Commit Graph

60 Commits

Author SHA1 Message Date
Christian Helmuth
0794d99eff depot: update recipe hashes 2024-11-05 13:41:07 +01:00
Christian Helmuth
61c9706353 depot: update recipe hashes 2024-10-08 11:30:26 +02:00
Christian Helmuth
26002a5482 depot: update recipe hashes 2024-08-29 12:32:25 +02:00
Norman Feske
299951ced5 depot: update recipe hashes 2024-06-20 12:59:00 +02:00
Christian Helmuth
dc0e78cdf8 depot: update recipe hashes 2024-04-12 15:08:01 +02:00
Martin Stein
d8a71e5978 tresor: improved module framework and clean-up
* Make command pool a proper module
  * The command pool used to be kind of a module but it was driven via custom
    tresor-tester specific code. Now, it becomes a proper module that
    is driven by the module framework instead.
  * Move the code for creating and handling the module-execution progress flag
    into Module_composition::execute_modules as the function is always used with
    this code surrounding it.

* Reorganize files, remove deprecated files

* A new class Module_channel is introduced in the module framework and all
  channel classes inherit from it. With that class in place, the formerly
  module-specific implementations of the following methods are replaced by
  new generic implementations in the Module framework:

  * ready_to_submit_request
  * submit_request
  * _peek_completed_request
  * _drop_completed_request
  * _peek_generated_request
  * _drop_generated_request
  * generated_request_complete

* Module requests are now held for the duration of their lifetime at the
  module they originate from and not, like before, at their target module. As
  a result, modules can generate new requests inline (without having to wait
  for the target module), making code much simpler to read, reducing the amount
  of channel state, and allowing for non-copyable request types.

* Introduce a sub-state-machine for securing a superblock in the
  superblock_control module in order to reduce redundancy.

* Some modules, like free_tree, were completely re-designed in order to make
  them more readable.

* Replace all conditional exceptions by using the macros in
  tresor/assertion.h .

* Move methods that are used in multiple modules but that were implemented
  redundantly in each module to tresor/types.h.

* Remove verbosity node and all that was related to it from tresor tester
  config as the targeted verbosity can be achieved with the
  VERBOSE_MODULE_COMMUNICATION flag in tresor/verbosity.h .

* Extract the aspect of translating the byte-granular I/O-requests to
  tresor-block requests from the tresor VFS-plugin and move it to a new module
  called splitter.

* Rename the files and interface of the hashing back-end to not reflect the used
  hashing algorithm/config anymore, while at the same time making the hashing
  interface strict regarding the used types.

* Introduce the NONCOPYABLE macro that makes marking a class noncopyable short
  and clear.

* Replace the former tresor/vfs_utilities.h/.cc with a new tresor/file.h
  that contains the classes Read_write_file and Write_only_file. These classes
  significantly simplify the modules crypto, block_io, and trust_anchor by
  moving the details of file access to a sub-state machine.

* The former, rather trivial block allocator module is replaced by a normal
  object of type Pba_allocator that must be provided by the client of the
  Sb_initializer (reference in the Sb_initializer_request).

Ref #5062

tresor: read uninitialized vbas as all zeroes

Virtual addresses in a Tresor container that were not yet written by the user
should always return a data block that is all-zeroes. This was the concept
right from the beginning of the project. However, somehow this aspect either
never got implement or got lost along the way.

Some context for understanding the commit: The Tresor doesn't initialize the
payload data blocks of a container when creating a new container as this would
be rather expensive. Instead, it marks the leaf metadata nodes of the
virtual-block-device tree (those that reference the payload data blocks in
physical address space) with generation 0.

Now, this commit ensures that, whenever the virtual-block-device module reads
such a generation-0 leaf, instead of asking the block_io and crypto to deliver
data from disc, it directly provides the user with 4K of zeroes.

Ref #5062
2024-04-12 15:00:45 +02:00
Christian Helmuth
8baf19022c depot: update recipe hashes 2023-11-30 15:11:36 +01:00
Norman Feske
7aa301361d depot: update recipe hashes 2023-07-14 12:06:32 +02:00
Norman Feske
79e262921e depot: update recipe hashes 2023-06-16 11:24:26 +02:00
Christian Helmuth
583f2d6a36 depot: update recipe hashes 2023-05-30 12:13:34 +02:00
Martin Stein
aeb65d6b1b file_vault: version 23.05
* ARM support and detaching from Ada/SPARK

  * Remove all CBE-related code - especially the Ada/SPARK-based CBE library.

    * We have no means or motivation of further maintaining big projects in
      Ada/SPARK (the core Genode team is native to C++).

    * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an
      important architecture for Genode. This would mean extra commitment in
      Ada/SPARK.

    * We realize that block encryption more and more becomes a fundamental
      feature of Genode systems.

  * Implement a new block encryption library named Tresor that is inspired by
    the design and feature set of the former CBE library and that is entirely
    C++ and part of the Genode gems repository.

    * The Tresor block encryption is backwards-compatible with the on-disk
      data layout of the former CBE block encryption.

    * Except from the snapshot management and the "dump" tool, the Tresor
      block encryption provides the same feature set as the former CBE block
      encryption and accepts the same user requests at the level of the
      Tresor library API.

    * So far, the Tresor block encryption does not support the creation of
      user-defined snapshots.

    * In contrast to the former CBE, the Tresor ecosystem has
      no "dump" tool beause with the CBE library it turned out to be rarely of
      use.

    * In contrast to the Block back-end of the CBE "init" tool, the Tresor
      "init" tool uses a File System back-end.

    * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin.

      * The Tresor-VFS plugin in general is similar to the former CBE VFS but
        has a slightly different API when it comes to re-keying and re-sizing.
        Each of these operations now is controlled via two files. The first
        file is named <operation> and the user writes the start command to it.
        The user must then read this file once in order to drive the operation.
        The read returns the result of the operation, once it is finished.
        The second file is named <operation>_progress and can be watched and
        read for obtaining the progress of the operation as percentage.

    * The file vault is adapted to use the new Tresor ecosystem
      instead of the former CBE ecosystem and thereby also gains ARM support.

    * The former CBE tester and CBE VFS-tests are replaced by equivalent
      Tresor variants and are now run on ARM as well (testing with a persistent
      storage back-end is supported only when running on Linux).

    * So far, the new Tresor block encryption has no internal cache for meta
      data blocks like the former CBE.

* Add config/report user interface

  * Add a second option for the administration front end to the file vault
    named "config and report". With this front end the File Vault communicates
    with the user via XML strings. A ROM session is requested for user input
    and a Report session for user output. The front end type must be set at
    startup via the component config and is a static setting. The graphical
    front end that was used up to now is named "menu view" and remains the
    default.

  * The File Vault can now reflect its internal state and user input ("config
    and report" mode only) at the LOG session via two new static config
    attributes "verbose_state" and "verbose_ui_config" (both defaulting to
    "no").

  * The Shutdown button in "menu view" mode is replaced with a Lock button. The
    new button doesn't terminate the File Vault but merely lock the encrypted
    container and return to a cleared passphrase input. The same transition is
    also provided in "config and report" mode.

  * The file_vault.run script is replaced with file_vault_menu_view.run and
    file_vault_cfg_report.run that address the two front end modes. In contrast
    to the former script, which is interactive, the latter script is suitable
    for automatic testing.

  * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does
    the same as file_vault_cfg_report.run but uses the File Vault package and
    can be executed with the Depot Autopilot. The new test package is added to
    the default test list of depot_autopilot.run

  * The File Vault README is updated to the new version of the component and
    has gained a chapter "functional description".

  * Fixes a regression with the cbe_init_trust_anchor component that prevented
    reacting to a failed unlock attempt in the File Vault.

* The new Tresor software Trust Anchor has an optional deterministic mode in
  which it replaces the normally randomized symmetric keys with 0. This mode
  comes in handy for debugging. However, it should never be activated in
  productive systems. When activated, the user is warned extensively on the
  LOG that this system mode is insecure.

Ref #4819
2023-05-30 12:03:32 +02:00
Christian Helmuth
e265cf6d49 depot: update recipe hashes 2023-02-27 08:22:51 +01:00
Christian Helmuth
c58d799f16 depot: update recipe hashes 2022-11-17 08:00:37 +01:00
Christian Helmuth
3f1870841c depot: update recipe hashes 2022-09-21 12:19:10 +02:00
Norman Feske
bd9478204d Exclude file lib from gems API
The 'file' library makes the gems API depend on the libc, which is not
desireable because most users of the gems API have no direct libc
dependency.

With the changes of issue #4599, the build of each src archive that
depends on the gems API would attempt to build the 'file' library and
thereby demand the libc.

Note that the 'file' library is a relic that should better not be
promoted as part of the gems API. Hence, this patch removes the file
library from the gems API and adds it to the src archives of the few
remaining users.

Issue #4599
2022-09-19 14:00:32 +02:00
Christian Helmuth
4dddc41b71 depot: update recipe hashes 2022-08-31 09:32:09 +02:00
Christian Helmuth
44e2cd14a0 depot: update recipe hashes 2022-08-17 12:03:26 +02:00
Johannes Schlatow
758ba3855e trace: add types for trace_recorder policies
genodelabs/genode#4352
2022-08-17 12:03:26 +02:00
Johannes Schlatow
062881a484 trace: add types for ctf tracing
genodelabs/genode#4352
2022-08-17 12:03:26 +02:00
Norman Feske
649647538b depot: update recipe hashes 2022-02-15 10:23:59 +01:00
Sebastian Sumpf
a3976f0468 vfs_gpu: offer 'vfs_gpu_env' call
* retrieve Genode::Env from plugin, this way no mesa applications need to
  be changed.
* add 'vfs_gpu' api
* remove when all required functionality is implemented within the plugin.

issue #4380
2022-02-15 10:10:01 +01:00
Norman Feske
5611fd2355 depot: update recipe hashes 2021-12-17 15:06:38 +01:00
Christian Helmuth
92b7be4d11 depot: update recipe hashes 2021-11-30 12:08:54 +01:00
Christian Helmuth
abc9a2f232 depot: update recipe hashes 2021-10-14 13:46:25 +02:00
Martin Stein
d3cc5c9cd2 gems/recipes: api/cbe
Ref #4032
2021-10-13 14:50:45 +02:00
Christian Helmuth
777923f9bd depot: update recipe hashes 2021-05-10 11:18:12 +02:00
Norman Feske
a981fb864c depot: update recipe hashes 2021-01-25 14:00:43 +01:00
Christian Helmuth
91f8281618 depot: update recipe hashes 2020-10-09 13:35:57 +02:00
Norman Feske
7d0cb9620b depot: update recipe hashes 2020-08-25 11:50:41 +02:00
Josef Söntgen
f03917ab7c aes_cbc_4k: api recipe
Fixes #3850
2020-08-25 11:50:09 +02:00
Norman Feske
de795b1a6e depot: update recipe hashes 2020-07-13 11:33:53 +02:00
Norman Feske
4450b37ff5 depot: update recipe hashes 2020-06-29 14:25:28 +02:00
Norman Feske
eb3a81a874 depot: update recipe hashes 2020-06-22 09:39:41 +02:00
Norman Feske
46fa8197a2 depot: update recipe hashes 2020-03-26 11:39:02 +01:00
Christian Helmuth
5affd51250 depot: update recipe hashes 2020-02-28 08:59:43 +01:00
Christian Helmuth
4cccf74664 depot: update recipe hashes 2020-02-20 12:11:23 +01:00
Christian Helmuth
7ed1d7f11d depot: update recipe hashes 2019-11-19 14:54:14 +01:00
Christian Helmuth
17d32b3e15 depot: update recipe hashes 2019-07-09 09:06:54 +02:00
Christian Helmuth
ba51800b31 depot: update recipe hashes 2019-05-06 16:15:27 +02:00
Christian Helmuth
6ea1179145 depot: update recipe hashes 2019-04-09 12:30:35 +02:00
Christian Helmuth
ebe71a12ed depot: update recipe hashes 2019-03-19 11:12:36 +01:00
Christian Helmuth
46a29532a9 depot: update recipe hashes 2019-02-26 14:47:02 +01:00
Norman Feske
3a169d3a78 depot: update recipe hashes 2019-01-30 13:55:20 +01:00
Norman Feske
ba2b0b8360 gems: remove the use of deprecated APIs
This patch also updates os/slave.h because the app/launcher cannot be
reasonably updated without it.

Issue #1987
Issue #3125
2019-01-30 13:49:54 +01:00
Christian Helmuth
21a61cd583 depot: update recipe hashes 2019-01-07 12:43:37 +01:00
Christian Helmuth
c2e0d0ae20 depot: update recipe hashes 2018-08-30 09:25:10 +02:00
Christian Helmuth
f4ea50c6ff depot: update recipe hashes 2018-08-08 10:59:04 +02:00
Christian Helmuth
3b7d6394d7 depot: update recipe hashes 2018-05-03 15:32:01 +02:00
Christian Helmuth
47569458d4 depot: update recipe hashes 2018-04-19 12:39:20 +02:00
Christian Helmuth
d54f95d497 depot: update recipe hashes 2018-04-10 13:03:26 +02:00