genode/repos/gems/run/vfs_tresor.run

assert_spec linux

set dd [installed_command dd]

create_boot_directory

proc tresor_image_name { } { return "vfs_tresor_block.img" }

proc tresor_image_size_mb { } { return 4 }

proc local_tresor_image { } { return bin/[tresor_image_name] }

proc autopilot_tresor_image { } { return /tmp/[tresor_image_name].[exec id -un] }

import_from_depot [depot_user]/src/ncurses \
                  [depot_user]/src/bash \
                  [depot_user]/src/coreutils

build {
	core
	timer
	init
	lib/ld
	lib/vfs_tresor
	lib/vfs_tresor_crypto_aes_cbc
	lib/vfs_tresor_crypto_memcopy
	lib/vfs_tresor_trust_anchor
	lib/vfs_import
	lib/vfs_jitterentropy
	lib/vfs_pipe
	lib/vfs
	lib/libc
	lib/libm
	lib/posix
	lib/libcrypto
	test/vfs_stress
	test/libc
	server/log_terminal
	server/report_rom
	server/fs_rom
	server/lx_fs
	server/vfs
	app/tresor_init_trust_anchor
	app/tresor_init
	app/sequence
}

append config {
<config verbose="yes">
	<parent-provides>
		<service name="ROM"/>
		<service name="IRQ"/>
		<service name="IO_MEM"/>
		<service name="IO_PORT"/>
		<service name="PD"/>
		<service name="RM"/>
		<service name="CPU"/>
		<service name="LOG"/>
	</parent-provides>

	<default-route>
		<any-service> <parent/> <any-child/> </any-service>
	</default-route>

	<default caps="100" ram="1M"/>

	<start name="timer">
		<provides><service name="Timer"/></provides>
	</start>

	<start name="log_terminal" caps="110" ram="2M">
		<provides><service name="Terminal"/></provides>
		<route>
			<any-service> <parent/> <any-child/> </any-service>
		</route>
	</start>

	<start name="lx_fs" ld="no" ram="4M">
		<provides> <service name="File_system"/> </provides>
		<config>
			<default-policy root="/" writeable="yes"/>
		</config>
	</start>

	<start name="vfs_tresor_trust_anchor" caps="120" ram="16M">
		<binary name="vfs"/>
		<provides><service name="File_system"/></provides>
		<config>
			<vfs>
				<ram/>
				<dir name="dev">
					<jitterentropy/>
					<tresor_trust_anchor name="tresor_trust_anchor" storage_dir="/"/>
				</dir>
			</vfs>

			<default-policy root="/dev/tresor_trust_anchor" writeable="yes"/>
		</config>
		<route>
			<any-service> <parent/> </any-service>
		</route>
	</start>

	<start name="sequence" caps="3000" ram="300M">
		<config>

			<start name="tresor_init_trust_anchor">
				<config passphrase="foobar" trust_anchor_dir="/trust_anchor">
					<vfs>
						<dir name="trust_anchor">
							<fs label="tresor_trust_anchor -> /"/>
						</dir>
					</vfs>
				</config>
			</start>

			<start name="tresor_init">
				<config>

					<block-io type="vfs" path="/} [tresor_image_name] {"/>
					<crypto path="/crypto"/>
					<trust-anchor path="/trust_anchor"/>

					<vfs>
						<fs label="tresor_block_io -> /" buffer_size="1M"/>
						<tresor_crypto_aes_cbc name="crypto"/>
						<dir name="trust_anchor">
							<fs label="tresor_trust_anchor -> /"/>
						</dir>
					</vfs>

					<virtual-block-device max_lvl="2" degree="64" num_leaves="512" />
					<free-tree max_lvl="2" degree="64" num_leaves="2048" />

				</config>
				<route>
					<any-service> <parent/> </any-service>
				</route>
			</start>

			<start name="init" caps="1600">
				<config verbose="yes">

					<parent-provides>
						<service name="ROM"/>
						<service name="PD"/>
						<service name="RM"/>
						<service name="CPU"/>
						<service name="LOG"/>
						<service name="Nic"/>
						<service name="Timer"/>
						<service name="File_system"/>
						<service name="Terminal"/>
					</parent-provides>

					<default-route> <any-service> <parent/> </any-service> </default-route>

					<default caps="100"/>

					<start name="vfs_tresor" caps="200" ram="16M">
						<binary name="vfs"/>
						<provides><service name="File_system"/></provides>
						<config>
							<vfs>
								<fs buffer_size="1M" label="tresor_block_io -> /"/>
								<tresor_crypto_aes_cbc name="tresor_crypto"/>
								<dir name="ta"> <fs buffer_size="1M" label="tresor_trust_anchor -> /"/> </dir>
								<dir name="dev">
									<tresor name="tresor" debug="no" verbose="yes"
										 block="/} [tresor_image_name] {"
										 crypto="/tresor_crypto"
										 trust_anchor="/ta"/>
								</dir>
							</vfs>

							<default-policy root="/dev" writeable="yes"/>
						</config>
						<route>
							<any-service> <parent/> </any-service>
						</route>
					</start>

					<start name="vfs" caps="120" ram="30M">
						<provides><service name="File_system"/></provides>
						<config>
							<vfs>
								<tar name="coreutils.tar"/>
								<tar name="bash.tar"/>

								<dir name="home"> <ram/> </dir>
								<dir name="share"> </dir>
								<dir name="tmp"> <ram/> </dir>
								<dir name="dev">
									<zero/> <null/> <terminal/>
									<dir name="pipe"> <pipe/> </dir>
									<inline name="rtc">2018-01-01 00:01</inline>
								</dir>
							</vfs>

							<policy label_prefix="vfs_rom" root="/"/>
							<default-policy root="/" writeable="yes"/>
						</config>
						<route>
							<service name="Terminal"> <parent label="log_terminal"/> </service>
							<service name="Timer"> <child name="timer"/> </service>
							<any-service> <parent/> </any-service>
						</route>
					</start>

					<start name="vfs_rom" ram="30M">
						<binary name="fs_rom"/>
						<provides> <service name="ROM"/> </provides>
						<config/>
						<route>
							<service name="File_system"> <child name="vfs"/> </service>
							<any-service> <parent/> </any-service>
						</route>
					</start>

					<start name="/bin/bash" caps="1000" ram="64M">
						<config ld_verbose="yes">
							<libc stdin="/dev/terminal" stdout="/dev/terminal"
								  stderr="/dev/terminal" rtc="/dev/rtc" pipe="/dev/pipe"/>
							<vfs>
								<fs label="shell" buffer_size="1M"/>
								<dir name="dev">
									<fs label="tresor" buffer_size="1M"/>
								</dir>
								<rom name=".profile" label="vfs_tresor.sh"/>
							</vfs>
							<arg value="bash"/>
							<arg value="--login"/>
							<env key="TERM" value="screen"/>
							<env key="HOME" value="/"/>
							<env key="PATH" value="/bin"/>
						</config>
						<route>
							<service name="File_system" label="shell"> <child name="vfs" label="/"/> </service>
							<service name="File_system" label="tresor"> <child name="vfs_tresor" label="/"/> </service>
							<service name="ROM" label_suffix=".lib.so"> <parent/> </service>
							<service name="ROM" label_last="/bin/bash"> <child name="vfs_rom"/> </service>
							<service name="ROM" label_prefix="/bin"> <child name="vfs_rom"/> </service>
							<any-service> <parent/> <any-child/> </any-service>
						</route>
					</start>

				</config>
			</start>

		</config>
		<route>
			<service name="Terminal"> <child name="log_terminal"/> </service>
			<service name="File_system" label_suffix="tresor_block_io -> /"> <child name="lx_fs"/> </service>
			<service name="File_system" label_suffix="tresor_trust_anchor -> /"> <child name="vfs_tresor_trust_anchor"/> </service>
			<service name="Timer"> <child name="timer"/> </service>
			<any-service> <parent/> </any-service>
		</route>
	</start>

</config>}

install_config $config

set shell_script "run/vfs_tresor.sh"
set repo "[repository_contains $shell_script]"
exec cp $repo/$shell_script bin/

exec rm -rf [local_tresor_image]
if { [get_cmd_switch --autopilot] } {

	exec rm -rf [autopilot_tresor_image]
	catch { exec $dd if=/dev/urandom of=[autopilot_tresor_image] bs=1M count=[tresor_image_size_mb] }
	exec ln -sf -T [autopilot_tresor_image] [local_tresor_image]

} else {

	catch { exec $dd if=/dev/urandom of=[local_tresor_image] bs=1M count=[tresor_image_size_mb] }
}

set boot_modules [build_artifacts]
append  boot_modules { vfs_tresor.sh }
lappend boot_modules [tresor_image_name]

build_boot_image $boot_modules

run_genode_until {.*"/bin/bash".* exited with exit value 0.*\n} 120

if { [get_cmd_switch --autopilot] } {

	exec rm -rf [local_tresor_image]
	exec rm -rf [autopilot_tresor_image]
}