assert_spec linux

append build_components {
	core init timer lib/ld lib/vfs server/lx_block server/lx_fs server/vfs app/sequence
	app/tresor_init_trust_anchor app/tresor_init app/tresor_check
	lib/vfs_tresor_crypto_aes_cbc lib/vfs_tresor_trust_anchor lib/vfs_jitterentropy
	lib/libc lib/libcrypto }

build $build_components

create_boot_directory

append config {

	<config verbose="yes">
		<parent-provides>
			<service name="PD"/>
			<service name="ROM"/>
			<service name="LOG"/>
			<service name="CPU"/>
		</parent-provides>

		<start name="timer" caps="100">
			<resource name="RAM" quantum="1M"/>
			<provides><service name="Timer"/></provides>
			<route>
				<service name="PD">  <parent/> </service>
				<service name="ROM"> <parent/> </service>
				<service name="LOG"> <parent/> </service>
				<service name="CPU"> <parent/> </service>
			</route>
		</start>

		<start name="lx_fs" ld="no" caps="100">
			<resource name="RAM" quantum="2M"/>
			<provides> <service name="File_system"/> </provides>
			<config> <default-policy root="/" writeable="yes"/> </config>
			<route>
				<service name="PD">  <parent/> </service>
				<service name="ROM"> <parent/> </service>
				<service name="LOG"> <parent/> </service>
				<service name="CPU"> <parent/> </service>
			</route>
		</start>

		<start name="vfs" caps="120">
			<resource name="RAM" quantum="16M"/>
			<provides><service name="File_system"/></provides>
			<config>
				<vfs>
					<dir name="ta_storage"> <fs/> </dir>
					<dir name="dev">
						<jitterentropy/>
						<tresor_trust_anchor name="tresor_trust_anchor" storage_dir="/ta_storage"/>
					</dir>
				</vfs>
				<default-policy root="/dev/tresor_trust_anchor" writeable="yes"/>
			</config>
			<route>
				<service name="File_system"> <child name="lx_fs"/> </service>
				<service name="PD">  <parent/> </service>
				<service name="ROM"> <parent/> </service>
				<service name="LOG"> <parent/> </service>
				<service name="CPU"> <parent/> </service>
			</route>
		</start>

		<start name="sequence" caps="200">
			<resource name="RAM" quantum="128M"/>
			<config>

				<start name="tresor_init_trust_anchor">
					<resource name="RAM" quantum="4M"/>
					<config passphrase="foobar" trust_anchor_dir="/trust_anchor">
						<vfs> <dir name="trust_anchor"> <fs label="ta"/> </dir> </vfs>
					</config>
					<route>
						<service name="PD">  <parent/> </service>
						<service name="ROM"> <parent/> </service>
						<service name="LOG"> <parent/> </service>
						<service name="CPU"> <parent/> </service>
					</route>
				</start>

				<start name="tresor_init">
					<resource name="RAM" quantum="4M"/>
					<config>

						<block-io type="vfs" path="/tresor.img"/>
						<crypto path="/crypto"/>
						<trust-anchor path="/trust_anchor"/>

						<vfs>
							<fs buffer_size="1M"/>
							<tresor_crypto_aes_cbc name="crypto"/>
							<dir name="trust_anchor">
								<fs label="ta"/>
							</dir>
						</vfs>

						<virtual-block-device max_lvl="2" degree="64" num_leaves="512" />
						<free-tree max_lvl="2" degree="64" num_leaves="2048" />

					</config>
					<route>
						<service name="PD">  <parent/> </service>
						<service name="ROM"> <parent/> </service>
						<service name="LOG"> <parent/> </service>
						<service name="CPU"> <parent/> </service>
					</route>
				</start>

				<start name="tresor_check" caps="100">
					<resource name="RAM" quantum="4M"/>
					<config>
						<block-io type="vfs" path="/tresor.img"/>
						<crypto path="/crypto"/>
						<trust-anchor path="/trust_anchor"/>
						<vfs>
							<fs buffer_size="1M"/>
							<tresor_crypto_aes_cbc name="crypto"/>
							<dir name="trust_anchor"> <fs label="ta"/> </dir>
						</vfs>
					</config>
					<route>
						<service name="PD">  <parent/> </service>
						<service name="ROM"> <parent/> </service>
						<service name="LOG"> <parent/> </service>
						<service name="CPU"> <parent/> </service>
					</route>
				</start>

			</config>
			<route>
				<service name="File_system" label_last="ta"> <child name="vfs"/> </service>
				<service name="File_system"> <child name="lx_fs"/> </service>
				<service name="PD">  <parent/> </service>
				<service name="ROM"> <parent/> </service>
				<service name="LOG"> <parent/> </service>
				<service name="CPU"> <parent/> </service>
			</route>
		</start>
	</config>
}

install_config $config

exec rm -rf bin/tresor.img
exec truncate -s 32M bin/tresor.img

append boot_modules [build_artifacts]
lappend boot_modules tresor.img

build_boot_image $boot_modules

run_genode_until {.*child "sequence" exited with exit value 0.*\n} 240