Commit Graph

1750 Commits

Author SHA1 Message Date
Norman Feske
fe596f2219 sculpt: host NVMe driver in runtime
As the NVMe driver was the last remaining driver controlled by the
driver manager, this patch removes the 'drivers -> dynamic' subsystem
along with the driver manager from sculpt/drivers/pc.

Issue #5150
2024-04-12 15:02:45 +02:00
Norman Feske
206bf856bb sculpt: host AHCI driver in runtime
This patch moves the AHCI driver from the 'drivers -> dynamic'
subsystem to the runtime, managed by the sculpt_manager. One
implication of this change is the new need to supplement a device
port number to the 'Storage_target', in addition to the existing
label and partition. Previously, each block device was addressed by
merely a label specified for a parent session. The meanings of the
'Storage_target' elements are now as follows.

- The label corresponds to the driver component providing the storage.
- The port is used as block-session label when opening the session
  at the driver.
- The partition(s) denote the partition information contained in
  the block session.

Components operating as clients of the AHCI driver (e.g., a file system)
refer to their storage target as <label>-<port>.<partition> when a port
is defined (for AHCI). For drivers w/o ports, like USB storage where
each USB-block driver correponds to only one device, the storage target
is denoted as <label>.<partition>. When no partition table is present,
the '.<partition>' part is omitted.

Issue #5150
2024-04-12 15:02:45 +02:00
Norman Feske
e3803fb861 sculpt: host PS/2 driver in runtime
Issue #5150
2024-04-12 15:02:44 +02:00
Norman Feske
556a7b8b17 sculpt: host PC USB driver in runtime
This commit moves the USB and USB HID driver from the drivers subsystem
into the runtime. The former special USB node of the graph corresponds
now to the USB host-controller driver (named "usb"). The management
options for USB storage devices are available inside this component
node now.

Issue #5150
2024-04-12 15:02:44 +02:00
Norman Feske
3580bb6e17 sculpt: move event_filter to static system
By moving the event_filter and the numlock_remap_rom from the drivers
subsystem to the static system, the filtering can be applied to drivers
hosted in the runtime and drivers hosted in the drivers subsystem.

This is a preparatory step for moving the USB host and HID drivers to
the runtime.

Issue #5150
2024-04-12 15:02:44 +02:00
Norman Feske
06c4b0248b sculpt: upper limit for automatic quota upgrading 2024-04-12 15:02:44 +02:00
Martin Stein
e53b00aafb run/file_vault_client: remove troublesome § char
Ref #5148
2024-04-12 15:02:44 +02:00
Martin Stein
5907307af6 file_vault: re-enable support for 32-bit platforms
Ref #5148
2024-04-12 15:00:46 +02:00
Martin Stein
b903ddeea7 tresor: fix and test handling of minimal trees
* add testing of trees with minimal and maximal dimensions to tresor_tester.run
* replace tresor_init-local configuration type with simpler and more conformant
  configuration type in tresor/types.h that does also XML-parsing and
  XML-generation of configurations
* raise min degree to 2 because a degree of 1 is not practical und would
  require additional logic
* fix overflow with num_blocks=0 in Superblock_control::Read|Write_vbas
* fix off-by-one bug regarding the number of levels in Vbd_initializer
* improve sanity checks in Tree_configuration constructors
* document level indices in tresor_init/README
* fix size of some arrays in order to be able to handle the maximum number of
  tree levels

Ref #5077
2024-04-12 15:00:46 +02:00
Martin Stein
067a8a35cd tresor: fix faults on failed free-tree requests
* fixes two places, where the free tree module used to continue to process a
  request after actually having determined that the request fails
* moves the functionality of checking the hash of a read block and decoding it
  to a dedicated method in order to improve readability

Ref #5077
2024-04-12 15:00:46 +02:00
Martin Stein
81b17ba1e4 tresor_tester: check uninitialized vba data
Adds a new command attribute "uninitialized_data" to the Tresor Tester
configuration. If a <request op="read"> command has this attribute set to "yes"
it assumes the read blocks to be uninitialized and therefore contain only 0's.
Note, that a command that has "uninitialized_data" set to "yes" cannot have the
attribute "salt".

Ref #5077
2024-04-12 15:00:46 +02:00
Martin Stein
4a68f6bf75 tresor: discard snapshots only when writing the sb
Snapshots must only be removed when securing the superblock. Otherwise, the
last secured superblock might get corrupted. The Free Tree allocation algorithm
would not consider the deleted snapshots anymore although they are still active
in the secured superblock and re-use their blocks. This would render the tresor
container unusable if the superblock with the deleted snapshots is not secured
in the end (driver crash, power down, ...).

Ref #5077
2024-04-12 15:00:46 +02:00
Martin Stein
518c32e1af tresor: don't decode superblock before hash check
Superblock_control::Initialize used to decode a read superblock before checking
its hash. This is not necessary but may cause the operation to end up in a
decoding error on a superblock that is not the desired one anyway.

Ref #5077
2024-04-12 15:00:45 +02:00
Martin Stein
016a769605 tresor: check only the last secured superblock
Instead of iterating over all superblocks and checking each valid one,
check only the one whose hash matches the hash stored in the trust anchor.
I.e., the last one that was secured to the trust anchor. We must assume that
the other superblocks were corrupted in the meantime by operating the Tresor
container and, anyway, these Superblocks are not used anymore.

Ref #5077
2024-04-12 15:00:45 +02:00
Martin Stein
d2af024349 tresor: don't halt on extension beyond limits
The request of extending a tree used to halt when it found that
it could not add more levels to the tree because the maximum level index was
reached. Now, the library simply marks the request as failed, leaving it to
the user to handle the error condition.

Ref #5077
2024-04-12 15:00:45 +02:00
Martin Stein
b4c4681733 tresor: streamline design further
* differentiates request types that where merged formerly per module;
  e.g. instead of type Superblock_control::Request, there are now types
  * Superblock_control::Read_vbas
  * Superblock_control::Write_vbas
  * Superblock_control::Rekey
  * Superblock_control::Initialize
  * ...
  each holding only the state and functionality that is required for exactly
  that request

* removes all classes of the Tresor module framework and adapts all
  Tresor- and File-Vault- related libs, apps, and tests accordingly
  * the former "channel" state is merged into the new request types, meaning, a
    request manages no longer only the "call" to a functionality but
    also the execution of that functionality; every request has a lifetime
    equal to the "call" and an execute method to be driven forward
  * state that is used by a request but has a longer lifetime (e.g. VFS file
    handles in Tresor::Crypto) is managed by the top level
    of the user and handed over via the execute arguments; however, the
    synchronization of multiple requests on this state is done by the module
    (e.g. Tresor::Crypto)
  * requests are now driven explicitly as first argument of the (overloaded)
    execute method of their module; the module can, however, stall a request
    by returning false without doing anything (used for synchronization on
    resources)

* introduces Request_helper, Generated_request and Generatable_request in the
  Tresor namespace in order to avoid the redundancy of sub-request generation
  and execution

* moves access to Client-Data pointers up to Tresor::Virtual_block_device in
  order to simplify Tresor::Block_io and Tresor::Crypto

* removes Tresor::Client_data and introduces pure interface
  Client_data_interface in order to remove  Tresor::Client_data and
  move management of Client Data to the top level of a Tresor user

* introduces pure interface Crypto_files_interface in order to move management
  of Crypto files to the top level of a Tresor user

* moves management of Block-IO and Trust-Anchor files to the top level of a
  Tresor user

* adapts all execute methods, so, that they return the progress state
  instead of modifying a reference argument

* removes Tresor::Request_and Tresor:Request and instead implements
  scheduling at the top level of the Tresor user
  * the Tresor Tester uses a list as schedule that holds Command objects; this
    list ensures, that commands are started in the order of configuration
    the Command type is a merge of the state of all possible commands that can
    be configured at the Tresor Tester; the actual Tresor requests (if any) are
    then allocated on-demand only
  * the Tresor VFS plugin does not use a dynamic data structure for scheduling;
    the plugin has 5 members that each reflect a distinct type of operation:
    * initialize operation
    * deinitialize operation
    * data operation
    * extend operation
    * rekey operation
    consequently, of each type, there can be only one operation in-flight at a
    time; at the user front-end each operation (except "initialize") can be
    controlled through a dedicated VFS file; for each of these files, the VFS
    expects only one handle to be open at a time and only one file operation
    (read, write, sync) active at a time; once an operation gets started it is
    finished without preemtion (except of the interleaving at rekey and
    extend); when multiple operations are waiting to be started the plugin
    follows a static priority scheme:

      init op > deinit op > data op > extend op > rekey op

    there are some operation-specific details
    * the initialize operation is started only by the plugin itself on startup
      and will be driven as side effect by subsequent user calls to file
      operations
    * the data file is the only contiguous file in the front end and the file
      operations work as on usual data files
    * the other 3 files are transactional files and the user is expected to
      follow this scheme when operating on them
      1) stat (to determine file size)
      2) seek to offset 0
      3) read entire file once (this will be queued until there is no operation
         of this type pending anymore and return the last result:
         "none" | "failed" | "succeeded"; used primarily for synchronization)
      4) write operation parameters (this returns immediately and marks the
         operation as "requested")
      5) read entire file once (the same as above but this time in order to
         determine the operation result)
    * the rekey op and deinitialize op are requested by writing "true"
    * the extend op is requested by writing "tree=[TREE], blocks=[BLOCKS]"
      where TREE is either "vbd" or "ft" and BLOCKS is the number of physical
      4K blocks by which the physical range of the tresor container expands
      (the physical range always starts at block address 0 and is always
      expanded upwards)

* replaces the former <trust-anchor op="initialize"> command at the Tresor
  Tester with <initialize-trust-achor> as there are no other trust anchor
  operations that can be requested through the Tester config anyway

* removes the "sync" attribute from all commands at the Tresor Tester except
  from <request op="rekey">, <request "extend_ft">, <request op="extend_vbd">;
  as the Tester controls scheduling now, requests are generally synchronous;
  at the rekeying and extension commands, the "sync" attribute determines
  wether subsequent commands are interleaved with the execution of these
  commands (if possible)

* removes "debug" config attribute from Tresor VFS plugin and reworks "verbose"
  attribute to generate more sensible output

* removes NONCOPYABLE macro and instead uses Genode::Noncopyable and in-place
  Constructors deletion

* introduces types Attr and Execute_attr where a constructor or execute method
  have many arguments in order to raise readability

* renames the "hashsum" file that is provided by the Tresor Trust-Anchor VFS
  plugin to "hash" in order to become conformant with the wording in the Tresor
  lib

* makes the VFS Tresor test an automated test by merging in the functionality
  of vfs_tresor_init.run and removing the interactive front end; removes
  vfs_tresor_init.run as it is not needed anymore; adds consideration for
  autopilot file structure in the Test and adds it to autopilot.list

* removes all snapshot controls and the progress files for rekeying and
  extending from the Tresor VFS plugin; both functionalities were tested
  only rudimentary by the VFS Tresor test and are not supported with the only
  real user, the File Vault

* use /* .. */ instead of // ..
* use (..) instead of { .. } in init lists

Ref #5148
2024-04-12 15:00:45 +02:00
Martin Stein
14f4aa6e05 tresor_utils.run: use [build_artifacts]
Ref #5148
2024-04-12 15:00:45 +02:00
Martin Stein
ef0c3f9d2c tresor_tester.run: fix asynchronous rekeying test
The virtual block device module used to hand over the wrong VBA as
parameter "rekeying VBA" to the Free Tree when allocating PBAs for data
access during rekeying. In certain constellations, this caused the Free
Tree to alloc PBAs that were still in use. The Free Tree PBA selection
algorithm, however, is just fine. When fixing the call parameter, it works
as desired. This re-enables the async rekeying test.

Ref #5075
2024-04-12 15:00:45 +02:00
Martin Stein
02ef158748 gems: add autopilot test 'file_vault_client'
The script tests the use of an encrypted file system that is created and
provided via the File Vault.

Furthermore the script can be used for test-driving existing File-Vault
containers (created with potentially older File-Vault versions) under the
current File-Vault version. This is done via the "LX_FS_DIR_TEMPLATE"
env variable.

Ref #5062
2024-04-12 15:00:45 +02:00
Martin Stein
fb2d153c92 tresor: check hash of all read vba data
During one of the many re-factorization steps that were applied to the Tresor
library and its predecessor, the CBE library, one of the main features of the
project, the integrity check, accidentally received a grave regression. The
most recent version of the Tresor still used to check all hashes of meta-data
blocks but ignored the hashes of the actual data blocks.

With this commit, the hashes of all but yet uninitialized data blocks get
checked. The reason for ignoring uninitialized blocks is that they are not
actually read from disc but simply generated as an all-zeros block in the
driver in order to prevent having to initialize them all to zero in
Tresor-Init. That said, the integrity of these blocks cannot be compomised.
The according hashes in the meta data remain unset until the data block gets
written for the first time.

Ref #5062
2024-04-12 15:00:45 +02:00
Martin Stein
cf72499919 tresor: unused args at "R/W client data" at blk IO
The request classes Block_io::Read_client_data and Block_io::Write_client_data
used to receive a block reference for no reason. This commit removes these
args.

Ref #5062
2024-04-12 15:00:45 +02:00
Martin Stein
bcd82b7e75 tresor: revive and test app/tresor_check
The tresor_check tool became outdated back when the Tresor project was created
by re-writing its predecessor, the CBE, in C++. At this time, the check tool
was merely renamed but not updated. As there was also no autopilot test for the
tool, the tool remained outdated.

This commit rewrites the tool for the most recent Tresor version and adds an
autopilot test.

Ref #5062
2024-04-12 15:00:45 +02:00
Martin Stein
d8a71e5978 tresor: improved module framework and clean-up
* Make command pool a proper module
  * The command pool used to be kind of a module but it was driven via custom
    tresor-tester specific code. Now, it becomes a proper module that
    is driven by the module framework instead.
  * Move the code for creating and handling the module-execution progress flag
    into Module_composition::execute_modules as the function is always used with
    this code surrounding it.

* Reorganize files, remove deprecated files

* A new class Module_channel is introduced in the module framework and all
  channel classes inherit from it. With that class in place, the formerly
  module-specific implementations of the following methods are replaced by
  new generic implementations in the Module framework:

  * ready_to_submit_request
  * submit_request
  * _peek_completed_request
  * _drop_completed_request
  * _peek_generated_request
  * _drop_generated_request
  * generated_request_complete

* Module requests are now held for the duration of their lifetime at the
  module they originate from and not, like before, at their target module. As
  a result, modules can generate new requests inline (without having to wait
  for the target module), making code much simpler to read, reducing the amount
  of channel state, and allowing for non-copyable request types.

* Introduce a sub-state-machine for securing a superblock in the
  superblock_control module in order to reduce redundancy.

* Some modules, like free_tree, were completely re-designed in order to make
  them more readable.

* Replace all conditional exceptions by using the macros in
  tresor/assertion.h .

* Move methods that are used in multiple modules but that were implemented
  redundantly in each module to tresor/types.h.

* Remove verbosity node and all that was related to it from tresor tester
  config as the targeted verbosity can be achieved with the
  VERBOSE_MODULE_COMMUNICATION flag in tresor/verbosity.h .

* Extract the aspect of translating the byte-granular I/O-requests to
  tresor-block requests from the tresor VFS-plugin and move it to a new module
  called splitter.

* Rename the files and interface of the hashing back-end to not reflect the used
  hashing algorithm/config anymore, while at the same time making the hashing
  interface strict regarding the used types.

* Introduce the NONCOPYABLE macro that makes marking a class noncopyable short
  and clear.

* Replace the former tresor/vfs_utilities.h/.cc with a new tresor/file.h
  that contains the classes Read_write_file and Write_only_file. These classes
  significantly simplify the modules crypto, block_io, and trust_anchor by
  moving the details of file access to a sub-state machine.

* The former, rather trivial block allocator module is replaced by a normal
  object of type Pba_allocator that must be provided by the client of the
  Sb_initializer (reference in the Sb_initializer_request).

Ref #5062

tresor: read uninitialized vbas as all zeroes

Virtual addresses in a Tresor container that were not yet written by the user
should always return a data block that is all-zeroes. This was the concept
right from the beginning of the project. However, somehow this aspect either
never got implement or got lost along the way.

Some context for understanding the commit: The Tresor doesn't initialize the
payload data blocks of a container when creating a new container as this would
be rather expensive. Instead, it marks the leaf metadata nodes of the
virtual-block-device tree (those that reference the payload data blocks in
physical address space) with generation 0.

Now, this commit ensures that, whenever the virtual-block-device module reads
such a generation-0 leaf, instead of asking the block_io and crypto to deliver
data from disc, it directly provides the user with 4K of zeroes.

Ref #5062
2024-04-12 15:00:45 +02:00
Martin Stein
82388f4389 tresor_tester.run: fix free tree exhaustion
The order of execution inside the Tresor lib slightly changed compared to the
previous CBE lib. AFAICT, this is nothing to worry about and related to the
now cleaner structuring. However, it can produce higher peak requirements
regarding the allocation pool in the Free Tree. Therefor, this commit extends
the dimensions of the Free Tree used in the test.

Ref #4971
2024-04-12 15:00:45 +02:00
Martin Stein
801a779a88 tresor: support and test snapshot management
* Implement requests "create snapshot" and "discard snapshot" in tresor lib.
* Adapt tresor tester in order to test the new feature.
  * Remove temporary code from tresor tester that skipped such requests with
    the hint that they were not supported yet.
  * Add mandatory "id" attribute to <request op="create_snapshot"/> and
    <request op="discard_snapshot"/> tag. A "discard snapshot" command always
    refers to the snapshot created by the "create snapshot" command with the
    same "id" value.
  * Clean-up command pool a bit.

Fix #4971
2024-04-12 15:00:45 +02:00
Martin Stein
417fb4e108 tresor: fix bad hash update during rekeying in vbd
The re-keying state machine in the VBD module would use block data of the wrong
block for the hash update of an inner node in a certain circumstance.

On re-keying, the VBD iterates for a given VBA over all snapshots, beginning
with the newest and re-keys the VBA in each of the snapshots. At each snapshot
it therefore loads the branch of the VBA top-down, and then updates the branch
bottom-up. However, if loading a certain level of the branch of a certain
snapshot runs into the same physical block as with the last snapshot on this
level, the algorithm turns around and updates the branch from this point
upwards instead of going further down the whole way to the leaf. This is
because everything below this point has already been re-keyed in the course of
a newer snapshot.

The case where this turning around is not right above the leaf (i.e., the first
shared physical block is a metadata block) that's were the bug was located. In
this situation, we have to re-encode the highest shared metadata block into a
buffer again before starting to update. The update code acts as if the
mentioned block was just written back (which is true when going down all the
way to the leaf before updating) and consequently is present in the encoded
buffer.

Ref #4971
2024-04-12 15:00:45 +02:00
Martin Stein
f8332ce587 tresor: fix <initialize> config constraints
Until now, it was possible to use bad Free-Tree/VBD configurations with the
<initialize/> command. The tresor tester didn't complaining about it but the
tresor lib crashed or, worse, corrupted the tresor container. Now, the tresor
tester checks things, like for instance, that "nr_of_children" must be a power
of 2.

Ref #4971
2024-04-12 15:00:45 +02:00
Martin Stein
b44ffc9361 tresor: snap garbage collection on each request
The Superblock Control module now issues a snapshot garbage collection on each
incoming request. In return for that, the commit removes all calls to the
garbage collection from other modules.

Ref #4971
2024-04-12 15:00:45 +02:00
Martin Stein
3eb5302ab0 tresor: no local impl. of snap garbage collection
Move the implementation of the snapshots garbage collection to the Snapshots
class and remove module-local duplicates.

Ref #4971
2024-04-12 15:00:45 +02:00
Martin Stein
9605a60eac tresor: no local copy of snapshots in vbd module
The Virtual Block Device module used to create a local copy of the Snapshots
array respectively Snapshot root it received with an incoming request. After
finishing the VBD operation on the copy, the source module of the request
used to back-copy the resulting Snapshot array resp. Snapshot root. This is
not only less efficient than referencing but also allowed a bug to sneak into
the new C++ implementation.

In contrast to the old Ada/SPARK implementation (CBE), the new design doesn't
allow for global objects that can be accessed by any module without receiving a
reference in a module request. Therefore, the Free Tree module has to receive a
reference to a Snapshots array with each request in order to be able to use it.
In our case, these requests are allocations for a "Write" operation from the
VBD. However, the VBD itself receives only the one Snapshot required for
writing and therefore causes the Free Tree to make bad decisions on whether or
not a block can be re-allocated or not.

With this commit, the VBD always receive a reference to the whole Snapshots
array and also propagates it this way to the Free Tree.

Ref #4971
2024-04-12 15:00:45 +02:00
Martin Stein
b49f052051 tresor: improve verbosity modes
* make array classes printable
* pba filter for block io verbosity
* streamline read/write/rekey verbosity

Ref #4971
2024-04-12 15:00:45 +02:00
Christian Prochaska
a187f15d8c sculpt: add gdb_x86 to distribution and index
Issue #5076
2024-04-12 15:00:45 +02:00
Christian Prochaska
7248c5cc23 sculpt: add terminal to index
Issue #5076
2024-04-12 15:00:45 +02:00
Christian Helmuth
e0fe046ad3 Update tiled_wm test for tiled-console scenario
- always assign apps/overlay to targets (visible=true/false) to
  prevent 0x0 geometry, which is interpreted as close
- add QMenu as exampel to panel button
- use usb-tablet on Qemu
2024-04-12 15:00:44 +02:00
Christian Helmuth
c27d04e338 window_layouter: "visible" assign-node attribute
Per default, windows assigned to targets are visible, which can be
changed with the new boolean "visible" attribute. Thus, window can be
hidden without changing their geometry.
2024-04-12 15:00:44 +02:00
Norman Feske
b36a49dfc2 sculpt: host PC framebuffer drivers in runtime
Issue #5150
2024-04-12 12:57:30 +02:00
Norman Feske
27e0500452 sculpt_manager: Pci_info -> Board_info
This is a preparatory commit for issue #5150. Board_info is designated
for the selection of device drivers. It is not specific to PCI devices.
2024-04-12 12:57:30 +02:00
Norman Feske
72a575a5f9 depot_autopilot.run: error message on empty tar
When wrongly invoking the run script by specifying a skipped test
as its only TEST_PKGS argument, the run script fails due to a wrong
tar argument order. Let's better reflect this condition to the user
ahead of invoking tar.
2024-04-12 12:57:30 +02:00
Stefan Kalkowski
7ec08af6d9 usb: session renewal & new client API
Replace the USB session API by one that provides a devices ROM only,
which contains information about all USB devices available for this client,
as well as methods to acquire and release a single device.

The acquisition of an USB device returns the capability to a device session
that includes a packet stream buffer to communicate control transfers
in between the client and the USB host controller driver. Moreover,
additional methods to acquire and release an USB interface can be used.

The acquisition of an USB interface returns the capability to an interface
session that includes a packet stream buffer to communicate either
bulk, interrupt, or isochronous transfers in between the client and the
USB host controller driver.

This commit implements the API changes in behalf of the Genode C API's
USB server and client side. Addtionally, it provides Usb::Device,
Usb::Interface, and Usb::Endpoint utilities that can be used by native
C++ clients to use the new API and hide the sophisticated packet stream API.

The adaptations necessary target the following areas:

* lx_emul layer for USB host and client side
* Linux USB host controller driver port for PC
* Linux USB client ports: usb_hid_drv and usb_net_drv, additionally
  reduce the Linux tasks used inside these drivers
* Native usb_block_drv
* black_hole component
* Port of libusb, including smartcard and usb_webcam driver depending on it
* Port of Qemu XHCI model library, including vbox5 & vbox6 depending on it
* Adapt all run-scripts and drivers_interactive recipes to work
  with the new policy rules of the USB host controller driver

Fix genodelabs/genode#5021
2024-04-12 12:57:30 +02:00
Christian Prochaska
6e437674f7 gems: add dbg_download
Fixes #5143
2024-04-12 12:57:28 +02:00
Norman Feske
5a79cb9150 waveform_player.run: define CPU resources
This is needed for the priority-based scheduling on base-hw.
2024-04-12 12:57:28 +02:00
Norman Feske
913196e2dc record_play_mixer: smoothen time-window allocation
This patch modifies the mixer's time window allocation by modelling the
drift of the period length over time. This yields a much better
stability of the detected sample rates in the presence of jitter.

Issue #5132
2024-04-12 12:57:28 +02:00
Norman Feske
44e0d7003a base: Alarm_registry data structure
This data structure uses an AVL tree to maintain a time-sorted set of
alarm objects. It supports the use of circular clocks of an bit width.

Issue #5138
2024-04-12 12:57:28 +02:00
Josef Söntgen
449a72d8a2
trace_recorder: get session arguments from config
This commit adds support for setting the TRACE session parameters via
the configuration.

Fixes #5123.
2024-03-04 11:49:26 +01:00
Christian Helmuth
9c7a303caf depot: update recipe hashes 2024-02-29 11:08:28 +01:00
Norman Feske
b370591e64 Mobile version of Sculpt OS
This patch contains the mobile variant of Sculpt OS, which evolved
at the genode-allwinner repository until now. In consists of the
following parts:

- gems/src/app/phone_manager  plays the role of the sculpt manager
- sculpt/phone-linux          allows for test driving the mobile
                              variant on base-linux
- gems/src/app/dummy_modem    mockup of a modem's behavior, used for
                              GUI development and testing

The parts targeting a specific device (PinePhone) remain local to
the genode-allwinner repository.

To give it a try:

  make run/sculpt_test KERNEL=linux BOARD=linux \
                       SCULPT=phone LOG=core DEPOT=tar

Fixes #5125
2024-02-28 16:31:46 +01:00
Christian Prochaska
cda48b4a49 sculpt: add base binary archive path to build_info ROM
Fixes #5118
2024-02-28 16:31:45 +01:00
Norman Feske
07669ac991 os: record-and-play session interfaces and mixer
- New session interfaces:
  - os/include/play_session   (for audio playing   / mic-input driver)
  - os/include/record_session (for audio recording / audio-output driver)
- Mixer at os/src/record_play_mixer providing both play and record services
- Simple waveform player at os/src/app/waveform_player
- Simple audio-signal capturing component at os/src/app/record_rom
- Simple oscilloscpe at gems/src/app/rom_osci (using record_rom)
- Simple test-audio_play for playing raw stereo f32 data

The _gems/run/waveform_player.run_ script illustrates the use of the new
components and interfaces.

Issue #5097
2024-02-28 16:31:45 +01:00
Christian Prochaska
080d3b6b63 vfs: support watch handlers on application signal level
Fixes #4092
2024-02-26 08:59:10 +01:00
Christian Prochaska
7651c94bf5 os: add test for 'Genode::Path'
Issue #5106
2024-02-26 08:59:10 +01:00
Christian Prochaska
a1b5ebeb09 depot_query: add support for bin and dbg archives
Fixes #5110
2024-02-26 08:59:09 +01:00
Johannes Schlatow
d23e1a87dd vfs_import: truncate files before writing
genodelabs/genode#5107
2024-02-26 08:59:08 +01:00
Johannes Schlatow
43274fbf5f depot: add tcp_terminal recipe
required for goa_testbed

genodelabs/genode#5093
2024-02-26 08:31:04 +01:00
Norman Feske
96ea73c3fe sculpt: preset for goa_testbed
Issue #5092
2024-02-26 08:31:03 +01:00
Norman Feske
7c76ec897c sculpt: add "http" and "telnet" nic_router domains
These domains allow for the hosting of plain http and telnet servers
reachable from the outside. The change is designated for the goa
testbed.

Issue #5092
2024-02-26 08:31:03 +01:00
Norman Feske
c4679e7af6 depot: update recipe hashes 2023-12-13 12:33:05 +01:00
Josef Söntgen
89270f69e0 sculpt_image: copy uboot.env file for PinePhone
Issue genodelabs/genode-allwinner#26.
2023-12-13 12:33:05 +01:00
Martin Stein
32d1e5b4a7 gems: remove unused import-sha256_4k.mk
Ref #5062
2023-12-13 12:33:05 +01:00
Christian Helmuth
54c5b7d712 depot_autopilot: disable test-rm_nested on pistachio 2023-12-13 12:33:05 +01:00
Norman Feske
f57da7e645 trace: remove parent_levels session argument
The argument was originally designated to restrict the reach of the
trace monitor but the idea remained unimplemented. It is now superseded
by the use of the trace-session label as trace-subject filter.

Issue #847
2023-12-13 12:28:52 +01:00
Norman Feske
12b89852e0 sculpt: add "runtime" and "global" TRACE options
Issue #847
2023-12-13 12:28:52 +01:00
Norman Feske
f66ce025d3 Adapt run scripts to trace-subject filtering
Issue #847
2023-12-13 12:28:52 +01:00
Norman Feske
610ba6e3b6 touch_keyboard: add dialog API to src recipe
This is a follow-up commit to issue #5059. Without it, the binary
archive for the touch_keyboard remains empty.
2023-12-13 12:28:05 +01:00
Christian Helmuth
8baf19022c depot: update recipe hashes 2023-11-30 15:11:36 +01:00
Johannes Schlatow
3a62676da8 sculpt: increase RAM quota for platform driver
The platform driver needs additional 2MB of RAM for managing IO page
tables (root table and context tables) that are shared among sessions.

genodelabs/genode#5002
2023-11-30 14:20:53 +01:00
Johannes Schlatow
44617b8c9d sculpt: route iommu report from platform driver
genodelabs/genode#5002
2023-11-30 14:20:53 +01:00
Martin Stein
49dd55313a sculpt_manager: select correct launcher in + menu
The sculpt manager views only launchers in the + menu that are not present in
the runtime already. However, this check was missing when finding the right
launcher on a click event inside that menu. This could cause the manager to
try deploying an already deployed launcher a again (without any effect)
instead of deploying the launcher that was actually clicked.

Ref #5064
2023-11-28 14:46:28 +01:00
Alexander Boettcher
ff740e300a wm: free window id on destroy_view
Issue #5048
2023-11-28 14:44:29 +01:00
Norman Feske
cb10fe1d77 decorator: add missing initial call _handle_mode
This call is needed whenever the mode has settled before the decorator
has started up.
2023-11-28 14:44:29 +01:00
Norman Feske
5a75a2f930 gems: use [build_artifacts] in run scripts
Issue #4860
2023-11-28 14:44:29 +01:00
Norman Feske
769a6ce987 touch_keyboard: use dialog API
Fixes #5059
2023-11-28 14:44:28 +01:00
Norman Feske
9144d47fe2 sculpt/nitpicker/default: focus of touch_keyboard
Without setting the focus to "transient", the touch keyboard is
not able to respond to mouse clicks.
2023-11-28 14:44:28 +01:00
Norman Feske
4a5632ab6d dialog: support view attribs in sandboxed_runtime
This patch mirrors the interface of Sculpt's distant_runtime to the
sandboxed_runtime variant, allowing the configuration of xpos, ypos,
min_width, min_height, opaque, and background color.

Issue #5008
2023-11-28 14:44:28 +01:00
Norman Feske
0f54ad8e26 dialog: add text-area widget
This patch moves the text-editing facility of app/text_area to a
text-area widget as part of the dialog library. This has two benefits.
First, it simplifies app/text_area by using the dialog API. Second, the
editor can now easily be reused by other dialog-API-based applications.

Fixes #5058
2023-11-28 14:44:28 +01:00
Norman Feske
e326371762 gems: make gems/dynamic_array.h publicly available
The 'Dynamic_array' utility is used by the text_area as internal
representation of text. As a prerequisite step of making the text
editing features generally available as a text-area widget, the
utility must become public.

Issue #5008
2023-11-28 14:24:26 +01:00
Norman Feske
40c0db2e8d dialog: add Sandboxed_runtime::View::if_hovered
Issue #5008
2023-11-28 14:24:26 +01:00
Norman Feske
9fae8a7532 dialog: support Sandboxed_runtime::Event_handler
This allows applications to get hold of the raw input events,
in particular keyboard input.

Issue #5008
2023-11-28 14:24:26 +01:00
Norman Feske
0a71c8f3e1 sculpt_manager: use dialog API
Issue #5053
2023-11-28 14:24:26 +01:00
Norman Feske
1490c58f8b dialog: Hosted::if_hovered method
This method allows for the inquiry of the current hovering state,
e.g., to suppress an update of the Wifi accesspoint list while
the list is hovered.

Issue #5008
Issue #5053
2023-11-28 14:24:26 +01:00
Norman Feske
fa6c7204cd dialog: allow custom 'Select_button' attributes
This is useful to conditionally set the style to "unimportant", or to
use text other than the widget Id::Value.

Issue #5008
Issue #5053
2023-11-28 14:24:26 +01:00
Norman Feske
133cbd272e dialog: make 'click()' const wherever possible
This eases the use of, e.g., 'Select_button' as temporary variable.

Issue #5008
Issue #5053
2023-11-28 14:24:26 +01:00
Norman Feske
ec60011852 dialog: let 'Scope::widget' take 'hosted' as const
This eases the use of temporary 'Hosted' objects. The 'view' code path
is not expected to modify any state.

Issue #5008
Issue #5053
2023-11-28 14:24:26 +01:00
Norman Feske
1aba8182a4 dialog: pass value to Select_button::click
This eliminates the need to distinguish enum values in the body of the
handler, easing the forwarding of the selected value.

Issue #5008
Issue #5053
2023-11-28 14:24:26 +01:00
Christian Helmuth
f663168ffd sculpt: version 23.11 2023-11-28 14:24:25 +01:00
Norman Feske
0f686a774d list_model.h: retire 'update_list_model_from_xml'
This transition vehicle to the modern interface has now been replaced by
the new 'List_model::update_from_xml' method.

Issue #4317
2023-11-28 14:24:24 +01:00
Norman Feske
6e0d44397f depot_autopilot: use modern list-model interface
Issue #4317
2023-11-28 14:24:24 +01:00
Norman Feske
58f7ed268d window_layouter: use modern list-model interface
Issue #4317
2023-11-28 14:24:24 +01:00
Norman Feske
c9938e424b menu_view: use modern list-model interface
Issue #4317
2023-11-28 14:24:24 +01:00
Norman Feske
3e24a86b87 depot_download: use modern list-model interface
Issue #4317
2023-11-28 14:24:24 +01:00
Norman Feske
b249d9f66d depot_deploy: use modern list-model interface
Issue #4317
2023-11-28 14:24:24 +01:00
Christian Helmuth
b634549722 depot: update recipe hashes 2023-10-25 14:01:40 +02:00
Norman Feske
49aecc20b7 sculpt: update README for version 23.10 2023-10-25 12:58:30 +02:00
Martin Stein
c188f792b2 gems/sculpt: update mstein pubkey 2023-10-25 08:59:15 +02:00
Norman Feske
b50a88a95d depot_download_manager: optimize report processing
Feed the high-frequent fetchurl reports into a list model to speed up
the subsequent evaluation of the data.

Also limit the rate of state reporting during updates to visible changes
in percent such that most fetchurl reports do not cause any UI activity
(status updating) any longer.

This patch noticeably speeds up the installation of complex packages
(i.e., the morph browser) on the PinePhone.

Issue #5038
2023-10-25 08:58:54 +02:00
Christian Helmuth
20239dc27f sculpt/pc: increase usb_hid_drv cap quota
This is required to support more than 3 USB input devices.
2023-10-25 08:58:54 +02:00
Norman Feske
ca85cb936b sculpt: debug-dialog tweaks
Shorten the visible text. Make "wait" option depend on "wx" option.
Indent checkboxes similar to the resource dialog.

Issue #5012
2023-10-25 08:58:54 +02:00
Norman Feske
0a001443e9 sculpt: don't use component names as widget IDs
Component names can be larger than widget IDs, which are capped at 20
characters. To uniquely correlate the component depicted in the graph
with clicks, this patch uses a dedicated graph ID for each runtime
component instead.

Fixes #5034
2023-10-25 08:58:53 +02:00
Norman Feske
94d04b724a sculpt: add system-control in resource dialog
This patch allows for the interactive assignment of the system-control role
to a new component via the resource dialog. This is useful for integrating
low-level components like the Intel frequency/power monitoring tool.

Fixes #5033
2023-10-25 08:58:53 +02:00
Norman Feske
b3a9a2eb4e touch_keyboard: minor UI tweaks
Remove diagnostic message, remove vertical spacers between buttons.
2023-10-25 08:58:53 +02:00
Johannes Schlatow
7b15cce099 depot: add src/qt5_svg to pkg/goa
Fixes genodelabs/genode#5032
2023-10-25 08:58:53 +02:00
Johannes Schlatow
19ec0b2dd4 depot: add compat-libc to pkg/goa
Fixes genodelabs/genode#5030
2023-10-25 08:58:53 +02:00
Norman Feske
1224162072 menu_view: refine zero-size condition
Commit "menu_view: ignore zero-sized widgets in box layout" introduces
zero-sized child widgets as a special case but defined zero-sized as
zero covered pixels (w*h == 0). However, for layouting, a widget with a
non-zero height and zero width is not zero-sized.

This patch refines the zero-size condition such that only widgets with
both zero width and zero height are considered as zero-sized.

It thereby solves the missing display of empty lines in the text_area
component.
2023-10-25 08:58:53 +02:00
Norman Feske
1b23d3b8cb sculpt: reset popup menu on close
This avoids an unexpected geometry animation when opening the popup right
after closing it from a sub menu.
2023-10-25 08:58:53 +02:00
Norman Feske
d3e5e5c286 sculpt: fix interplay of popup with old dialogs
This is a follow-up fix for commit "sculpt: apply Dialog API to diag,
panel, and graph", which happened to render the legacy dialogs (network
and settings) inaccessible.

The patch avoids the use of clack seq numbers for the 'popup_opened'
condition (which happens on click, not clack). It also overrides old
click information on the arrival of a new click, avoiding the evaluation
of stale click sequence numbers in distant_runtime.cc. Furthermore, it
reduces the rate of 'Distant_runtime::_try_handle_click_and_clack'.

Issue #5008
2023-10-25 08:58:53 +02:00
Benjamin Lamowski
3f80249204 sculpt: offer passphrase dialog for WPA3 networks
On WPA3 encrypted networks the AP picker does not indicate encryption
and does not prompt for a passphrase.

Also indicate an encrypted network when "protection=WPA3", remedying
both issues.

Fixes #5022
2023-10-25 08:58:52 +02:00
Christian Prochaska
794b178032 sculpt: update falkon preset
Fixes #5018
2023-10-25 08:58:52 +02:00
Christian Helmuth
0db4116ba6 sculpt: version 23.10 2023-10-25 08:58:52 +02:00
Christian Helmuth
accfc4145a Stable TAR archive metadata content in recipes
Differences in TAR archive member metadata results in unstable depot
hashes. The following properties have to be fixed: modification time
(incl. time zone), numeric owner and group, permission modes.

Releated to #2842
2023-10-25 08:58:52 +02:00
Christian Helmuth
07c4b92335 depot: update recipe hashes 2023-10-04 13:22:08 +02:00
Christian Prochaska
1bb1ebe2ae sculpt: use debug monitor as runtime init
Fixes #5012
2023-10-04 13:22:08 +02:00
Norman Feske
aff17cb177 sculpt: propagate managing_system role
This change allows for the hosting of system-management components
in Sculpt's runtime. The special role must be declared either as
<launcher managing_system="yes"> attribute or in the deploy
configuration's <start managing_system="yes"> attribute.

Issue #5009
2023-10-04 13:22:07 +02:00
Norman Feske
ffc25fde53 sculpt: apply Dialog API to diag, panel, and graph
This patch partially converts the Sculpt manager to the dialog API.
At this stage, both the old utilities and the new dialog API are still
used simultaneously.

Issue #5008
2023-10-04 13:22:07 +02:00
Norman Feske
0c40d52010 sculpt: add Dialog::Distant_runtime
The so-called 'Distant_runtime' implements GUI dialogs via menu_view
components hosted at a distant init instance as opposed to child
components (as implemented by the 'Sandboxed_runtime'). This is
particular the case in Sculpt OS where the sculpt manager is not the
parent of the menu_view instances.

Issue #5008
2023-10-04 13:22:07 +02:00
Norman Feske
9d5af71c3d sculpt: seq events for touch_release 2023-10-04 13:22:07 +02:00
Norman Feske
37d5bdbae5 sculpt: deprecate original 'Dialog' interface
By renaming 'Dialog' to 'Deprecated_dialog', we become able to use the
name 'Dialog' for the new API while temporarily keeping the original
interface in tact.

Issue #5008
2023-10-04 13:22:07 +02:00
Norman Feske
f90058488f sculpt: screensaver refinements
- Increase default timeout to one minute
- Ignore power-button events during display-driver startup to avoid
  entering another forced blank when pressing the power button twice.
- Prevent wakeup from user activity except for the power button.
  So the volume can be adjusted without leaving the screensaver.

Issue #4950
2023-10-04 13:22:07 +02:00
Norman Feske
4fdc999087 Dialog API
The new API at gems/include/dialog/ aids the creation of simple GUI
applications based on the menu-view widget renderer. Its use is
illustrated by the simple test application at src/test/dialog/
that is accompanied with the dialog.run script.

Issue #5008
2023-10-04 13:22:06 +02:00
Norman Feske
6895175764 menu_view: omit label hover details by default
Each hover change of the character position within a label results in a
new hover report, which needs to be evaluated by the application. For
the common cases where labels are used as button texts or for presenting
passive information, the level of detail is not needed while the
recurring hover reports induce overhead at the application side.
This patch mitigates this overhead by excluding labels from the hover
reporting by default.

For use cases that actually depend of precise hover reporting of labels,
for example an editable text area, the hover reporting can be enabled by
setting the 'hover="yes"' attribute of the label.
2023-10-04 13:22:06 +02:00
Norman Feske
391c261199 menu_view: propagate widget version attr
The 'Widget::_version' attribute was meant to allow the deliberate
replacement of a widget by a same-named widget by changing the version
while keeping the name, thereby suppressing any geomety animation.

However, the implementation missed to populate the attribute with the
value provided by the dialog ROM, prompting the unconditional
re-creation of the widget whenever a 'version' attribute was specified.
Even though this had the (desired) effect of preventing geometry
animations, it could cause feedback loops between hover reports and
dialog ROMs because the 'hover_changed' condition in 'Menu_view::Main'
would always stay true while a versioned widget is hovered.
2023-10-04 13:22:06 +02:00
Norman Feske
76adfff091 menu_view: add styles/button/invisible/hovered.png
This avoids the need to handle a special case at the menu_view user side.
2023-10-04 13:22:06 +02:00
Christian Prochaska
9c32d53914 os: add a src recipe for test-terminal_echo
Fixes #5006
2023-10-04 13:22:06 +02:00
Christian Helmuth
cc1a6041a7 fb_sdl: adapt RAM quota for large screen sizes
Issue #4993
2023-10-04 13:22:05 +02:00
Norman Feske
e8059ccba5 vfs/pipe: fix dangling read_ready_waiters element
This patch removes the obsolete 'io_progress_elem', which was wrongly
enqueued to the 'read_ready_waiters' fifo and not dequeued at
destruction time.

Fixes #4987
2023-09-29 12:17:45 +02:00
Alice Domage
6881a71a87 depot_remove.run: improve <remove_all/> tests
This commits introduces changes to test number 4, so it must keep
more than one PKG. Also, it introduces a 5th test to verify that the
<remove_all/> functionality does delete everything in the depot.

Issue genodelabs#4866
2023-09-29 12:15:05 +02:00
Alice Domage
3f661a75e4 depot_remove.run: make test functions more intuitive
This commits introduces improvements to the test functions to avoid
code duplication, and renames these functions to reflect better what they
are used for.

Issue genodelabs#4866
2023-09-29 12:15:05 +02:00
Christian Helmuth
134a785fe0 depot: update recipe hashes 2023-08-24 11:01:40 +02:00
Martin Stein
53018515a9 net_test-pc.sculpt: minimal setup for net tests
A small sculpt setup with routed and raw access to the PC NIC-driver as well
as a launcher for the ping app.

Ref #4966
2023-08-21 08:12:01 +02:00
Martin Stein
d8c51656d7 depot_autopilot: forward tabs and color sequences
The Depot Autopilot used to filter out tabs and color sequences before
forwarding the test log to the own log. This commit prevents this and further
cleans up the string-filters code.

Ref #4922
2023-08-21 08:12:01 +02:00
Martin Stein
987dea5f7f depot_autiopilot: consider log_prefix attribute
The new 'log_prefix' attribute is effective when used in a tests runtime in
<succeed> or <fail> tags that have a non-empty content string. When matching
the log against the pattern given in the affected <succeed> or <fail> tag, the
Depot Autopilot will consider only those test-log lines that start with the
given prefix.

Ref #4922
2023-08-21 08:12:01 +02:00
Martin Stein
c47a6b0830 depot_autopilot: simplify success-criterion syntax
* Removes the <event> tag from all test package runtime files and replaces the
  contained <timeout> and <log> sub-tags with the new tags <succeed> and
  <fail>. If a <succeed> or <fail> tag has a content, it defines a log pattern
  that should be recognized and render the test failed or successful. If a
  <succeed> or <fail> tag has an attribute after_seconds that is not set to 0,
  it defines a timeout after which the test should be rendered failed or
  successful.

* Adapts the Depot Autopilot to support the new syntax in the test-package
  runtime files. However, for now, the Depot Autopilot is kept compatible to
  the old syntax as well. If the <events> tag is present, it is prioritized
  over the new syntax.

Fixes #4922
2023-08-21 08:12:01 +02:00
Martin Stein
b587134a8d net tests: raise nic_drv/drivers cap quota
Several nightly network-related tests fail currently on sel4/pc because the
new e1000 NIC driver requires more capabilities. The "drivers nic" package
was already adapted to the new requirement but some tests fail to provide
enough caps to the corresponding sub system. This commit tries to fix all
remaining tests.

Ref #4923
2023-08-21 08:12:01 +02:00
Norman Feske
7aa301361d depot: update recipe hashes 2023-07-14 12:06:32 +02:00
Josef Söntgen
dd1b8a106f drivers/wifi: perform multi-staged construction
Since the wireless LAN driver is actually a 'Libc::Component' due to
its incorporation of the 'wpa_spplicant' application, we have to
intercept its construction because we have to initialize the Lx_kit
environment before any static ctors are executed. Most Linux initcalls
are implemented as ctors that will be otherwise implicitly executed
before the controll is given to us in 'Libc::Component::construct'.

Issue #4927.
2023-07-14 12:06:32 +02:00
Christian Helmuth
62a0605cf0 depot_autopilot: skip RAM-hungry tests on foc/pbxa9
foc (or maybe bootstrap) seems to cap RAM at 256 MiB while hw uses the
entire RAM configured at the Qemu command line.
2023-07-14 12:06:32 +02:00
Martin Stein
2fb0bfdf85 drivers_nic-pc: raise nic drv cap quota
The reason for this was that run/nic_router_disable_arp was failing on
sel4+qemu+x86_64.

Ref #4923
2023-07-14 12:06:32 +02:00
Norman Feske
75bfc37b18 sculpt: screensaver infrastructure
This patch enhances Sculpt with the ability to detect user inactivity
for driving a screensaver by combining nitpicker's hover and focus
reports with a timer.

Issue #4950
2023-07-14 12:06:32 +02:00
Norman Feske
ba67b535f8 gems: remove leitzentrale.run
This run script is superseded by modular Sculpt, which is able to run on
base-linux.
2023-07-14 12:06:32 +02:00
Martin Stein
7b7851abfb vfs/tresor_trust_anchor: fix alignment faults
Fixes alignment faults that occured in the AES256 implementations while
wrapping or unwrapping keys on imx53_qsb, imx6q_sabrelite, and imx7d_sabre.
The problem was that the unwrap_key/wrap_key functions did reinterpret casts
from unsigned char pointers to uint64_t pointers and then directly used the 64
bit values of referenced by the latter. Most probably this caused the compiler
to optimize operations in the assumption that the pointer is 8-byte aligned
which then created alignment faults.

As a solution, this commit changes the interface of the wrap_key/unwrap_key
functions to take uint64 pointers as arguments instead of unsigned char
pointers and then adapts the function users to ensure that they refer to
appropriately aligned memory regions.

Fixed #4932
2023-07-14 12:06:32 +02:00
Stefan Kalkowski
15b30f3547 sculpt_image: add MNT Reform2 as target board
Fix genodelabs/genode#4936
2023-07-14 12:06:31 +02:00
Christian Helmuth
8ecbc48211 sculpt: replace ipxe_nic_drv by pc_nic_drv
Issue #4921
2023-07-14 12:06:31 +02:00
Christian Helmuth
48cc8fb657 drivers_nic-pc: replace ipxe_nic_drv by pc_nic_drv
Also, the configuration enables MAC-address reporting and includes a
verbose mac_report_rom.

Issue #4921
2023-07-14 12:06:27 +02:00
Christian Helmuth
d258422c34 pc_nic_drv: ethernet NIC driver based on Linux 6.1
Fixes #4921
2023-07-14 12:05:54 +02:00
Alice Domage
943c9809ed depot_remove.run: replace x86_64 by [depot_spec]
This change makes the run script compatible with all CPU architectures.

Issue genodelabs#4866
2023-07-14 12:01:19 +02:00
Martin Stein
abe163c335 tresor: do not use on-disc-layouted structs
* Removes all previous structs that represented an on-disc block layout
  and were therfore subject to a number of layout restrictions (packed,
  padding members, enum representations, etc.).
* Adds a replacement struct without any layout restrictions for each of the
  removed structs. The new structs are named similar to the old structs.
* Adds block encoding and decoding utilities for easily converting from the
  new structs to on-disc blocks and vice-versa (Block_scanner, Block_generator,
  T::decode_to_blk, T::encode_from_blk)
* Adapts all affected places in the library to encode and decode proberly
  instead of simply casting pointers.
* Thereby cleans up the hashing utilities to use typed-reference args instead
  of void pointers.
* Re-enables run/tresor_tester and test-file_vault_vonfig_report for platforms
  rpi, imx53_qsb, imx53_qsb_tz, imx6q_sabrelite, imx7d_sabre.

Ref #4819
2023-07-14 12:01:19 +02:00
Norman Feske
79e262921e depot: update recipe hashes 2023-06-16 11:24:26 +02:00
Timo Nicolai
0a81bd5d5a depot_download_manager: fix verifying failed download
In some instances, the fetchurl progress determined by
depot_download_manager will be empty when the download fails (e.g. due
to a 404), this commit fixes a bug where this would be interpreted as
the download having completed which would subsequently start hash
verification of a package that has never actually been downloaded.

Fixes #4919
2023-06-16 11:24:26 +02:00
Johannes Schlatow
6e607349e1 depot: add black_hole and fonts_fs to pkg/goa
Goa now makes use of the black-hole component and has been enabled to provide
a fonts_fs.

genodelabs/genode#4928
genodelabs/goa#42
2023-06-16 11:24:26 +02:00
Alice Domage
fb0e8fffa2 New depot_remove component
The depot_remove component can delete PKG archives with
automatically resolving dependencies and deleting archives that are not
required on the system anymore.

Issue genodelabs#4866
2023-06-16 11:24:26 +02:00
Martin Stein
dea53f635f Refine tresor tests
* Use jitterentropy only if supported.
  On certain targets like pbxa9 or zynq_qemu, the performance counter always
  yields 0, which renders jitterentropy unusable. On these platforms, the
  Tresor tests now use a static value as entropy source instead.

* Adds a new package test-file_vault_config_report_no_entropy that is used by
  the Depot Autopilot on targets without jitterentropy support instead of
  test-file_vault_config_report. The only difference between the two packages
  is the value of the above described new config attribute of the File Vault.

* Circumvent alignment fault.
  The Tresor lib for now has the deficiency of using on-disc data structures
  directly in code instead of decoding them first to unpacked, naturally
  aligned structures. This causes problems with memory-access alignment on
  several platforms (rpi, imx6q_sabrelite, imx53_qsb, imx7d_sabre). As fixing
  this properly is a bit of work, the commit disables the tresor_tester and
  file_vault_config_report test on the affected platforms in autopilot mode for
  now.

* Further adjustments
  * Make benchmarks optional
  * Use a smaller tresor for rekeying
  * Clean up image parameters
  * No use implicit routes/resources
  * Reduce ram consumption
  * Reduce test timeout
  * Raise cap quota, required for sel4 x86_64.

Ref #4819
2023-06-16 11:24:26 +02:00
Martin Stein
5800ab4961 vfs/tresor_trust_anchor: remove debug mode
The debug mode turned out to be unnecessry because the plugin can be simply
replaced with an <inline> file VFS plugin that has a content size of 32 bytes.

Ref #4819
2023-06-16 11:24:26 +02:00
Martin Stein
03d7258d33 tresor: better handling of hash mismatches
Instead of throwing an uncaught exception, the corresponding request is marked
failed.

Ref #4819
2023-06-16 11:24:26 +02:00
Martin Stein
7c5c92351e file_vault: compatibility with 21.05 containers
* Fix minimum passphrase size to be the same as with File Vault 21.05.
* Adapt to different image name of File Vault 21.05.

Ref #4819
2023-06-16 11:24:25 +02:00
Martin Stein
80b729703b file_vault_config_report tests: fix for pistachio
* relaxes the timing and reduces the test steps because pistachio is quite
  slow and would otherwise trigger problems with our easy approach of using a
  dynamic rom instead of a proper manager

* provide IO_PORT and IRQ session to timer driver

Ref #4819
2023-06-16 11:24:25 +02:00
Josef Söntgen
194af03fe9 autopilot.list: replace cbe with tresor tester
Issue #4819.
2023-06-16 11:24:25 +02:00
Martin Stein
c40205e93f pkg/test-file_vault_config_report: minor style fix
Ref #4819
2023-06-16 11:24:25 +02:00
Martin Stein
d9dd518a20 pkg/file_vault: fix missing fs route
The File System route for the Tresor Init sub-component was somehow missing.

Ref #4819
2023-06-16 11:24:25 +02:00
Norman Feske
6f4242f03b sculpt: version 23.06
Increase version due to upcoming binary incompatibility with 23.04.
2023-06-16 11:23:57 +02:00
Christian Helmuth
dfc1b97fa2 depot: update recipe hashes 2023-05-31 09:42:19 +02:00
Martin Stein
798e3ee306 file_vault: fix deinit fs in tresor vfs
Ref #4819
2023-05-30 12:26:01 +02:00
Christian Helmuth
583f2d6a36 depot: update recipe hashes 2023-05-30 12:13:34 +02:00
Christian Helmuth
c1104ccbc7 depot_autopilot: skip file_vault on riscv and rpi
Issue #4819
2023-05-30 12:13:34 +02:00
Norman Feske
34c7085ada sculpt.run: whitespace 2023-05-30 12:13:33 +02:00
Stefan Kalkowski
30e0452faf sculpt: increase sculpt_manager's cap quota
Fix genodelabs/genode#4911
2023-05-30 12:13:33 +02:00
Stefan Kalkowski
435c9719a7 sculpt: support for wifi on MNT Reform 2
Fix genodelabs/genode#4908
2023-05-30 12:13:33 +02:00
Martin Stein
8992dadb15 libports: remove unused libsparkcrypto
The main user of libsparkcrypto in the past was the CBE block encryption
ecosystem. However, the CBE was replaced with the Tresor block encryption that
uses libcrypto instead.

Ref #4819
2023-05-30 12:03:33 +02:00
Josef Söntgen
ea0a692879 wifi: get firmware from tar archive
This commit changes the firmware handling from requesting each
firmware file as a ROM module that is checked against a list of
known images (including their size) to requesting each file via
the local VFS of the 'wifi_drv'. This allows for using the original
probing mechanism that tries to select a matching firmware version.

The 'repos/dde_linux/src/drivers/wifi/README' file contains more
detailed information on how to configure the driver.

Issue #4861.
2023-05-30 12:03:33 +02:00
Josef Söntgen
d5710d9de3 Move 'wifi' driver to dde_linux repository
The bulk of the driver code now lives in the 'dde_linux' repository,
which is available on all platforms, from where it can be referenced by
other repositories.

The 'wifi_drv' binary was delegated to a generic harness that includes
all configuration and management functionality shared by all wireless
device driver components, e.g., the wpa_supplicant. The code of the
device driver emulation environment is located in 'src/lib/wifi'. It
is referenced by the platform-specific driver library that resides in
the corresponding platform repository. The runtime configuration needs
to point the driver to proper driver library.

The platform-specific library is in charge of orchestrating the contrib
source utilized by the driver as well as providing the 'source.list'
and 'dep.list' files. It must include the generic library snippet
'repos/dde_linux/lib/wifi.inc' that deals with managing the emulation
environment code.

The 'repos/dde_linux/src/drivers/wifi/README' file contains more
detailed information on how to deploy the driver.

Issue #4861.
2023-05-30 12:03:32 +02:00
Martin Stein
aeb65d6b1b file_vault: version 23.05
* ARM support and detaching from Ada/SPARK

  * Remove all CBE-related code - especially the Ada/SPARK-based CBE library.

    * We have no means or motivation of further maintaining big projects in
      Ada/SPARK (the core Genode team is native to C++).

    * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an
      important architecture for Genode. This would mean extra commitment in
      Ada/SPARK.

    * We realize that block encryption more and more becomes a fundamental
      feature of Genode systems.

  * Implement a new block encryption library named Tresor that is inspired by
    the design and feature set of the former CBE library and that is entirely
    C++ and part of the Genode gems repository.

    * The Tresor block encryption is backwards-compatible with the on-disk
      data layout of the former CBE block encryption.

    * Except from the snapshot management and the "dump" tool, the Tresor
      block encryption provides the same feature set as the former CBE block
      encryption and accepts the same user requests at the level of the
      Tresor library API.

    * So far, the Tresor block encryption does not support the creation of
      user-defined snapshots.

    * In contrast to the former CBE, the Tresor ecosystem has
      no "dump" tool beause with the CBE library it turned out to be rarely of
      use.

    * In contrast to the Block back-end of the CBE "init" tool, the Tresor
      "init" tool uses a File System back-end.

    * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin.

      * The Tresor-VFS plugin in general is similar to the former CBE VFS but
        has a slightly different API when it comes to re-keying and re-sizing.
        Each of these operations now is controlled via two files. The first
        file is named <operation> and the user writes the start command to it.
        The user must then read this file once in order to drive the operation.
        The read returns the result of the operation, once it is finished.
        The second file is named <operation>_progress and can be watched and
        read for obtaining the progress of the operation as percentage.

    * The file vault is adapted to use the new Tresor ecosystem
      instead of the former CBE ecosystem and thereby also gains ARM support.

    * The former CBE tester and CBE VFS-tests are replaced by equivalent
      Tresor variants and are now run on ARM as well (testing with a persistent
      storage back-end is supported only when running on Linux).

    * So far, the new Tresor block encryption has no internal cache for meta
      data blocks like the former CBE.

* Add config/report user interface

  * Add a second option for the administration front end to the file vault
    named "config and report". With this front end the File Vault communicates
    with the user via XML strings. A ROM session is requested for user input
    and a Report session for user output. The front end type must be set at
    startup via the component config and is a static setting. The graphical
    front end that was used up to now is named "menu view" and remains the
    default.

  * The File Vault can now reflect its internal state and user input ("config
    and report" mode only) at the LOG session via two new static config
    attributes "verbose_state" and "verbose_ui_config" (both defaulting to
    "no").

  * The Shutdown button in "menu view" mode is replaced with a Lock button. The
    new button doesn't terminate the File Vault but merely lock the encrypted
    container and return to a cleared passphrase input. The same transition is
    also provided in "config and report" mode.

  * The file_vault.run script is replaced with file_vault_menu_view.run and
    file_vault_cfg_report.run that address the two front end modes. In contrast
    to the former script, which is interactive, the latter script is suitable
    for automatic testing.

  * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does
    the same as file_vault_cfg_report.run but uses the File Vault package and
    can be executed with the Depot Autopilot. The new test package is added to
    the default test list of depot_autopilot.run

  * The File Vault README is updated to the new version of the component and
    has gained a chapter "functional description".

  * Fixes a regression with the cbe_init_trust_anchor component that prevented
    reacting to a failed unlock attempt in the File Vault.

* The new Tresor software Trust Anchor has an optional deterministic mode in
  which it replaces the normally randomized symmetric keys with 0. This mode
  comes in handy for debugging. However, it should never be activated in
  productive systems. When activated, the user is warned extensively on the
  LOG that this system mode is insecure.

Ref #4819
2023-05-30 12:03:32 +02:00
Norman Feske
81e85bf1b5 sculpt_manager: fix build errors with '-std=gnu++20'
Fixes #4874
2023-05-30 12:03:29 +02:00
Norman Feske
978f86ba60 recipes/pkg/sculpt/README: spelling fix 2023-05-30 12:03:28 +02:00
Christian Prochaska
4dc5426a45 trace_recorder: fix build error with gcc 12
Fixes #4843
2023-05-30 12:03:26 +02:00
Christian Prochaska
db69104f1a text_area: fix build error with gcc 12
Fixes #4842
2023-05-30 12:03:25 +02:00
Christian Prochaska
5080e88a7a qt5: split api recipes with Qt module granularity
Fixes #4823
2023-05-08 15:55:34 +02:00
Christian Helmuth
4a5d31e248 depot: update recipe hashes 2023-05-08 15:53:05 +02:00
Josef Söntgen
eb93b5f863 sculpt_manager: check passphrase before ENTER
Prevent setting an invalid configuration by guarding against are
premature generation.

Issue #4858.
2023-05-04 11:59:14 +02:00
Norman Feske
f712d97763 sculpt: always update keyboard focus after input
This patch solves keyboard-focus issues with the wifi dialog that were
caused by making the focus update conditional. However, since the update
is not expensive, we can unconditionally re-evaluate the focus atfer
each user interaction.

Issue #4820
Fixes #4856
2023-05-04 11:59:14 +02:00
Christian Helmuth
2e76374a35 depot: update recipe hashes 2023-04-28 15:10:43 +02:00
Norman Feske
ab0fe21ac7 sculpt: update README for version 23.04 2023-04-28 15:01:17 +02:00
Christian Helmuth
22d8c4059e sculpt: hide system_view in graph 2023-04-28 14:46:11 +02:00
Christian Helmuth
97070620af depot: update recipe hashes 2023-04-28 14:46:11 +02:00
Norman Feske
de106608a0 sculpt: reduces space between depot users
Otherwise, the default list of depot users won't fit with the touch
keyboard on the PinePhone's screen.
2023-04-28 14:46:11 +02:00
Norman Feske
01b198657d sculpt: reset update dialog on changed sculpt fs
When changing the used sculpt partiton, the dialog state should be
cleared from the information of the original selection.

Issue #4820
2023-04-28 14:46:11 +02:00
Norman Feske
43d51c4499 sculpt: refine keyboard entry of new depot URL
This patch includes the system dialog in the global keyboard focus
handling, supports hovering of the "Edit" and "Add" buttons,
allows the use of the enter key to finish URL editing, and
triggers a re-scan of depot users after adding a new one.

Issue #4820
2023-04-28 14:46:11 +02:00
Norman Feske
937ddd012b sculpt: refresh update window when network is up
This way, the update-index button becomes immediately visible once we
have connectivity.

Issue #4820
2023-04-27 15:07:45 +02:00
Norman Feske
280fc45c5f sculpt: sanitize depot-user selection
Should the selected depot user not be present in the depot - for example
after switching the sculpt partition to another - unfold the selection
of all present depot users so that the one can pick an existing one.

Issue #4820
2023-04-27 14:58:04 +02:00
Norman Feske
6717494c5b sculpt: avoid installation-complete feedback loop
Issue #4820
2023-04-27 14:07:58 +02:00
Norman Feske
6d91b5d51b sculpt: show system dialog only after prepare step 2023-04-27 12:36:43 +02:00
Christian Helmuth
7deee978c5 driver_manager: disable USB driver BIOS handoff
We repeatedly experience issues with XHCI handoff in the USB host driver
at runtime on modern systems. Mostly, these issues manifest as
initialization delays with very high CPU load. Investigations show that
during this time the handoff MMIO write does not return, which hints the
firmware driver enters some spinning loop. I suspect the enabled IOMMU
does not play well with the firmware due to insufficient RMRR
information.

Therefore, we disable USB handoff in Sculpt via the driver manager (as
we do for dedicated devices already in other contexts). Note, UHCI and
EHCI handoff is still done in the platform driver and succeeds on all
our test hardware.

Issue #4820
2023-04-26 15:57:20 +02:00
Christian Helmuth
d8ff3f655a depot: update recipe hashes 2023-04-26 15:19:57 +02:00
Norman Feske
4edd45dd8f depot: split pkg/goa-linux from pkg/goa
This split allows us to cross-compile all arm_v8a packages needed for
'goa build' by creating pkg/arm_v8a/goa.

The components featured on pkg/goa-linux are solely needed for 'goa
run'. As they contain a number of lx/hybrid components, pkg/goa-linux
must be complied on Linux running on the target architecture.
2023-04-26 15:19:57 +02:00
Christian Helmuth
ddc3b88cd2 depot: update pkg/goa recipe hash
This package depends on genode/world/recipes/src/sdl, which had an
outdated hash file.
2023-04-26 13:56:23 +02:00
Christian Helmuth
e9a497abe4 depot: update recipe hashes 2023-04-26 11:58:16 +02:00
Norman Feske
83d0214099 sculpt: make hovering build-time configurable
This way, we can disable the visual hovering at one place for the phone
version.
2023-04-26 11:58:16 +02:00
Norman Feske
105b3cd21d sculpt: system update and presets
The new dialog accessible via the "System" panel button hosts the
system-update dialog and the preset selection.

Fixes #4744
2023-04-26 11:58:16 +02:00
Norman Feske
5687dc06fd sculpt/default-pc: example presets 2023-04-26 11:58:16 +02:00
Martin Stein
1dbad87139 cbe: fix propagation of results of unlock attempts
Fixes a regression with the cbe_init_trust_anchor component that prevented
reacting to a failed unlock attempt in the File Vault. The regression was
caused by new semantics in the vfs that did not allow for using the file
operation result as indicator for whether the unlock attempt failed or
succeeded. The correct and hereby applied approach is to check for the data
read from the file after having written the unlock command. The data reads
either "ok" or "failed".
2023-04-26 11:58:15 +02:00
Josef Söntgen
75917f6595 file_vault: use VFS to sync data file
Issue #4820.
2023-04-26 11:58:15 +02:00
Norman Feske
67c1ca1e61 sculpt: increase max fb height to 1504 pixels
This is needed to boot Sculpt OS on the Framework laptop.

Issue #4820
2023-04-26 11:58:15 +02:00
Norman Feske
114a199321 Meta package gems/recipes/pkg/goa 2023-04-26 11:58:15 +02:00
Norman Feske
8893b800e0 depot_deploy: report only on state changes
This patch mitigates potential busy feedback effects when evaluating the
reports produced by 'depot_deploy' in a closed control loop. Reports
are now generated only if the deployment state has changed.

Issue #4818
2023-04-26 11:58:15 +02:00