Commit Graph

109 Commits

Author SHA1 Message Date
Norman Feske
4fdc999087 Dialog API
The new API at gems/include/dialog/ aids the creation of simple GUI
applications based on the menu-view widget renderer. Its use is
illustrated by the simple test application at src/test/dialog/
that is accompanied with the dialog.run script.

Issue #5008
2023-10-04 13:22:06 +02:00
Martin Stein
aeb65d6b1b file_vault: version 23.05
* ARM support and detaching from Ada/SPARK

  * Remove all CBE-related code - especially the Ada/SPARK-based CBE library.

    * We have no means or motivation of further maintaining big projects in
      Ada/SPARK (the core Genode team is native to C++).

    * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an
      important architecture for Genode. This would mean extra commitment in
      Ada/SPARK.

    * We realize that block encryption more and more becomes a fundamental
      feature of Genode systems.

  * Implement a new block encryption library named Tresor that is inspired by
    the design and feature set of the former CBE library and that is entirely
    C++ and part of the Genode gems repository.

    * The Tresor block encryption is backwards-compatible with the on-disk
      data layout of the former CBE block encryption.

    * Except from the snapshot management and the "dump" tool, the Tresor
      block encryption provides the same feature set as the former CBE block
      encryption and accepts the same user requests at the level of the
      Tresor library API.

    * So far, the Tresor block encryption does not support the creation of
      user-defined snapshots.

    * In contrast to the former CBE, the Tresor ecosystem has
      no "dump" tool beause with the CBE library it turned out to be rarely of
      use.

    * In contrast to the Block back-end of the CBE "init" tool, the Tresor
      "init" tool uses a File System back-end.

    * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin.

      * The Tresor-VFS plugin in general is similar to the former CBE VFS but
        has a slightly different API when it comes to re-keying and re-sizing.
        Each of these operations now is controlled via two files. The first
        file is named <operation> and the user writes the start command to it.
        The user must then read this file once in order to drive the operation.
        The read returns the result of the operation, once it is finished.
        The second file is named <operation>_progress and can be watched and
        read for obtaining the progress of the operation as percentage.

    * The file vault is adapted to use the new Tresor ecosystem
      instead of the former CBE ecosystem and thereby also gains ARM support.

    * The former CBE tester and CBE VFS-tests are replaced by equivalent
      Tresor variants and are now run on ARM as well (testing with a persistent
      storage back-end is supported only when running on Linux).

    * So far, the new Tresor block encryption has no internal cache for meta
      data blocks like the former CBE.

* Add config/report user interface

  * Add a second option for the administration front end to the file vault
    named "config and report". With this front end the File Vault communicates
    with the user via XML strings. A ROM session is requested for user input
    and a Report session for user output. The front end type must be set at
    startup via the component config and is a static setting. The graphical
    front end that was used up to now is named "menu view" and remains the
    default.

  * The File Vault can now reflect its internal state and user input ("config
    and report" mode only) at the LOG session via two new static config
    attributes "verbose_state" and "verbose_ui_config" (both defaulting to
    "no").

  * The Shutdown button in "menu view" mode is replaced with a Lock button. The
    new button doesn't terminate the File Vault but merely lock the encrypted
    container and return to a cleared passphrase input. The same transition is
    also provided in "config and report" mode.

  * The file_vault.run script is replaced with file_vault_menu_view.run and
    file_vault_cfg_report.run that address the two front end modes. In contrast
    to the former script, which is interactive, the latter script is suitable
    for automatic testing.

  * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does
    the same as file_vault_cfg_report.run but uses the File Vault package and
    can be executed with the Depot Autopilot. The new test package is added to
    the default test list of depot_autopilot.run

  * The File Vault README is updated to the new version of the component and
    has gained a chapter "functional description".

  * Fixes a regression with the cbe_init_trust_anchor component that prevented
    reacting to a failed unlock attempt in the File Vault.

* The new Tresor software Trust Anchor has an optional deterministic mode in
  which it replaces the normally randomized symmetric keys with 0. This mode
  comes in handy for debugging. However, it should never be activated in
  productive systems. When activated, the user is warned extensively on the
  LOG that this system mode is insecure.

Ref #4819
2023-05-30 12:03:32 +02:00
Norman Feske
b0e52ba7d4 util/misc_math.h: remove abs function
Fixes #4766
2023-02-27 08:22:49 +01:00
Norman Feske
bdf47785b8 vfs: remove 'file_size' from read/write interfaces
The 'file_size' type denotes the size of files on disk in bytes. On
32-bit architectures it is larger than the size_t, which refers to
in-memory object sizes.

Whereas the use of 'file_size' is appropriate for ftruncate and seek, it
is not a suitable type for the parameters of read/write operations
because those operations refer to in-memory buffers.

This patch replaces the use of 'file_size' by size_t. However, since it
affects all sites where the read/write interface is uses, it takes the
opportunity to replace the C-style (pointer, size) arguments by
'Byte_range_ptr' and 'Const_byte_range_ptr'.

Issue #4706
2023-02-27 08:22:49 +01:00
Norman Feske
d26770eb40 gems/gui_buffer.h: grammar fix in comment 2023-02-27 08:22:47 +01:00
Norman Feske
677c8e828c depot_download,depot_query: support system images
This patch enhances the depot_download subsystem with support for
downloading and querying system images.

The installation ROM support the following two now download types:

  <image_index path="<user>/image/index"/>
  <image       path="<user>/image/<name>"/>

Internally, the depot-download subsystem employs the depot-query
component to determine the missing depot content. This component
accepts the following two new queries:

  <images      user="..."/>
  <image_index user="..."/>

If present in the query, depot_query generates reports labeled as
"images" and "image_index" respectively.

The also tracks the completion of each job depending on the depot-
query results, so that the final report contains a result for each
installation item requested. Prior this patch, the inactivity of the
depot-download manager (indicated by an empty state report) was
interpreted as success. But that prevents the proper association of
results and requested installation items.

Issue #4744
2023-02-27 08:22:47 +01:00
Norman Feske
7ada79b5ca Don't use deprecated Readonly_file::read variants
Issue #4745
2023-02-27 08:22:46 +01:00
Norman Feske
3447d0ccb9 menu_view: avoid flicker when enlarging the view
Each time when enlarging the menu view, a new 'Gui_buffer' is
constructed with the new size. At its contruction time, the default
reset background color is in effect, which is evaluated by
'reset_surface' as part of the construction. A custom reset color
takes effect only after the construction. Hence, when the Gui_buffer is
flushed to screen immediately at construction time, the gray default
becomes visible for a short time.

This patch changes the Gui_buffer to accept the reset background color
as construction argument so that it takes immediate effect.

Related to #4592
2023-02-27 08:22:46 +01:00
Norman Feske
74e6370187 cbe/vfs/trust_anchor_vfs.h: avoid 'Constructible' 2023-01-24 12:07:30 +01:00
Norman Feske
909c3571e3 vfs/cbe: Remove use of Io_response_handler
The patch also touches app/cbe_init because it depends on the
public cbe/vfs/trust_anchor_vfs.h header.

Issue #4706
2023-01-24 12:07:30 +01:00
Norman Feske
9a2c03d2c6 vfs: remove Read_result::READ_ERR_INTERRUPT
The error condition was too vague and thereby remained unused in
practice.

Issue #4706
2023-01-24 12:07:30 +01:00
Norman Feske
ba78cf72ae vfs: remove Read_result::READ_ERR_AGAIN
The condition is covered by READ_ERR_WOULD_BLOCK.

Issue #4706
2023-01-24 12:07:30 +01:00
Norman Feske
cf87b0fadb vfs: simplify File_io_service::write return values
This patch removes the 'Insufficient_buffer' exception by returning the
WRITE_ERR_WOULD_BLOCK result value instead. It also eliminates the
superfluous WRITE_ERR_AGAIN and WRITE_ERR_INTERRUPT codes.

Issue #4697
2023-01-24 12:07:28 +01:00
Norman Feske
c0e303632e gems: fix clipping in polygon_gfx/line_painter.h
This clipping check happened to wrongly test the surface's clipping area
instead of the by 1x1 pixel reduced 'clip' rectangle.
2022-09-21 12:19:10 +02:00
Johannes Schlatow
7d143087c9 xml_node: change with_sub_node signature
The `with_sub_node` method is renamed to `with_optional_sub_node` to
better reflect that the non-existence of a sub node with the desired type is
ignored.
At the same time, the new `with_sub_node` now takes a second functor that is
called when no sub node of the desired type exists.

genodelabs/genode#4600
2022-09-19 14:00:33 +02:00
Norman Feske
2772abc8d7 menu_view: configurable alpha channel and bg color
This patch enhances menu_view with the optional configuration attributes
'opaque' and 'background'. Setting 'opaque' to "yes" suppresses the use
of the alpha channel at the GUI session. This improves the drawing
performance by 20% on the PinePhone. Since the menu_view uses the
gems/gui_buffer.h utility, the 'Gui_buffer' received a new 'Alpha'
argument at construction time.

The 'background' attribute can be specified to define the reset color of
the GUI buffer. It alleviates the need to create a frame widget for the
top level.

The patch also switches the optimization level for compiling menu_view
to -O3, which increases the drawing performance on the PinePhone by 30%.

Fixes #4592
2022-08-31 09:32:09 +02:00
Johannes Schlatow
ef742001e8 trace_recorder: implementation
genodelabs/genode#4352
2022-08-17 12:03:26 +02:00
Johannes Schlatow
758ba3855e trace: add types for trace_recorder policies
genodelabs/genode#4352
2022-08-17 12:03:26 +02:00
Johannes Schlatow
062881a484 trace: add types for ctf tracing
genodelabs/genode#4352
2022-08-17 12:03:26 +02:00
Piotr Tworek
05e4993d2e gems: Avoid flexible array member in Cached_font.
Switch the code to 0 lengh array instead. The code in
Lru_cache::element_size calls sizeof on this structure. This works in
gcc, but fails when using clang. Even for GCC however the documentation
states:

  "Flexible array members have incomplete type, and so the sizeof operator
   may not be applied. As a quirk of the original implementation of
   zero-length arrays, sizeof evaluates to zero."

Basically its an implementation quirk that clang does not support. Both
GCC and clang do support zero sized arrays however so using them here
allows both compilers to process this code.

Ref: https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html

Issue #4421
2022-02-15 10:23:58 +01:00
Norman Feske
62b4871c5c Remove gems/magic_ring_buffer.h
Since its introduction four years ago, the utility remained
largely unused.

Fixes #4403
2022-02-15 10:17:28 +01:00
Norman Feske
8a1675e12e gems: avoid implicit conversions
Issue #23
2021-12-17 15:04:46 +01:00
Norman Feske
dc39a8db62 base: introduce Allocator::try_alloc
This patch changes the 'Allocator' interface to the use of 'Attempt'
return values instead of using exceptions for propagating errors.

To largely uphold compatibility with components using the original
exception-based interface - in particluar use cases where an 'Allocator'
is passed to the 'new' operator - the traditional 'alloc' is still
supported. But it existes merely as a wrapper around the new
'try_alloc'.

Issue #4324
2021-11-29 15:11:52 +01:00
Martin Stein
8dfa586462 vfs/cbe_trust_anchor: fix bug in key decrypt
The plugin used the ciphertext instead of the plaintext buffer for key
decryption which led to bogus ciphertext keys.

Ref #4032
2021-10-13 14:50:46 +02:00
Martin Stein
42490208c2 vfs/cbe_trust_anchor: fix unlocking
The unlocking operation in the trust anchor was broken wich caused bad keys in
the CBE. This rewrites the whole operation to work as desired. Note that this
doesn't make it more safe! The private key is still almost the same as the
passphrase and stored plaintext.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
df7de17435 vfs/cbe_trust_anchor: sync hashfile-handle close
Closing the hashfile handle after a write operation wasn't synchronised to the
actual end of the write operation.

Issuing a write operation at the back end returns successfull as soon as the
back end has acknowledged that it will execute the operation. However, the
actual writing of the data might still be in progress at this point. But the
plugin used to close the file handle and declare the operation finished at this
point which led to warnings about acks on unknown file handles and leaking
resources. Now, the plugin issues a sync operation directly after the write
operation and waits for the sync to complete. This ensures that the plugin
doesn't declare the operation finished too early.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
bd79f93657 cbe/types: invalid generation, generation string
Ref #4032
2021-10-13 14:50:45 +02:00
Norman Feske
d19b751632 nano3d: remove surface-clear optimization
This patch fixes a GCC-10 compile error. Even though the optimization
was quite effective - I measured a speedup of factor 2 - it is not all
that important for the overall application performance. In the nano3d
case, we are talking about 1 vs. 2 percent of CPU time.

Fixes #4140
2021-05-10 11:17:20 +02:00
Piotr Tworek
ffb931f8b1 nano3d: Fix header guard in sqrt.h
The code fails to build with clang due to the following warning/error:

  error: '_INCLUDE__NANO3D__SQRT_H_' is used as a header guard here,
  followed by #define of a different macro [-Werror,-Wheader-guard]

Fix this by removing the extra underscore from this header guard
definition.

Issue #3985
2021-01-25 13:58:11 +01:00
Martin Stein
30b8f4efc8 gems: import Genode-specific code of the CBE
The CBE repository contained a lot of Genode-specific code despite the fact
that the CBE core logic is not bound to Genode in any way. Therefore the
Genode-specific CBE code is moved to the 'gems' repository to form part of
Genode mainline. The remaining CBE code becomes a port in Genode instead of
being invoked as sub-repository.

The commit combines the following work steps:

* add all files removed from CBE repository
* add CBE port files
* make all CBE libs and targets build again
* make all CBE run scripts succeed again
* make all CBE recipes build again
* make CBE autopilot succeed again
* let CBE autopilot use 'libsparcrypto' contrib dir and Genode build dir
  instead of '.ci' dir in CBE contrib dir (remove '.ci' dir from CBE repo)
* let CBE autopilot always check for all ports
* make CBE autopilot directly executable
* fix license headers in all Genode CBE files
* remove unused VFS replay component
* remove unused CBE test
* remove unused external crypto
* remove unused files in run dir
* remove unused external trust anchor
* add cbe_tester test to autopilot list
* get rid of directories 'include/cbe_*' and 'include/utils'

Fixes #3937
2020-11-27 09:19:08 +01:00
Norman Feske
2a4adc895c Remove dithering from menu_view, themed decorator
With the change from RGB565 to RGB888, the application of dithering has
become obsolete.

Issue #3784
2020-08-25 11:50:11 +02:00
Norman Feske
658091bfad ttf_font: add sanity check for invalid scale value
The check prevents the Ttf_font from violating the bounding box in the
presence of very small scale values. This can happen during the startup
of Sculpt. Before the framebuffer driver is up, Sculpt bases its dynamic
font-size setting on a screen resolution of 1x1.

Issue #3812
2020-08-25 11:50:10 +02:00
Alexander Boettcher
3d634df34d gems: remove report_rom_slave.h
Fixes #3803
2020-07-06 14:43:04 +02:00
Norman Feske
ef741ef80d Change pixel format to 32 bits per pixel
Until now, Genode's framebuffer session interface was based on the
RGB565 pixel format. This patch changes the pixel format to 32-bit
XRGB where the X part is ignored. It adapts all graphical applications
and device drivers accordingly.

The patch also adjusts the users of the drivers_interactive packages,
assigning 64 MiB RAM and 1500 caps to the drivers subsystem, which is
sufficient for covering high resolutions at 32 bits per pixel and to
accommodate multi-component USB HID input stacks.

Fixes #3784
2020-06-29 14:22:29 +02:00
Norman Feske
5d40c0c1ce Rename 'Nitpicker' namespace to 'Gui'
Issue #3778
2020-06-22 09:39:40 +02:00
Norman Feske
98f39c698f Rename "Nitpicker" service name to "Gui"
Issue #3778
2020-06-22 09:39:39 +02:00
Norman Feske
c6eda9bd80 Rename include/nitpicker_session to gui_session
This patch also renames the depot api archive accordingly.

Issue #3778
2020-06-22 09:39:39 +02:00
Norman Feske
582e0e718c menu_view: make texture handling more robust
This patch improves the robustness of menu_view when encounting missing
textures, which can happen during development when using styled buttons
and frames. With the patch, menu_view outputs diagnostic messages,
pinpointing the problem.

The patch also updates the texture handling to use the 'File_content'
utility and the VFS for obtaining PNG images.

Issue #3629
2020-02-27 14:46:58 +01:00
Norman Feske
60f5d0e34a gems/animated_geometry.h: increase value range
The value range supported by the 'Animated_rect' utility is constrained
to 2^11 by the used 32-bit integer type. The interpolation is performed
on fixpoint numbers with a fractional precision of 10 bits. The
non-linear interpolation as performed by the 'Lazy_value' utility
involves squaring the values. Hence, the interpolated integral values
must not exceed 2^11 (2*11 bits for the square plus 10 bit for the
fractional part require 32 bits). This range is too small for
high-resolution displays. Hence this patch replaces the 32-bit integer
type by a 64-bit integer type.

Fixes #3627
2020-02-20 12:08:16 +01:00
Norman Feske
c85bc38802 Move include/gems/vfs.h to include/os/vfs.h
Fixes #3515
2019-11-19 14:23:56 +01:00
Norman Feske
5ab1505d43 file system: enhanced file status info
This patch extends the 'File_system::Status',
'File_system::Directory_entry', and the related 'Vfs' types with
the following additional information:

- Distinction between continuous and transactional files (Node_type)
  (issue #3507)
- Readable, writeable, and executable attributes (Node_rwx),
  replacing the former 'mode' bits
  (issue #3030)

The types 'Node_rwx', 'Node_type' are defined twice,
once for the VFS (vfs/types.h) and once for the 'File_system'
session (file_system_session/file_system_session.h).
Similarly, there is a direct correspondance between
'Vfs::Directory_service::Dirent' and 'File_system::Directory_entry'.

This duplication of types follows the existing pattern of keeping the
VFS and file-system session independent from each other.
2019-11-19 14:23:56 +01:00
Sebastian Sumpf
399487c85d gems: add direct fs constructor to Watch_handler
issue #3294
2019-07-09 08:55:23 +02:00
Norman Feske
c38c80fd43 menu_view: midway re-targeting of geometry motion
This patch fixes the corner case where an animated geometry changes its
destination mid-way while an animation is already in progress. The
'_trigger_animated_geometry' method used to back out early in this case,
which was intended as an optimization.

Fixes #3296
2019-05-06 16:15:26 +02:00
Martin Stein
181c78d482 timeout: use uint64_t for all plain time values
This enforces the use of unsigned 64-bit values for time in the duration type,
the timeout framework, the timer session, the userland timer-drivers, and the
alarm framework on all platforms. The commit also adapts the code that uses
these tools accross all basic repositories (base, base-*, os. gems, libports,
ports, dde_*) to use unsigned 64-bit values for time as well as far as this
does not imply profound modifications.

Fixes #3208
2019-05-06 16:15:26 +02:00
Norman Feske
a2743dcaeb Library for the AES-CBC en/decryption of 4K blocks
The 'aes_cbc_4k' library is simple wrapper around libsparkcrypto to
serve as a backend for storage encryption. It operates on data chunks of
4 KiB and uses AES-CBC while incorporating the block number and the
private key as salt values.
2019-04-09 12:30:35 +02:00
Emery Hemingway
a635873568 VFS: Replace global response handlers with local handlers
Replace the I/O response handler that is passed to the VFS at
construction with an object that is dynamically attached to handles.
This object shall also accept read-ready notifications, and plugins are
encouraged to keep handles awaiting ready-ready notifications separate
from handles that await I/O progress.

Replace the use of handle lists in plugins with handle queues, this
makes the code easier to understand and the ordering of notifications to
the application more explicit.

These changes replace the use of the Post_signal_hook from all VFS
plugins, applications must assume that read-ready and I/O notifications
occur during I/O signal dispatch and use an Io_progress_handler at its
entrypoints to defer response until after signal dispatching.

Fix #3257
2019-04-09 12:30:34 +02:00
Norman Feske
73f79ed5b1 gems/vfs.h: add Directory::unlink
This is needed to accommodate the fs_tool component.

Issue #3222
2019-03-18 15:56:25 +01:00
Norman Feske
ac68073ffc depot_download: support downloading index files
With this commit, the 'installation' input of the depot-download
subsystem accepts <index> nodes in addition to <archive> nodes. Each
index node refers to one index file specified via the 'path' attribute.

This commit also improves the tracking of failure states. Once an
installation job failed (due to a download of verification error),
it won't get re-scheduled. In the past, such failure states were not kept
across subsequent import iterations, which could result in infinite
re-attempts when an installation contained archives from multiple users.
The the progress of the download process is now reflected by the
"progress" attribute on the download manager's state report, which
allows the final report to contain the list of installed/failed archives
along with the overall progress/completed state. The detection of the
latter is important for the sculpt manager for reattempting the
deployment of the completed packages.

The patch enhances the depot_download.run script to stress the new
abilities. In particular, the scenario downloads a mix of index files
(one present, one missing) and archives, from two different depot users
(genodelabs and nfeske).

Issue #3172
2019-02-28 11:34:06 +01:00
Norman Feske
ba2b0b8360 gems: remove the use of deprecated APIs
This patch also updates os/slave.h because the app/launcher cannot be
reasonably updated without it.

Issue #1987
Issue #3125
2019-01-30 13:49:54 +01:00
Norman Feske
3bd4197951 gems: enable strict warnings for more components
Issue #465
2019-01-30 13:35:28 +01:00