Commit Graph

1478 Commits

Author SHA1 Message Date
Norman Feske
e8059ccba5 vfs/pipe: fix dangling read_ready_waiters element
This patch removes the obsolete 'io_progress_elem', which was wrongly
enqueued to the 'read_ready_waiters' fifo and not dequeued at
destruction time.

Fixes #4987
2023-09-29 12:17:45 +02:00
Alice Domage
6881a71a87 depot_remove.run: improve <remove_all/> tests
This commits introduces changes to test number 4, so it must keep
more than one PKG. Also, it introduces a 5th test to verify that the
<remove_all/> functionality does delete everything in the depot.

Issue genodelabs#4866
2023-09-29 12:15:05 +02:00
Alice Domage
3f661a75e4 depot_remove.run: make test functions more intuitive
This commits introduces improvements to the test functions to avoid
code duplication, and renames these functions to reflect better what they
are used for.

Issue genodelabs#4866
2023-09-29 12:15:05 +02:00
Christian Helmuth
134a785fe0 depot: update recipe hashes 2023-08-24 11:01:40 +02:00
Martin Stein
53018515a9 net_test-pc.sculpt: minimal setup for net tests
A small sculpt setup with routed and raw access to the PC NIC-driver as well
as a launcher for the ping app.

Ref #4966
2023-08-21 08:12:01 +02:00
Martin Stein
d8c51656d7 depot_autopilot: forward tabs and color sequences
The Depot Autopilot used to filter out tabs and color sequences before
forwarding the test log to the own log. This commit prevents this and further
cleans up the string-filters code.

Ref #4922
2023-08-21 08:12:01 +02:00
Martin Stein
987dea5f7f depot_autiopilot: consider log_prefix attribute
The new 'log_prefix' attribute is effective when used in a tests runtime in
<succeed> or <fail> tags that have a non-empty content string. When matching
the log against the pattern given in the affected <succeed> or <fail> tag, the
Depot Autopilot will consider only those test-log lines that start with the
given prefix.

Ref #4922
2023-08-21 08:12:01 +02:00
Martin Stein
c47a6b0830 depot_autopilot: simplify success-criterion syntax
* Removes the <event> tag from all test package runtime files and replaces the
  contained <timeout> and <log> sub-tags with the new tags <succeed> and
  <fail>. If a <succeed> or <fail> tag has a content, it defines a log pattern
  that should be recognized and render the test failed or successful. If a
  <succeed> or <fail> tag has an attribute after_seconds that is not set to 0,
  it defines a timeout after which the test should be rendered failed or
  successful.

* Adapts the Depot Autopilot to support the new syntax in the test-package
  runtime files. However, for now, the Depot Autopilot is kept compatible to
  the old syntax as well. If the <events> tag is present, it is prioritized
  over the new syntax.

Fixes #4922
2023-08-21 08:12:01 +02:00
Martin Stein
b587134a8d net tests: raise nic_drv/drivers cap quota
Several nightly network-related tests fail currently on sel4/pc because the
new e1000 NIC driver requires more capabilities. The "drivers nic" package
was already adapted to the new requirement but some tests fail to provide
enough caps to the corresponding sub system. This commit tries to fix all
remaining tests.

Ref #4923
2023-08-21 08:12:01 +02:00
Norman Feske
7aa301361d depot: update recipe hashes 2023-07-14 12:06:32 +02:00
Josef Söntgen
dd1b8a106f drivers/wifi: perform multi-staged construction
Since the wireless LAN driver is actually a 'Libc::Component' due to
its incorporation of the 'wpa_spplicant' application, we have to
intercept its construction because we have to initialize the Lx_kit
environment before any static ctors are executed. Most Linux initcalls
are implemented as ctors that will be otherwise implicitly executed
before the controll is given to us in 'Libc::Component::construct'.

Issue #4927.
2023-07-14 12:06:32 +02:00
Christian Helmuth
62a0605cf0 depot_autopilot: skip RAM-hungry tests on foc/pbxa9
foc (or maybe bootstrap) seems to cap RAM at 256 MiB while hw uses the
entire RAM configured at the Qemu command line.
2023-07-14 12:06:32 +02:00
Martin Stein
2fb0bfdf85 drivers_nic-pc: raise nic drv cap quota
The reason for this was that run/nic_router_disable_arp was failing on
sel4+qemu+x86_64.

Ref #4923
2023-07-14 12:06:32 +02:00
Norman Feske
75bfc37b18 sculpt: screensaver infrastructure
This patch enhances Sculpt with the ability to detect user inactivity
for driving a screensaver by combining nitpicker's hover and focus
reports with a timer.

Issue #4950
2023-07-14 12:06:32 +02:00
Norman Feske
ba67b535f8 gems: remove leitzentrale.run
This run script is superseded by modular Sculpt, which is able to run on
base-linux.
2023-07-14 12:06:32 +02:00
Martin Stein
7b7851abfb vfs/tresor_trust_anchor: fix alignment faults
Fixes alignment faults that occured in the AES256 implementations while
wrapping or unwrapping keys on imx53_qsb, imx6q_sabrelite, and imx7d_sabre.
The problem was that the unwrap_key/wrap_key functions did reinterpret casts
from unsigned char pointers to uint64_t pointers and then directly used the 64
bit values of referenced by the latter. Most probably this caused the compiler
to optimize operations in the assumption that the pointer is 8-byte aligned
which then created alignment faults.

As a solution, this commit changes the interface of the wrap_key/unwrap_key
functions to take uint64 pointers as arguments instead of unsigned char
pointers and then adapts the function users to ensure that they refer to
appropriately aligned memory regions.

Fixed #4932
2023-07-14 12:06:32 +02:00
Stefan Kalkowski
15b30f3547 sculpt_image: add MNT Reform2 as target board
Fix genodelabs/genode#4936
2023-07-14 12:06:31 +02:00
Christian Helmuth
8ecbc48211 sculpt: replace ipxe_nic_drv by pc_nic_drv
Issue #4921
2023-07-14 12:06:31 +02:00
Christian Helmuth
48cc8fb657 drivers_nic-pc: replace ipxe_nic_drv by pc_nic_drv
Also, the configuration enables MAC-address reporting and includes a
verbose mac_report_rom.

Issue #4921
2023-07-14 12:06:27 +02:00
Christian Helmuth
d258422c34 pc_nic_drv: ethernet NIC driver based on Linux 6.1
Fixes #4921
2023-07-14 12:05:54 +02:00
Alice Domage
943c9809ed depot_remove.run: replace x86_64 by [depot_spec]
This change makes the run script compatible with all CPU architectures.

Issue genodelabs#4866
2023-07-14 12:01:19 +02:00
Martin Stein
abe163c335 tresor: do not use on-disc-layouted structs
* Removes all previous structs that represented an on-disc block layout
  and were therfore subject to a number of layout restrictions (packed,
  padding members, enum representations, etc.).
* Adds a replacement struct without any layout restrictions for each of the
  removed structs. The new structs are named similar to the old structs.
* Adds block encoding and decoding utilities for easily converting from the
  new structs to on-disc blocks and vice-versa (Block_scanner, Block_generator,
  T::decode_to_blk, T::encode_from_blk)
* Adapts all affected places in the library to encode and decode proberly
  instead of simply casting pointers.
* Thereby cleans up the hashing utilities to use typed-reference args instead
  of void pointers.
* Re-enables run/tresor_tester and test-file_vault_vonfig_report for platforms
  rpi, imx53_qsb, imx53_qsb_tz, imx6q_sabrelite, imx7d_sabre.

Ref #4819
2023-07-14 12:01:19 +02:00
Norman Feske
79e262921e depot: update recipe hashes 2023-06-16 11:24:26 +02:00
Timo Nicolai
0a81bd5d5a depot_download_manager: fix verifying failed download
In some instances, the fetchurl progress determined by
depot_download_manager will be empty when the download fails (e.g. due
to a 404), this commit fixes a bug where this would be interpreted as
the download having completed which would subsequently start hash
verification of a package that has never actually been downloaded.

Fixes #4919
2023-06-16 11:24:26 +02:00
Johannes Schlatow
6e607349e1 depot: add black_hole and fonts_fs to pkg/goa
Goa now makes use of the black-hole component and has been enabled to provide
a fonts_fs.

genodelabs/genode#4928
genodelabs/goa#42
2023-06-16 11:24:26 +02:00
Alice Domage
fb0e8fffa2 New depot_remove component
The depot_remove component can delete PKG archives with
automatically resolving dependencies and deleting archives that are not
required on the system anymore.

Issue genodelabs#4866
2023-06-16 11:24:26 +02:00
Martin Stein
dea53f635f Refine tresor tests
* Use jitterentropy only if supported.
  On certain targets like pbxa9 or zynq_qemu, the performance counter always
  yields 0, which renders jitterentropy unusable. On these platforms, the
  Tresor tests now use a static value as entropy source instead.

* Adds a new package test-file_vault_config_report_no_entropy that is used by
  the Depot Autopilot on targets without jitterentropy support instead of
  test-file_vault_config_report. The only difference between the two packages
  is the value of the above described new config attribute of the File Vault.

* Circumvent alignment fault.
  The Tresor lib for now has the deficiency of using on-disc data structures
  directly in code instead of decoding them first to unpacked, naturally
  aligned structures. This causes problems with memory-access alignment on
  several platforms (rpi, imx6q_sabrelite, imx53_qsb, imx7d_sabre). As fixing
  this properly is a bit of work, the commit disables the tresor_tester and
  file_vault_config_report test on the affected platforms in autopilot mode for
  now.

* Further adjustments
  * Make benchmarks optional
  * Use a smaller tresor for rekeying
  * Clean up image parameters
  * No use implicit routes/resources
  * Reduce ram consumption
  * Reduce test timeout
  * Raise cap quota, required for sel4 x86_64.

Ref #4819
2023-06-16 11:24:26 +02:00
Martin Stein
5800ab4961 vfs/tresor_trust_anchor: remove debug mode
The debug mode turned out to be unnecessry because the plugin can be simply
replaced with an <inline> file VFS plugin that has a content size of 32 bytes.

Ref #4819
2023-06-16 11:24:26 +02:00
Martin Stein
03d7258d33 tresor: better handling of hash mismatches
Instead of throwing an uncaught exception, the corresponding request is marked
failed.

Ref #4819
2023-06-16 11:24:26 +02:00
Martin Stein
7c5c92351e file_vault: compatibility with 21.05 containers
* Fix minimum passphrase size to be the same as with File Vault 21.05.
* Adapt to different image name of File Vault 21.05.

Ref #4819
2023-06-16 11:24:25 +02:00
Martin Stein
80b729703b file_vault_config_report tests: fix for pistachio
* relaxes the timing and reduces the test steps because pistachio is quite
  slow and would otherwise trigger problems with our easy approach of using a
  dynamic rom instead of a proper manager

* provide IO_PORT and IRQ session to timer driver

Ref #4819
2023-06-16 11:24:25 +02:00
Josef Söntgen
194af03fe9 autopilot.list: replace cbe with tresor tester
Issue #4819.
2023-06-16 11:24:25 +02:00
Martin Stein
c40205e93f pkg/test-file_vault_config_report: minor style fix
Ref #4819
2023-06-16 11:24:25 +02:00
Martin Stein
d9dd518a20 pkg/file_vault: fix missing fs route
The File System route for the Tresor Init sub-component was somehow missing.

Ref #4819
2023-06-16 11:24:25 +02:00
Norman Feske
6f4242f03b sculpt: version 23.06
Increase version due to upcoming binary incompatibility with 23.04.
2023-06-16 11:23:57 +02:00
Christian Helmuth
dfc1b97fa2 depot: update recipe hashes 2023-05-31 09:42:19 +02:00
Martin Stein
798e3ee306 file_vault: fix deinit fs in tresor vfs
Ref #4819
2023-05-30 12:26:01 +02:00
Christian Helmuth
583f2d6a36 depot: update recipe hashes 2023-05-30 12:13:34 +02:00
Christian Helmuth
c1104ccbc7 depot_autopilot: skip file_vault on riscv and rpi
Issue #4819
2023-05-30 12:13:34 +02:00
Norman Feske
34c7085ada sculpt.run: whitespace 2023-05-30 12:13:33 +02:00
Stefan Kalkowski
30e0452faf sculpt: increase sculpt_manager's cap quota
Fix genodelabs/genode#4911
2023-05-30 12:13:33 +02:00
Stefan Kalkowski
435c9719a7 sculpt: support for wifi on MNT Reform 2
Fix genodelabs/genode#4908
2023-05-30 12:13:33 +02:00
Martin Stein
8992dadb15 libports: remove unused libsparkcrypto
The main user of libsparkcrypto in the past was the CBE block encryption
ecosystem. However, the CBE was replaced with the Tresor block encryption that
uses libcrypto instead.

Ref #4819
2023-05-30 12:03:33 +02:00
Josef Söntgen
ea0a692879 wifi: get firmware from tar archive
This commit changes the firmware handling from requesting each
firmware file as a ROM module that is checked against a list of
known images (including their size) to requesting each file via
the local VFS of the 'wifi_drv'. This allows for using the original
probing mechanism that tries to select a matching firmware version.

The 'repos/dde_linux/src/drivers/wifi/README' file contains more
detailed information on how to configure the driver.

Issue #4861.
2023-05-30 12:03:33 +02:00
Josef Söntgen
d5710d9de3 Move 'wifi' driver to dde_linux repository
The bulk of the driver code now lives in the 'dde_linux' repository,
which is available on all platforms, from where it can be referenced by
other repositories.

The 'wifi_drv' binary was delegated to a generic harness that includes
all configuration and management functionality shared by all wireless
device driver components, e.g., the wpa_supplicant. The code of the
device driver emulation environment is located in 'src/lib/wifi'. It
is referenced by the platform-specific driver library that resides in
the corresponding platform repository. The runtime configuration needs
to point the driver to proper driver library.

The platform-specific library is in charge of orchestrating the contrib
source utilized by the driver as well as providing the 'source.list'
and 'dep.list' files. It must include the generic library snippet
'repos/dde_linux/lib/wifi.inc' that deals with managing the emulation
environment code.

The 'repos/dde_linux/src/drivers/wifi/README' file contains more
detailed information on how to deploy the driver.

Issue #4861.
2023-05-30 12:03:32 +02:00
Martin Stein
aeb65d6b1b file_vault: version 23.05
* ARM support and detaching from Ada/SPARK

  * Remove all CBE-related code - especially the Ada/SPARK-based CBE library.

    * We have no means or motivation of further maintaining big projects in
      Ada/SPARK (the core Genode team is native to C++).

    * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an
      important architecture for Genode. This would mean extra commitment in
      Ada/SPARK.

    * We realize that block encryption more and more becomes a fundamental
      feature of Genode systems.

  * Implement a new block encryption library named Tresor that is inspired by
    the design and feature set of the former CBE library and that is entirely
    C++ and part of the Genode gems repository.

    * The Tresor block encryption is backwards-compatible with the on-disk
      data layout of the former CBE block encryption.

    * Except from the snapshot management and the "dump" tool, the Tresor
      block encryption provides the same feature set as the former CBE block
      encryption and accepts the same user requests at the level of the
      Tresor library API.

    * So far, the Tresor block encryption does not support the creation of
      user-defined snapshots.

    * In contrast to the former CBE, the Tresor ecosystem has
      no "dump" tool beause with the CBE library it turned out to be rarely of
      use.

    * In contrast to the Block back-end of the CBE "init" tool, the Tresor
      "init" tool uses a File System back-end.

    * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin.

      * The Tresor-VFS plugin in general is similar to the former CBE VFS but
        has a slightly different API when it comes to re-keying and re-sizing.
        Each of these operations now is controlled via two files. The first
        file is named <operation> and the user writes the start command to it.
        The user must then read this file once in order to drive the operation.
        The read returns the result of the operation, once it is finished.
        The second file is named <operation>_progress and can be watched and
        read for obtaining the progress of the operation as percentage.

    * The file vault is adapted to use the new Tresor ecosystem
      instead of the former CBE ecosystem and thereby also gains ARM support.

    * The former CBE tester and CBE VFS-tests are replaced by equivalent
      Tresor variants and are now run on ARM as well (testing with a persistent
      storage back-end is supported only when running on Linux).

    * So far, the new Tresor block encryption has no internal cache for meta
      data blocks like the former CBE.

* Add config/report user interface

  * Add a second option for the administration front end to the file vault
    named "config and report". With this front end the File Vault communicates
    with the user via XML strings. A ROM session is requested for user input
    and a Report session for user output. The front end type must be set at
    startup via the component config and is a static setting. The graphical
    front end that was used up to now is named "menu view" and remains the
    default.

  * The File Vault can now reflect its internal state and user input ("config
    and report" mode only) at the LOG session via two new static config
    attributes "verbose_state" and "verbose_ui_config" (both defaulting to
    "no").

  * The Shutdown button in "menu view" mode is replaced with a Lock button. The
    new button doesn't terminate the File Vault but merely lock the encrypted
    container and return to a cleared passphrase input. The same transition is
    also provided in "config and report" mode.

  * The file_vault.run script is replaced with file_vault_menu_view.run and
    file_vault_cfg_report.run that address the two front end modes. In contrast
    to the former script, which is interactive, the latter script is suitable
    for automatic testing.

  * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does
    the same as file_vault_cfg_report.run but uses the File Vault package and
    can be executed with the Depot Autopilot. The new test package is added to
    the default test list of depot_autopilot.run

  * The File Vault README is updated to the new version of the component and
    has gained a chapter "functional description".

  * Fixes a regression with the cbe_init_trust_anchor component that prevented
    reacting to a failed unlock attempt in the File Vault.

* The new Tresor software Trust Anchor has an optional deterministic mode in
  which it replaces the normally randomized symmetric keys with 0. This mode
  comes in handy for debugging. However, it should never be activated in
  productive systems. When activated, the user is warned extensively on the
  LOG that this system mode is insecure.

Ref #4819
2023-05-30 12:03:32 +02:00
Norman Feske
81e85bf1b5 sculpt_manager: fix build errors with '-std=gnu++20'
Fixes #4874
2023-05-30 12:03:29 +02:00
Norman Feske
978f86ba60 recipes/pkg/sculpt/README: spelling fix 2023-05-30 12:03:28 +02:00
Christian Prochaska
4dc5426a45 trace_recorder: fix build error with gcc 12
Fixes #4843
2023-05-30 12:03:26 +02:00
Christian Prochaska
db69104f1a text_area: fix build error with gcc 12
Fixes #4842
2023-05-30 12:03:25 +02:00