Commit Graph

8479 Commits

Author SHA1 Message Date
Josef Söntgen
e777165090 dde_rump: block encryption server using cgd(4)
The 'rump_cgd' server provides block level encryption for a block
session by employing the 'cgd(4)' device provided by the rumpkernel.

'rump_cgd' uses a Block_session to get access to an existing block
device and provides another Block_session to its clients. Each block
written or read by the client is transperently encrypted or decrypted
by the server.

For now 'rump_cgd' may only _configure_ a 'cgd' device but is unable
to generate a configuration. The used cipher is hardcoded to
_aes-cbc_ with a keysize of 256 bit. Furthermore the server is able to
serve one client only.

To ease the usage, its interface is modelled after the interface of
'cgdconfig(8)'. As implications thereof the key must have the same
format as used by 'cgdconfig'. That means the key is a base 64 encoded
string in which the first 4 bytes denote the actual length of the key
in bits (these 4 bytes are stored in big endian order).

Preparing a raw (e.g. without partition table) encrypted Ext2 disk
image is done by executing 'tool/rump':

! dd if=/dev/urandom of=/path/to/disk_image
! rump -c /path/to/disk_image # key is printed to stdout
! rump -c -k <key> -F ext2fs /path/to/disk_image

To use this disk image the following config snippet can be used:

! <start name="rump_cgd">
! 	<resource name="RAM" quantum="8M" />
! 	<provides><service name="Block"/></provides>
! 	<config action="configure">
! 		<params>
! 			<method>key</method>}
! 			<key>AAABAJhpB2Y2UvVjkFdlP4m44449Pi3A/uW211mkanSulJo8</key>
! 		</params>
! 	</config>
! 	<route>
! 		<service name="Block"> <child name="ahci"/> </service>
! 		<any-service> <parent/> <any-child/> </any-service>
! 	</route>
! </start>

the Block service provided by rump_cgd may be used by a file system
server in return:

! <start name="rump_fs">
! 	<resource name="RAM" quantum="16M"/>
! 	<provides><service name="File_system"/></provides>
! 	<config fs="ext2fs">
! 		<policy label="" root="/" writeable="yes"/>
! 	</config>
! 	<route>
! 		<service name="Block"> <child name="rump_cgd"/> </service>
! 		<any-service> <parent/> <any-child/> </any-service>
! 	</route>
! </start>

Since 'tool/rump' just utilizes the rumpkernel running on the host
system to do its duty there is a script called 'tool/cgdconf' that
extracts the key from a 'cgdconfig(8)' generated configuration file
and also is able to generade such a file from a given key. Thereby
the interoperabilty between 'rump_cgd' and the general rumpkernel
based tools is secured.
2014-05-27 11:14:45 +02:00
Josef Söntgen
c04ddbf6d8 dde_rump: move memcpy() to rump lib
On ARM in one way or another 'string.h' prototypes will be used. Move
the definitions from rump_fs to the rump library because it is needed
by all rump based servers running on ARM.

Issue #1141.
2014-05-27 11:14:45 +02:00
Josef Söntgen
0a0f0031a4 libports: enable curl on arm 2014-05-27 11:14:45 +02:00
Christian Prochaska
ea79c0e2e9 openssl: add ARM support
Fixes #1136.
2014-05-27 11:14:45 +02:00
Christian Prochaska
33f64343e1 core: make parent EP stack size depend on addr_t
Make the stack size of core's parent entrypoint thread depend on
sizeof(addr_t).

Fixes #1152.
2014-05-27 11:14:44 +02:00
Christian Prochaska
15e231d733 noux_gdb: adapt to libc VFS
Fixes #1150.
2014-05-27 11:14:44 +02:00
Christian Helmuth
039e333d2b Adapt version generation to new directory layout 2014-05-27 11:14:44 +02:00
Christian Prochaska
927af36c58 Volatile_object: align the embedded object
The space for the embedded object needs to be natively aligned to avoid
alignment errors on ARM.

Fixes #1149.
2014-05-27 11:14:44 +02:00
Norman Feske
05a460c11f Temporarily disable hash checks
...until the transition to the new ports management is complete.
2014-05-27 11:14:44 +02:00
Stefan Kalkowski
aff92004d1 base-pistachio: migrate to new ports mechanism
Issue #1082
2014-05-27 11:14:44 +02:00
Stefan Kalkowski
de4335b443 base-fiasco: migrate to new ports mechanism
Issue #1082
2014-05-27 11:14:43 +02:00
Stefan Kalkowski
5cdfb0a3a5 base-foc: migrate to new ports mechanism
Issue #1082
2014-05-27 11:14:43 +02:00
Josef Söntgen
313202fb65 dde_ipxe: migrate to new ports mechanism
Issue #1082
2014-05-27 11:14:43 +02:00
Sebastian Sumpf
d1e10e939d dde_linux: migrate to new ports mechanism
Issue #1082
2014-05-27 11:14:43 +02:00
Stefan Kalkowski
abcb0f62d7 ports-foc: migrate to new ports mechanism
Issue #1082
2014-05-27 11:14:43 +02:00
Norman Feske
6adbb9e438 ports: migrate to new ports mechanism
Issue #1082
2014-05-27 11:14:43 +02:00
Norman Feske
e17f271ba6 dde_oss: migrate to new ports mechanism
Issue #1082
2014-05-27 11:14:43 +02:00
Norman Feske
7d4f8fa746 base-nova: migrate to new ports mechanism
Issue #1082
2014-05-27 11:14:43 +02:00
Norman Feske
35cf48cdc8 base-okl4: migrate to new ports mechanism
Issue #1082
2014-05-27 11:14:42 +02:00
Norman Feske
85a2ebc1c4 libports: migrate to new ports mechanism
Issue #1082
2014-05-27 11:14:42 +02:00
Norman Feske
bcbb0dabf5 Build-system support for creating host tools 2014-05-27 11:14:42 +02:00
Norman Feske
3de1423a6a Build-system support for ported 3rd-party code
The new 'select_from_ports' function allows a target description file to
query the path to an installed port. All ports are stored in a central
location specified as CONTRIB_DIR. By default, CONTRIB_DIR is defined
as '<genode-dir>/contrib'. Ports of 3rd-party source code are managed
using the tools at '<genode-dir>/tool/ports/'.

Issue #1082
2014-05-27 11:14:42 +02:00
Norman Feske
9f43aa4363 base-nova: fully qualify Utcb type 2014-05-27 11:14:41 +02:00
Christian Prochaska
f1aa137c9d tool_chain: fix GDB build with makeinfo 5
Issue #1051.
2014-05-14 16:08:01 +02:00
Christian Prochaska
776d7f947f tool_chain: fix GCC build with makeinfo 5
Issue #1051.
2014-05-14 16:08:01 +02:00
Christian Prochaska
d4bf55a308 tool_chain: use real patches
Issue #1051.
2014-05-14 16:08:00 +02:00
Sebastian Sumpf
99245aceb2 noux: Disable makeinfo for coreutils
Issue #1051
2014-05-14 16:08:00 +02:00
Norman Feske
b2f78cc475 Unify 'make prepare' between libports and ports 2014-05-14 16:08:00 +02:00
Norman Feske
ca971bbfd8 Move repositories to 'repos/' subdirectory
This patch changes the top-level directory layout as a preparatory
step for improving the tools for managing 3rd-party source codes.
The rationale is described in the issue referenced below.

Issue #1082
2014-05-14 16:08:00 +02:00