Commit Graph

51 Commits

Author SHA1 Message Date
Christian Helmuth
583f2d6a36 depot: update recipe hashes 2023-05-30 12:13:34 +02:00
Martin Stein
aeb65d6b1b file_vault: version 23.05
* ARM support and detaching from Ada/SPARK

  * Remove all CBE-related code - especially the Ada/SPARK-based CBE library.

    * We have no means or motivation of further maintaining big projects in
      Ada/SPARK (the core Genode team is native to C++).

    * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an
      important architecture for Genode. This would mean extra commitment in
      Ada/SPARK.

    * We realize that block encryption more and more becomes a fundamental
      feature of Genode systems.

  * Implement a new block encryption library named Tresor that is inspired by
    the design and feature set of the former CBE library and that is entirely
    C++ and part of the Genode gems repository.

    * The Tresor block encryption is backwards-compatible with the on-disk
      data layout of the former CBE block encryption.

    * Except from the snapshot management and the "dump" tool, the Tresor
      block encryption provides the same feature set as the former CBE block
      encryption and accepts the same user requests at the level of the
      Tresor library API.

    * So far, the Tresor block encryption does not support the creation of
      user-defined snapshots.

    * In contrast to the former CBE, the Tresor ecosystem has
      no "dump" tool beause with the CBE library it turned out to be rarely of
      use.

    * In contrast to the Block back-end of the CBE "init" tool, the Tresor
      "init" tool uses a File System back-end.

    * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin.

      * The Tresor-VFS plugin in general is similar to the former CBE VFS but
        has a slightly different API when it comes to re-keying and re-sizing.
        Each of these operations now is controlled via two files. The first
        file is named <operation> and the user writes the start command to it.
        The user must then read this file once in order to drive the operation.
        The read returns the result of the operation, once it is finished.
        The second file is named <operation>_progress and can be watched and
        read for obtaining the progress of the operation as percentage.

    * The file vault is adapted to use the new Tresor ecosystem
      instead of the former CBE ecosystem and thereby also gains ARM support.

    * The former CBE tester and CBE VFS-tests are replaced by equivalent
      Tresor variants and are now run on ARM as well (testing with a persistent
      storage back-end is supported only when running on Linux).

    * So far, the new Tresor block encryption has no internal cache for meta
      data blocks like the former CBE.

* Add config/report user interface

  * Add a second option for the administration front end to the file vault
    named "config and report". With this front end the File Vault communicates
    with the user via XML strings. A ROM session is requested for user input
    and a Report session for user output. The front end type must be set at
    startup via the component config and is a static setting. The graphical
    front end that was used up to now is named "menu view" and remains the
    default.

  * The File Vault can now reflect its internal state and user input ("config
    and report" mode only) at the LOG session via two new static config
    attributes "verbose_state" and "verbose_ui_config" (both defaulting to
    "no").

  * The Shutdown button in "menu view" mode is replaced with a Lock button. The
    new button doesn't terminate the File Vault but merely lock the encrypted
    container and return to a cleared passphrase input. The same transition is
    also provided in "config and report" mode.

  * The file_vault.run script is replaced with file_vault_menu_view.run and
    file_vault_cfg_report.run that address the two front end modes. In contrast
    to the former script, which is interactive, the latter script is suitable
    for automatic testing.

  * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does
    the same as file_vault_cfg_report.run but uses the File Vault package and
    can be executed with the Depot Autopilot. The new test package is added to
    the default test list of depot_autopilot.run

  * The File Vault README is updated to the new version of the component and
    has gained a chapter "functional description".

  * Fixes a regression with the cbe_init_trust_anchor component that prevented
    reacting to a failed unlock attempt in the File Vault.

* The new Tresor software Trust Anchor has an optional deterministic mode in
  which it replaces the normally randomized symmetric keys with 0. This mode
  comes in handy for debugging. However, it should never be activated in
  productive systems. When activated, the user is warned extensively on the
  LOG that this system mode is insecure.

Ref #4819
2023-05-30 12:03:32 +02:00
Christian Helmuth
e265cf6d49 depot: update recipe hashes 2023-02-27 08:22:51 +01:00
Christian Helmuth
c58d799f16 depot: update recipe hashes 2022-11-17 08:00:37 +01:00
Christian Helmuth
3f1870841c depot: update recipe hashes 2022-09-21 12:19:10 +02:00
Norman Feske
bd9478204d Exclude file lib from gems API
The 'file' library makes the gems API depend on the libc, which is not
desireable because most users of the gems API have no direct libc
dependency.

With the changes of issue #4599, the build of each src archive that
depends on the gems API would attempt to build the 'file' library and
thereby demand the libc.

Note that the 'file' library is a relic that should better not be
promoted as part of the gems API. Hence, this patch removes the file
library from the gems API and adds it to the src archives of the few
remaining users.

Issue #4599
2022-09-19 14:00:32 +02:00
Christian Helmuth
4dddc41b71 depot: update recipe hashes 2022-08-31 09:32:09 +02:00
Christian Helmuth
44e2cd14a0 depot: update recipe hashes 2022-08-17 12:03:26 +02:00
Johannes Schlatow
758ba3855e trace: add types for trace_recorder policies
genodelabs/genode#4352
2022-08-17 12:03:26 +02:00
Johannes Schlatow
062881a484 trace: add types for ctf tracing
genodelabs/genode#4352
2022-08-17 12:03:26 +02:00
Norman Feske
649647538b depot: update recipe hashes 2022-02-15 10:23:59 +01:00
Sebastian Sumpf
a3976f0468 vfs_gpu: offer 'vfs_gpu_env' call
* retrieve Genode::Env from plugin, this way no mesa applications need to
  be changed.
* add 'vfs_gpu' api
* remove when all required functionality is implemented within the plugin.

issue #4380
2022-02-15 10:10:01 +01:00
Norman Feske
5611fd2355 depot: update recipe hashes 2021-12-17 15:06:38 +01:00
Christian Helmuth
92b7be4d11 depot: update recipe hashes 2021-11-30 12:08:54 +01:00
Christian Helmuth
abc9a2f232 depot: update recipe hashes 2021-10-14 13:46:25 +02:00
Martin Stein
d3cc5c9cd2 gems/recipes: api/cbe
Ref #4032
2021-10-13 14:50:45 +02:00
Christian Helmuth
777923f9bd depot: update recipe hashes 2021-05-10 11:18:12 +02:00
Norman Feske
a981fb864c depot: update recipe hashes 2021-01-25 14:00:43 +01:00
Christian Helmuth
91f8281618 depot: update recipe hashes 2020-10-09 13:35:57 +02:00
Norman Feske
7d0cb9620b depot: update recipe hashes 2020-08-25 11:50:41 +02:00
Josef Söntgen
f03917ab7c aes_cbc_4k: api recipe
Fixes #3850
2020-08-25 11:50:09 +02:00
Norman Feske
de795b1a6e depot: update recipe hashes 2020-07-13 11:33:53 +02:00
Norman Feske
4450b37ff5 depot: update recipe hashes 2020-06-29 14:25:28 +02:00
Norman Feske
eb3a81a874 depot: update recipe hashes 2020-06-22 09:39:41 +02:00
Norman Feske
46fa8197a2 depot: update recipe hashes 2020-03-26 11:39:02 +01:00
Christian Helmuth
5affd51250 depot: update recipe hashes 2020-02-28 08:59:43 +01:00
Christian Helmuth
4cccf74664 depot: update recipe hashes 2020-02-20 12:11:23 +01:00
Christian Helmuth
7ed1d7f11d depot: update recipe hashes 2019-11-19 14:54:14 +01:00
Christian Helmuth
17d32b3e15 depot: update recipe hashes 2019-07-09 09:06:54 +02:00
Christian Helmuth
ba51800b31 depot: update recipe hashes 2019-05-06 16:15:27 +02:00
Christian Helmuth
6ea1179145 depot: update recipe hashes 2019-04-09 12:30:35 +02:00
Christian Helmuth
ebe71a12ed depot: update recipe hashes 2019-03-19 11:12:36 +01:00
Christian Helmuth
46a29532a9 depot: update recipe hashes 2019-02-26 14:47:02 +01:00
Norman Feske
3a169d3a78 depot: update recipe hashes 2019-01-30 13:55:20 +01:00
Norman Feske
ba2b0b8360 gems: remove the use of deprecated APIs
This patch also updates os/slave.h because the app/launcher cannot be
reasonably updated without it.

Issue #1987
Issue #3125
2019-01-30 13:49:54 +01:00
Christian Helmuth
21a61cd583 depot: update recipe hashes 2019-01-07 12:43:37 +01:00
Christian Helmuth
c2e0d0ae20 depot: update recipe hashes 2018-08-30 09:25:10 +02:00
Christian Helmuth
f4ea50c6ff depot: update recipe hashes 2018-08-08 10:59:04 +02:00
Christian Helmuth
3b7d6394d7 depot: update recipe hashes 2018-05-03 15:32:01 +02:00
Christian Helmuth
47569458d4 depot: update recipe hashes 2018-04-19 12:39:20 +02:00
Christian Helmuth
d54f95d497 depot: update recipe hashes 2018-04-10 13:03:26 +02:00
Emery Hemingway
68c1b8675c gems: magic ring buffer
A ring buffer that uses a single dataspace mapped twice in consecutive
regions. This allows any operation that is less or equal to the size of
the buffer to be read or written in a single pass. The capacity of
Magic_ring_buffer is defined at runtime.

Fix #2725
2018-04-10 11:09:47 +02:00
Norman Feske
8d09d02b85 depot: update recipe hashes 2018-02-09 13:34:24 +01:00
Christian Helmuth
6013889028 depot: update recipe hashes 2018-01-17 12:14:44 +01:00
Christian Helmuth
553cf556af depot: update recipe hashes 2017-12-21 15:01:56 +01:00
Christian Helmuth
491be000ca depot: update recipe hashes 2017-11-09 12:19:59 +01:00
Norman Feske
d8861262b2 depot: recipe for cpu_load_display 2017-10-05 17:39:58 +02:00
Christian Helmuth
2ed904faab depot: update recipe hashes 2017-08-30 12:41:43 +02:00
Christian Helmuth
8b073f46df depot: update recipe hashes 2017-08-18 10:25:28 +02:00
Christian Helmuth
892ede515f depot: update recipe hashes 2017-05-31 16:18:01 +02:00