Commit Graph

893 Commits

Author SHA1 Message Date
Ivan Loskutov
649653eb1c Fix getting pubkey_id from depot user pubkey
On systems with the option `use-keyboxd` enabled in config, option
`--no-keyring` in gpg command line doesn't work. The result of the
pubkey_id function will be the first key in the keybox keyring instead
of the id of pubkey from the depot user.

Fixes genodelabs/genode#5235
genodelabs/goa#92
2024-05-30 14:07:16 +02:00
Alexander Boettcher
97544ed7a9 nova: support iommu enabling per intel/amd
separately.  The "iommu" option is now split up into "iommu_intel" and
"iommu_amd" and thereby can be disabled easily if required for one of the CPU
vendors.

Fixes #5206
2024-05-29 09:18:11 +02:00
Alexander Boettcher
b33afb24d7 nova: adjust to cmdline changes of kernel
- no need to explicitly switch off vga anymore
- use vPID for VMs which improves TLB usage if multiple vCPUs on same
  pCPU is used, which happens to happen on Sculpt.
- support for mwait by nova kernel, which is off by default

Issue #5206
2024-05-29 09:18:11 +02:00
Martin Stein
e350dc27e9 internet_checksum.run: test net checksum alorithms
See repos/os/src/test/internet_checksum/README for more detail.

Ref #4636
2024-05-02 11:19:49 +02:00
Renato Carvalho
8c7e90f7f2 tool/run: fix corner case in exit override
The run tool overrides the 'exit'-procedure to make sure that a loaded
run_power_off procedure is always executed. However, a failing
run_power_off lead to false-positives: 'make run/...' exited with 0 even
tough the run script was not even executed because of a failed
power-on/off cycle. In this case, if the run_power_off is the exit code
producer, the new exit definition does not finish as intended. As a
result, the first exit code is re-written, and errors are not propagated
accordingly.

The solution is to catch possible errors from power-off within the exit
procedure.

Fixes genodelabs#5102
2024-04-29 08:00:30 +02:00
Norman Feske
dcd4578585 run: rename hw boot/image.elf -> boot/image-hw.elf
This disambiguates the boot images installed for base-hw from those
installed for base-nova.

Note that the image.elf file for other kernels (i.e., NOVA) is not
named image-<kernel>.elf at this point because this would prevent the
update from a pre-24.04 Sculpt system to a later one as the grub.cfg
is not touched by the old update mechanism. So after a system update,
grub would keep loading the last installed image.elf.

Issue #5182
2024-04-19 08:54:21 +02:00
Christian Helmuth
f83487869d tool/xkb2ifcfg: adapt to current Genode version
Thanks Florian for the nudge.
2024-04-12 15:08:01 +02:00
Martin Stein
b4c4681733 tresor: streamline design further
* differentiates request types that where merged formerly per module;
  e.g. instead of type Superblock_control::Request, there are now types
  * Superblock_control::Read_vbas
  * Superblock_control::Write_vbas
  * Superblock_control::Rekey
  * Superblock_control::Initialize
  * ...
  each holding only the state and functionality that is required for exactly
  that request

* removes all classes of the Tresor module framework and adapts all
  Tresor- and File-Vault- related libs, apps, and tests accordingly
  * the former "channel" state is merged into the new request types, meaning, a
    request manages no longer only the "call" to a functionality but
    also the execution of that functionality; every request has a lifetime
    equal to the "call" and an execute method to be driven forward
  * state that is used by a request but has a longer lifetime (e.g. VFS file
    handles in Tresor::Crypto) is managed by the top level
    of the user and handed over via the execute arguments; however, the
    synchronization of multiple requests on this state is done by the module
    (e.g. Tresor::Crypto)
  * requests are now driven explicitly as first argument of the (overloaded)
    execute method of their module; the module can, however, stall a request
    by returning false without doing anything (used for synchronization on
    resources)

* introduces Request_helper, Generated_request and Generatable_request in the
  Tresor namespace in order to avoid the redundancy of sub-request generation
  and execution

* moves access to Client-Data pointers up to Tresor::Virtual_block_device in
  order to simplify Tresor::Block_io and Tresor::Crypto

* removes Tresor::Client_data and introduces pure interface
  Client_data_interface in order to remove  Tresor::Client_data and
  move management of Client Data to the top level of a Tresor user

* introduces pure interface Crypto_files_interface in order to move management
  of Crypto files to the top level of a Tresor user

* moves management of Block-IO and Trust-Anchor files to the top level of a
  Tresor user

* adapts all execute methods, so, that they return the progress state
  instead of modifying a reference argument

* removes Tresor::Request_and Tresor:Request and instead implements
  scheduling at the top level of the Tresor user
  * the Tresor Tester uses a list as schedule that holds Command objects; this
    list ensures, that commands are started in the order of configuration
    the Command type is a merge of the state of all possible commands that can
    be configured at the Tresor Tester; the actual Tresor requests (if any) are
    then allocated on-demand only
  * the Tresor VFS plugin does not use a dynamic data structure for scheduling;
    the plugin has 5 members that each reflect a distinct type of operation:
    * initialize operation
    * deinitialize operation
    * data operation
    * extend operation
    * rekey operation
    consequently, of each type, there can be only one operation in-flight at a
    time; at the user front-end each operation (except "initialize") can be
    controlled through a dedicated VFS file; for each of these files, the VFS
    expects only one handle to be open at a time and only one file operation
    (read, write, sync) active at a time; once an operation gets started it is
    finished without preemtion (except of the interleaving at rekey and
    extend); when multiple operations are waiting to be started the plugin
    follows a static priority scheme:

      init op > deinit op > data op > extend op > rekey op

    there are some operation-specific details
    * the initialize operation is started only by the plugin itself on startup
      and will be driven as side effect by subsequent user calls to file
      operations
    * the data file is the only contiguous file in the front end and the file
      operations work as on usual data files
    * the other 3 files are transactional files and the user is expected to
      follow this scheme when operating on them
      1) stat (to determine file size)
      2) seek to offset 0
      3) read entire file once (this will be queued until there is no operation
         of this type pending anymore and return the last result:
         "none" | "failed" | "succeeded"; used primarily for synchronization)
      4) write operation parameters (this returns immediately and marks the
         operation as "requested")
      5) read entire file once (the same as above but this time in order to
         determine the operation result)
    * the rekey op and deinitialize op are requested by writing "true"
    * the extend op is requested by writing "tree=[TREE], blocks=[BLOCKS]"
      where TREE is either "vbd" or "ft" and BLOCKS is the number of physical
      4K blocks by which the physical range of the tresor container expands
      (the physical range always starts at block address 0 and is always
      expanded upwards)

* replaces the former <trust-anchor op="initialize"> command at the Tresor
  Tester with <initialize-trust-achor> as there are no other trust anchor
  operations that can be requested through the Tester config anyway

* removes the "sync" attribute from all commands at the Tresor Tester except
  from <request op="rekey">, <request "extend_ft">, <request op="extend_vbd">;
  as the Tester controls scheduling now, requests are generally synchronous;
  at the rekeying and extension commands, the "sync" attribute determines
  wether subsequent commands are interleaved with the execution of these
  commands (if possible)

* removes "debug" config attribute from Tresor VFS plugin and reworks "verbose"
  attribute to generate more sensible output

* removes NONCOPYABLE macro and instead uses Genode::Noncopyable and in-place
  Constructors deletion

* introduces types Attr and Execute_attr where a constructor or execute method
  have many arguments in order to raise readability

* renames the "hashsum" file that is provided by the Tresor Trust-Anchor VFS
  plugin to "hash" in order to become conformant with the wording in the Tresor
  lib

* makes the VFS Tresor test an automated test by merging in the functionality
  of vfs_tresor_init.run and removing the interactive front end; removes
  vfs_tresor_init.run as it is not needed anymore; adds consideration for
  autopilot file structure in the Test and adds it to autopilot.list

* removes all snapshot controls and the progress files for rekeying and
  extending from the Tresor VFS plugin; both functionalities were tested
  only rudimentary by the VFS Tresor test and are not supported with the only
  real user, the File Vault

* use /* .. */ instead of // ..
* use (..) instead of { .. } in init lists

Ref #5148
2024-04-12 15:00:45 +02:00
Martin Stein
02ef158748 gems: add autopilot test 'file_vault_client'
The script tests the use of an encrypted file system that is created and
provided via the File Vault.

Furthermore the script can be used for test-driving existing File-Vault
containers (created with potentially older File-Vault versions) under the
current File-Vault version. This is done via the "LX_FS_DIR_TEMPLATE"
env variable.

Ref #5062
2024-04-12 15:00:45 +02:00
Martin Stein
bcd82b7e75 tresor: revive and test app/tresor_check
The tresor_check tool became outdated back when the Tresor project was created
by re-writing its predecessor, the CBE, in C++. At this time, the check tool
was merely renamed but not updated. As there was also no autopilot test for the
tool, the tool remained outdated.

This commit rewrites the tool for the most recent Tresor version and adds an
autopilot test.

Ref #5062
2024-04-12 15:00:45 +02:00
Christian Helmuth
0b63bb91b6 run/nova: cleanup hypervisor binary handling
With the following changes, the hypervisor binary from bin/ as well as
from depot archives is taken as is and not unnecessarily turned inside
out.

- Remove objcopy -O elf32-i386 as our grub boots 64-bit binaries
  very well
- Remove strip as bin/hypervisor is already stripped
2024-02-28 16:31:45 +01:00
Christian Prochaska
7bfc8f2fde tool: add backtrace
Fixes #5103
2024-02-26 08:31:05 +01:00
Christian Prochaska
6aba9b1b9a tool/run/depot.inc: allow depot user in used_apis
Issue #5092
2024-02-26 08:31:05 +01:00
Stefan Kalkowski
fc15a164ce tool/dde_linux/create_dummies: preserve env
Instead of resetting the whole environment only remove the TARGET
variable to make GNU Make 4.4 happy.

Fix genodelabs/genode#5084
2024-02-26 08:31:03 +01:00
Alice Domage
74abf8132e tool/port: add .sparse-git install rule
Following Github support removal for svn [1], dde_rump port fails to
prepare. This commit introduces a new install rule for ports,
'.sparse-git'. It performs a sparse-checkout on the port repository, only
fetching required files.

[1] https://github.blog/2023-01-20-sunsetting-subversion-support/

Co-authored-by: Benjamin Lamowski <benjamin.lamowski@genode-labs.com>

Issue genodelabs#5072
Issue genodelabs/goa#28
2023-12-13 12:33:05 +01:00
Christian Prochaska
ff5a474e74 ports: remove old GDB monitor
Fixes #5067
2023-12-13 12:32:19 +01:00
Christian Prochaska
801c4aa72f depot: add support for debug info files
Fixes #5015
2023-11-28 14:45:29 +01:00
Norman Feske
5ae0dab6c5 mk: remove implicit build of shared libraries
This patch removes the implicit build of all shared libraries a target
depends on. Targets only depend on the respective ABIs instead. This
alleviates the need to locally build complex shared libraries (think of
Qt) when developing applications. Instead, application developers can
use binary depot archives.

The implementation splits the mk/lib.mk file into three files:
- mk/a.mk   for building one static library (.lib.a)
- mk/so.mk  for building one shared object  (.lib.so)
- mk/abi.mk for building one ABI stub       (.abi.so)

Furthermore, the commit moves messages and the collection of build
artifacts to var/libdeps, triggers the build of kernel-specific
ld-<kernel>.lib.so, and prunes the lib-dependency tree at ABIs.

Fixes #5061
2023-11-28 14:44:29 +01:00
Norman Feske
5410ecf9ad run: check consistency of build_boot_image args 2023-11-28 14:44:29 +01:00
Johannes Schlatow
767ea7f5b1 tool: add sd_card_zynq to autopilot.list
genodelabs/genode#5056
2023-11-28 14:24:26 +01:00
Stefan Kalkowski
040cf2eb2a tool/run/image/uefi: make silent sgdisk
Fix genodelabs/genode#5051
2023-11-28 14:24:26 +01:00
Christian Prochaska
f13463325a mk: fix clean rule dependencies in build.mk
Issue #5015
2023-11-28 14:24:24 +01:00
Tomasz Gajewski
02753b3c2c tool/run: fixed tftp support in boot_dir/hw
Changes needed after merging `uboot` and `uboot_fit` modules into a
single module.

Additionally `image.elf` file is removed when either `image.itb` or
`uImage` is created, so it cannot be processed when `image/uboot` module
is loaded. Therefore `image.elf` processing is done conditionally now.

Fixes #5037
2023-11-28 14:24:23 +01:00
Christian Helmuth
66c2c74147 depot/publish: let gpg overwrite .sig files
Without this change gpg aborted with

  gpg: Sorry, no terminal at all requested - can't get input

and after adding --batch onlye with

  gpg: signing failed: File exists
2023-10-25 08:58:52 +02:00
Christian Prochaska
ae899b9bc7 ports: add a test for GDB
Fixes #5014
2023-10-04 13:22:08 +02:00
Christian Prochaska
4bef85d7bc ports: add socat
Fixes #5007
2023-10-04 13:22:06 +02:00
Alexander Boettcher
484bde4b4b vbox5: remove VM generic version
Issue #4968
2023-10-04 13:22:04 +02:00
Sebastian Sumpf
b025ddcc8f tool/dde_linux: fix create_dummies for GNU Make 4.4
GNU Make 4.4 will pass TARGET to the sub-make of UNDEF_REFS where it can
be later used as link TARGET by Genode's build system. Before 4.4 TARGET
was undefined in the sub-make leading to the correct result.
2023-09-29 12:17:45 +02:00
Martin Stein
c23491ef3c nic_uplink: connect a Nic to an Uplink session
* Adds a new component server/nic_uplink that forwards packets unmodified
  between one Uplink session at one side and potentially multiple Nic sessions
  at the other side.
* Adds a new run script nic_uplink.run that does a basic test with multiple
  Nic clients on this component and adds it to the autopilot list.
* Adds a new depot recipe src/nic_uplink for this component.
* Adds a new depot recipe pkg/pc_nic for deploying the pc_nic_driver together
  with a nic_uplink server. This allows for raw access to the network connected
  to the Nic of the system in contrast to the commonly used routed and NAT'd
  access via NIC router. That said, it enables the use of network protocols
  not yet supported by the NIC router at the cost of less protection.

Ref #4966
2023-08-21 08:12:00 +02:00
Norman Feske
7ce734d886 tool/dts: accept 'label: &ref { };' syntax
The combination of a label with a node supplement was not yet covered by
the dts/parse tool so far.

Fixes #4962
2023-07-14 12:06:32 +02:00
Josef Söntgen
d6da06913e tool/run/boot_dir/hw: fix iPXE boot 2023-07-14 12:06:32 +02:00
Christian Helmuth
fb1d66b254 Remove timestamp from image.elf.gz
Issue #4956
2023-07-14 12:06:32 +02:00
Christian Helmuth
18c00e58cc tool: remove sel4 x86_32/pc and imx7-sabre artifacts
Issue #4918
2023-07-14 12:06:32 +02:00
Christian Prochaska
2dd1365af3 monitor: separate 'monitor_gdb' run scripts
Fixes #4944
2023-07-14 12:06:31 +02:00
Alice Domage
fb0e8fffa2 New depot_remove component
The depot_remove component can delete PKG archives with
automatically resolving dependencies and deleting archives that are not
required on the system anymore.

Issue genodelabs#4866
2023-06-16 11:24:26 +02:00
Sebastian Sumpf
d7440a8b1c tool/ports/current: use silent option for GNU Make 4.4
If this file is called from a Makefile via

! $(shell <path>/tool/ports/current qt5-host)

'shell' will return

"Entering directory '' <path-to-libc> Leaving directory '' Stop.",

and thus, producing multiple targets in the 'tool_chain_qt5' case.

issue #4725
2023-06-16 11:24:26 +02:00
Norman Feske
6a57683e52 New debug monitor
The new monitor component at os/src/monitor is the designated successor
of the gdb_monitor. This initial version, however, implements only the
subset needed to inspect the memory of the monitored component(s).

In contrast to the gdb_monitor, the new component supports the monitoring
of multiple components, leveraging the sandbox API. It can therefore be
used as a drop-in replacement for the init component. Like the gdb_monitor,
the new monitor speaks the GDB protocol over Genode's terminal session.
But the protocol implementation does not re-use any gdbserver code,
sidestepping the complexities of POSIX.

There exist two run scripts illustrating the new component. The
os/run/monitor.run script exercises memory inspection via the 'm' command
by letting a test program monitor itself. The os/run/monitor_gdb.run
script allows for the interactive use of GDB to interact with monitored
components.

Issue #4917
2023-06-16 11:24:26 +02:00
Josef Söntgen
194af03fe9 autopilot.list: replace cbe with tresor tester
Issue #4819.
2023-06-16 11:24:25 +02:00
Alexander Boettcher
ceaa02230e qemu: set default cpu model for x86_64 explicitly
With the update to sel4 and the gcc 12, assembly instructions are generated
and used, like POPCNT. The instruction is available on our native hardware,
but not emulated by the default cpu model necessarily, which leads to
undefined opcode exceptions (Qemu 4.2.1 && seL4). Additionally, the features
of the default Qemu cpu model may vary between Qemu releases and makes it
harder to correlate effects.
2023-06-16 11:24:25 +02:00
Martin Stein
e0dc544aa5 tool: add qemu run opts for zynq_qemu
Ref #4819
2023-06-16 11:24:25 +02:00
Alexander Boettcher
d92bd3afee sel4: update to 12.1.0 release
Fixes #4910
2023-05-30 12:13:33 +02:00
Christian Helmuth
22bee79534 port/metadata: improve info for multi-source ports
Now, ./tool/ports/metadata dde_linux produces the following output.

  PORT:     dde_linux
  LICENSE:  GPLv2
  VERSION:  individual (see sources)
  SOURCE:   https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.4.3.tar.xz VERSION 4.4.3 (lxip)
  SOURCE:   https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz VERSION 4.16.3 (fec)
  SOURCE:   https://github.com/cproc/dwc_otg.git git r5 (dwc_otg_host)
  SOURCE:   https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz VERSION 4.16.3 (usb_host)
  SOURCE:   https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz VERSION 4.16.3 (usb_hid)
  SOURCE:   https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz VERSION 4.16.3 (usb_modem)
  SOURCE:   https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz VERSION 4.16.3 (usb_net)

Issue #4685
2023-05-30 12:03:34 +02:00
Alexander Boettcher
475bcfc2b9 qemu: use EPYC as model for AMD SVM virtualization
"-cpu phenom" does not support all CPU instructions necessary with
gcc 12 toolchain update issuing more SSSE3, e.g. pshufb.

Additionally, remove good/bad Qemu version check of outdated versions.

Issue genodelabs/genode-world#329
2023-05-30 12:03:32 +02:00
Christian Prochaska
ee9281b458 qt5: install host tools in /usr/local/genode/tool/23.05
Issue #4868
2023-05-30 12:03:30 +02:00
Christian Prochaska
1e1df21a94 Remove stale Xen support
Fixes #4859
2023-05-30 12:03:29 +02:00
Christian Prochaska
03c23d299a qt5: reduce external dependencies of host tools
Fixes #4868
2023-05-30 12:03:28 +02:00
Alexander Boettcher
8f5fe6dfe1 tool/run/load/ipxe: use installed_command
to find lighttpd if it is installed in /usr/sbin
2023-05-30 12:03:28 +02:00
Christian Prochaska
78b8b2785c gcc: update to version 12.3.0
Issue #4827
2023-05-30 12:03:27 +02:00
Josef Söntgen
bab90d4837 depot/download: let curl fail on 404 response
Downloading non-existent archives from 'depot.genode.org' leads to
files in the 'public' directory containing the 404 error website
delivered by the HTTP server. Specifying the '--fail' option results
in curl generating an exit-code that leads to the appropriate action
by the tool, e.g.:

 Error: failed to download 'https://depot.genode.org/user/pkg/x/version.tar.xz'

Issue #4865.
2023-05-30 12:03:27 +02:00
Christian Prochaska
8920e5fbea tool_chain: update gprbuild to version 23.0.0
Issue #4827
2023-05-30 12:03:27 +02:00