="/bin/bash"> <child name="vfs_rom"/> </service>
|
||||
<service name="ROM" label_prefix="/bin"> <child name="vfs_rom"/> </service>
|
||||
<any-service> <parent/> <any-child/> </any-service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
</config>
|
||||
|
||||
</runtime>
|
@ -1,2 +0,0 @@
|
||||
Runtime for deploying the chroot component configured for the CBE
|
||||
trust-anchor from the depot.
|
@ -1 +0,0 @@
|
||||
_/src/chroot
|
@ -1 +0,0 @@
|
||||
2023-04-25 4580d6a6ca8f082447fdcdb7e3339687e3bbd013
|
@ -1,15 +0,0 @@
|
||||
<runtime ram="1M" caps="100" binary="chroot">
|
||||
|
||||
<requires> <file_system/> </requires>
|
||||
<provides> <file_system/> </provides>
|
||||
|
||||
<config>
|
||||
<default-policy path="/cbe_ta" writeable="yes"/>
|
||||
</config>
|
||||
|
||||
<content>
|
||||
<rom label="ld.lib.so"/>
|
||||
<rom label="chroot"/>
|
||||
</content>
|
||||
|
||||
</runtime>
|
@ -1 +0,0 @@
|
||||
Runtime for deploying the CBE trust-anchor vfs component from the depot.
|
@ -1,2 +0,0 @@
|
||||
_/src/vfs
|
||||
_/src/cbe
|
@ -1 +0,0 @@
|
||||
2023-04-27 c13b59b705a0a8b56c1873bb0af3c2a7de6609ff
|
@ -1,23 +0,0 @@
|
||||
<runtime ram="8M" caps="200" binary="vfs">
|
||||
|
||||
<requires> <log/> <file_system label="cbe_ta_fs"/> </requires>
|
||||
|
||||
<provides> <file_system/> </provides>
|
||||
|
||||
<config>
|
||||
<vfs>
|
||||
<fs buffer_size="1M" label="cbe_ta_fs"/>
|
||||
|
||||
<dir name="dev">
|
||||
<cbe_trust_anchor name="cbe_trust_anchor" storage_dir="/"/>
|
||||
</dir>
|
||||
</vfs>
|
||||
<policy label_prefix="cbe_init_trust_anchor" root="/dev" writeable="yes"/>
|
||||
</config>
|
||||
|
||||
<content>
|
||||
<rom label="ld.lib.so"/>
|
||||
<rom label="vfs_cbe_trust_anchor.lib.so"/>
|
||||
<rom label="vfs"/>
|
||||
</content>
|
||||
</runtime>
|
@ -1,2 +0,0 @@
|
||||
|
||||
VirtualBox runtime for using a VM with Block session disk access
|
@ -1,9 +0,0 @@
|
||||
_/src/vbox5-nova
|
||||
_/src/base-nova
|
||||
_/src/libc
|
||||
_/src/init
|
||||
_/src/posix
|
||||
_/src/zlib
|
||||
_/src/libiconv
|
||||
_/src/stdcxx
|
||||
_/src/vfs
|
@ -1 +0,0 @@
|
||||
2023-04-27 51d4d436f52e3614ef2000125a647a6e9768dbce
|
@ -1,104 +0,0 @@
|
||||
<runtime ram="1500M" caps="1500" binary="init" config="init.config">
|
||||
|
||||
<requires>
|
||||
<file_system label="cbe"/>
|
||||
<file_system label="vm"/>
|
||||
<file_system label="shared"/>
|
||||
<gui/>
|
||||
<nic/>
|
||||
<rom label="capslock"/>
|
||||
<rom label="platform_info"/>
|
||||
<report label="shape"/>
|
||||
<report label="clipboard"/>
|
||||
<rom label="clipboard"/>
|
||||
<rm/>
|
||||
<rtc/>
|
||||
<rom label="usb_devices"/>
|
||||
<usb/>
|
||||
</requires>
|
||||
|
||||
<content>
|
||||
<rom label="init.config"/>
|
||||
<rom label="ld.lib.so"/>
|
||||
<rom label="init"/>
|
||||
<rom label="timer"/>
|
||||
<rom label="virtualbox5-nova"/>
|
||||
<rom label="libc.lib.so"/>
|
||||
<rom label="libm.lib.so"/>
|
||||
<rom label="libiconv.lib.so"/>
|
||||
<rom label="qemu-usb.lib.so"/>
|
||||
<rom label="stdcxx.lib.so"/>
|
||||
<rom label="vfs.lib.so"/>
|
||||
</content>
|
||||
|
||||
<config verbose="yes" prio_levels="2">
|
||||
|
||||
<parent-provides>
|
||||
<service name="ROM"/>
|
||||
<service name="PD"/>
|
||||
<service name="RM"/>
|
||||
<service name="CPU"/>
|
||||
<service name="LOG"/>
|
||||
<service name="Gui"/>
|
||||
<service name="Timer"/>
|
||||
<service name="Rtc"/>
|
||||
<service name="Report"/>
|
||||
<service name="File_system"/>
|
||||
<service name="Usb"/>
|
||||
<service name="Nic"/>
|
||||
</parent-provides>
|
||||
|
||||
<default-route> <any-service> <parent/> <any-child/> </any-service> </default-route>
|
||||
|
||||
<default caps="100"/>
|
||||
|
||||
<start name="timer">
|
||||
<resource name="RAM" quantum="1M"/>
|
||||
<provides><service name="Timer"/></provides>
|
||||
<config/>
|
||||
<route>
|
||||
<service name="ROM" label="platform_info">
|
||||
<parent label="platform_info"/> </service>
|
||||
<any-service> <parent/> </any-service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
<start name="vbox" priority="-1" caps="1000">
|
||||
<binary name="virtualbox5-nova" />
|
||||
<resource name="RAM" quantum="8G"/>
|
||||
<exit propagate="yes"/>
|
||||
<config vbox_file="machine.vbox" xhci="yes" vm_name="linux" capslock="ROM">
|
||||
<vfs>
|
||||
<dir name="dev">
|
||||
<dir name="cbe">
|
||||
<fs label="cbe" buffer_size="4M" writeable="yes"/>
|
||||
</dir>
|
||||
<log/>
|
||||
<rtc/>
|
||||
</dir>
|
||||
<dir name="shared"> <fs label="shared" writeable="yes"/> </dir>
|
||||
<fs writeable="yes" label="vm" buffer_size="4M" />
|
||||
</vfs>
|
||||
<libc stdout="/dev/log" stderr="/dev/log" rtc="/dev/rtc"/>
|
||||
</config>
|
||||
<route>
|
||||
<service name="Audio_out"> <parent/> </service>
|
||||
<service name="File_system" label="shared"> <parent label="shared"/> </service>
|
||||
<service name="File_system" label="vm"> <parent label="vm"/> </service>
|
||||
<service name="ROM" label="usb_devices"> <parent label="usb_devices"/> </service>
|
||||
<service name="ROM" label="capslock"> <parent label="capslock"/> </service>
|
||||
<service name="ROM" label="platform_info">
|
||||
<parent label="platform_info"/> </service>
|
||||
<service name="Nic"> <parent/> </service>
|
||||
<service name="Report" label="shape"> <parent label="shape"/> </service>
|
||||
<service name="ROM" label="clipboard"> <parent label="clipboard"/> </service>
|
||||
<service name="Report" label="clipboard"> <parent label="clipboard"/> </service>
|
||||
<service name="Gui"> <parent label=""/> </service>
|
||||
<service name="File_system" label="cbe"> <parent label="cbe"/> </service>
|
||||
<any-service> <parent/> </any-service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
</config>
|
||||
|
||||
</runtime>
|
@ -1,2 +0,0 @@
|
||||
Runtime for deploying the vfs component configured for the CBE from
|
||||
the depot.
|
@ -1,4 +0,0 @@
|
||||
_/src/vfs
|
||||
_/src/cbe
|
||||
_/src/spark
|
||||
_/src/openssl
|
@ -1 +0,0 @@
|
||||
2023-04-27 53d46fa42938230c007f2c52e9cefdfb9d7d7748
|
@ -1,30 +0,0 @@
|
||||
<runtime ram="64M" caps="200" binary="vfs">
|
||||
|
||||
<requires> <log/> <file_system label="cbe_fs"/> </requires>
|
||||
|
||||
<provides> <file_system/> </provides>
|
||||
|
||||
<config>
|
||||
<vfs>
|
||||
<fs buffer_size="1M" label="cbe_fs"/>
|
||||
<cbe_crypto_aes_cbc name="cbe_crypto"/>
|
||||
<dir name="ta"> <fs buffer_size="1M" label="ta"/> </dir>
|
||||
<dir name="dev">
|
||||
<cbe name="cbe" verbose="no" debug="no" block="/cbe.img"
|
||||
crypto="/cbe_crypto" trust_anchor="/ta"/>
|
||||
</dir>
|
||||
</vfs>
|
||||
<policy label_prefix="cbe_vbox5-nova" root="/dev/cbe/current" writeable="yes"/>
|
||||
<policy label_prefix="cbe_shell" root="/dev" writeable="yes"/>
|
||||
</config>
|
||||
|
||||
<content>
|
||||
<rom label="cbe_cxx.lib.so"/>
|
||||
<rom label="ld.lib.so"/>
|
||||
<rom label="libcrypto.lib.so"/>
|
||||
<rom label="spark.lib.so"/>
|
||||
<rom label="vfs"/>
|
||||
<rom label="vfs_cbe.lib.so"/>
|
||||
<rom label="vfs_cbe_crypto_aes_cbc.lib.so"/>
|
||||
</content>
|
||||
</runtime>
|
@ -1,2 +0,0 @@
|
||||
Runtime for deploying the chroot component configured for the VM
|
||||
running on top the CBE from the depot.
|
@ -1 +0,0 @@
|
||||
_/src/chroot
|
@ -1 +0,0 @@
|
||||
2023-04-25 6253f2ce75fb58e57dad9199e0f57ecc484792a2
|
@ -1,15 +0,0 @@
|
||||
<runtime ram="1M" caps="100" binary="chroot">
|
||||
|
||||
<requires> <file_system/> </requires>
|
||||
<provides> <file_system/> </provides>
|
||||
|
||||
<config>
|
||||
<default-policy path="/vm/cbe" writeable="yes"/>
|
||||
</config>
|
||||
|
||||
<content>
|
||||
<rom label="ld.lib.so"/>
|
||||
<rom label="chroot"/>
|
||||
</content>
|
||||
|
||||
</runtime>
|
@ -1 +0,0 @@
|
||||
This package is used to prepare the assets for the TinyCore+ VM.
|
@ -1,18 +0,0 @@
|
||||
_/raw/download_coreplus
|
||||
_/src/libc
|
||||
_/src/vfs_lxip
|
||||
_/src/bash-minimal
|
||||
_/src/coreutils-minimal
|
||||
_/src/curl
|
||||
_/src/fetchurl
|
||||
_/src/init
|
||||
_/src/libssh
|
||||
_/src/openssl
|
||||
_/src/ncurses
|
||||
_/src/posix
|
||||
_/src/report_rom
|
||||
_/src/terminal
|
||||
_/src/terminal_log
|
||||
_/src/vfs
|
||||
_/src/zlib
|
||||
_/src/cached_fs_rom
|
@ -1 +0,0 @@
|
||||
2023-04-27 c73cf6ceef8aad65bfac745611188efa1f560c61
|
@ -1,39 +0,0 @@
|
||||
<runtime ram="80M" caps="1500" binary="init" config="init.config">
|
||||
|
||||
<requires>
|
||||
<gui/>
|
||||
<nic/>
|
||||
<timer/>
|
||||
<rm/>
|
||||
<file_system label="target" writeable="yes"/>
|
||||
<file_system label="fonts" writeable="no"/>
|
||||
</requires>
|
||||
|
||||
<content>
|
||||
<rom label="init.config"/>
|
||||
<rom label="ld.lib.so"/>
|
||||
<rom label="libc.lib.so"/>
|
||||
<rom label="libm.lib.so"/>
|
||||
<rom label="init"/>
|
||||
<rom label="terminal"/>
|
||||
<rom label="posix.lib.so"/>
|
||||
<rom label="ncurses.lib.so"/>
|
||||
<rom label="bash-minimal.tar"/>
|
||||
<rom label="coreutils-minimal.tar"/>
|
||||
<rom label="vfs"/>
|
||||
<rom label="vfs.lib.so"/>
|
||||
<rom label="terminal_log"/>
|
||||
<rom label="report_rom"/>
|
||||
<rom label="fetchurl"/>
|
||||
<rom label="lxip.lib.so"/>
|
||||
<rom label="vfs_lxip.lib.so"/>
|
||||
<rom label="libssl.lib.so"/>
|
||||
<rom label="libssh.lib.so"/>
|
||||
<rom label="curl.lib.so"/>
|
||||
<rom label="libcrypto.lib.so"/>
|
||||
<rom label="zlib.lib.so"/>
|
||||
<rom label="assets.tar"/>
|
||||
<rom label="cached_fs_rom"/>
|
||||
</content>
|
||||
|
||||
</runtime>
|
@ -4,9 +4,7 @@ _/src/libpng
|
||||
_/src/zlib
|
||||
_/src/fs_query
|
||||
_/src/menu_view
|
||||
_/src/cbe
|
||||
_/src/spark
|
||||
_/src/libsparkcrypto
|
||||
_/src/tresor
|
||||
_/src/vfs_block
|
||||
_/src/vfs_jitterentropy
|
||||
_/src/vfs
|
||||
|
@ -26,26 +26,22 @@
|
||||
<rom label="vfs.lib.so"/>
|
||||
<rom label="vfs_block"/>
|
||||
<rom label="vfs_jitterentropy.lib.so"/>
|
||||
<rom label="vfs_cbe.lib.so"/>
|
||||
<rom label="vfs_cbe_crypto_aes_cbc.lib.so"/>
|
||||
<rom label="vfs_cbe_trust_anchor.lib.so"/>
|
||||
<rom label="cbe_cxx.lib.so"/>
|
||||
<rom label="cbe_init_cxx.lib.so"/>
|
||||
<rom label="cbe_init"/>
|
||||
<rom label="cbe_init_trust_anchor"/>
|
||||
<rom label="vfs_tresor.lib.so"/>
|
||||
<rom label="vfs_tresor_crypto_aes_cbc.lib.so"/>
|
||||
<rom label="vfs_tresor_trust_anchor.lib.so"/>
|
||||
<rom label="tresor_init"/>
|
||||
<rom label="tresor_init_trust_anchor"/>
|
||||
<rom label="libcrypto.lib.so"/>
|
||||
<rom label="rump.lib.so"/>
|
||||
<rom label="vfs_rump.lib.so"/>
|
||||
<rom label="rump_fs.lib.so"/>
|
||||
<rom label="sandbox.lib.so"/>
|
||||
<rom label="libsparkcrypto.lib.so"/>
|
||||
<rom label="spark.lib.so"/>
|
||||
<rom label="fs_tool"/>
|
||||
<rom label="mke2fs"/>
|
||||
<rom label="resize2fs"/>
|
||||
<rom label="posix.lib.so"/>
|
||||
<rom label="file_vault"/>
|
||||
<rom label="file_vault-sync_to_cbe_vfs_init"/>
|
||||
<rom label="file_vault-sync_to_tresor_vfs_init"/>
|
||||
<rom label="file_vault-truncate_file"/>
|
||||
<rom label="menu_view_styles.tar"/>
|
||||
</content>
|
||||
@ -74,21 +70,21 @@
|
||||
<provides>
|
||||
<service name="File_system"/>
|
||||
</provides>
|
||||
<config>
|
||||
<config user_interface="menu_view">
|
||||
<vfs>
|
||||
<dir name="cbe">
|
||||
<fs label="cbe"/>
|
||||
<dir name="tresor">
|
||||
<fs label="tresor"/>
|
||||
</dir>
|
||||
</vfs>
|
||||
</config>
|
||||
<route>
|
||||
<service name="File_system" label="cbe_trust_anchor_vfs -> storage_dir"> <parent label="trust_anchor"/> </service>
|
||||
<service name="File_system" label="tresor_trust_anchor_vfs -> storage_dir"> <parent label="trust_anchor"/> </service>
|
||||
<service name="File_system" label="vfs_block -> "> <parent label="data"/> </service>
|
||||
<service name="File_system" label="cbe"> <parent label="data"/> </service>
|
||||
<service name="File_system" label="tresor"> <parent label="data"/> </service>
|
||||
<service name="File_system" label="fs_query -> "> <parent label="data"/> </service>
|
||||
<service name="File_system" label="image_fs_query -> "> <parent label="data"/> </service>
|
||||
<service name="File_system" label="cbe_vfs -> cbe_fs"> <parent label="data"/> </service>
|
||||
<service name="File_system" label="truncate_file -> cbe"> <parent label="data"/> </service>
|
||||
<service name="File_system" label="tresor_vfs -> tresor_fs"> <parent label="data"/> </service>
|
||||
<service name="File_system" label="truncate_file -> tresor"> <parent label="data"/> </service>
|
||||
<service name="File_system" label="menu_view -> fonts"> <parent label="fonts"/> </service>
|
||||
<service name="Timer"> <parent/> </service>
|
||||
<service name="Gui"> <parent/> </service>
|
||||
|
1
repos/gems/recipes/pkg/file_vault_config_report/README
Normal file
1
repos/gems/recipes/pkg/file_vault_config_report/README
Normal file
@ -0,0 +1 @@
|
||||
See repos/gems/src/app/file_vault/README.
|
15
repos/gems/recipes/pkg/file_vault_config_report/archives
Normal file
15
repos/gems/recipes/pkg/file_vault_config_report/archives
Normal file
@ -0,0 +1,15 @@
|
||||
_/src/init
|
||||
_/src/libc
|
||||
_/src/zlib
|
||||
_/src/fs_query
|
||||
_/src/tresor
|
||||
_/src/vfs_block
|
||||
_/src/vfs_jitterentropy
|
||||
_/src/vfs
|
||||
_/src/openssl
|
||||
_/src/fs_tool
|
||||
_/src/fs_utils
|
||||
_/src/posix
|
||||
_/src/rump
|
||||
_/src/sandbox
|
||||
_/src/file_vault
|
1
repos/gems/recipes/pkg/file_vault_config_report/hash
Normal file
1
repos/gems/recipes/pkg/file_vault_config_report/hash
Normal file
@ -0,0 +1 @@
|
||||
2023-03-31-f e133ec19fdfb9ab03e5aa985db926ff807ca1505
|
98
repos/gems/recipes/pkg/file_vault_config_report/runtime
Normal file
98
repos/gems/recipes/pkg/file_vault_config_report/runtime
Normal file
@ -0,0 +1,98 @@
|
||||
<runtime ram="220M" caps="2200" binary="init">
|
||||
|
||||
<provides>
|
||||
<file_system/>
|
||||
</provides>
|
||||
|
||||
<requires>
|
||||
<file_system label="data" writeable="yes"/>
|
||||
<file_system label="trust_anchor" writeable="yes"/>
|
||||
<report label="ui_report"/>
|
||||
<rom label="ui_config"/>
|
||||
<rm/>
|
||||
<timer/>
|
||||
</requires>
|
||||
|
||||
<content>
|
||||
<rom label="init"/>
|
||||
<rom label="ld.lib.so"/>
|
||||
<rom label="libc.lib.so"/>
|
||||
<rom label="libm.lib.so"/>
|
||||
<rom label="zlib.lib.so"/>
|
||||
<rom label="fs_query"/>
|
||||
<rom label="vfs"/>
|
||||
<rom label="vfs.lib.so"/>
|
||||
<rom label="vfs_block"/>
|
||||
<rom label="vfs_jitterentropy.lib.so"/>
|
||||
<rom label="vfs_tresor.lib.so"/>
|
||||
<rom label="vfs_tresor_crypto_aes_cbc.lib.so"/>
|
||||
<rom label="vfs_tresor_trust_anchor.lib.so"/>
|
||||
<rom label="tresor_init"/>
|
||||
<rom label="tresor_init_trust_anchor"/>
|
||||
<rom label="libcrypto.lib.so"/>
|
||||
<rom label="rump.lib.so"/>
|
||||
<rom label="vfs_rump.lib.so"/>
|
||||
<rom label="rump_fs.lib.so"/>
|
||||
<rom label="sandbox.lib.so"/>
|
||||
<rom label="fs_tool"/>
|
||||
<rom label="mke2fs"/>
|
||||
<rom label="resize2fs"/>
|
||||
<rom label="posix.lib.so"/>
|
||||
<rom label="file_vault"/>
|
||||
<rom label="file_vault-sync_to_tresor_vfs_init"/>
|
||||
<rom label="file_vault-truncate_file"/>
|
||||
</content>
|
||||
|
||||
<config>
|
||||
|
||||
<parent-provides>
|
||||
<service name="ROM"/>
|
||||
<service name="PD"/>
|
||||
<service name="RM"/>
|
||||
<service name="CPU"/>
|
||||
<service name="LOG"/>
|
||||
<service name="Gui"/>
|
||||
<service name="Timer"/>
|
||||
<service name="File_system"/>
|
||||
</parent-provides>
|
||||
|
||||
<service name="File_system">
|
||||
<default-policy>
|
||||
<child name="file_vault"/>
|
||||
</default-policy>
|
||||
</service>
|
||||
|
||||
<start name="file_vault" caps="2000">
|
||||
<resource name="RAM" quantum="200M"/>
|
||||
<provides>
|
||||
<service name="File_system"/>
|
||||
</provides>
|
||||
<config user_interface="menu_view">
|
||||
<vfs>
|
||||
<dir name="tresor">
|
||||
<fs label="tresor"/>
|
||||
</dir>
|
||||
</vfs>
|
||||
</config>
|
||||
<route>
|
||||
<service name="Report" label="ui_report"> <parent/> </service>
|
||||
<service name="ROM" label="ui_config"> <parent/> </service>
|
||||
<service name="File_system" label="tresor_trust_anchor_vfs -> storage_dir"> <parent label="trust_anchor"/> </service>
|
||||
<service name="File_system" label="vfs_block -> "> <parent label="data"/> </service>
|
||||
<service name="File_system" label="tresor"> <parent label="data"/> </service>
|
||||
<service name="File_system" label="fs_query -> "> <parent label="data"/> </service>
|
||||
<service name="File_system" label="image_fs_query -> "> <parent label="data"/> </service>
|
||||
<service name="File_system" label="tresor_vfs -> tresor_fs"> <parent label="data"/> </service>
|
||||
<service name="File_system" label="truncate_file -> tresor"> <parent label="data"/> </service>
|
||||
<service name="Timer"> <parent/> </service>
|
||||
<service name="PD"> <parent/> </service>
|
||||
<service name="ROM"> <parent/> </service>
|
||||
<service name="CPU"> <parent/> </service>
|
||||
<service name="LOG"> <parent/> </service>
|
||||
<service name="RM"> <parent/> </service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
</config>
|
||||
|
||||
</runtime>
|
@ -359,7 +359,7 @@ For inspiration, please follow the postings at
|
||||
:Encrypted file store:
|
||||
|
||||
The file-vault package provides Sculpt users with an easy way to set
|
||||
up and use an encrypted file store using Genode's custom CBE block
|
||||
up and use an encrypted file store using Genode's custom Tresor block
|
||||
encrypter.
|
||||
|
||||
[https://genodians.org/m-stein/2021-05-17-introducing-the-file-vault]
|
||||
@ -1557,7 +1557,7 @@ Before building the packages, various ports of 3rd-party software need to
|
||||
be prepared. The following command prepares all of them at once:
|
||||
|
||||
! <GENODE-DIR>/tool/ports/prepare_port \
|
||||
! acpica ada-runtime bash cbe coreutils curl \
|
||||
! acpica ada-runtime bash tresor coreutils curl \
|
||||
! dde_bsd dde_ipxe dde_linux dde_rump e2fsprogs-lib \
|
||||
! expat freetype gnupg grub2 jitterentropy jpeg \
|
||||
! libarchive libc libdrm libgcrypt libiconv libnl libpng \
|
||||
|
@ -0,0 +1 @@
|
||||
Test for the fs_tool component
|
@ -0,0 +1,4 @@
|
||||
_/pkg/file_vault_config_report
|
||||
_/src/report_rom
|
||||
_/src/dynamic_rom
|
||||
_/src/vfs
|
@ -0,0 +1 @@
|
||||
2023-03-31-j 57b14d73d7dfb8a25d18394bc2119bfd1ea07844
|
232
repos/gems/recipes/pkg/test-file_vault_config_report/runtime
Normal file
232
repos/gems/recipes/pkg/test-file_vault_config_report/runtime
Normal file
@ -0,0 +1,232 @@
|
||||
<runtime ram="250M" caps="3000" binary="init">
|
||||
|
||||
<requires>
|
||||
<timer/>
|
||||
</requires>
|
||||
|
||||
<events>
|
||||
<timeout meaning="failed" sec="240" />
|
||||
<log meaning="succeeded">
|
||||
<ui_report version="step_*" state="uninitialized"/>*
|
||||
<ui_report version="step_*" state="initializing"/>*
|
||||
<ui_report version="step_*" state="unlocked"/>*
|
||||
<ui_report version="step_*" state="locking"/>*
|
||||
<ui_report version="step_*" state="locked"/>*
|
||||
<ui_report version="step_*" state="unlocking"/>*
|
||||
<ui_report version="step_*" state="unlocked"/>*
|
||||
<ui_report version="step_*" state="locking"/>*
|
||||
<ui_report version="step_*" state="locked"/>*
|
||||
<ui_report version="step_*" state="unlocking"/>*
|
||||
<ui_report version="step_*" state="locked"/>*
|
||||
<ui_report version="step_*" state="unlocking"/>*
|
||||
<ui_report version="step_*" state="unlocked"/>*
|
||||
<ui_report version="step_*" state="locking"/>*
|
||||
<ui_report version="step_*" state="locked"/>
|
||||
</log>
|
||||
</events>
|
||||
|
||||
<content>
|
||||
<rom label="ld.lib.so"/>
|
||||
<rom label="report_rom"/>
|
||||
<rom label="dynamic_rom"/>
|
||||
<rom label="file_vault"/>
|
||||
<rom label="vfs"/>
|
||||
</content>
|
||||
|
||||
<config>
|
||||
|
||||
<parent-provides>
|
||||
<service name="ROM"/>
|
||||
<service name="LOG"/>
|
||||
<service name="RM"/>
|
||||
<service name="CPU"/>
|
||||
<service name="PD"/>
|
||||
<service name="IRQ"/>
|
||||
<service name="IO_MEM"/>
|
||||
<service name="IO_PORT"/>
|
||||
<service name="Timer"/>
|
||||
</parent-provides>
|
||||
|
||||
<start name="dynamic_rom" caps="100">
|
||||
<resource name="RAM" quantum="4M"/>
|
||||
<provides><service name="ROM"/> </provides>
|
||||
<config verbose="no">
|
||||
<rom name="file_vault_ui_config">
|
||||
<inline>
|
||||
|
||||
<ui_config version="step_1_wait"/>
|
||||
|
||||
</inline>
|
||||
<sleep milliseconds="5000"/>
|
||||
<inline>
|
||||
|
||||
<ui_config version="step_2_init" passphrase="abcdefgh"
|
||||
client_fs_size="1M"
|
||||
journaling_buf_size="1M"/>
|
||||
|
||||
</inline>
|
||||
<sleep milliseconds="5000"/>
|
||||
<inline>
|
||||
|
||||
<ui_config version="step_3_lock"/>
|
||||
|
||||
</inline>
|
||||
<sleep milliseconds="500"/>
|
||||
<inline>
|
||||
|
||||
<ui_config version="step_4_unlock_fast" passphrase="abcdefgh"/>
|
||||
|
||||
</inline>
|
||||
<sleep milliseconds="5000"/>
|
||||
<inline>
|
||||
|
||||
<ui_config version="step_5_lock"/>
|
||||
|
||||
</inline>
|
||||
<sleep milliseconds="5000"/>
|
||||
<inline>
|
||||
|
||||
<ui_config version="step_6_bad_unlock" passphrase="00000001"/>
|
||||
|
||||
</inline>
|
||||
<sleep milliseconds="500"/>
|
||||
<inline>
|
||||
|
||||
<ui_config version="step_7_bad_unlock" passphrase="00000002"/>
|
||||
|
||||
</inline>
|
||||
<sleep milliseconds="500"/>
|
||||
<inline>
|
||||
|
||||
<ui_config version="step_8_bad_unlock" passphrase="00000003"/>
|
||||
|
||||
</inline>
|
||||
<sleep milliseconds="500"/>
|
||||
<inline>
|
||||
|
||||
<ui_config version="step_9_bad_unlock" passphrase="00000004"/>
|
||||
|
||||
</inline>
|
||||
<sleep milliseconds="500"/>
|
||||
<inline>
|
||||
|
||||
<ui_config version="step_10_bad_unlock" passphrase="00000005"/>
|
||||
|
||||
</inline>
|
||||
<sleep milliseconds="5000"/>
|
||||
<inline>
|
||||
|
||||
<ui_config version="step_11_wait"/>
|
||||
|
||||
</inline>
|
||||
<sleep milliseconds="10000"/>
|
||||
<inline>
|
||||
|
||||
<ui_config version="step_12_unlock" passphrase="abcdefgh"/>
|
||||
|
||||
</inline>
|
||||
<sleep milliseconds="500"/>
|
||||
<inline>
|
||||
|
||||
<ui_config version="step_13_lock_fast"/>
|
||||
|
||||
</inline>
|
||||
<sleep milliseconds="600000"/>
|
||||
|
||||
</rom>
|
||||
</config>
|
||||
<route>
|
||||
<service name="Timer"> <parent/> </service>
|
||||
<service name="PD"> <parent/> </service>
|
||||
<service name="ROM"> <parent/> </service>
|
||||
<service name="LOG"> <parent/> </service>
|
||||
<service name="CPU"> <parent/> </service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
<start name="report_rom" caps="70">
|
||||
<resource name="RAM" quantum="1M"/>
|
||||
<provides>
|
||||
<service name="ROM" />
|
||||
<service name="Report" />
|
||||
</provides>
|
||||
<config verbose="yes"/>
|
||||
<route>
|
||||
<service name="LOG"> <parent/> </service>
|
||||
<service name="PD"> <parent/> </service>
|
||||
<service name="CPU"> <parent/> </service>
|
||||
<service name="ROM"> <parent/> </service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
<start name="data_fs" caps="500">
|
||||
<binary name="vfs"/>
|
||||
<resource name="RAM" quantum="50M"/>
|
||||
<provides><service name="File_system"/></provides>
|
||||
<config>
|
||||
<vfs>
|
||||
<dir name="data">
|
||||
<ram/>
|
||||
</dir>
|
||||
</vfs>
|
||||
<policy label="file_vault -> data" root="/data" writeable="yes"/>
|
||||
</config>
|
||||
<route>
|
||||
<service name="PD"> <parent/> </service>
|
||||
<service name="ROM"> <parent/> </service>
|
||||
<service name="LOG"> <parent/> </service>
|
||||
<service name="CPU"> <parent/> </service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
<start name="trust_anchor_fs" caps="100">
|
||||
<binary name="vfs"/>
|
||||
<resource name="RAM" quantum="5M"/>
|
||||
<provides><service name="File_system"/></provides>
|
||||
<config>
|
||||
<vfs>
|
||||
<dir name="trust_anchor">
|
||||
<ram/>
|
||||
</dir>
|
||||
</vfs>
|
||||
<policy label="file_vault -> trust_anchor" root="/trust_anchor" writeable="yes"/>
|
||||
</config>
|
||||
<route>
|
||||
<service name="PD"> <parent/> </service>
|
||||
<service name="ROM"> <parent/> </service>
|
||||
<service name="LOG"> <parent/> </service>
|
||||
<service name="CPU"> <parent/> </service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
<start name="file_vault" caps="1500">
|
||||
<resource name="RAM" quantum="180M"/>
|
||||
<config user_interface="config_and_report">
|
||||
<vfs>
|
||||
<dir name="tresor">
|
||||
<fs label="tresor"/>
|
||||
</dir>
|
||||
</vfs>
|
||||
</config>
|
||||
<route>
|
||||
<service name="ROM" label="ui_config"> <child name="dynamic_rom" label="file_vault_ui_config"/> </service>
|
||||
<service name="Report"> label="ui_report" <child name="report_rom"/> </service>
|
||||
<service name="File_system" label="tresor_trust_anchor_vfs -> storage_dir"> <child name="trust_anchor_fs" label="file_vault -> trust_anchor"/> </service>
|
||||
<service name="File_system" label="tresor_init -> "> <child name="data_fs" label="file_vault -> data"/> </service>
|
||||
<service name="File_system" label="tresor"> <child name="data_fs" label="file_vault -> data"/> </service>
|
||||
<service name="File_system" label="fs_query -> "> <child name="data_fs" label="file_vault -> data"/> </service>
|
||||
<service name="File_system" label="image_fs_query -> "> <child name="data_fs" label="file_vault -> data"/> </service>
|
||||
<service name="File_system" label="tresor_vfs -> tresor_fs"> <child name="data_fs" label="file_vault -> data"/> </service>
|
||||
<service name="File_system" label="truncate_file -> tresor"> <child name="data_fs" label="file_vault -> data"/> </service>
|
||||
<service name="Timer"> <parent/> </service>
|
||||
<service name="PD"> <parent/> </service>
|
||||
<service name="ROM"> <parent/> </service>
|
||||
<service name="CPU"> <parent/> </service>
|
||||
<service name="LOG"> <parent/> </service>
|
||||
<service name="RM"> <parent/> </service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
</config>
|
||||
|
||||
</runtime>
|
@ -5,7 +5,7 @@ parentCID=ffffffff
|
||||
createType="fullDevice"
|
||||
|
||||
# Extent description
|
||||
RW 2097152 FLAT "/dev/cbe/data" 0
|
||||
RW 2097152 FLAT "/dev/tresor/data" 0
|
||||
|
||||
# The disk Data Base
|
||||
#DDB
|
||||
|
@ -1,70 +0,0 @@
|
||||
BUILD_LIBS := \
|
||||
cbe_cxx \
|
||||
cbe_init_cxx \
|
||||
cbe_dump_cxx \
|
||||
cbe_check_cxx
|
||||
|
||||
MIRROR_FROM_CBE_DIR := \
|
||||
src/lib/cbe \
|
||||
src/lib/cbe_common \
|
||||
src/lib/cbe_cxx \
|
||||
src/lib/cbe_cxx_common \
|
||||
src/lib/cbe_init \
|
||||
src/lib/cbe_init_cxx \
|
||||
src/lib/cbe_dump \
|
||||
src/lib/cbe_dump_cxx \
|
||||
src/lib/cbe_check \
|
||||
src/lib/cbe_check_cxx \
|
||||
src/lib/sha256_4k
|
||||
|
||||
MIRROR_FROM_REP_DIR := \
|
||||
lib/import/import-cbe.mk \
|
||||
lib/import/import-cbe_common.mk \
|
||||
lib/import/import-cbe_init.mk \
|
||||
lib/import/import-cbe_dump.mk \
|
||||
lib/import/import-cbe_check.mk \
|
||||
lib/import/import-sha256_4k.mk \
|
||||
lib/mk/spec/x86_64/cbe.mk \
|
||||
lib/mk/spec/x86_64/cbe_common.mk \
|
||||
lib/mk/spec/x86_64/cbe_cxx.mk \
|
||||
lib/mk/spec/x86_64/cbe_cxx_common.mk \
|
||||
lib/mk/spec/x86_64/cbe_init.mk \
|
||||
lib/mk/spec/x86_64/cbe_init_cxx.mk \
|
||||
lib/mk/spec/x86_64/cbe_dump.mk \
|
||||
lib/mk/spec/x86_64/cbe_dump_cxx.mk \
|
||||
lib/mk/spec/x86_64/cbe_check.mk \
|
||||
lib/mk/spec/x86_64/cbe_check_cxx.mk \
|
||||
lib/mk/spec/x86_64/vfs_cbe.mk \
|
||||
lib/mk/spec/x86_64/vfs_cbe_crypto_aes_cbc.mk \
|
||||
lib/mk/spec/x86_64/vfs_cbe_crypto_memcopy.mk \
|
||||
lib/mk/spec/x86_64/vfs_cbe_trust_anchor.mk \
|
||||
lib/mk/generate_ada_main_pkg.inc \
|
||||
lib/mk/sha256_4k.mk \
|
||||
lib/symbols/cbe_check_cxx \
|
||||
lib/symbols/cbe_dump_cxx \
|
||||
lib/symbols/cbe_init_cxx \
|
||||
src/lib/vfs/cbe \
|
||||
src/lib/vfs/cbe_crypto/vfs.cc \
|
||||
src/lib/vfs/cbe_crypto/aes_cbc \
|
||||
src/lib/vfs/cbe_crypto/memcopy \
|
||||
src/lib/vfs/cbe_trust_anchor \
|
||||
src/app/cbe_check \
|
||||
src/app/cbe_dump \
|
||||
src/app/cbe_init \
|
||||
src/app/cbe_init_trust_anchor \
|
||||
src/app/cbe_tester \
|
||||
include/cbe
|
||||
|
||||
CBE_DIR := $(call port_dir,$(REP_DIR)/ports/cbe)
|
||||
|
||||
content: $(MIRROR_FROM_REP_DIR) $(MIRROR_FROM_CBE_DIR) LICENSE
|
||||
|
||||
$(MIRROR_FROM_REP_DIR):
|
||||
$(mirror_from_rep_dir)
|
||||
|
||||
$(MIRROR_FROM_CBE_DIR):
|
||||
mkdir -p $(dir $@)
|
||||
cp -r $(CBE_DIR)/$@ $(dir $@)
|
||||
|
||||
LICENSE:
|
||||
cp $(GENODE_DIR)/LICENSE $@
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user