From dea53f635fe21ead98864cad93a560edc4cc7e55 Mon Sep 17 00:00:00 2001
From: Martin Stein <martin.stein@genode-labs.com>
Date: Thu, 1 Jun 2023 15:56:07 +0200
Subject: [PATCH] Refine tresor tests

* Use jitterentropy only if supported.
  On certain targets like pbxa9 or zynq_qemu, the performance counter always
  yields 0, which renders jitterentropy unusable. On these platforms, the
  Tresor tests now use a static value as entropy source instead.

* Adds a new package test-file_vault_config_report_no_entropy that is used by
  the Depot Autopilot on targets without jitterentropy support instead of
  test-file_vault_config_report. The only difference between the two packages
  is the value of the above described new config attribute of the File Vault.

* Circumvent alignment fault.
  The Tresor lib for now has the deficiency of using on-disc data structures
  directly in code instead of decoding them first to unpacked, naturally
  aligned structures. This causes problems with memory-access alignment on
  several platforms (rpi, imx6q_sabrelite, imx53_qsb, imx7d_sabre). As fixing
  this properly is a bit of work, the commit disables the tresor_tester and
  file_vault_config_report test on the affected platforms in autopilot mode for
  now.

* Further adjustments
  * Make benchmarks optional
  * Use a smaller tresor for rekeying
  * Clean up image parameters
  * No use implicit routes/resources
  * Reduce ram consumption
  * Reduce test timeout
  * Raise cap quota, required for sel4 x86_64.

Ref #4819
---
 .../README                                    |   1 +
 .../archives                                  |   4 +
 .../hash                                      |   1 +
 .../runtime                                   | 180 ++++++++++++++
 repos/gems/run/depot_autopilot.run            |  23 +-
 repos/gems/run/file_vault.inc                 |  18 +-
 repos/gems/run/tresor_tester.run              | 224 +++++++++++++-----
 repos/gems/src/app/file_vault/main.cc         |  51 ++--
 .../src/app/file_vault/menu_view_dialog.cc    |  29 ++-
 .../src/app/file_vault/menu_view_dialog.h     |  11 +-
 repos/gems/src/app/file_vault/sandbox.h       |  17 +-
 11 files changed, 458 insertions(+), 101 deletions(-)
 create mode 100644 repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/README
 create mode 100644 repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/archives
 create mode 100644 repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/hash
 create mode 100644 repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/runtime

diff --git a/repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/README b/repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/README
new file mode 100644
index 0000000000..15d76d5aef
--- /dev/null
+++ b/repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/README
@@ -0,0 +1 @@
+Test for the fs_tool component
diff --git a/repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/archives b/repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/archives
new file mode 100644
index 0000000000..aee3408e2c
--- /dev/null
+++ b/repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/archives
@@ -0,0 +1,4 @@
+_/pkg/file_vault_config_report
+_/src/report_rom
+_/src/dynamic_rom
+_/src/vfs
diff --git a/repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/hash b/repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/hash
new file mode 100644
index 0000000000..df97218ff4
--- /dev/null
+++ b/repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/hash
@@ -0,0 +1 @@
+2023-06-06-a 66b1c361c5894d4013ac01c73e3365f6b5979c21
diff --git a/repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/runtime b/repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/runtime
new file mode 100644
index 0000000000..2285b98cc7
--- /dev/null
+++ b/repos/gems/recipes/pkg/test-file_vault_config_report_no_entropy/runtime
@@ -0,0 +1,180 @@
+<runtime ram="250M" caps="3000" binary="init">
+
+	<requires>
+		<timer/>
+	</requires>
+
+	<events>
+		<timeout meaning="failed" sec="70" />
+		<log meaning="succeeded">
+			&lt;ui_report version="step_*" state="uninitialized"/>*
+			&lt;ui_report version="step_*" state="initializing"/>*
+			&lt;ui_report version="step_*" state="unlocked"/>*
+			&lt;ui_report version="step_*" state="locked"/>*
+			&lt;ui_report version="step_*" state="unlocked"/>*
+		</log>
+	</events>
+
+	<content>
+		<rom label="ld.lib.so"/>
+		<rom label="report_rom"/>
+		<rom label="dynamic_rom"/>
+		<rom label="file_vault"/>
+		<rom label="vfs"/>
+	</content>
+
+	<config>
+
+		<parent-provides>
+			<service name="ROM"/>
+			<service name="LOG"/>
+			<service name="RM"/>
+			<service name="CPU"/>
+			<service name="PD"/>
+			<service name="IRQ"/>
+			<service name="IO_MEM"/>
+			<service name="IO_PORT"/>
+			<service name="Timer"/>
+		</parent-provides>
+
+		<start name="dynamic_rom" caps="100">
+			<resource name="RAM" quantum="4M"/>
+			<provides><service name="ROM"/> </provides>
+			<config verbose="no">
+				<rom name="file_vault_ui_config">
+					<inline>
+
+						<ui_config version="step_1_wait"/>
+
+					</inline>
+					<sleep milliseconds="6000"/>
+					<inline>
+
+						<ui_config version="step_2_init" passphrase="abcdefgh"
+						                                 client_fs_size="1M"
+						                                 journaling_buf_size="1M"/>
+
+					</inline>
+					<sleep milliseconds="10000"/>
+					<inline>
+
+						<ui_config version="step_3_lock"/>
+
+					</inline>
+					<sleep milliseconds="6000"/>
+					<inline>
+
+						<ui_config version="step_4_bad_unlock" passphrase="00000001"/>
+
+					</inline>
+					<sleep milliseconds="6000"/>
+					<inline>
+
+						<ui_config version="step_5_wait"/>
+
+					</inline>
+					<sleep milliseconds="6000"/>
+					<inline>
+
+						<ui_config version="step_6_unlock" passphrase="abcdefgh"/>
+
+					</inline>
+					<sleep milliseconds="600000"/>
+
+				</rom>
+			</config>
+			<route>
+				<service name="Timer"> <parent/> </service>
+				<service name="PD">    <parent/> </service>
+				<service name="ROM">   <parent/> </service>
+				<service name="LOG">   <parent/> </service>
+				<service name="CPU">   <parent/> </service>
+			</route>
+		</start>
+
+		<start name="report_rom" caps="70">
+			<resource name="RAM" quantum="1M"/>
+			<provides>
+				<service name="ROM" />
+				<service name="Report" />
+			</provides>
+			<config verbose="yes"/>
+			<route>
+				<service name="LOG"> <parent/> </service>
+				<service name="PD">  <parent/> </service>
+				<service name="CPU"> <parent/> </service>
+				<service name="ROM"> <parent/> </service>
+			</route>
+		</start>
+
+		<start name="data_fs" caps="500">
+			<binary name="vfs"/>
+			<resource name="RAM" quantum="50M"/>
+			<provides><service name="File_system"/></provides>
+			<config>
+				<vfs>
+					<dir name="data">
+						<ram/>
+					</dir>
+				</vfs>
+				<policy label="file_vault -> data" root="/data" writeable="yes"/>
+			</config>
+			<route>
+				<service name="PD">  <parent/> </service>
+				<service name="ROM"> <parent/> </service>
+				<service name="LOG"> <parent/> </service>
+				<service name="CPU"> <parent/> </service>
+			</route>
+		</start>
+
+		<start name="trust_anchor_fs" caps="100">
+			<binary name="vfs"/>
+			<resource name="RAM" quantum="5M"/>
+			<provides><service name="File_system"/></provides>
+			<config>
+				<vfs>
+					<dir name="trust_anchor">
+						<ram/>
+					</dir>
+				</vfs>
+				<policy label="file_vault -> trust_anchor" root="/trust_anchor" writeable="yes"/>
+			</config>
+			<route>
+				<service name="PD">  <parent/> </service>
+				<service name="ROM"> <parent/> </service>
+				<service name="LOG"> <parent/> </service>
+				<service name="CPU"> <parent/> </service>
+			</route>
+		</start>
+
+		<start name="file_vault" caps="1500">
+			<resource name="RAM" quantum="180M"/>
+			<config user_interface="config_and_report" jitterentropy_available="no">
+				<vfs>
+					<dir name="tresor">
+						<fs label="tresor"/>
+					</dir>
+				</vfs>
+			</config>
+			<route>
+				<service name="ROM"         label="ui_config">                              <child name="dynamic_rom"     label="file_vault_ui_config"/>       </service>
+				<service name="Report">     label="ui_report"                               <child name="report_rom"/>                                         </service>
+				<service name="File_system" label="tresor_trust_anchor_vfs -> storage_dir"> <child name="trust_anchor_fs" label="file_vault -> trust_anchor"/> </service>
+				<service name="File_system" label="tresor_init -> ">                        <child name="data_fs"         label="file_vault -> data"/>         </service>
+				<service name="File_system" label="tresor">                                 <child name="data_fs"         label="file_vault -> data"/>         </service>
+				<service name="File_system" label="fs_query -> ">                           <child name="data_fs"         label="file_vault -> data"/>         </service>
+				<service name="File_system" label="image_fs_query -> ">                     <child name="data_fs"         label="file_vault -> data"/>         </service>
+				<service name="File_system" label="tresor_vfs -> tresor_fs">                <child name="data_fs"         label="file_vault -> data"/>         </service>
+				<service name="File_system" label="truncate_file -> tresor">                <child name="data_fs"         label="file_vault -> data"/>         </service>
+				<service name="Timer">                                                      <parent/> </service>
+				<service name="PD">                                                         <parent/> </service>
+				<service name="ROM">                                                        <parent/> </service>
+				<service name="CPU">                                                        <parent/> </service>
+				<service name="LOG">                                                        <parent/> </service>
+				<service name="RM">                                                         <parent/> </service>
+			</route>
+		</start>
+
+	</config>
+
+</runtime>
diff --git a/repos/gems/run/depot_autopilot.run b/repos/gems/run/depot_autopilot.run
index 31f1988441..5202200054 100644
--- a/repos/gems/run/depot_autopilot.run
+++ b/repos/gems/run/depot_autopilot.run
@@ -659,6 +659,7 @@ set default_test_pkgs {
 	test-expat
 	test-fault_detection
 	test-file_vault_config_report
+	test-file_vault_config_report_no_entropy
 	test-fs_packet
 	test-fs_report
 	test-fs_rom_update
@@ -754,11 +755,31 @@ proc non_executable_supported { } {
 	return false
 }
 
+proc skip_test_if { condition test } {
+
+	global skip_test
+	if {$condition} {
+		set skip_test($test) true
+	}
+}
+
 #
 # Whether to skip a test - if undefined for a test, the test is not skipped
 #
+
+#
+# pbxa9 and zynq_qemu don't support jitterentropy
+#
+skip_test_if [expr  ([have_board pbxa9] || [have_board zynq_qemu])] test-file_vault_config_report
+skip_test_if [expr !([have_board pbxa9] || [have_board zynq_qemu])] test-file_vault_config_report_no_entropy
+
+#
+# rpi, imx6q_sabrelite, imx53_qsb(_tz), imx7d_sabre have problems with the yet unfixed unaligned-access issue in tresor
+#
+skip_test_if [expr ([have_board rpi] || [have_board imx6q_sabrelite] || [have_board imx53_qsb] || [have_board imx53_qsb_tz] || [have_board imx7d_sabre])] test-file_vault_config_report
+skip_test_if [expr ([have_board rpi] || [have_board imx6q_sabrelite] || [have_board imx53_qsb] || [have_board imx53_qsb_tz] || [have_board imx7d_sabre])] test-file_vault_config_report_no_entropy
+
 set skip_test(test-fault_detection) [expr [have_spec pistachio] || [have_spec fiasco]]
-set skip_test(test-file_vault_config_report) [expr [have_board rpi]]
 set skip_test(test-fs_packet)       [expr ![interactive] && [have_include "power_on/qemu"]]
 set skip_test(test-libc)            [expr [have_spec sel4] || [have_board rpi] || [have_board imx53_qsb_tz]]
 set skip_test(test-lx_block)        [expr ![have_board linux]]
diff --git a/repos/gems/run/file_vault.inc b/repos/gems/run/file_vault.inc
index a80341caaa..659301a3ac 100644
--- a/repos/gems/run/file_vault.inc
+++ b/repos/gems/run/file_vault.inc
@@ -4,6 +4,19 @@ proc ui_is { arg } {
 	return [string equal $arg $ui ]
 }
 
+proc jent_avail { } {
+
+	if {[have_board pbxa9]} { return 0 }
+	if {[have_board zynq_qemu]} { return 0 }
+	return 1
+}
+
+proc jent_avail_attr { } {
+
+	if {[jent_avail]} { return "yes" }
+	return "no"
+}
+
 build { app/file_vault }
 
 create_boot_directory
@@ -16,7 +29,6 @@ append archives "
 	[depot_user]/src/fs_query
 	[depot_user]/src/tresor
 	[depot_user]/src/vfs_block
-	[depot_user]/src/vfs_jitterentropy
 	[depot_user]/src/vfs
 	[depot_user]/src/openssl
 	[depot_user]/src/fs_tool
@@ -26,6 +38,8 @@ append archives "
 	[depot_user]/src/sandbox
 "
 
+append_if [jent_avail] archives " [depot_user]/src/vfs_jitterentropy "
+
 lappend_if [ui_is menu_view] archives [depot_user]/src/nitpicker
 lappend_if [ui_is menu_view] archives [depot_user]/src/menu_view
 lappend_if [ui_is menu_view] archives [depot_user]/src/libpng
@@ -328,7 +342,7 @@ append config {
 
 		<start name="file_vault" caps="2000">
 			<resource name="RAM" quantum="200M"/>
-			<config user_interface="} $ui {">
+			<config user_interface="} $ui {" jitterentropy_available="} [jent_avail_attr] {">
 				<vfs>
 					<dir name="tresor">
 						<fs label="tresor"/>
diff --git a/repos/gems/run/tresor_tester.run b/repos/gems/run/tresor_tester.run
index 1bb092082c..aed91bd7c2 100644
--- a/repos/gems/run/tresor_tester.run
+++ b/repos/gems/run/tresor_tester.run
@@ -4,45 +4,84 @@ if {[get_cmd_switch --autopilot] && [have_board virt_qemu_riscv]} {
 	exit 0
 }
 
+#
+# The following platforms trigger alignment faults that come from a not yet
+# solved deficiency of the tresor lib: The lib uses the on-disc datastructures
+# directly in code without translating them to naturally aligned structs
+# beforehand.
+#
+if {[get_cmd_switch --autopilot] && [have_board rpi]} {
+	puts "Autopilot mode is not supported on this platform."
+	exit 0
+}
+if {[get_cmd_switch --autopilot] && [have_board imx6q_sabrelite]} {
+	puts "Autopilot mode is not supported on this platform."
+	exit 0
+}
+if {[get_cmd_switch --autopilot] && [have_board imx53_qsb]} {
+	puts "Autopilot mode is not supported on this platform."
+	exit 0
+}
+if {[get_cmd_switch --autopilot] && [have_board imx53_qsb_tz]} {
+	puts "Autopilot mode is not supported on this platform."
+	exit 0
+}
+if {[get_cmd_switch --autopilot] && [have_board imx7d_sabre]} {
+	puts "Autopilot mode is not supported on this platform."
+	exit 0
+}
+
 set dd [installed_command dd]
 
 proc tresor_image_name { } {
 	return "tresor_block.img"
 }
 
-proc local_tresor_image { } {
+proc lx_local_tresor_image { } {
 	return bin/[tresor_image_name]
 }
 
-proc autopilot_tresor_image { } {
+proc lx_autopilot_tresor_image { } {
 	return /tmp/[tresor_image_name].[exec id -un]
 }
 
-set image_size 1024
-if {[info exists ::env(tresor_IMAGE_SIZE)]} {
-	set image_size $::env(tresor_IMAGE_SIZE)
+proc lx_tresor_image_size_mb { } {
+	return 400
 }
 
-proc tresor_image_size_mb { } {
-	global image_size
-	return $image_size
-}
+proc benchmark_blk_count { } {
 
-proc tresor_vbd_size_mb { } {
-	return [expr [tresor_image_size_mb] / 2]
-}
+	if {[have_board linux]} {
 
-proc tresor_ft_size_mb { } {
-	return [expr [tresor_image_size_mb] / 8]
-}
-
-proc benchmark_blk_count_base { } {
-
-	if {[have_board virt_qemu_arm_v8a]} {
-		return 6400;
-	} else {
-		return 12800;
+		 # benchmarks over 50 mebibyte
+		return 12800
 	}
+	if {[have_board virt_qemu_arm_v8a]} {
+
+		# benchmarks over 25 mebibyte
+		return 6400
+	}
+	# benchmarks turned off
+	return 0
+}
+
+proc block_io_vfs_ram_mb { } {
+
+	if {[benchmark_blk_count] > 0} {
+
+		# when benchmarks turned on
+		set bench_mb [expr (([benchmark_blk_count] * 4096) / 1024 / 1024)]
+		return [expr 8 * $bench_mb]
+	}
+	# when benchmarks turned off
+	return 10
+}
+
+proc jent_avail { } {
+
+	if {[have_board pbxa9]} { return 0 }
+	if {[have_board zynq_qemu]} { return 0 }
+	return 1
 }
 
 append build_components {
@@ -56,9 +95,10 @@ append build_components {
 	lib/vfs_tresor_crypto_aes_cbc
 	lib/vfs_tresor_trust_anchor
 	lib/vfs_import
-	lib/vfs_jitterentropy
 }
 
+append_if [jent_avail] build_components { lib/vfs_jitterentropy }
+
 append_if [have_board linux] build_components { server/lx_fs }
 append_if [have_board linux] build_components { server/lx_block }
 
@@ -69,6 +109,7 @@ create_boot_directory
 append config {
 
 	<config verbose="yes">
+
 		<parent-provides>
 			<service name="ROM"/>
 			<service name="IRQ"/>
@@ -80,47 +121,69 @@ append config {
 			<service name="LOG"/>
 		</parent-provides>
 
-		<default-route>
-			<any-service> <parent/> <any-child/> </any-service>
-		</default-route>
-
-		<default caps="100"/>
-		<start name="timer">
+		<start name="timer" caps="100">
 			<resource name="RAM" quantum="1M"/>
 			<provides><service name="Timer"/></provides>
+			<route>
+				<service name="PD">      <parent/> </service>
+				<service name="ROM">     <parent/> </service>
+				<service name="LOG">     <parent/> </service>
+				<service name="CPU">     <parent/> </service>
+				<service name="IO_PORT"> <parent/> </service>
+				<service name="IRQ">     <parent/> </service>
+			</route>
 		</start>
 
-		<start name="report_rom">
-			<resource name="RAM" quantum="32M"/>
+		<start name="report_rom" caps="100">
+			<resource name="RAM" quantum="4M"/>
 			<provides> <service name="Report"/> <service name="ROM"/> </provides>
 			<config verbose="yes"/>
+			<route>
+				<service name="LOG"> <parent/> </service>
+				<service name="PD">  <parent/> </service>
+				<service name="CPU"> <parent/> </service>
+				<service name="ROM"> <parent/> </service>
+			</route>
 		</start>
 
-		<start name="log_terminal">
+		<start name="log_terminal" caps="100">
 			<resource name="RAM" quantum="1M"/>
 			<provides><service name="Terminal"/></provides>
+			<route>
+				<service name="LOG"> <parent/> </service>
+				<service name="PD">  <parent/> </service>
+				<service name="CPU"> <parent/> </service>
+				<service name="ROM"> <parent/> </service>
+			</route>
 		</start>
 }
 if {[have_board linux]} {
 
 	append config {
 
-		<start name="block_io_fs" ld="no">
+		<start name="block_io_fs" caps="100" ld="no">
 			<binary name="lx_fs"/>
 			<resource name="RAM" quantum="4M"/>
 			<provides> <service name="File_system"/> </provides>
 			<config>
 				<default-policy root="/" writeable="yes"/>
 			</config>
+			<route>
+				<service name="LOG"> <parent/> </service>
+				<service name="PD">  <parent/> </service>
+				<service name="CPU"> <parent/> </service>
+				<service name="ROM"> <parent/> </service>
+			</route>
 		</start>
 	}
+
 } else {
 
 	append config {
 
-		<start name="block_io_fs" caps="2000">
+		<start name="block_io_fs" caps="100">
 			<binary name="vfs"/>
-			<resource name="RAM" quantum="200M"/>
+			<resource name="RAM" quantum="} [block_io_vfs_ram_mb] {M"/>
 			<provides><service name="File_system"/></provides>
 			<config>
 				<vfs>
@@ -146,9 +209,9 @@ if {[have_board linux]} {
 }
 append config {
 
-		<start name="trust_anchor_fs" caps="120">
+		<start name="trust_anchor_fs" caps="200">
 			<binary name="vfs"/>
-			<resource name="RAM" quantum="16M"/>
+			<resource name="RAM" quantum="10M"/>
 			<provides><service name="File_system"/></provides>
 			<config>
 				<vfs>
@@ -156,8 +219,17 @@ append config {
 						<ram/>
 					</dir>
 
-					<dir name="dev">
-						<jitterentropy name="jitterentropy"/>
+					<dir name="dev"> }
+
+append_if [jent_avail] config {
+
+						<jitterentropy name="jitterentropy"/> }
+
+append_if [expr ![jent_avail]] config {
+
+						<inline name="jitterentropy">0123456789abcdefghijklmnopqrstuv</inline> }
+
+append config {
 						<tresor_trust_anchor name="tresor_trust_anchor" storage_dir="/storage"/>
 					</dir>
 				</vfs>
@@ -165,14 +237,17 @@ append config {
 				<default-policy root="/dev/tresor_trust_anchor" writeable="yes"/>
 			</config>
 			<route>
-				<any-service> <parent/> </any-service>
+				<service name="PD">  <parent/> </service>
+				<service name="ROM"> <parent/> </service>
+				<service name="LOG"> <parent/> </service>
+				<service name="CPU"> <parent/> </service>
 			</route>
 		</start>
 
 		<start name="test" caps="200">
 
 			<binary name="tresor_tester"/>
-			<resource name="RAM" quantum="80M"/>
+			<resource name="RAM" quantum="10M"/>
 			<config ld_verbose="yes">
 
 				<verbose
@@ -351,12 +426,12 @@ append config {
 						<virtual-block-device
 							nr_of_levels="4"
 							nr_of_children="8"
-							nr_of_leafs="344" />
+							nr_of_leafs="100" />
 
 						<free-tree
 							nr_of_levels="4"
 							nr_of_children="8"
-							nr_of_leafs="344" />
+							nr_of_leafs="100" />
 
 					</initialize>
 					<construct/>
@@ -551,7 +626,7 @@ append config {
 					<request op="sync"  vba="0"  count="256" sync="yes"/>
 					<check/>
 
-					<log string="Step 16: reinitialize Tresor device, do read/write benchmarks"/>
+					<log string="Step 16: reinitialize Tresor device"/>
 
 					<request op="deinitialize" sync="no"/>
 					<destruct/>
@@ -569,21 +644,27 @@ append config {
 
 					</initialize>
 					<construct/>
+}
+if {[benchmark_blk_count] > 0} {
+
+	append config {
+
+					<log string="Step 17: do read/write benchmarks"/>
 
 					<benchmark op="start" label="read initial data in one request"/>
-					<request op="read" vba="0" count="} [benchmark_blk_count_base] {" sync="no"/>
+					<request op="read" vba="0" count="} [benchmark_blk_count] {" sync="no"/>
 					<benchmark op="stop"/>
 
 					<benchmark op="start" label="overwrite initial data in one request"/>
-					<request op="write" vba="0" count="} [expr 2*[benchmark_blk_count_base]] {" sync="no"/>
+					<request op="write" vba="0" count="} [benchmark_blk_count] {" sync="no"/>
 					<benchmark op="stop"/>
 
 					<benchmark op="start" label="overwrite written data in one request"/>
-					<request op="write" vba="0" count="} [benchmark_blk_count_base] {" sync="no"/>
+					<request op="write" vba="0" count="} [benchmark_blk_count] {" sync="no"/>
 					<benchmark op="stop"/>
 
 					<benchmark op="start" label="read written data in one request"/>
-					<request op="read" vba="0" count="} [benchmark_blk_count_base] {" sync="no"/>
+					<request op="read" vba="0" count="} [benchmark_blk_count] {" sync="no"/>
 					<benchmark op="stop"/>
 
 					<benchmark op="start" label="read written data randomized"/>
@@ -1002,8 +1083,18 @@ append config {
 
 					<benchmark op="stop"/>
 					<check/>
+	}
 
-					<log string="Step 17: test list-snapshots command"/>
+} else {
+
+	append config {
+
+					<log string="Step 17: skip because benchmarks are disabled for this platform"/>
+	}
+}
+append config {
+
+					<log string="Step 18: test list-snapshots command"/>
 
 					<request op="create_snapshot" sync="no"/>
 					<request op="write" vba="17737" count="70" sync="no" salt="8924"/>
@@ -1018,11 +1109,14 @@ append config {
 			</config>
 
 			<route>
-				<service name="File_system" label_last="trust_anchor"><child name="trust_anchor_fs"/></service>
+				<service name="File_system" label_last="trust_anchor"> <child name="trust_anchor_fs"/> </service>
 				<service name="File_system"> <child name="block_io_fs"/> </service>
 				<service name="Terminal"> <child name="log_terminal"/> </service>
 				<service name="Timer"> <child name="timer"/> </service>
-				<any-service> <parent/> </any-service>
+				<service name="LOG"> <parent/> </service>
+				<service name="PD">  <parent/> </service>
+				<service name="CPU"> <parent/> </service>
+				<service name="ROM"> <parent/> </service>
 			</route>
 
 		</start>
@@ -1034,16 +1128,16 @@ install_config $config
 
 if {[have_board linux]} {
 
-	exec rm -rf [local_tresor_image]
+	exec rm -rf [lx_local_tresor_image]
 	if { [get_cmd_switch --autopilot] } {
 
-		exec rm -rf [autopilot_tresor_image]
-		catch { exec $dd if=/dev/urandom of=[autopilot_tresor_image] bs=1M count=[tresor_image_size_mb] }
-		exec ln -sf -T [autopilot_tresor_image] [local_tresor_image]
+		exec rm -rf [lx_autopilot_tresor_image]
+		catch { exec $dd if=/dev/urandom of=[lx_autopilot_tresor_image] bs=1M count=[lx_tresor_image_size_mb] }
+		exec ln -sf -T [lx_autopilot_tresor_image] [lx_local_tresor_image]
 
 	} else {
 
-		catch { exec $dd if=/dev/urandom of=[local_tresor_image] bs=1M count=[tresor_image_size_mb] }
+		catch { exec $dd if=/dev/urandom of=[lx_local_tresor_image] bs=1M count=[lx_tresor_image_size_mb] }
 	}
 }
 
@@ -1062,9 +1156,10 @@ append boot_modules {
 	vfs_tresor_trust_anchor.lib.so
 	vfs_tresor_crypto_aes_cbc.lib.so
 	vfs_import.lib.so
-	vfs_jitterentropy.lib.so
 }
 
+append_if [jent_avail] boot_modules { vfs_jitterentropy.lib.so }
+
 append_if [have_board linux] boot_modules { lx_fs }
 append_if [have_board linux] boot_modules [tresor_image_name]
 
@@ -1072,12 +1167,19 @@ build_boot_image $boot_modules
 
 append qemu_args " -nographic "
 
-run_genode_until "child \"test\" exited with exit value.*\n" 500
+set test_timeout 100
+if {[benchmark_blk_count] > 0} {
+	set test_timeout 300
+}
+run_genode_until "child \"test\" exited with exit value.*\n" $test_timeout
 
-if { [get_cmd_switch --autopilot] } {
+if {[have_board linux]} {
 
-	exec rm -rf [local_tresor_image]
-	exec rm -rf [autopilot_tresor_image]
+	if { [get_cmd_switch --autopilot] } {
+
+		exec rm -rf [lx_local_tresor_image]
+		exec rm -rf [lx_autopilot_tresor_image]
+	}
 }
 
 grep_output {\[init\] child "test" exited with exit value}
diff --git a/repos/gems/src/app/file_vault/main.cc b/repos/gems/src/app/file_vault/main.cc
index 8f6c29c3a5..5d4b028467 100644
--- a/repos/gems/src/app/file_vault/main.cc
+++ b/repos/gems/src/app/file_vault/main.cc
@@ -362,6 +362,7 @@ class File_vault::Main
 		User_interface                         _user_interface                     { _user_interface_from_config(_config_rom.xml()) };
 		bool                                   _verbose_state                      { _config_rom.xml().attribute_value("verbose_state", false) };
 		bool                                   _verbose_ui_config                  { _config_rom.xml().attribute_value("verbose_ui_config", false) };
+		bool                                   _jent_avail                         { _config_rom.xml().attribute_value("jitterentropy_available", true) };
 		Root_directory                         _vfs                                { _env, _heap, _config_rom.xml().sub_node("vfs") };
 		Registry<Child_state>                  _children                           { };
 		Child_state                            _menu_view                          { _children, "menu_view", Ram_quota { 4 * 1024 * 1024 }, Cap_quota { 200 } };
@@ -1659,12 +1660,12 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
 	switch (_state) {
 	case State::INVALID:
 
-		gen_info_frame(xml, "1", "Please wait...", MAIN_FRAME_WIDTH);
+		gen_info_frame(xml, _jent_avail, "1", "Please wait...", MAIN_FRAME_WIDTH);
 		break;
 
 	case State::SETUP_OBTAIN_PARAMETERS:
 
-		gen_main_frame(xml, "1", MAIN_FRAME_WIDTH, [&] (Xml_generator &xml) {
+		gen_main_frame(xml, _jent_avail, "1", MAIN_FRAME_WIDTH, [&] (Xml_generator &xml) {
 
 			bool gen_start_button { true };
 			bool gen_image_size_info { true };
@@ -1734,7 +1735,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
 
 	case State::UNLOCK_OBTAIN_PARAMETERS:
 
-		gen_main_frame(xml, "1", MAIN_FRAME_WIDTH, [&] (Xml_generator &xml) {
+		gen_main_frame(xml, _jent_avail, "1", MAIN_FRAME_WIDTH, [&] (Xml_generator &xml) {
 
 			bool gen_start_button { true };
 			gen_input_passphrase(
@@ -1769,12 +1770,12 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
 	case State::UNLOCK_START_TRESOR_VFS:
 	case State::UNLOCK_DETERMINE_CLIENT_FS_SIZE:
 
-		gen_info_frame(xml, "1", "Please wait...", MAIN_FRAME_WIDTH);
+		gen_info_frame(xml, _jent_avail, "1", "Please wait...", MAIN_FRAME_WIDTH);
 		break;
 
 	case State::CONTROLS_ROOT:
 
-		gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
+		gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
 
 			xml.node("frame", [&] () {
 
@@ -1804,7 +1805,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
 
 	case State::CONTROLS_SNAPSHOTS:
 
-		gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
+		gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
 
 			xml.node("frame", [&] () {
 
@@ -1896,7 +1897,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
 
 	case State::CONTROLS_DIMENSIONS:
 
-		gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
+		gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
 
 			xml.node("frame", [&] () {
 
@@ -1927,7 +1928,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
 
 	case State::CONTROLS_EXPAND_CLIENT_FS:
 
-		gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
+		gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
 
 			xml.node("frame", [&] () {
 
@@ -2013,7 +2014,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
 
 	case State::CONTROLS_EXPAND_SNAPSHOT_BUF:
 
-		gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
+		gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
 
 			xml.node("frame", [&] () {
 
@@ -2094,7 +2095,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
 
 	case State::CONTROLS_SECURITY:
 
-		gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
+		gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
 
 			xml.node("frame", [&] () {
 
@@ -2130,7 +2131,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
 
 	case State::CONTROLS_SECURITY_BLOCK_ENCRYPTION_KEY:
 
-		gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
+		gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
 
 			xml.node("frame", [&] () {
 
@@ -2169,7 +2170,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
 
 	case State::CONTROLS_SECURITY_MASTER_KEY:
 
-		gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
+		gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
 
 			xml.node("frame", [&] () {
 
@@ -2192,7 +2193,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
 
 	case State::CONTROLS_SECURITY_USER_PASSPHRASE:
 
-		gen_controls_frame(xml, "app", [&] (Xml_generator &xml) {
+		gen_controls_frame(xml, _jent_avail, "app", [&] (Xml_generator &xml) {
 
 			xml.node("frame", [&] () {
 
@@ -2216,7 +2217,7 @@ void File_vault::Main::produce_xml(Xml_generator &xml)
 	case State::LOCK_ISSUE_DEINIT_REQUEST_AT_TRESOR:
 	case State::LOCK_WAIT_TILL_DEINIT_REQUEST_IS_DONE:
 
-		gen_info_frame(xml, "1", "Please wait...", MAIN_FRAME_WIDTH);
+		gen_info_frame(xml, _jent_avail, "1", "Please wait...", MAIN_FRAME_WIDTH);
 		break;
 	}
 }
@@ -2379,7 +2380,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
 
 		gen_parent_provides_and_report_nodes(xml);
 		_gen_menu_view_start_node_if_required(xml);
-		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
+		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
 		gen_tresor_init_trust_anchor_start_node(
 			xml, _tresor_init_trust_anchor, _ui_setup_obtain_params_passphrase());
 
@@ -2389,7 +2390,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
 
 		gen_parent_provides_and_report_nodes(xml);
 		_gen_menu_view_start_node_if_required(xml);
-		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
+		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
 		gen_tresor_init_trust_anchor_start_node(
 			xml, _tresor_init_trust_anchor, _ui_setup_obtain_params_passphrase());
 
@@ -2399,7 +2400,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
 
 		gen_parent_provides_and_report_nodes(xml);
 		_gen_menu_view_start_node_if_required(xml);
-		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
+		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
 		gen_tresor_vfs_start_node(xml, _tresor_vfs, _tresor_image_file_name);
 		gen_sync_to_tresor_vfs_init_start_node(xml, _sync_to_tresor_vfs_init);
 		break;
@@ -2409,7 +2410,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
 
 		gen_parent_provides_and_report_nodes(xml);
 		_gen_menu_view_start_node_if_required(xml);
-		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
+		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
 		gen_tresor_vfs_start_node(xml, _tresor_vfs, _tresor_image_file_name);
 		gen_client_fs_fs_query_start_node(xml, _client_fs_fs_query);
 		break;
@@ -2418,7 +2419,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
 
 		gen_parent_provides_and_report_nodes(xml);
 		_gen_menu_view_start_node_if_required(xml);
-		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
+		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
 		gen_truncate_file_start_node(
 			xml, _truncate_file,
 			File_path { "/tresor/", _tresor_image_file_name }.string(),
@@ -2448,7 +2449,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
 
 		gen_parent_provides_and_report_nodes(xml);
 		_gen_menu_view_start_node_if_required(xml);
-		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
+		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
 		gen_tresor_init_start_node(xml, _tresor_init, vbd_tree_geom, free_tree_geom);
 		break;
 	}
@@ -2456,7 +2457,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
 
 		gen_parent_provides_and_report_nodes(xml);
 		_gen_menu_view_start_node_if_required(xml);
-		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
+		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
 		gen_tresor_vfs_start_node(xml, _tresor_vfs, _tresor_image_file_name);
 		gen_sync_to_tresor_vfs_init_start_node(xml, _sync_to_tresor_vfs_init);
 		break;
@@ -2465,7 +2466,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
 
 		gen_parent_provides_and_report_nodes(xml);
 		_gen_menu_view_start_node_if_required(xml);
-		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
+		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
 		gen_tresor_vfs_start_node(xml, _tresor_vfs, _tresor_image_file_name);
 		gen_tresor_vfs_block_start_node(xml, _tresor_vfs_block);
 		gen_mke2fs_start_node(xml, _mke2fs);
@@ -2483,7 +2484,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
 	{
 		gen_parent_provides_and_report_nodes(xml);
 		_gen_menu_view_start_node_if_required(xml);
-		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
+		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
 		gen_tresor_vfs_start_node(xml, _tresor_vfs, _tresor_image_file_name);
 		gen_tresor_vfs_block_start_node(xml, _tresor_vfs_block);
 		gen_snapshots_fs_query_start_node(xml, _snapshots_fs_query);
@@ -2639,7 +2640,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
 		gen_parent_provides_and_report_nodes(xml);
 		gen_policy_for_child_service(xml, "File_system", _rump_vfs);
 		_gen_menu_view_start_node_if_required(xml);
-		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
+		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
 		gen_tresor_vfs_start_node(xml, _tresor_vfs, _tresor_image_file_name);
 		gen_tresor_vfs_block_start_node(xml, _tresor_vfs_block);
 		gen_snapshots_fs_query_start_node(xml, _snapshots_fs_query);
@@ -2651,7 +2652,7 @@ void File_vault::Main::_generate_sandbox_config(Xml_generator &xml) const
 		gen_parent_provides_and_report_nodes(xml);
 		gen_policy_for_child_service(xml, "File_system", _rump_vfs);
 		_gen_menu_view_start_node_if_required(xml);
-		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs);
+		gen_tresor_trust_anchor_vfs_start_node(xml, _tresor_trust_anchor_vfs, _jent_avail);
 		gen_tresor_vfs_start_node(xml, _tresor_vfs, _tresor_image_file_name);
 		gen_tresor_vfs_block_start_node(xml, _tresor_vfs_block);
 		gen_snapshots_fs_query_start_node(xml, _snapshots_fs_query);
diff --git a/repos/gems/src/app/file_vault/menu_view_dialog.cc b/repos/gems/src/app/file_vault/menu_view_dialog.cc
index 8e6a8e61e1..73607c04c6 100644
--- a/repos/gems/src/app/file_vault/menu_view_dialog.cc
+++ b/repos/gems/src/app/file_vault/menu_view_dialog.cc
@@ -26,7 +26,8 @@ void File_vault::gen_normal_font_attribute(Xml_generator &xml)
 
 void File_vault::gen_frame_title(Xml_generator &xml,
                                  char    const *name,
-                                 unsigned long  min_width)
+                                 unsigned long  min_width,
+                                 bool           jent_avail)
 {
 
 	xml.node("float", [&] () {
@@ -34,19 +35,35 @@ void File_vault::gen_frame_title(Xml_generator &xml,
 		xml.attribute("west", "yes");
 		xml.attribute("north", "yes");
 
-		xml.node("label", [&] () {
-			xml.attribute("text", "" );
-			xml.attribute("min_ex", min_width);
-		});
+		if (jent_avail) {
+			xml.node("label", [&] () {
+				xml.attribute("text", "" );
+				xml.attribute("min_ex", min_width);
+			});
+		} else {
+			xml.node("vbox", [&] () {
+				xml.node("label", [&] () {
+					xml.attribute("name", "warning_0");
+					xml.attribute("font", "title/regular");
+					xml.attribute("text", " Warning: Insecure mode, no entropy source! " );
+					xml.attribute("min_ex", min_width);
+				});
+				xml.node("label", [&] () {
+					xml.attribute("name", "warning_1");
+					xml.attribute("text", " " );
+				});
+			});
+		}
 	});
 }
 
 void File_vault::gen_info_frame(Xml_generator &xml,
+                                bool           jent_avail,
                                 char const    *name,
                                 char const    *info,
                                 unsigned long  min_width)
 {
-	gen_main_frame(xml, name, min_width, [&] (Xml_generator &xml) {
+	gen_main_frame(xml, jent_avail, name, min_width, [&] (Xml_generator &xml) {
 
 		gen_centered_info_line(xml, "info", info);
 		gen_info_line(xml, "pad_1", "");
diff --git a/repos/gems/src/app/file_vault/menu_view_dialog.h b/repos/gems/src/app/file_vault/menu_view_dialog.h
index 05badc08e4..9856f9d647 100644
--- a/repos/gems/src/app/file_vault/menu_view_dialog.h
+++ b/repos/gems/src/app/file_vault/menu_view_dialog.h
@@ -27,10 +27,12 @@ namespace File_vault {
 
 	void gen_frame_title(Xml_generator &xml,
 	                     char    const *name,
-	                     unsigned long  min_width);
+	                     unsigned long  min_width,
+	                     bool           jent_avail);
 
 	template <typename GEN_FRAME_CONTENT>
 	void gen_main_frame(Xml_generator           &xml,
+	                    bool                     jent_avail,
 	                    char              const *name,
 	                    unsigned long            min_width,
 	                    GEN_FRAME_CONTENT const &gen_frame_content)
@@ -40,7 +42,7 @@ namespace File_vault {
 
 			xml.node("vbox", [&] () {
 
-				gen_frame_title(xml, "title", min_width);
+				gen_frame_title(xml, "title", min_width, jent_avail);
 				gen_frame_content(xml);
 			});
 		});
@@ -48,6 +50,7 @@ namespace File_vault {
 
 	template <typename GEN_FRAME_CONTENT>
 	void gen_controls_frame(Xml_generator           &xml,
+	                        bool                     jent_avail,
 	                        char              const *name,
 	                        GEN_FRAME_CONTENT const &gen_frame_content)
 	{
@@ -56,6 +59,9 @@ namespace File_vault {
 
 			xml.node("vbox", [&] () {
 
+				if (!jent_avail)
+					gen_frame_title(xml, "title", 0, jent_avail);
+
 				gen_frame_content(xml);
 			});
 		});
@@ -84,6 +90,7 @@ namespace File_vault {
 	}
 
 	void gen_info_frame(Xml_generator &xml,
+	                    bool           jent_avail,
 	                    char const    *name,
 	                    char const    *info,
 	                    unsigned long  min_width);
diff --git a/repos/gems/src/app/file_vault/sandbox.h b/repos/gems/src/app/file_vault/sandbox.h
index 3691775225..84decbb735 100644
--- a/repos/gems/src/app/file_vault/sandbox.h
+++ b/repos/gems/src/app/file_vault/sandbox.h
@@ -377,7 +377,8 @@ namespace File_vault {
 	}
 
 	void gen_tresor_trust_anchor_vfs_start_node(Xml_generator     &xml,
-	                                         Child_state const &child)
+	                                            Child_state const &child,
+	                                            bool               jent_avail)
 	{
 		child.gen_start_node(xml, [&] () {
 
@@ -402,9 +403,17 @@ namespace File_vault {
 							xml.attribute("storage_dir", "/storage_dir");
 						});
 
-						xml.node("jitterentropy", [&] () {
-							xml.attribute("name", "jitterentropy");
-						});
+						if (jent_avail) {
+							xml.node("jitterentropy", [&] () {
+								xml.attribute("name", "jitterentropy");
+							});
+						} else {
+							xml.node("inline", [&] () {
+								xml.attribute("name", "jitterentropy");
+								xml.append_content(String<33> { "0123456789abcdefghijklmnopqrstuv" });
+							});
+							warning("Insecure mode, no entropy source!");
+						}
 					});
 				});
 				xml.node("policy", [&] () {