Commit Graph

12252 Commits

Author SHA1 Message Date
Norman Feske
66c3463749 Release notes for version 23.05 2023-05-31 11:10:25 +02:00
Christian Helmuth
dfc1b97fa2 depot: update recipe hashes 2023-05-31 09:42:19 +02:00
Christian Helmuth
d6f65901f9 Add trace policy binary to BUILD_ARTIFACTS 2023-05-30 17:00:01 +02:00
Stefan Kalkowski
5253d4ddd7 platform_drv: dissolve shared irq session
Fix genodelabs/genode#4912
2023-05-30 16:32:22 +02:00
Sebastian Sumpf
2dbf3322d8 dde_rump: fix rump recipe for RISC-V
issue #4800
2023-05-30 16:01:03 +02:00
Martin Stein
798e3ee306 file_vault: fix deinit fs in tresor vfs
Ref #4819
2023-05-30 12:26:01 +02:00
Christian Helmuth
583f2d6a36 depot: update recipe hashes 2023-05-30 12:13:34 +02:00
Christian Helmuth
c1104ccbc7 depot_autopilot: skip file_vault on riscv and rpi
Issue #4819
2023-05-30 12:13:34 +02:00
Benjamin Lamowski
e882ca748d base-hw: virt: implement support for SVM
Ref #4826
2023-05-30 12:13:34 +02:00
Benjamin Lamowski
b277b84e19 base: extend Vcpu_state for base-hw x86 virtualization
Changes are preliminary and will most certainly be removed when fully
enabling the virtualization feature on base-hw.

Ref #4826
2023-05-30 12:13:34 +02:00
Benjamin Lamowski
1e3836f8b5 base-hw: pass generic Vm_data structure to the kernel object
This enables passing additional data structures to the kernel on x86.

Ref #4826
2023-05-30 12:13:34 +02:00
Benjamin Lamowski
312b638220 base-hw: export Intel TSC platform information
Export TSC invariant and the frequency reported on Intel processors.
Currently lacks TSC calibration and reports a fixed frequency on AMD.

Ref #4826
2023-05-30 12:13:33 +02:00
Benjamin Lamowski
c75b07e0fd base-hw: SVM: allow execute on NPT mappings
Ref #4826
2023-05-30 12:13:33 +02:00
Benjamin Lamowski
cb69c59fa3 base-hw: implement VMCB data structure for AMD SVM
Ref #4826
2023-05-30 12:13:33 +02:00
Benjamin Lamowski
fa6e819f9a base-hw: x86: use Vcpu_state as Vm_state
Ref #4826
2023-05-30 12:13:33 +02:00
Benjamin Lamowski
0a819d5e19 base-hw: add MSR and CPUID registers for AMD SVM
Ref #4826
2023-05-30 12:13:33 +02:00
Benjamin Lamowski
e11ed069bf base-hw: fix x86 CPUID register width
Ref #4826
2023-05-30 12:13:33 +02:00
Benjamin Lamowski
7477f99d05 base-hw: x86: detect CPU Vendor and SVM support
Ref #4826
2023-05-30 12:13:33 +02:00
Benjamin Lamowski
6ca7119267 base-hw: copy virtualization structure for x86_64
Ref #4826
2023-05-30 12:13:33 +02:00
Norman Feske
256a989550 base-nova: update include guard 2023-05-30 12:13:33 +02:00
Norman Feske
34c7085ada sculpt.run: whitespace 2023-05-30 12:13:33 +02:00
Stefan Kalkowski
30e0452faf sculpt: increase sculpt_manager's cap quota
Fix genodelabs/genode#4911
2023-05-30 12:13:33 +02:00
Stefan Kalkowski
435c9719a7 sculpt: support for wifi on MNT Reform 2
Fix genodelabs/genode#4908
2023-05-30 12:13:33 +02:00
Alexander Boettcher
d92bd3afee sel4: update to 12.1.0 release
Fixes #4910
2023-05-30 12:13:33 +02:00
Alexander Boettcher
7351aa1670 sel4: remove x86_32/pc and imx7-sabre
The imx7 is not supported officially [0] anymore and the 32bit pc version is
not used nor intended to be used.

https://github.com/seL4/seL4/issues/254

Issue #4910
2023-05-30 12:03:34 +02:00
Christian Helmuth
22bee79534 port/metadata: improve info for multi-source ports
Now, ./tool/ports/metadata dde_linux produces the following output.

  PORT:     dde_linux
  LICENSE:  GPLv2
  VERSION:  individual (see sources)
  SOURCE:   https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.4.3.tar.xz VERSION 4.4.3 (lxip)
  SOURCE:   https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz VERSION 4.16.3 (fec)
  SOURCE:   https://github.com/cproc/dwc_otg.git git r5 (dwc_otg_host)
  SOURCE:   https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz VERSION 4.16.3 (usb_host)
  SOURCE:   https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz VERSION 4.16.3 (usb_hid)
  SOURCE:   https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz VERSION 4.16.3 (usb_modem)
  SOURCE:   https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz VERSION 4.16.3 (usb_net)

Issue #4685
2023-05-30 12:03:34 +02:00
Christian Helmuth
5a97297282 fiasco: gather patch files with sort + wildcard
Using $(shell find $(REP_DIR)/patches -name *.patch) fails if the
current working directory contains *.patch files due to shell wildcard
expansion before execution. Additionally, the patch list was unstable
because it was not sorted resulting in divergent hashes.
2023-05-30 12:03:33 +02:00
Benjamin Lamowski
80c8775d77 base: make Entrypoint available in Vcpu_handler_base
Fixes #4906
2023-05-30 12:03:33 +02:00
Stefan Kalkowski
1c790b2776 lx_emul: use alternative initcall for pci on ARM
On platforms different than x86 the subsys initcall `pci_subsys_init`
is not available. Therefore, we choose an alternative one here.

Fix genodelabs/genode#4907
2023-05-30 12:03:33 +02:00
Stefan Kalkowski
0aef0959d5 hw: catch all cache lines for mis-aligned addresses
Fix genodelabs/genode#4905
2023-05-30 12:03:33 +02:00
Christian Helmuth
6b2338257d Let linker assume stacks are non-executable
In our binaries, the .note.GNU-stack section is missing, which is okay
as we do not interpret these sections anyway and map stack pages
non-executable per default.

Issue #4827
2023-05-30 12:03:33 +02:00
Norman Feske
823349fffb libc: make libc-plugin headers private to libc
Fixes #4904
2023-05-30 12:03:33 +02:00
Norman Feske
e1e26c4439 libports: update doc/libc.txt 2023-05-30 12:03:33 +02:00
Christian Prochaska
b1be660c7b libusb: remove use of obsolete libc-plugin interface
Fixes #4854
2023-05-30 12:03:33 +02:00
Martin Stein
8992dadb15 libports: remove unused libsparkcrypto
The main user of libsparkcrypto in the past was the CBE block encryption
ecosystem. However, the CBE was replaced with the Tresor block encryption that
uses libcrypto instead.

Ref #4819
2023-05-30 12:03:33 +02:00
Josef Söntgen
497c8b0922 wifi: provide WPA3-personal support
This commit introduces preliminary support for joining networks secured
via WPA3-personal. So far it was only tested with the one OpenWRT AP
configured for WPA3 (see excerpt below) where it WPA3-only as well as
WPA2/WPA3 mixed worked fine.

Scan results excerpt:

00:11:22:33:44:55    5180    -45     [WPA2-SAE-CCMP][SAE-H2E][ESS][UTF-8]    PewPew
00:11:22:33:44:55    2412    -67     [WPA2-PSK+SAE+PSK-SHA256-CCMP][SAE-H2E][ESS][UTF-8]     PewPew2

Issue #4861.
2023-05-30 12:03:33 +02:00
Josef Söntgen
cfd3be675f pc_wifi: enable RTL8192CE support in rtlwifi
Issue #4861.
2023-05-30 12:03:33 +02:00
Josef Söntgen
dc178e0ab2 dde_linux: enhance KBUILD_MODNAME generation
It turns out solely relying on the name of the compilation-unit
is not enough. In at least one multi-device driver, e.g. rtlwifi,
an equally called compilation-unit is found in several different
directories. There KBUILD_MODNAME is used to name the driver,
which fails later on as the driver framework refuses to register
an equally named driver twice.

Instead of only considering the name of the compilation-unit also
include the last element of the path to generate differentiating
KBUILD_MODNAME value.

Issue #4861.
2023-05-30 12:03:33 +02:00
Josef Söntgen
0e82322605 pci_decode: force GSI for ath9k device
As noted in 'wifi/pc: add ath9k driver' it appears the tested device
only works with GSIs.

Issue #4861.
2023-05-30 12:03:33 +02:00
Josef Söntgen
22c9157231 wifi: add RFKILL notification interface
Add somewhat cosmetic changes to the RFKILL interface used between
the management layer and the driver library to make the intent clear.

Issue #4861.
2023-05-30 12:03:33 +02:00
Josef Söntgen
6b406469f6 dde_linux: remove unused var from libnl_include
Issue #4861.
2023-05-30 12:03:33 +02:00
Josef Söntgen
080b0fb9b3 dde_linux: update wpa_supplicant to version 2.10
The supplicant is updated to the current release and is now downloaded
as archive rather than pulled from git. For the time being 'libnl' is
still kept at 3.2.25 as the current 3.7.0 release relies on more Linux
infrastructure that our integration does not provide.

Issue #4861.
2023-05-30 12:03:33 +02:00
Josef Söntgen
ea0a692879 wifi: get firmware from tar archive
This commit changes the firmware handling from requesting each
firmware file as a ROM module that is checked against a list of
known images (including their size) to requesting each file via
the local VFS of the 'wifi_drv'. This allows for using the original
probing mechanism that tries to select a matching firmware version.

The 'repos/dde_linux/src/drivers/wifi/README' file contains more
detailed information on how to configure the driver.

Issue #4861.
2023-05-30 12:03:33 +02:00
Josef Söntgen
3ba070e5e4 pc_wifi: implement __crypto_xor generated dummy
This function is called when decrypting RX frames on the CPU on 32 bit
platforms. Since the frames are normally decrypted by the wireless LAN
device and this code path is triggered rather infrequently the byte-wise
implementation should not pose a performance risk.

So far it was only encounter with a 7260 device when running netperf.

Issue #4861.
2023-05-30 12:03:33 +02:00
Josef Söntgen
d5710d9de3 Move 'wifi' driver to dde_linux repository
The bulk of the driver code now lives in the 'dde_linux' repository,
which is available on all platforms, from where it can be referenced by
other repositories.

The 'wifi_drv' binary was delegated to a generic harness that includes
all configuration and management functionality shared by all wireless
device driver components, e.g., the wpa_supplicant. The code of the
device driver emulation environment is located in 'src/lib/wifi'. It
is referenced by the platform-specific driver library that resides in
the corresponding platform repository. The runtime configuration needs
to point the driver to proper driver library.

The platform-specific library is in charge of orchestrating the contrib
source utilized by the driver as well as providing the 'source.list'
and 'dep.list' files. It must include the generic library snippet
'repos/dde_linux/lib/wifi.inc' that deals with managing the emulation
environment code.

The 'repos/dde_linux/src/drivers/wifi/README' file contains more
detailed information on how to deploy the driver.

Issue #4861.
2023-05-30 12:03:32 +02:00
Josef Söntgen
6727b5ea49 dde_linux: promote PC specific additions
Issue #4861.
2023-05-30 12:03:32 +02:00
Martin Stein
aeb65d6b1b file_vault: version 23.05
* ARM support and detaching from Ada/SPARK

  * Remove all CBE-related code - especially the Ada/SPARK-based CBE library.

    * We have no means or motivation of further maintaining big projects in
      Ada/SPARK (the core Genode team is native to C++).

    * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an
      important architecture for Genode. This would mean extra commitment in
      Ada/SPARK.

    * We realize that block encryption more and more becomes a fundamental
      feature of Genode systems.

  * Implement a new block encryption library named Tresor that is inspired by
    the design and feature set of the former CBE library and that is entirely
    C++ and part of the Genode gems repository.

    * The Tresor block encryption is backwards-compatible with the on-disk
      data layout of the former CBE block encryption.

    * Except from the snapshot management and the "dump" tool, the Tresor
      block encryption provides the same feature set as the former CBE block
      encryption and accepts the same user requests at the level of the
      Tresor library API.

    * So far, the Tresor block encryption does not support the creation of
      user-defined snapshots.

    * In contrast to the former CBE, the Tresor ecosystem has
      no "dump" tool beause with the CBE library it turned out to be rarely of
      use.

    * In contrast to the Block back-end of the CBE "init" tool, the Tresor
      "init" tool uses a File System back-end.

    * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin.

      * The Tresor-VFS plugin in general is similar to the former CBE VFS but
        has a slightly different API when it comes to re-keying and re-sizing.
        Each of these operations now is controlled via two files. The first
        file is named <operation> and the user writes the start command to it.
        The user must then read this file once in order to drive the operation.
        The read returns the result of the operation, once it is finished.
        The second file is named <operation>_progress and can be watched and
        read for obtaining the progress of the operation as percentage.

    * The file vault is adapted to use the new Tresor ecosystem
      instead of the former CBE ecosystem and thereby also gains ARM support.

    * The former CBE tester and CBE VFS-tests are replaced by equivalent
      Tresor variants and are now run on ARM as well (testing with a persistent
      storage back-end is supported only when running on Linux).

    * So far, the new Tresor block encryption has no internal cache for meta
      data blocks like the former CBE.

* Add config/report user interface

  * Add a second option for the administration front end to the file vault
    named "config and report". With this front end the File Vault communicates
    with the user via XML strings. A ROM session is requested for user input
    and a Report session for user output. The front end type must be set at
    startup via the component config and is a static setting. The graphical
    front end that was used up to now is named "menu view" and remains the
    default.

  * The File Vault can now reflect its internal state and user input ("config
    and report" mode only) at the LOG session via two new static config
    attributes "verbose_state" and "verbose_ui_config" (both defaulting to
    "no").

  * The Shutdown button in "menu view" mode is replaced with a Lock button. The
    new button doesn't terminate the File Vault but merely lock the encrypted
    container and return to a cleared passphrase input. The same transition is
    also provided in "config and report" mode.

  * The file_vault.run script is replaced with file_vault_menu_view.run and
    file_vault_cfg_report.run that address the two front end modes. In contrast
    to the former script, which is interactive, the latter script is suitable
    for automatic testing.

  * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does
    the same as file_vault_cfg_report.run but uses the File Vault package and
    can be executed with the Depot Autopilot. The new test package is added to
    the default test list of depot_autopilot.run

  * The File Vault README is updated to the new version of the component and
    has gained a chapter "functional description".

  * Fixes a regression with the cbe_init_trust_anchor component that prevented
    reacting to a failed unlock attempt in the File Vault.

* The new Tresor software Trust Anchor has an optional deterministic mode in
  which it replaces the normally randomized symmetric keys with 0. This mode
  comes in handy for debugging. However, it should never be activated in
  productive systems. When activated, the user is warned extensively on the
  LOG that this system mode is insecure.

Ref #4819
2023-05-30 12:03:32 +02:00
Johannes Schlatow
d3d3351b99 base-nova: fix map for small sizes
Changes to the platform driver triggered a map() error while mapping an
address block at 0x3000 of size 0x800. Since the mapped size was larger, the
loop continued and tried mapping address 0x4000 where no dataspace was
found.

genodelabs/genode#4761
2023-05-30 12:03:32 +02:00
Johannes Schlatow
cb0546aa9b os: increase platform_session quota 2023-05-30 12:03:32 +02:00
Johannes Schlatow
b558cd18d4 platform_drv: make Device_pd a Io_mmu::Domain
By transforming the Device_pd into an Io_mmu::Domain, we implement an
IOMMU device that uses the kernel API for controlling the IOMMU. This
device gets special treatment and is used by default for every device
that has no <io_mmu/> child.

genodelabs/genode#4761
2023-05-30 12:03:32 +02:00