ExternalVendorCode/genode
1
0
Fork 0
mirror of https://github.com/genodelabs/genode.git synced 2025-01-29 15:44:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Refine tresor tests

Browse Source 
* Use jitterentropy only if supported.
  On certain targets like pbxa9 or zynq_qemu, the performance counter always
  yields 0, which renders jitterentropy unusable. On these platforms, the
  Tresor tests now use a static value as entropy source instead.

* Adds a new package test-file_vault_config_report_no_entropy that is used by
  the Depot Autopilot on targets without jitterentropy support instead of
  test-file_vault_config_report. The only difference between the two packages
  is the value of the above described new config attribute of the File Vault.

* Circumvent alignment fault.
  The Tresor lib for now has the deficiency of using on-disc data structures
  directly in code instead of decoding them first to unpacked, naturally
  aligned structures. This causes problems with memory-access alignment on
  several platforms (rpi, imx6q_sabrelite, imx53_qsb, imx7d_sabre). As fixing
  this properly is a bit of work, the commit disables the tresor_tester and
  file_vault_config_report test on the affected platforms in autopilot mode for
  now.

* Further adjustments
  * Make benchmarks optional
  * Use a smaller tresor for rekeying
  * Clean up image parameters
  * No use implicit routes/resources
  * Reduce ram consumption
  * Reduce test timeout
  * Raise cap quota, required for sel4 x86_64.

Ref #4819
This commit is contained in:
Martin Stein 2023-06-01 15:56:07 +02:00 committed by Norman Feske
parent 5800ab4961
commit dea53f635f
11 changed files with 458 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/README Normal file
View File

@ -0,0 +1 @@
Test for the fs_tool component

4
repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/archives Normal file
View File

@ -0,0 +1,4 @@
_/pkg/file_vault_config_report
_/src/report_rom
_/src/dynamic_rom
_/src/vfs

1
repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/hash Normal file
View File

@ -0,0 +1 @@
2023-06-06-a 66b1c361c5894d4013ac01c73e3365f6b5979c21

180
repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/runtime Normal file
View File

@ -0,0 +1,180 @@
<runtime ram="250M" caps="3000" binary="init">
<requires>
<timer/>
</requires>
<events>
<timeout meaning="failed" sec="70" />
<log meaning="succeeded">
&lt;ui_report version="step_*" state="uninitialized"/>*
&lt;ui_report version="step_*" state="initializing"/>*
&lt;ui_report version="step_*" state="unlocked"/>*
&lt;ui_report version="step_*" state="locked"/>*
&lt;ui_report version="step_*" state="unlocked"/>*
</log>
</events>
<content>
<rom label="ld.lib.so"/>
<rom label="report_rom"/>
<rom label="dynamic_rom"/>
<rom label="file_vault"/>
<rom label="vfs"/>
</content>
<config>
<parent-provides>
<service name="ROM"/>
<service name="LOG"/>
<service name="RM"/>
<service name="CPU"/>
<service name="PD"/>
<service name="IRQ"/>
<service name="IO_MEM"/>
<service name="IO_PORT"/>
<service name="Timer"/>
</parent-provides>
<start name="dynamic_rom" caps="100">
<resource name="RAM" quantum="4M"/>
<provides><service name="ROM"/> </provides>
<config verbose="no">
<rom name="file_vault_ui_config">
<inline>
<ui_config version="step_1_wait"/>
</inline>
<sleep milliseconds="6000"/>
<inline>
<ui_config version="step_2_init" passphrase="abcdefgh"
client_fs_size="1M"
journaling_buf_size="1M"/>
</inline>
<sleep milliseconds="10000"/>
<inline>
<ui_config version="step_3_lock"/>
</inline>
<sleep milliseconds="6000"/>
<inline>
<ui_config version="step_4_bad_unlock" passphrase="00000001"/>
</inline>
<sleep milliseconds="6000"/>
<inline>
<ui_config version="step_5_wait"/>
</inline>
<sleep milliseconds="6000"/>
<inline>
<ui_config version="step_6_unlock" passphrase="abcdefgh"/>
</inline>
<sleep milliseconds="600000"/>
</rom>
</config>
<route>
<service name="Timer"> <parent/> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start>
<start name="report_rom" caps="70">
<resource name="RAM" quantum="1M"/>
<provides>
<service name="ROM" />
<service name="Report" />
</provides>
<config verbose="yes"/>
<route>
<service name="LOG"> <parent/> </service>
<service name="PD"> <parent/> </service>
<service name="CPU"> <parent/> </service>
<service name="ROM"> <parent/> </service>
</route>
</start>
<start name="data_fs" caps="500">
<binary name="vfs"/>
<resource name="RAM" quantum="50M"/>
<provides><service name="File_system"/></provides>
<config>
<vfs>
<dir name="data">
<ram/>
</dir>
</vfs>
<policy label="file_vault -> data" root="/data" writeable="yes"/>
</config>
<route>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start>
<start name="trust_anchor_fs" caps="100">
<binary name="vfs"/>
<resource name="RAM" quantum="5M"/>
<provides><service name="File_system"/></provides>
<config>
<vfs>
<dir name="trust_anchor">
<ram/>
</dir>
</vfs>
<policy label="file_vault -> trust_anchor" root="/trust_anchor" writeable="yes"/>
</config>
<route>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start>
<start name="file_vault" caps="1500">
<resource name="RAM" quantum="180M"/>
<config user_interface="config_and_report" jitterentropy_available="no">
<vfs>
<dir name="tresor">
<fs label="tresor"/>
</dir>
</vfs>
</config>
<route>
<service name="ROM" label="ui_config"> <child name="dynamic_rom" label="file_vault_ui_config"/> </service>
<service name="Report"> label="ui_report" <child name="report_rom"/> </service>
<service name="File_system" label="tresor_trust_anchor_vfs -> storage_dir"> <child name="trust_anchor_fs" label="file_vault -> trust_anchor"/> </service>
<service name="File_system" label="tresor_init -> "> <child name="data_fs" label="file_vault -> data"/> </service>
<service name="File_system" label="tresor"> <child name="data_fs" label="file_vault -> data"/> </service>
<service name="File_system" label="fs_query -> "> <child name="data_fs" label="file_vault -> data"/> </service>
<service name="File_system" label="image_fs_query -> "> <child name="data_fs" label="file_vault -> data"/> </service>
<service name="File_system" label="tresor_vfs -> tresor_fs"> <child name="data_fs" label="file_vault -> data"/> </service>
<service name="File_system" label="truncate_file -> tresor"> <child name="data_fs" label="file_vault -> data"/> </service>
<service name="Timer"> <parent/> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="CPU"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="RM"> <parent/> </service>
</route>
</start>
</config>
</runtime>

23
repos/gems/run/depot_autopilot.run
View File

@ -659,6 +659,7 @@ set default_test_pkgs {
test-expat
test-fault_detection
test-file_vault_config_report
test-file_vault_config_report_no_entropy
test-fs_packet
test-fs_report
test-fs_rom_update
@ -754,11 +755,31 @@ proc non_executable_supported { } {
return false
}
proc skip_test_if { condition test } {
global skip_test
if {$condition} {
set skip_test($test) true
}
}
#
# Whether to skip a test - if undefined for a test, the test is not skipped
#
#
# pbxa9 and zynq_qemu don't support jitterentropy
#
skip_test_if [expr ([have_board pbxa9] || [have_board zynq_qemu])] test-file_vault_config_report
skip_test_if [expr !([have_board pbxa9] || [have_board zynq_qemu])] test-file_vault_config_report_no_entropy
#
# rpi, imx6q_sabrelite, imx53_qsb(_tz), imx7d_sabre have problems with the yet unfixed unaligned-access issue in tresor
#
skip_test_if [expr ([have_board rpi] || [have_board imx6q_sabrelite] || [have_board imx53_qsb] || [have_board imx53_qsb_tz] || [have_board imx7d_sabre])] test-file_vault_config_report
skip_test_if [expr ([have_board rpi] || [have_board imx6q_sabrelite] || [have_board imx53_qsb] || [have_board imx53_qsb_tz] || [have_board imx7d_sabre])] test-file_vault_config_report_no_entropy
set skip_test(test-fault_detection) [expr [have_spec pistachio] || [have_spec fiasco]]
set skip_test(test-file_vault_config_report) [expr [have_board rpi]]
set skip_test(test-fs_packet) [expr ![interactive] && [have_include "power_on/qemu"]]
set skip_test(test-libc) [expr [have_spec sel4] || [have_board rpi] || [have_board imx53_qsb_tz]]
set skip_test(test-lx_block) [expr ![have_board linux]]

18
repos/gems/run/file_vault.inc
View File

@ -4,6 +4,19 @@ proc ui_is { arg } {
return [string equal $arg $ui ]
}
proc jent_avail { } {
if {[have_board pbxa9]} { return 0 }
if {[have_board zynq_qemu]} { return 0 }
return 1
}
proc jent_avail_attr { } {
if {[jent_avail]} { return "yes" }
return "no"
}
build { app/file_vault }
create_boot_directory
@ -16,7 +29,6 @@ append archives "
[depot_user]/src/fs_query
[depot_user]/src/tresor
[depot_user]/src/vfs_block
[depot_user]/src/vfs_jitterentropy
[depot_user]/src/vfs
[depot_user]/src/openssl
[depot_user]/src/fs_tool
@ -26,6 +38,8 @@ append archives "
[depot_user]/src/sandbox
"
append_if [jent_avail] archives " [depot_user]/src/vfs_jitterentropy "
lappend_if [ui_is menu_view] archives [depot_user]/src/nitpicker
lappend_if [ui_is menu_view] archives [depot_user]/src/menu_view
lappend_if [ui_is menu_view] archives [depot_user]/src/libpng
@ -328,7 +342,7 @@ append config {
<start name="file_vault" caps="2000">
<resource name="RAM" quantum="200M"/>
<config user_interface="} $ui {">
<config user_interface="} $ui {" jitterentropy_available="} [jent_avail_attr] {">
<vfs>
<dir name="tresor">
<fs label="tresor"/>

224
repos/gems/run/tresor_tester.run
View File

@ -4,45 +4,84 @@ if {[get_cmd_switch --autopilot] && [have_board virt_qemu_riscv]} {
exit 0
}
#
# The following platforms trigger alignment faults that come from a not yet
# solved deficiency of the tresor lib: The lib uses the on-disc datastructures
# directly in code without translating them to naturally aligned structs
# beforehand.
#
if {[get_cmd_switch --autopilot] && [have_board rpi]} {
puts "Autopilot mode is not supported on this platform."
exit 0
}
if {[get_cmd_switch --autopilot] && [have_board imx6q_sabrelite]} {
puts "Autopilot mode is not supported on this platform."
exit 0
}
if {[get_cmd_switch --autopilot] && [have_board imx53_qsb]} {
puts "Autopilot mode is not supported on this platform."
exit 0
}
if {[get_cmd_switch --autopilot] && [have_board imx53_qsb_tz]} {
puts "Autopilot mode is not supported on this platform."
exit 0
}
if {[get_cmd_switch --autopilot] && [have_board imx7d_sabre]} {
puts "Autopilot mode is not supported on this platform."
exit 0
}
set dd [installed_command dd]
proc tresor_image_name { } {
return "tresor_block.img"
}
proc local_tresor_image { } {
proc lx_local_tresor_image { } {
return bin/[tresor_image_name]
}
proc autopilot_tresor_image { } {
proc lx_autopilot_tresor_image { } {
return /tmp/[tresor_image_name].[exec id -un]
}
set image_size 1024
if {[info exists ::env(tresor_IMAGE_SIZE)]} {
set image_size $::env(tresor_IMAGE_SIZE)
proc lx_tresor_image_size_mb { } {
return 400
}
proc tresor_image_size_mb { } {
global image_size
return $image_size
}
proc benchmark_blk_count { } {
proc tresor_vbd_size_mb { } {
return [expr [tresor_image_size_mb] / 2]
}
if {[have_board linux]} {
proc tresor_ft_size_mb { } {
return [expr [tresor_image_size_mb] / 8]
}
proc benchmark_blk_count_base { } {
if {[have_board virt_qemu_arm_v8a]} {
return 6400;
} else {
return 12800;
# benchmarks over 50 mebibyte
return 12800
}
if {[have_board virt_qemu_arm_v8a]} {
# benchmarks over 25 mebibyte
return 6400
}
# benchmarks turned off
return 0
}
proc block_io_vfs_ram_mb { } {
if {[benchmark_blk_count] > 0} {
# when benchmarks turned on
set bench_mb [expr (([benchmark_blk_count] * 4096) / 1024 / 1024)]
return [expr 8 * $bench_mb]
}
# when benchmarks turned off
return 10
}
proc jent_avail { } {
if {[have_board pbxa9]} { return 0 }
if {[have_board zynq_qemu]} { return 0 }
return 1
}
append build_components {
@ -56,9 +95,10 @@ append build_components {
lib/vfs_tresor_crypto_aes_cbc
lib/vfs_tresor_trust_anchor
lib/vfs_import
lib/vfs_jitterentropy
}
append_if [jent_avail] build_components { lib/vfs_jitterentropy }
append_if [have_board linux] build_components { server/lx_fs }
append_if [have_board linux] build_components { server/lx_block }
@ -69,6 +109,7 @@ create_boot_directory
append config {
<config verbose="yes">
<parent-provides>
<service name="ROM"/>
<service name="IRQ"/>
@ -80,47 +121,69 @@ append config {
<service name="LOG"/>
</parent-provides>
<default-route>
<any-service> <parent/> <any-child/> </any-service>
</default-route>
<default caps="100"/>
<start name="timer">
<start name="timer" caps="100">
<resource name="RAM" quantum="1M"/>
<provides><service name="Timer"/></provides>
<route>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
<service name="IO_PORT"> <parent/> </service>
<service name="IRQ"> <parent/> </service>
</route>
</start>
<start name="report_rom">
<resource name="RAM" quantum="32M"/>
<start name="report_rom" caps="100">
<resource name="RAM" quantum="4M"/>
<provides> <service name="Report"/> <service name="ROM"/> </provides>
<config verbose="yes"/>
<route>
<service name="LOG"> <parent/> </service>
<service name="PD"> <parent/> </service>
<service name="CPU"> <parent/> </service>
<service name="ROM"> <parent/> </service>
</route>
</start>
<start name="log_terminal">
<start name="log_terminal" caps="100">
<resource name="RAM" quantum="1M"/>
<provides><service name="Terminal"/></provides>
<route>
<service name="LOG"> <parent/> </service>
<service name="PD"> <parent/> </service>
<service name="CPU"> <parent/> </service>
<service name="ROM"> <parent/> </service>
</route>
</start>
}
if {[have_board linux]} {
append config {
<start name="block_io_fs" ld="no">
<start name="block_io_fs" caps="100" ld="no">
<binary name="lx_fs"/>
<resource name="RAM" quantum="4M"/>
<provides> <service name="File_system"/> </provides>
<config>
<default-policy root="/" writeable="yes"/>
</config>
<route>
<service name="LOG"> <parent/> </service>
<service name="PD"> <parent/> </service>
<service name="CPU"> <parent/> </service>
<service name="ROM"> <parent/> </service>
</route>
</start>
}
} else {
append config {
<start name="block_io_fs" caps="2000">
<start name="block_io_fs" caps="100">
<binary name="vfs"/>
<resource name="RAM" quantum="200M"/>
<resource name="RAM" quantum="} [block_io_vfs_ram_mb] {M"/>
<provides><service name="File_system"/></provides>
<config>
<vfs>
@ -146,9 +209,9 @@ if {[have_board linux]} {
}
append config {
<start name="trust_anchor_fs" caps="120">
<start name="trust_anchor_fs" caps="200">
<binary name="vfs"/>
<resource name="RAM" quantum="16M"/>
<resource name="RAM" quantum="10M"/>
<provides><service name="File_system"/></provides>
<config>
<vfs>
@ -156,8 +219,17 @@ append config {
<ram/>
</dir>
<dir name="dev">
<jitterentropy name="jitterentropy"/>
<dir name="dev"> }
append_if [jent_avail] config {
<jitterentropy name="jitterentropy"/> }
append_if [expr ![jent_avail]] config {
<inline name="jitterentropy">0123456789abcdefghijklmnopqrstuv</inline> }
append config {
<tresor_trust_anchor name="tresor_trust_anchor" storage_dir="/storage"/>
</dir>
</vfs>
@ -165,14 +237,17 @@ append config {
<default-policy root="/dev/tresor_trust_anchor" writeable="yes"/>
</config>
<route>
<any-service> <parent/> </any-service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start>
<start name="test" caps="200">
<binary name="tresor_tester"/>
<resource name="RAM" quantum="80M"/>
<resource name="RAM" quantum="10M"/>
<config ld_verbose="yes">
<verbose
@ -351,12 +426,12 @@ append config {
<virtual-block-device
nr_of_levels="4"
nr_of_children="8"
nr_of_leafs="344" />
nr_of_leafs="100" />
<free-tree
nr_of_levels="4"
nr_of_children="8"
nr_of_leafs="344" />
nr_of_leafs="100" />
</initialize>
<construct/>
@ -551,7 +626,7 @@ append config {
<request op="sync" vba="0" count="256" sync="yes"/>
<check/>
<log string="Step 16: reinitialize Tresor device, do read/write benchmarks"/>
<log string="Step 16: reinitialize Tresor device"/>
<request op="deinitialize" sync="no"/>
<destruct/>
@ -569,21 +644,27 @@ append config {
</initialize>
<construct/>
}
if {[benchmark_blk_count] > 0} {
append config {
<log string="Step 17: do read/write benchmarks"/>
<benchmark op="start" label="read initial data in one request"/>
<request op="read" vba="0" count="} [benchmark_blk_count_base] {" sync="no"/>
<request op="read" vba="0" count="} [benchmark_blk_count] {" sync="no"/>
<benchmark op="stop"/>
<benchmark op="start" label="overwrite initial data in one request"/>
<request op="write" vba="0" count="} [expr 2*[benchmark_blk_count_base]] {" sync="no"/>
<request op="write" vba="0" count="} [benchmark_blk_count] {" sync="no"/>
<benchmark op="stop"/>
<benchmark op="start" label="overwrite written data in one request"/>
<request op="write" vba="0" count="} [benchmark_blk_count_base] {" sync="no"/>
<request op="write" vba="0" count="} [benchmark_blk_count] {" sync="no"/>
<benchmark op="stop"/>
<benchmark op="start" label="read written data in one request"/>
<request op="read" vba="0" count="} [benchmark_blk_count_base] {" sync="no"/>
<request op="read" vba="0" count="} [benchmark_blk_count] {" sync="no"/>
<benchmark op="stop"/>
<benchmark op="start" label="read written data randomized"/>
@ -1002,8 +1083,18 @@ append config {
<benchmark op="stop"/>
<check/>
}
<log string="Step 17: test list-snapshots command"/>
} else {
append config {
<log string="Step 17: skip because benchmarks are disabled for this platform"/>
}
}
append config {
<log string="Step 18: test list-snapshots command"/>
<request op="create_snapshot" sync="no"/>
<request op="write" vba="17737" count="70" sync="no" salt="8924"/>
@ -1018,11 +1109,14 @@ append config {
</config>
<route>
<service name="File_system" label_last="trust_anchor"><child name="trust_anchor_fs"/></service>
<service name="File_system" label_last="trust_anchor"> <child name="trust_anchor_fs"/> </service>
<service name="File_system"> <child name="block_io_fs"/> </service>
<service name="Terminal"> <child name="log_terminal"/> </service>
<service name="Timer"> <child name="timer"/> </service>
<any-service> <parent/> </any-service>
<service name="LOG"> <parent/> </service>
<service name="PD"> <parent/> </service>
<service name="CPU"> <parent/> </service>
<service name="ROM"> <parent/> </service>
</route>
</start>
@ -1034,16 +1128,16 @@ install_config $config
if {[have_board linux]} {
exec rm -rf [local_tresor_image]
exec rm -rf [lx_local_tresor_image]
if { [get_cmd_switch --autopilot] } {
exec rm -rf [autopilot_tresor_image]
catch { exec $dd if=/dev/urandom of=[autopilot_tresor_image] bs=1M count=[tresor_image_size_mb] }
exec ln -sf -T [autopilot_tresor_image] [local_tresor_image]
exec rm -rf [lx_autopilot_tresor_image]
catch { exec $dd if=/dev/urandom of=[lx_autopilot_tresor_image] bs=1M count=[lx_tresor_image_size_mb] }
exec ln -sf -T [lx_autopilot_tresor_image] [lx_local_tresor_image]
} else {
catch { exec $dd if=/dev/urandom of=[local_tresor_image] bs=1M count=[tresor_image_size_mb] }
catch { exec $dd if=/dev/urandom of=[lx_local_tresor_image] bs=1M count=[lx_tresor_image_size_mb] }
}
}
@ -1062,9 +1156,10 @@ append boot_modules {
vfs_tresor_trust_anchor.lib.so
vfs_tresor_crypto_aes_cbc.lib.so
vfs_import.lib.so
vfs_jitterentropy.lib.so
}
append_if [jent_avail] boot_modules { vfs_jitterentropy.lib.so }
append_if [have_board linux] boot_modules { lx_fs }
append_if [have_board linux] boot_modules [tresor_image_name]
@ -1072,12 +1167,19 @@ build_boot_image $boot_modules
append qemu_args " -nographic "
run_genode_until "child \"test\" exited with exit value.*\n" 500
set test_timeout 100
if {[benchmark_blk_count] > 0} {
set test_timeout 300
}
run_genode_until "child \"test\" exited with exit value.*\n" $test_timeout
if { [get_cmd_switch --autopilot] } {
if {[have_board linux]} {
exec rm -rf [local_tresor_image]
exec rm -rf [autopilot_tresor_image]
if { [get_cmd_switch --autopilot] } {
exec rm -rf [lx_local_tresor_image]
exec rm -rf [lx_autopilot_tresor_image]
}
}
grep_output {\[init\] child "test" exited with exit value}

51
repos/gems/src/app/file_vault/main.cc
View File

@ -362,6 +362,7 @@ class File_vault::Main
User_interface _user_interface { _user_interface_from_config(_config_rom.xml()) };
bool _verbose_state { _config_rom.xml().attribute_value("verbose_state", false) };
bool _verbose_ui_config { _config_rom.xml().attribute_value("verbose_ui_config", false) };
bool _jent_avail { _config_rom.xml().attribute_value("jitterentropy_available", true) };
Root_directory _vfs { _env, _heap, _config_rom.xml().sub_node("vfs") };
Registry<Child_state> _children { };
Child_state _menu_view { _children, "menu_view", Ram_quota { 4 * 1024 * 1024 }, Cap_quota { 200 } };
@ -1659,12 +1660,12 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
switch (_state) {
case State::INVALID:
gen_info_frame(xml, "1", "Please wait...", MAIN_FRAME_WIDTH);
gen_info_frame(xml, _jent_avail, "1", "Please wait...", MAIN_FRAME_WIDTH);
break;
case State::SETUP_OBTAIN_PARAMETERS:
gen_main_frame(xml, "1", MAIN_FRAME_WIDTH, [&] (Xml_generator &xml) {
gen_main_frame(xml, _jent_avail, "1", MAIN_FRAME_WIDTH, [&] (Xml_generator &xml) {
bool gen_start_button { true };
bool gen_image_size_info { true };
@ -1734,7 +1735,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
case State::UNLOCK_OBTAIN_PARAMETERS:
gen_main_frame(xml, "1", MAIN_FRAME_WIDTH, [&] (Xml_generator &xml) {
gen_main_frame(xml, _jent_avail, "1", MAIN_FRAME_WIDTH, [&] (Xml_generator &xml) {
bool gen_start_button { true };
gen_input_passphrase(
@ -1769,12 +1770,12 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
case State::UNLOCK_START_TRESOR_VFS:
case State::UNLOCK_DETERMINE_CLIENT_FS_SIZE:
gen_info_frame(xml, "1", "Please wait...", MAIN_FRAME_WIDTH);
gen_info_frame(xml, _jent_avail, "1", "Please wait...", MAIN_FRAME_WIDTH);
break;
case State::CONTROLS_ROOT:
gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
xml.node("frame", [&] () {
@ -1804,7 +1805,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
case State::CONTROLS_SNAPSHOTS:
gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
xml.node("frame", [&] () {
@ -1896,7 +1897,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
case State::CONTROLS_DIMENSIONS:
gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
xml.node("frame", [&] () {
@ -1927,7 +1928,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
case State::CONTROLS_EXPAND_CLIENT_FS:
gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
xml.node("frame", [&] () {
@ -2013,7 +2014,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
case State::CONTROLS_EXPAND_SNAPSHOT_BUF:
gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
xml.node("frame", [&] () {
@ -2094,7 +2095,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
case State::CONTROLS_SECURITY:
gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
xml.node("frame", [&] () {
@ -2130,7 +2131,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
case State::CONTROLS_SECURITY_BLOCK_ENCRYPTION_KEY:
gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
xml.node("frame", [&] () {
@ -2169,7 +2170,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
case State::CONTROLS_SECURITY_MASTER_KEY:
gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
xml.node("frame", [&] () {
@ -2192,7 +2193,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
case State::CONTROLS_SECURITY_USER_PASSPHRASE:
gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
xml.node("frame", [&] () {
@ -2216,7 +2217,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
case State::LOCK_ISSUE_DEINIT_REQUEST_AT_TRESOR:
case State::LOCK_WAIT_TILL_DEINIT_REQUEST_IS_DONE:
gen_info_frame(xml, "1", "Please wait...", MAIN_FRAME_WIDTH);
gen_info_frame(xml, _jent_avail, "1", "Please wait...", MAIN_FRAME_WIDTH);
break;
}
}
@ -2379,7 +2380,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
gen_parent_provides_and_report_nodes(xml);
_gen_menu_view_start_node_if_required(xml);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
gen_tresor_init_trust_anchor_start_node(
xml, _tresor_init_trust_anchor, _ui_setup_obtain_params_passphrase());
@ -2389,7 +2390,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
gen_parent_provides_and_report_nodes(xml);
_gen_menu_view_start_node_if_required(xml);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
gen_tresor_init_trust_anchor_start_node(
xml, _tresor_init_trust_anchor, _ui_setup_obtain_params_passphrase());
@ -2399,7 +2400,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
gen_parent_provides_and_report_nodes(xml);
_gen_menu_view_start_node_if_required(xml);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
gen_tresor_vfs_start_node(xml, _tresor_vfs, _tresor_image_file_name);
gen_sync_to_tresor_vfs_init_start_node(xml, _sync_to_tresor_vfs_init);
break;
@ -2409,7 +2410,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
gen_parent_provides_and_report_nodes(xml);
_gen_menu_view_start_node_if_required(xml);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
gen_tresor_vfs_start_node(xml, _tresor_vfs, _tresor_image_file_name);
gen_client_fs_fs_query_start_node(xml, _client_fs_fs_query);
break;
@ -2418,7 +2419,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
gen_parent_provides_and_report_nodes(xml);
_gen_menu_view_start_node_if_required(xml);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
gen_truncate_file_start_node(
xml, _truncate_file,
File_path { "/tresor/", _tresor_image_file_name }.string(),
@ -2448,7 +2449,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
gen_parent_provides_and_report_nodes(xml);
_gen_menu_view_start_node_if_required(xml);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
gen_tresor_init_start_node(xml, _tresor_init, vbd_tree_geom, free_tree_geom);
break;
}
@ -2456,7 +2457,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
gen_parent_provides_and_report_nodes(xml);
_gen_menu_view_start_node_if_required(xml);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
gen_tresor_vfs_start_node(xml, _tresor_vfs, _tresor_image_file_name);
gen_sync_to_tresor_vfs_init_start_node(xml, _sync_to_tresor_vfs_init);
break;
@ -2465,7 +2466,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
gen_parent_provides_and_report_nodes(xml);
_gen_menu_view_start_node_if_required(xml);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
gen_tresor_vfs_start_node(xml, _tresor_vfs, _tresor_image_file_name);
gen_tresor_vfs_block_start_node(xml, _tresor_vfs_block);
gen_mke2fs_start_node(xml, _mke2fs);
@ -2483,7 +2484,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
{
gen_parent_provides_and_report_nodes(xml);
_gen_menu_view_start_node_if_required(xml);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
gen_tresor_vfs_start_node(xml, _tresor_vfs, _tresor_image_file_name);
gen_tresor_vfs_block_start_node(xml, _tresor_vfs_block);
gen_snapshots_fs_query_start_node(xml, _snapshots_fs_query);
@ -2639,7 +2640,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
gen_parent_provides_and_report_nodes(xml);
gen_policy_for_child_service(xml, "File_system", _rump_vfs);
_gen_menu_view_start_node_if_required(xml);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
gen_tresor_vfs_start_node(xml, _tresor_vfs, _tresor_image_file_name);
gen_tresor_vfs_block_start_node(xml, _tresor_vfs_block);
gen_snapshots_fs_query_start_node(xml, _snapshots_fs_query);
@ -2651,7 +2652,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
gen_parent_provides_and_report_nodes(xml);
gen_policy_for_child_service(xml, "File_system", _rump_vfs);
_gen_menu_view_start_node_if_required(xml);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
gen_tresor_vfs_start_node(xml, _tresor_vfs, _tresor_image_file_name);
gen_tresor_vfs_block_start_node(xml, _tresor_vfs_block);
gen_snapshots_fs_query_start_node(xml, _snapshots_fs_query);

29
repos/gems/src/app/file_vault/menu_view_dialog.cc
View File

@ -26,7 +26,8 @@ void File_vault::gen_normal_font_attribute(Xml_generator &xml)
void File_vault::gen_frame_title(Xml_generator &xml,
char const *name,
unsigned long min_width)
unsigned long min_width,
bool jent_avail)
{
xml.node("float", [&] () {
@ -34,19 +35,35 @@ void File_vault::gen_frame_title(Xml_generator &xml,
xml.attribute("west", "yes");
xml.attribute("north", "yes");
xml.node("label", [&] () {
xml.attribute("text", "" );
xml.attribute("min_ex", min_width);
});
if (jent_avail) {
xml.node("label", [&] () {
xml.attribute("text", "" );
xml.attribute("min_ex", min_width);
});
} else {
xml.node("vbox", [&] () {
xml.node("label", [&] () {
xml.attribute("name", "warning_0");
xml.attribute("font", "title/regular");
xml.attribute("text", " Warning: Insecure mode, no entropy source! " );
xml.attribute("min_ex", min_width);
});
xml.node("label", [&] () {
xml.attribute("name", "warning_1");
xml.attribute("text", " " );
});
});
}
});
}
void File_vault::gen_info_frame(Xml_generator &xml,
bool jent_avail,
char const *name,
char const *info,
unsigned long min_width)
{
gen_main_frame(xml, name, min_width, [&] (Xml_generator &xml) {
gen_main_frame(xml, jent_avail, name, min_width, [&] (Xml_generator &xml) {
gen_centered_info_line(xml, "info", info);
gen_info_line(xml, "pad_1", "");

11
repos/gems/src/app/file_vault/menu_view_dialog.h
View File

@ -27,10 +27,12 @@ namespace File_vault {
void gen_frame_title(Xml_generator &xml,
char const *name,
unsigned long min_width);
unsigned long min_width,
bool jent_avail);
template <typename GEN_FRAME_CONTENT>
void gen_main_frame(Xml_generator &xml,
bool jent_avail,
char const *name,
unsigned long min_width,
GEN_FRAME_CONTENT const &gen_frame_content)
@ -40,7 +42,7 @@ namespace File_vault {
xml.node("vbox", [&] () {
gen_frame_title(xml, "title", min_width);
gen_frame_title(xml, "title", min_width, jent_avail);
gen_frame_content(xml);
});
});
@ -48,6 +50,7 @@ namespace File_vault {
template <typename GEN_FRAME_CONTENT>
void gen_controls_frame(Xml_generator &xml,
bool jent_avail,
char const *name,
GEN_FRAME_CONTENT const &gen_frame_content)
{
@ -56,6 +59,9 @@ namespace File_vault {
xml.node("vbox", [&] () {
if (!jent_avail)
gen_frame_title(xml, "title", 0, jent_avail);
gen_frame_content(xml);
});
});
@ -84,6 +90,7 @@ namespace File_vault {
}
void gen_info_frame(Xml_generator &xml,
bool jent_avail,
char const *name,
char const *info,
unsigned long min_width);

17
repos/gems/src/app/file_vault/sandbox.h
View File

@ -377,7 +377,8 @@ namespace File_vault {
}
void gen_tresor_trust_anchor_vfs_start_node(Xml_generator &xml,
Child_state const &child)
Child_state const &child,
bool jent_avail)
{
child.gen_start_node(xml, [&] () {
@ -402,9 +403,17 @@ namespace File_vault {
xml.attribute("storage_dir", "/storage_dir");
});
xml.node("jitterentropy", [&] () {
xml.attribute("name", "jitterentropy");
});
if (jent_avail) {
xml.node("jitterentropy", [&] () {
xml.attribute("name", "jitterentropy");
});
} else {
xml.node("inline", [&] () {
xml.attribute("name", "jitterentropy");
xml.append_content(String<33> { "0123456789abcdefghijklmnopqrstuv" });
});
warning("Insecure mode, no entropy source!");
}
});
});
xml.node("policy", [&] () {