assert_spec linux

proc tresor_image_file { } {
	return "vfs_tresor_block.img"
}

set image_size 32

proc tresor_image_size_mb { } {
	global image_size
	return $image_size
}

append build_components {
	core init timer
	server/lx_block
	server/lx_fs
	server/vfs
	app/sequence

	app/tresor_init_trust_anchor
	app/tresor_init
	lib/vfs_tresor_crypto_aes_cbc
	lib/vfs_tresor_trust_anchor
	lib/vfs_jitterentropy
	lib/libc
	lib/libcrypto
}

build $build_components

create_boot_directory

append config {
<config verbose="yes">
	<parent-provides>
		<service name="ROM"/>
		<service name="IRQ"/>
		<service name="IO_MEM"/>
		<service name="IO_PORT"/>
		<service name="PD"/>
		<service name="RM"/>
		<service name="CPU"/>
		<service name="LOG"/>
	</parent-provides>

	<default-route>
		<any-service> <parent/> <any-child/> </any-service>
	</default-route>

	<default caps="100"/>
	<start name="timer">
		<resource name="RAM" quantum="1M"/>
		<provides><service name="Timer"/></provides>
	</start>

	<start name="lx_fs" ld="no">
		<resource name="RAM" quantum="2M"/>
		<provides> <service name="File_system"/> </provides>
		<config>
			<default-policy root="/" writeable="yes"/>
		</config>
	</start>

	<start name="vfs_trust_anchor" caps="120">
		<binary name="vfs"/>
		<resource name="RAM" quantum="16M"/>
		<provides><service name="File_system"/></provides>
		<config>
			<vfs>
				<dir name="ta_storage">
					<fs/>
				</dir>

				<dir name="dev">
					<jitterentropy/>
					<tresor_trust_anchor name="tresor_trust_anchor"
					                  storage_dir="/ta_storage"/>
				</dir>
			</vfs>

			<default-policy root="/dev/tresor_trust_anchor" writeable="yes"/>
		</config>
		<route>
			<service name="File_system"> <child name="lx_fs"/> </service>
			<any-service> <parent/> </any-service>
		</route>
	</start>

	<start name="initialize_tresor" caps="200">
		<binary name="sequence"/>
		<resource name="RAM" quantum="128M"/>
		<config>

			<start name="tresor_init_trust_anchor">
				<resource name="RAM" quantum="4M"/>
				<config passphrase="foobar" trust_anchor_dir="/trust_anchor">
					<vfs>
						<dir name="trust_anchor">
							<fs label="ta"/>
						</dir>
					</vfs>
				</config>
			</start>

			<start name="tresor_init">
				<resource name="RAM" quantum="4M"/>
				<config>

					<block-io type="vfs" path="/} [tresor_image_file] {"/>
					<crypto path="/crypto"/>
					<trust-anchor path="/trust_anchor"/>

					<vfs>
						<fs buffer_size="1M"/>
						<tresor_crypto_aes_cbc name="crypto"/>
						<dir name="trust_anchor">
							<fs label="ta"/>
						</dir>
					</vfs>

					<virtual-block-device
						nr_of_levels="3"
						nr_of_children="64"
						nr_of_leafs="512" />

					<free-tree
						nr_of_levels="3"
						nr_of_children="64"
						nr_of_leafs="2048" />
				</config>
			</start>

		</config>
		<route>
			<service name="File_system" label_last="ta">
				<child name="vfs_trust_anchor"/>
			</service>
			<service name="File_system"> <child name="lx_fs"/> </service>
			<any-service> <parent/> </any-service>
		</route>
	</start>
</config>}

install_config $config

exec rm -rf bin/[tresor_image_file]
exec truncate -s [tresor_image_size_mb]M bin/[tresor_image_file]

append boot_modules {
	core
	init
	timer
	lx_block
	lx_fs
	sequence
	vfs
	vfs.lib.so
	vfs_jitterentropy.lib.so
	ld.lib.so
	libcrypto.lib.so
	libc.lib.so
	tresor_init_trust_anchor
	tresor_init
	vfs_tresor_trust_anchor.lib.so
	vfs_tresor_crypto_aes_cbc.lib.so
}

append boot_modules [tresor_image_file]

build_boot_image $boot_modules

run_genode_until {.*child "initialize_tresor" exited with exit value 0.*\n} 240

exec cp [run_dir]/genode/encrypted_private_key bin
exec cp [run_dir]/genode/superblock_hash bin