Commit Graph

1736 Commits

Author SHA1 Message Date
Alexander Boettcher
02efe59cdd sculpt_manager: adjust system model state
s3_prepare should be ACPI_SUSPENDING instead of ACPI_RESUMING

Issue #5180
2024-04-25 15:43:00 +02:00
Josef Söntgen
10d7427490 sculpt: consider SoC board info for fb selection
In contrast to platforms, like the PC, where the fb driver selection
is a dynamic decision depending on the available hardware, on current
ARM-based SoC machines this configuration is part of the static board
information.

Issue #5174.
2024-04-19 13:44:36 +02:00
Norman Feske
084a14b114 record_play_mixer: make warning rate configurable
This patch disables latency warnings by default. The warnings can be
enabled by setting the 'warning_rate_ms` value to the desired
maximum rate.

Fixes #5186
Issue #5174
2024-04-19 13:42:05 +02:00
Christian Helmuth
85c99c238d depot: update recipe hashes 2024-04-19 08:54:22 +02:00
Norman Feske
e3d4f202c4 sculpt/nitpicker: assign KEY_PRINT -> screenshot
Issue #5174
2024-04-19 08:54:22 +02:00
Christian Helmuth
d90ec3775b pkg/terminal: limit initial dimension to 900x600 2024-04-19 08:54:22 +02:00
Norman Feske
9e69c7301a sculpt: safeguard the offering of suspend/resume
The USB host controller gets restarted during the suspend-resume cycle.
Hence, don't offer suspend while any USB storage device is in use, in
particular when deploying Sculpt from a USB stick.

Suspend/resume is not supposed to work with any framebuffer driver other
than intel_fb. Therefore, offer the suspend feature only when using intel_fb.

Issue #5174
2024-04-19 08:54:22 +02:00
Alexander Boettcher
7e23b704f0 sculpt: disable serial output when LOG!=core
Issue #5180
2024-04-19 08:54:22 +02:00
Norman Feske
0a5e174d78 sculpt/usb/default: add device-assignment example
Issue #5174
2024-04-19 08:54:21 +02:00
Norman Feske
c6aa50ec56 dialog: don't scroll beyond text bounds
Issue #5174
2024-04-19 08:54:21 +02:00
Christian Helmuth
f8c420a78b file_vault_client.run: epit timer requires IO_MEM 2024-04-19 08:54:21 +02:00
Norman Feske
4a6ab846e5 sculpt: restore heartbeat watchdog for intel_fb
The automatic restart of intel_fb got lost during the transition from
the driver manager. This commit restores the heartbeat monitoring of
this driver.

Issue #5174
2024-04-19 08:54:21 +02:00
Norman Feske
f34bf0d19e sculpt: power options (suspend, reset, power off)
This patch enhances the sculpt manager to drive the system state
and manage the lifecycle of driver components during suspend-
resume cycles.

The new Power options can be found in the System menu. The suspend
and power-off controls are presented only when the acpi-support
option is activated.

Note that the USB controller is hard restarted when resuming from
suspend. Hence, all components that depend on USB are restarted
implicitely.

Issue #5180
Issue #5174
2024-04-19 08:54:21 +02:00
Christian Helmuth
8cd206a050 sculpt: don't pre-populate /report/runtime/wifi_drv
Issue #5174
2024-04-19 08:54:21 +02:00
Christian Helmuth
def630c3db sculpt_manager: remove obsolete "storage" node
Issue #5174
2024-04-19 08:54:21 +02:00
Norman Feske
7c7c4e80e1 sculpt: attach nic and wifi to hardware node
This makes the grouping of these two drivers consistent with the
other drivers.

Issue #5174
2024-04-19 08:54:21 +02:00
Josef Söntgen
c822dc0f18 sculpt: default rules in audio and mixer launchers
Issue #5174.
2024-04-19 08:54:21 +02:00
Josef Söntgen
344831ec06 curl: update to version 8.7.1
This commits updates the contrib sources to version 8.7.1.

This version requires more random entropy as it queries OpenSSL
about the current random state and will bail if it is not sufficient.
Doubling the content of the '<inline>' VFS plugin as used in static
configurations seems satisfactory.

Furthermore DNS resolving needs a configured '<pipe>' plugin to work
properly.

Fixes #5184.
2024-04-19 08:54:21 +02:00
Norman Feske
fe144a6c5f sculpt: increase text-edit quota
This is an intermediate solution for accommodating overly long
text lines that can appear in report/runtime/usb/devices in the
presence of long product strings.

Issue #5174
2024-04-19 08:54:21 +02:00
Norman Feske
4e78e91bc2 sculpt: sanitize keyboard-layout choice
The check handles the case when the user clicks right of the
radio-button text, yielding an invalid "matching" id. This should not
result in any action.

Issue #5174
2024-04-19 08:54:20 +02:00
Norman Feske
e1ab69491c sculpt: fix focus between inspect and file edit
Issue #5174
2024-04-19 08:54:20 +02:00
Norman Feske
8319f047d2 sculpt: launcher for recall_fs
Issue #5174
2024-04-19 08:54:20 +02:00
Norman Feske
49f3eca476 os: recipe and launcher for pkg/waveform_player 2024-04-19 08:54:20 +02:00
Alexander Boettcher
4c79f948ab platform/pc: support to suspend via system_control
When the "system" ROM state turns to "suspend",
the S3 state information of the sleep_states ROM are determined and
are used to invoke the privileged Pd::system_control call.

Issue #5180
2024-04-19 08:54:20 +02:00
Alexander Boettcher
3471fce672 sculpt: add acpi_support launcher
Issue #5180
2024-04-19 08:54:20 +02:00
Josef Söntgen
75e1f1797d sculpt_manager: raise runtime_view RAM quota
Issue #5174.
2024-04-19 08:54:20 +02:00
Josef Söntgen
d858a600f7 sculpt: raise max supported display resolution
This commit raise various quota to accommodate using a display
resolution of up to '3840x2160' in the static parts, e.g. the
leitzentrale, of Sculpt.

Issue #5174.
2024-04-19 08:54:20 +02:00
Norman Feske
b086996438 sculpt: update falkon_web_browser pkg
Issue #5174
2024-04-19 08:54:20 +02:00
Norman Feske
694eb3f40d sculpt: launcher for system clock
Issue #5174
2024-04-19 08:52:41 +02:00
Norman Feske
4c4adec5ad sculpt: reset routing dialog after add-component
Issue #5174
2024-04-19 08:52:41 +02:00
Norman Feske
22f0ab926b sculpt: adjust leitzentrale priorities 2024-04-19 08:52:05 +02:00
Norman Feske
29960db32c sculpt: provide empty usb default policy
This avoids service-denied errors of USB clients like VBox at
integration time when client-specific policy exists yet.

Issue #5174
2024-04-15 16:39:16 +02:00
Norman Feske
22a731b671 sculpt: make popup dialog scrollable
This patch complements "sculpt: make component graph scrollable" with
the ability to scroll the popup dialog, which is sometimes needed in the
presence of many services as routing options.

Fixes #5183
2024-04-12 17:44:19 +02:00
Norman Feske
7df19173af sculpt: make component graph scrollable
This patch allows the user to vertically scroll the component graph
either via the scroll wheel or via the page up/down keys.

Issue #5183
2024-04-12 17:10:55 +02:00
Christian Helmuth
c4f75f49e5 depot_autopilot: skip test-read_only_rom on linux
Fixes #3414
2024-04-12 16:48:37 +02:00
Norman Feske
a5dcb8494e sculpt: include grub.cfg in system update
Issue #5182
2024-04-12 16:26:32 +02:00
Christian Helmuth
dc0e78cdf8 depot: update recipe hashes 2024-04-12 15:08:01 +02:00
Christian Prochaska
7fca026b48 sculpt_manager: check devices ROM before fb driver start
Issue #5174
2024-04-12 15:08:01 +02:00
Josef Söntgen
d0aa8362db vfs/oss: support different sample rates
This commit introduces support for different samples rates. For now
the range is capped to 8kHz up to 48kHz.

Issue #5167.
2024-04-12 15:08:01 +02:00
Josef Söntgen
33735d0af8 Add plugin version to VFS OSS plugins
To differentiate between the legacy and the current VFS OSS plugin both
plugins will feature a 'plugin_version' field in its info file. This
is used for enabling features provide by the current version that are
not supported in the legacy one.

Issue #5167.
2024-04-12 15:08:01 +02:00
Josef Söntgen
4a9e6a001f sculpt: add audio and mixer launcher
The audio launcher configures the 'bsd_audio_drv' component for normal
use where the micrphone selection should work on most Thinkpads.

The mixer launcher configures the 'record_play_mixer' component for
use with the 'audio' launcher and provides also examplary rules for
vbox6 launchers.
2024-04-12 15:08:01 +02:00
Josef Söntgen
e27fad7c9a sculpt_distribution: replace mixer pkg
The pkg is superseded by the 'record_play_mixer'.

Issue #5167.
2024-04-12 15:08:01 +02:00
Johannes Schlatow
76176a196d Enable Intel HD Graphics 500 (found in ZimaBlade)
The IHD500 is almost a gen9 (skylake) GPU with subtle differences. Linux
maintains a separate feature set `GEN9_LP_FEATURES` for this GPU.
However, foisting the GPU as skylake on the GPU drivers seems to work
quite fine.

genodelabs/genode#5177
2024-04-12 15:08:01 +02:00
Norman Feske
edaff9fb96 sculpt: adjust leitzentrale priority
Since "sculpt: adjust nitpicker priority", the nitpicker GUI server no
longer runs at the highest priority, yet the runtime_view of the
leitzentrale UI continued to operate at the highest priority.
On slower machines, this results in a visible interference of the CPU-
heavy rendering of the runtime_view with the (now) lower-prioritized
nitpicker, in particular laggy pointer movements.

This commit subordinates the leitzentrale components below the priority
of nitpicker to prevent this interference.

It also simplifies the priority scheme at the static system init: The
timer has the highest priority whereas all other components use the
priority band -1.

Issue #5174
2024-04-12 15:08:01 +02:00
Norman Feske
a1e3f9a73e sculpt: allow RAM fs to grow up to 2 GiB
The hard resource limit introduced by "sculpt: upper limit for automatic
quota upgrading" is too conservative for typical use cases of the RAM
fs. This commit makes the limit adjustable per managed component and
relaxes the limit for the RAM fs and depot_rom from 256 MiB to 2 GiB.

Issue #5174
2024-04-12 15:08:01 +02:00
Sebastian Sumpf
309a281b14 depot_autopilot.run: adjust TEST_MODULES to build_artifacts 2024-04-12 15:08:01 +02:00
Alexander Boettcher
f59883427f sculpt_manager: provide platform_info for boot_fb
Issue #5174
2024-04-12 15:08:00 +02:00
Norman Feske
8875e3b879 dialog: allow out-of-view cursor when scrolling
This patch relaxes the counter-intuitive enforcement of keeping the
text cursor always in view when using the scroll wheel.

Issue #5174
2024-04-12 15:08:00 +02:00
Norman Feske
e04336d087 sculpt: driver-policy tweaks
Allow tweaking the driver selection using the manager config:

- The new attribute 'ps2="no"' suppresses the selection of the PS/2 driver.
- The new attribute 'intel_gpu="no"'suppresses the selection of the
  Intel GPU and fb drivers, letting Sculpt fall back to VESA or boot-fb.

Note that the dynamic change of those attributes is handled in principle
but not advisable. E.g., disabling the intel driver after startup leaves
the hardware in a state that the VESA driver cannot cope with. However,
when statically defining the attributes in sculpt/manager/default, it is
now possible to build an image that uses VESA on an intel machine.

Issue #5174
2024-04-12 15:08:00 +02:00
Norman Feske
3f66bf25aa sculpt: restore wifi and nic restart option
Issue #5174
2024-04-12 15:08:00 +02:00
Norman Feske
594da536c7 sculpt/default-pc: add trace_logger launcher
Issue #5174
2024-04-12 15:08:00 +02:00
Martin Stein
e5fce868fb file_vault_client.run: raise lock timeout and caps
The nightly Qemu tests that don't use KVM require more time for completing the
unlock-and-access phase of the test. If the lock phase starts to early, the
file access is interrupted and the output isn't as expected.

Furthermore, on FOC, the cap quota was insufficient.

Ref #5148
2024-04-12 15:08:00 +02:00
Norman Feske
cc41a06c89 sculpt: version 24.04
Issue #5174
2024-04-12 15:08:00 +02:00
Norman Feske
1f24eb2401 wm: avoid eager reuse of window IDs
The existing allocation scheme of window IDs has the unwelcome effect
that a re-appearing window would not always result in a visible change
of the window list. In such cases, the layouter and decorator would not
be prompted to do their job. This effect could be observered with the
multi-dialog version of menu view in Sculpt OS when manually enforcing
the restart of the runtime_view. Sometimes the panel would not re-appear
after the restart.

This patch changes the allocation of window ID such that new windows get
fresh IDs instead of reusing an ID of a recently disappeared window.

Issue #5170
2024-04-12 15:08:00 +02:00
Martin Stein
047f130005 tresor_tester.run: clean up
Ref #5148
2024-04-12 15:08:00 +02:00
Martin Stein
b7049b5321 tresor_tester.run: slim down tests
This substantially slims down the test in order to reduce the number nightly
tests that fail due to timeouts. Now, the extended test steps (maximum trees
and benchmarks) are only run on Linux. The synchronous access, snapshot
management, rekeying, and resizing tests were removed.

Ref #5148
2024-04-12 15:08:00 +02:00
Martin Stein
0404cc6907 file_vault/file_vault_client: recalibrate quota
Recalibrates RAM and CAP quota in app and test in order for the
file_vault_client test to succeed on qemu/x86_64/sel4 and qemu/pbxa9/foc.

Ref #5148
2024-04-12 15:08:00 +02:00
Norman Feske
ac2d708205 sculpt: use one menu_view for all dialogs
This patch replaces the former use of one menu-view component per dialog
by a single menu view presenting all dialogs. This change reduces the
runtime config by about 20%, improves the boot time, and lowers RAM and
CPU usage at runtime.

Issue #5170
2024-04-12 15:08:00 +02:00
Norman Feske
9ce7c72c7c dialog: use one menu_view for multiple dialogs
Issue #5170
2024-04-12 15:08:00 +02:00
Norman Feske
d6cb9cf854 menu_view: make font-style updates more robust
The font pointers cached in labels can become dangling when the style
database is updated, as happens when changing the font size dynamically.
This patch orderly updates the cached pointers before removing
out-of-date font entries from the style database.

Related to issue #5170
2024-04-12 15:08:00 +02:00
Norman Feske
550dea7279 menu_view: support multiple dialogs
This patch equips the menu-view component with the ability to present
more than one dialog at a time. The dialogs must be declared in the
<config> node as follows.

  <config>
    ...
    <dialog name="settings"/>
  </config

For each dialog, menu view requests a dedicated ROM session labeled after
the dialog name. The corresponding GUI session is also labeled as such.
Note that only one hover report is generated responding to all dialogs.
The hover report can be correlated with the hovered dialog by inspecting
the the 'name' attribute of the hover report's <dialog> sub node.

The former global config attributes 'xpos', 'ypos', 'width', 'height',
'opaque', and 'background' have become attributes of the <dialog> node.

Fixes #5170
2024-04-12 15:08:00 +02:00
Johannes Schlatow
881f443bbe sculpt: only add log_kernel if used with nova
Fixes genodelabs/genode#5171
2024-04-12 15:08:00 +02:00
Norman Feske
96acb3412f gems: add missing import to dialog.run 2024-04-12 15:08:00 +02:00
Norman Feske
a3f04d2b4d sculpt: remove GPU routes to outside the runtime
GPU drivers always reside in the runtime subsystem now.
This patch eliminates the risk of requesting a GPU session at the
drivers subsystem, which never gets established.

Issue #5150
2024-04-12 15:08:00 +02:00
Josef Söntgen
5f88562263 gems: VFS OSS plugin for Record/Play session
The new VFS OSS plugin utilizes the Record and Play session. For the
time being it is a drop-in replacement for the old plugin and shares
its limitations.

In contrast to the old plugin it is possible to force a client to
use a configured fragment size. Some clients work best with larger
fragments, e.g. VBox, where raising the minimal fragment size is
beneficial.

Please look at the README file for more information.

Issue genodelabs/genode#5167.
2024-04-12 15:08:00 +02:00
Josef Söntgen
489d87c4b0 sculpt: add Play and Record session
Issue genodelabs/genode#5167.
2024-04-12 15:05:46 +02:00
Josef Söntgen
b9c8c8c2a5 sculpt: adjust nitpicker priority
Move nitpicker to the driver priority in the runtime to lessen
interference with high-priority runtime components.

Issue genodelabs/genode#5167.
2024-04-12 15:05:46 +02:00
Josef Söntgen
22281c18ec gems: add rom_osci pkg recipe
Issue genodelabs/genode#5167.
2024-04-12 15:05:46 +02:00
Norman Feske
268a77add1 sculpt: redesigned popup dialog
The new popup dialog mirrors the concept of the software add and option
dialogs of the phone version.

Fixes #5168
2024-04-12 15:05:46 +02:00
Norman Feske
9ea99a896a sculpt: add launcher/black_hole 2024-04-12 15:05:46 +02:00
Martin Stein
fbec6ae030 file_vault_client.run: raise access timeout
On some platforms like qemu/x86_64/sel4, accessing the file system is so
slow that it used to hit the timeout of this phase in the run script.

Ref #5148
2024-04-12 15:05:46 +02:00
Martin Stein
a7ff30d5a4 file_vault_client.run: disable for riscv
Ref #5148
2024-04-12 15:05:46 +02:00
Martin Stein
0ef92baf9d tresor_tester.run: raise block_io_fs caps
On platform imx6q_sabrelite/arm_v7a/imx6q_sabrelite/sel4, the test used to
fail because of a resource request.

Ref #5148
2024-04-12 15:05:46 +02:00
Martin Stein
5cb5610906 tresor_tester.run: raise test timeout
Some platforms (especially the qemu-based ones) used to time out on
nightly tests although they would have succeeded with more time.

Ref #5148
2024-04-12 15:05:46 +02:00
Norman Feske
4a1a29b3d0 sculpt: make storage target configurable
This patch lays the selection of the used storage target into the hands
of the config/manager file. By default, Sculpt selects the target by its
built-in heuristics, probing for a Sculpt partition. However, by
specifying a <target> node, one can explicitly select a storage target.

E.g., for using the 2nd partition of the SATA disk connected to port 1
of the AHCI controller, one can now specify:

  <target driver="ahci" port="1" partition="2"/>

For selecting the ram_fs as target:

  <target driver="ram_fs"/>

The latter case is particularly useful for custom Sculpt scenarios
deployed entirely from RAM. For such scenarios, add two lines to
your .sculpt file:

  ram_fs:  depot
  manager: use_ram_fs

The first line configures the ram_fs such that the depot is mounted
as a tar archive. The second line configures the sculpt manager to
select the ram_fs as storage target. You can find this feature
exemplified in default-linux.sculpt scenario.

  build/x86_64$ make run/sculpt_test KERNEL=linux BOARD=linux

It is worth noting that the configuration can be changed at runtime.
This allows for switching between different storage targets on the fly.

Issue #5166
2024-04-12 15:05:46 +02:00
Norman Feske
508e0bdfbf sculpt: introduce config/manager
The new 'manager' config allows for the passing of configuration data the
sculpt manager without the need to modify the config/leitzentrale subsystem.

Issue #5166
2024-04-12 15:05:14 +02:00
Norman Feske
b78b2c7ac9 sculpt_manager: use Rom_handler
This patch replaces the dynamic use of Attached_rom_dataspace by a
new Rom_handler utility, which implicitly covers the initial import of
content (safely using 'local_submit'), the registration of the signal
handler, passes the Xml_node to the handler function (no need to
manually call 'update'), and provides scoped access to the content via a
'with_xml' method. The latter reinforces a programming style that does
not need to copy Xml_node objects.

Issue #5150
2024-04-12 15:02:45 +02:00
Norman Feske
f96cea8151 sculpt: remove notion of system 'block_devices'
This patch removes the remains of the original block-device discovery as
done by the former driver manager. Block sessions are now always
provided by components hosted in the runtime subsytem. The storage node
of the graph is no more.

Issue #5150
2024-04-12 15:02:45 +02:00
Norman Feske
0cf12c6778 gems: use C++20 function template syntax 2024-04-12 15:02:45 +02:00
Norman Feske
4dc1014bfb gems: coding style (avoid superfluous '()' pairs) 2024-04-12 15:02:45 +02:00
Norman Feske
6cabc85ac8 sculpt: group driver management in 'Drivers' class
This patch harmonizes the driver management between the sculpt manager
and the phone manager by hosting the individual drivers in a new
'Drivers' class with a narrow interface towards 'Sculpt::Main'. The
patch also introduces a clean separation of the 'Board_info' between
features detected at runtime (on PC hardware), statically
known/managed features (phone hardware), and options that can be
toggled at runtime.

With common patterns for managing drivers in place now, this commit
also moves the former runtime/wifi_drv.cc and runtime/nic_drv.cc
code to driver/wifi.h and driver/nic.h. The _drv suffix of the wifi
and nic driver components have been dropped.

Issue #5150
2024-04-12 15:02:45 +02:00
Norman Feske
b7bbf8f7e4 sculpt.run: remove outdated session routes
The move of block, USB, and input drivers from the drivers subsystem to
the runtime alleviates the need for routing those sessions between the
subsystems.

Issue #5150
2024-04-12 15:02:45 +02:00
Norman Feske
d8acc3a9f4 sculpt: host MMC driver in runtime
Issue #5150
2024-04-12 15:02:45 +02:00
Norman Feske
d13b8e1937 sculpt: host soc touch and fb drivers in runtime
This patch moves SoC-specific framebuffer and touchscreen drivers
(PinePhone) to the runtime subsystem. They are enabled for the
phone_manager.

Issue #5150
2024-04-12 15:02:45 +02:00
Norman Feske
85e020b8e1 gems: remove driver_manager
The former pkg/drivers_managed-pc has been replaced by the
pkg/sculpt_drivers-pc, which is merely a collection of archives.

Issue #5150
2024-04-12 15:02:45 +02:00
Norman Feske
99da68183f sculpt: abbreviate .part_block suffix to .part
This slightly reduces the horizontal space of the component graph.
2024-04-12 15:02:45 +02:00
Norman Feske
fe596f2219 sculpt: host NVMe driver in runtime
As the NVMe driver was the last remaining driver controlled by the
driver manager, this patch removes the 'drivers -> dynamic' subsystem
along with the driver manager from sculpt/drivers/pc.

Issue #5150
2024-04-12 15:02:45 +02:00
Norman Feske
206bf856bb sculpt: host AHCI driver in runtime
This patch moves the AHCI driver from the 'drivers -> dynamic'
subsystem to the runtime, managed by the sculpt_manager. One
implication of this change is the new need to supplement a device
port number to the 'Storage_target', in addition to the existing
label and partition. Previously, each block device was addressed by
merely a label specified for a parent session. The meanings of the
'Storage_target' elements are now as follows.

- The label corresponds to the driver component providing the storage.
- The port is used as block-session label when opening the session
  at the driver.
- The partition(s) denote the partition information contained in
  the block session.

Components operating as clients of the AHCI driver (e.g., a file system)
refer to their storage target as <label>-<port>.<partition> when a port
is defined (for AHCI). For drivers w/o ports, like USB storage where
each USB-block driver correponds to only one device, the storage target
is denoted as <label>.<partition>. When no partition table is present,
the '.<partition>' part is omitted.

Issue #5150
2024-04-12 15:02:45 +02:00
Norman Feske
e3803fb861 sculpt: host PS/2 driver in runtime
Issue #5150
2024-04-12 15:02:44 +02:00
Norman Feske
556a7b8b17 sculpt: host PC USB driver in runtime
This commit moves the USB and USB HID driver from the drivers subsystem
into the runtime. The former special USB node of the graph corresponds
now to the USB host-controller driver (named "usb"). The management
options for USB storage devices are available inside this component
node now.

Issue #5150
2024-04-12 15:02:44 +02:00
Norman Feske
3580bb6e17 sculpt: move event_filter to static system
By moving the event_filter and the numlock_remap_rom from the drivers
subsystem to the static system, the filtering can be applied to drivers
hosted in the runtime and drivers hosted in the drivers subsystem.

This is a preparatory step for moving the USB host and HID drivers to
the runtime.

Issue #5150
2024-04-12 15:02:44 +02:00
Norman Feske
06c4b0248b sculpt: upper limit for automatic quota upgrading 2024-04-12 15:02:44 +02:00
Martin Stein
e53b00aafb run/file_vault_client: remove troublesome § char
Ref #5148
2024-04-12 15:02:44 +02:00
Martin Stein
5907307af6 file_vault: re-enable support for 32-bit platforms
Ref #5148
2024-04-12 15:00:46 +02:00
Martin Stein
b903ddeea7 tresor: fix and test handling of minimal trees
* add testing of trees with minimal and maximal dimensions to tresor_tester.run
* replace tresor_init-local configuration type with simpler and more conformant
  configuration type in tresor/types.h that does also XML-parsing and
  XML-generation of configurations
* raise min degree to 2 because a degree of 1 is not practical und would
  require additional logic
* fix overflow with num_blocks=0 in Superblock_control::Read|Write_vbas
* fix off-by-one bug regarding the number of levels in Vbd_initializer
* improve sanity checks in Tree_configuration constructors
* document level indices in tresor_init/README
* fix size of some arrays in order to be able to handle the maximum number of
  tree levels

Ref #5077
2024-04-12 15:00:46 +02:00
Martin Stein
067a8a35cd tresor: fix faults on failed free-tree requests
* fixes two places, where the free tree module used to continue to process a
  request after actually having determined that the request fails
* moves the functionality of checking the hash of a read block and decoding it
  to a dedicated method in order to improve readability

Ref #5077
2024-04-12 15:00:46 +02:00
Martin Stein
81b17ba1e4 tresor_tester: check uninitialized vba data
Adds a new command attribute "uninitialized_data" to the Tresor Tester
configuration. If a <request op="read"> command has this attribute set to "yes"
it assumes the read blocks to be uninitialized and therefore contain only 0's.
Note, that a command that has "uninitialized_data" set to "yes" cannot have the
attribute "salt".

Ref #5077
2024-04-12 15:00:46 +02:00
Martin Stein
4a68f6bf75 tresor: discard snapshots only when writing the sb
Snapshots must only be removed when securing the superblock. Otherwise, the
last secured superblock might get corrupted. The Free Tree allocation algorithm
would not consider the deleted snapshots anymore although they are still active
in the secured superblock and re-use their blocks. This would render the tresor
container unusable if the superblock with the deleted snapshots is not secured
in the end (driver crash, power down, ...).

Ref #5077
2024-04-12 15:00:46 +02:00
Martin Stein
518c32e1af tresor: don't decode superblock before hash check
Superblock_control::Initialize used to decode a read superblock before checking
its hash. This is not necessary but may cause the operation to end up in a
decoding error on a superblock that is not the desired one anyway.

Ref #5077
2024-04-12 15:00:45 +02:00
Martin Stein
016a769605 tresor: check only the last secured superblock
Instead of iterating over all superblocks and checking each valid one,
check only the one whose hash matches the hash stored in the trust anchor.
I.e., the last one that was secured to the trust anchor. We must assume that
the other superblocks were corrupted in the meantime by operating the Tresor
container and, anyway, these Superblocks are not used anymore.

Ref #5077
2024-04-12 15:00:45 +02:00