Commit Graph

3 Commits

Author SHA1 Message Date
Martin Stein
aeb65d6b1b file_vault: version 23.05
* ARM support and detaching from Ada/SPARK

  * Remove all CBE-related code - especially the Ada/SPARK-based CBE library.

    * We have no means or motivation of further maintaining big projects in
      Ada/SPARK (the core Genode team is native to C++).

    * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an
      important architecture for Genode. This would mean extra commitment in
      Ada/SPARK.

    * We realize that block encryption more and more becomes a fundamental
      feature of Genode systems.

  * Implement a new block encryption library named Tresor that is inspired by
    the design and feature set of the former CBE library and that is entirely
    C++ and part of the Genode gems repository.

    * The Tresor block encryption is backwards-compatible with the on-disk
      data layout of the former CBE block encryption.

    * Except from the snapshot management and the "dump" tool, the Tresor
      block encryption provides the same feature set as the former CBE block
      encryption and accepts the same user requests at the level of the
      Tresor library API.

    * So far, the Tresor block encryption does not support the creation of
      user-defined snapshots.

    * In contrast to the former CBE, the Tresor ecosystem has
      no "dump" tool beause with the CBE library it turned out to be rarely of
      use.

    * In contrast to the Block back-end of the CBE "init" tool, the Tresor
      "init" tool uses a File System back-end.

    * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin.

      * The Tresor-VFS plugin in general is similar to the former CBE VFS but
        has a slightly different API when it comes to re-keying and re-sizing.
        Each of these operations now is controlled via two files. The first
        file is named <operation> and the user writes the start command to it.
        The user must then read this file once in order to drive the operation.
        The read returns the result of the operation, once it is finished.
        The second file is named <operation>_progress and can be watched and
        read for obtaining the progress of the operation as percentage.

    * The file vault is adapted to use the new Tresor ecosystem
      instead of the former CBE ecosystem and thereby also gains ARM support.

    * The former CBE tester and CBE VFS-tests are replaced by equivalent
      Tresor variants and are now run on ARM as well (testing with a persistent
      storage back-end is supported only when running on Linux).

    * So far, the new Tresor block encryption has no internal cache for meta
      data blocks like the former CBE.

* Add config/report user interface

  * Add a second option for the administration front end to the file vault
    named "config and report". With this front end the File Vault communicates
    with the user via XML strings. A ROM session is requested for user input
    and a Report session for user output. The front end type must be set at
    startup via the component config and is a static setting. The graphical
    front end that was used up to now is named "menu view" and remains the
    default.

  * The File Vault can now reflect its internal state and user input ("config
    and report" mode only) at the LOG session via two new static config
    attributes "verbose_state" and "verbose_ui_config" (both defaulting to
    "no").

  * The Shutdown button in "menu view" mode is replaced with a Lock button. The
    new button doesn't terminate the File Vault but merely lock the encrypted
    container and return to a cleared passphrase input. The same transition is
    also provided in "config and report" mode.

  * The file_vault.run script is replaced with file_vault_menu_view.run and
    file_vault_cfg_report.run that address the two front end modes. In contrast
    to the former script, which is interactive, the latter script is suitable
    for automatic testing.

  * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does
    the same as file_vault_cfg_report.run but uses the File Vault package and
    can be executed with the Depot Autopilot. The new test package is added to
    the default test list of depot_autopilot.run

  * The File Vault README is updated to the new version of the component and
    has gained a chapter "functional description".

  * Fixes a regression with the cbe_init_trust_anchor component that prevented
    reacting to a failed unlock attempt in the File Vault.

* The new Tresor software Trust Anchor has an optional deterministic mode in
  which it replaces the normally randomized symmetric keys with 0. This mode
  comes in handy for debugging. However, it should never be activated in
  productive systems. When activated, the user is warned extensively on the
  LOG that this system mode is insecure.

Ref #4819
2023-05-30 12:03:32 +02:00
Johannes Schlatow
5e4e634625 libs: use select_from_ports in eager assignments
If `select_from_ports` is evaluated lazily, we might miss a port during
the dependency check. A way to prevent this is to use the `:=` operator.

Fixes genodelabs/genode#4618
2022-11-17 08:00:34 +01:00
Martin Stein
30b8f4efc8 gems: import Genode-specific code of the CBE
The CBE repository contained a lot of Genode-specific code despite the fact
that the CBE core logic is not bound to Genode in any way. Therefore the
Genode-specific CBE code is moved to the 'gems' repository to form part of
Genode mainline. The remaining CBE code becomes a port in Genode instead of
being invoked as sub-repository.

The commit combines the following work steps:

* add all files removed from CBE repository
* add CBE port files
* make all CBE libs and targets build again
* make all CBE run scripts succeed again
* make all CBE recipes build again
* make CBE autopilot succeed again
* let CBE autopilot use 'libsparcrypto' contrib dir and Genode build dir
  instead of '.ci' dir in CBE contrib dir (remove '.ci' dir from CBE repo)
* let CBE autopilot always check for all ports
* make CBE autopilot directly executable
* fix license headers in all Genode CBE files
* remove unused VFS replay component
* remove unused CBE test
* remove unused external crypto
* remove unused files in run dir
* remove unused external trust anchor
* add cbe_tester test to autopilot list
* get rid of directories 'include/cbe_*' and 'include/utils'

Fixes #3937
2020-11-27 09:19:08 +01:00