assert_spec linux proc tresor_image_file { } { return "vfs_tresor_block.img" } set image_size 32 proc tresor_image_size_mb { } { global image_size return $image_size } append build_components { core init timer server/lx_block server/lx_fs server/vfs app/sequence app/tresor_init_trust_anchor app/tresor_init lib/vfs_tresor_crypto_aes_cbc lib/vfs_tresor_trust_anchor lib/vfs_jitterentropy lib/libc lib/libcrypto } build $build_components create_boot_directory append config { <config verbose="yes"> <parent-provides> <service name="ROM"/> <service name="IRQ"/> <service name="IO_MEM"/> <service name="IO_PORT"/> <service name="PD"/> <service name="RM"/> <service name="CPU"/> <service name="LOG"/> </parent-provides> <default-route> <any-service> <parent/> <any-child/> </any-service> </default-route> <default caps="100"/> <start name="timer"> <resource name="RAM" quantum="1M"/> <provides><service name="Timer"/></provides> </start> <start name="lx_fs" ld="no"> <resource name="RAM" quantum="2M"/> <provides> <service name="File_system"/> </provides> <config> <default-policy root="/" writeable="yes"/> </config> </start> <start name="vfs_trust_anchor" caps="120"> <binary name="vfs"/> <resource name="RAM" quantum="16M"/> <provides><service name="File_system"/></provides> <config> <vfs> <dir name="ta_storage"> <fs/> </dir> <dir name="dev"> <jitterentropy/> <tresor_trust_anchor name="tresor_trust_anchor" storage_dir="/ta_storage"/> </dir> </vfs> <default-policy root="/dev/tresor_trust_anchor" writeable="yes"/> </config> <route> <service name="File_system"> <child name="lx_fs"/> </service> <any-service> <parent/> </any-service> </route> </start> <start name="initialize_tresor" caps="200"> <binary name="sequence"/> <resource name="RAM" quantum="128M"/> <config> <start name="tresor_init_trust_anchor"> <resource name="RAM" quantum="4M"/> <config passphrase="foobar" trust_anchor_dir="/trust_anchor"> <vfs> <dir name="trust_anchor"> <fs label="ta"/> </dir> </vfs> </config> </start> <start name="tresor_init"> <resource name="RAM" quantum="4M"/> <config> <block-io type="vfs" path="/} [tresor_image_file] {"/> <crypto path="/crypto"/> <trust-anchor path="/trust_anchor"/> <vfs> <fs buffer_size="1M"/> <tresor_crypto_aes_cbc name="crypto"/> <dir name="trust_anchor"> <fs label="ta"/> </dir> </vfs> <virtual-block-device nr_of_levels="3" nr_of_children="64" nr_of_leafs="512" /> <free-tree nr_of_levels="3" nr_of_children="64" nr_of_leafs="2048" /> </config> </start> </config> <route> <service name="File_system" label_last="ta"> <child name="vfs_trust_anchor"/> </service> <service name="File_system"> <child name="lx_fs"/> </service> <any-service> <parent/> </any-service> </route> </start> </config>} install_config $config exec rm -rf bin/[tresor_image_file] exec truncate -s [tresor_image_size_mb]M bin/[tresor_image_file] append boot_modules { core init timer lx_block lx_fs sequence vfs vfs.lib.so vfs_jitterentropy.lib.so ld.lib.so libcrypto.lib.so libc.lib.so tresor_init_trust_anchor tresor_init vfs_tresor_trust_anchor.lib.so vfs_tresor_crypto_aes_cbc.lib.so } append boot_modules [tresor_image_file] build_boot_image $boot_modules run_genode_until {.*child "initialize_tresor" exited with exit value 0.*\n} 240 exec cp [run_dir]/genode/encrypted_private_key bin exec cp [run_dir]/genode/superblock_hash bin