mirror of
https://github.com/genodelabs/genode.git
synced 2024-12-28 17:48:53 +00:00
94701eec09
As the file formerly named 'secured_superblock' actually contains the hash of the superblock that was secured, it was renamed 'superblock_hash'. Ref #4032
351 lines
9.4 KiB
Plaintext
351 lines
9.4 KiB
Plaintext
assert_spec linux
|
|
|
|
if {[expr ![info exists ::env(CBE_KEEP)]]} {
|
|
exec rm -rf var/libcache/cbe
|
|
exec rm -rf var/libcache/cbe_cxx
|
|
exec rm -rf var/libcache/cbe_common
|
|
exec rm -rf var/libcache/cbe_common_cxx
|
|
exec rm -rf var/libcache/cbe_init
|
|
exec rm -rf var/libcache/cbe_init_cxx
|
|
exec rm -rf var/libcache/cbe_check
|
|
exec rm -rf var/libcache/cbe_check_cxx
|
|
exec rm -rf var/libcache/cbe_dump
|
|
exec rm -rf var/libcache/cbe_dump_cxx
|
|
}
|
|
|
|
create_boot_directory
|
|
|
|
proc cbe_image_file { } {
|
|
return "vfs_cbe_block.img"
|
|
}
|
|
|
|
set use_interactively [expr ![get_cmd_switch --autopilot]]
|
|
|
|
import_from_depot [depot_user]/pkg/[drivers_interactive_pkg] \
|
|
[depot_user]/pkg/terminal \
|
|
[depot_user]/src/ncurses \
|
|
[depot_user]/src/bash \
|
|
[depot_user]/src/coreutils \
|
|
[depot_user]/src/nitpicker
|
|
|
|
|
|
build {
|
|
core
|
|
timer
|
|
init
|
|
server/lx_fs
|
|
lib/vfs/cbe
|
|
lib/vfs/cbe_crypto/aes_cbc
|
|
lib/vfs/cbe_crypto/memcopy
|
|
lib/vfs/cbe_trust_anchor
|
|
lib/vfs/import
|
|
lib/vfs/pipe
|
|
test/vfs_stress
|
|
test/libc
|
|
server/log_terminal
|
|
server/report_rom
|
|
server/fs_rom
|
|
app/cbe_init_trust_anchor
|
|
}
|
|
|
|
set config {
|
|
<config verbose="yes">
|
|
<parent-provides>
|
|
<service name="ROM"/>
|
|
<service name="RAM"/>
|
|
<service name="IRQ"/>
|
|
<service name="IO_MEM"/>
|
|
<service name="IO_PORT"/>
|
|
<service name="PD"/>
|
|
<service name="RM"/>
|
|
<service name="CPU"/>
|
|
<service name="LOG"/>
|
|
</parent-provides>
|
|
|
|
<default-route>
|
|
<any-service> <parent/> <any-child/> </any-service>
|
|
</default-route>
|
|
|
|
<default caps="100"/>
|
|
<start name="timer">
|
|
<resource name="RAM" quantum="1M"/>
|
|
<provides><service name="Timer"/></provides>
|
|
</start>
|
|
|
|
<start name="drivers" caps="1000" managing_system="yes">
|
|
<resource name="RAM" quantum="32M"/>
|
|
<binary name="init"/>
|
|
<route>
|
|
<service name="ROM" label="config"> <parent label="drivers.config"/> </service>
|
|
<service name="Timer"> <child name="timer"/> </service>
|
|
<service name="Capture"> <child name="nitpicker"/> </service>
|
|
<service name="Event"> <child name="nitpicker"/> </service>
|
|
<any-service> <parent/> </any-service>
|
|
</route>
|
|
</start>}
|
|
|
|
append_if $use_interactively config {
|
|
|
|
<start name="nitpicker">
|
|
<resource name="RAM" quantum="4M"/>
|
|
<provides>
|
|
<service name="Gui"/>
|
|
<service name="Capture"/>
|
|
<service name="Event"/>
|
|
</provides>
|
|
<config focus="rom" request_framebuffer="no" request_input="no">
|
|
<capture/> <event/>
|
|
<domain name="default" layer="2" content="client" label="no" hover="always"/>
|
|
<default-policy domain="default"/>
|
|
</config>
|
|
<route>
|
|
<any-service> <parent/> <any-child/> </any-service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="terminal_service" caps="110">
|
|
<binary name="terminal"/>
|
|
<resource name="RAM" quantum="12M"/>
|
|
<provides><service name="Terminal"/></provides>
|
|
<route>
|
|
<service name="ROM" label="config"> <parent label="terminal.config"/> </service>
|
|
<service name="Gui"> <child name="nitpicker"/> </service>
|
|
<any-service> <parent/> <any-child/> </any-service>
|
|
</route>
|
|
</start>}
|
|
|
|
append_if [expr !$use_interactively] config {
|
|
<start name="terminal_service" caps="110">
|
|
<binary name="log_terminal"/>
|
|
<resource name="RAM" quantum="2M"/>
|
|
<provides><service name="Terminal"/></provides>
|
|
<route>
|
|
<any-service> <parent/> <any-child/> </any-service>
|
|
</route>
|
|
</start>}
|
|
|
|
append config {
|
|
<start name="lx_fs" ld="no">
|
|
<resource name="RAM" quantum="4M"/>
|
|
<provides> <service name="File_system"/> </provides>
|
|
<config>
|
|
<default-policy root="/" writeable="yes"/>
|
|
</config>
|
|
</start>
|
|
|
|
<start name="vfs_cbe_trust_anchor" caps="120">
|
|
<binary name="vfs"/>
|
|
<resource name="RAM" quantum="16M"/>
|
|
<provides><service name="File_system"/></provides>
|
|
<config>
|
|
<vfs>
|
|
<ram/>
|
|
<import>
|
|
<rom name="encrypted_private_key"/>
|
|
<rom name="superblock_hash"/>
|
|
</import>
|
|
|
|
<dir name="dev">
|
|
<cbe_trust_anchor name="cbe_trust_anchor"
|
|
storage_dir="/"/>
|
|
</dir>
|
|
</vfs>
|
|
|
|
<default-policy root="/dev/cbe_trust_anchor" writeable="yes"/>
|
|
</config>
|
|
<route>
|
|
<any-service> <parent/> </any-service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="initialize_cbe" caps="3000">
|
|
<binary name="sequence"/>
|
|
<resource name="RAM" quantum="300M"/>
|
|
<config>
|
|
|
|
<start name="cbe_init_trust_anchor">
|
|
<resource name="RAM" quantum="4M"/>
|
|
<config passphrase="foobar" trust_anchor_dir="/trust_anchor">
|
|
<vfs>
|
|
<dir name="trust_anchor">
|
|
<fs label="ta"/>
|
|
</dir>
|
|
</vfs>
|
|
</config>
|
|
</start>
|
|
|
|
<start name="init" caps="1600">
|
|
<resource name="RAM" quantum="256M"/>
|
|
<config verbose="yes">
|
|
|
|
<parent-provides>
|
|
<service name="ROM"/>
|
|
<service name="PD"/>
|
|
<service name="RM"/>
|
|
<service name="CPU"/>
|
|
<service name="LOG"/>
|
|
<service name="Nic"/>
|
|
<service name="Timer"/>
|
|
<service name="File_system"/>
|
|
<service name="Terminal"/>
|
|
</parent-provides>
|
|
|
|
<default-route> <any-service> <parent/> </any-service> </default-route>
|
|
|
|
<default caps="100"/>
|
|
|
|
<start name="vfs_cbe" caps="200">
|
|
<binary name="vfs"/>
|
|
<resource name="RAM" quantum="16M"/>
|
|
<provides><service name="File_system"/></provides>
|
|
<config>
|
|
<vfs>
|
|
<fs buffer_size="1M" label="fs_backend"/>
|
|
<cbe_crypto_aes_cbc name="cbe_crypto"/>
|
|
<dir name="ta"> <fs buffer_size="1M" label="ta"/> </dir>
|
|
<dir name="dev">
|
|
<cbe name="cbe" debug="no" verbose="yes"
|
|
block="/} [cbe_image_file] {"
|
|
crypto="/cbe_crypto"
|
|
trust_anchor="/ta"/>
|
|
</dir>
|
|
</vfs>
|
|
|
|
<default-policy root="/dev" writeable="yes"/>
|
|
</config>
|
|
<route>
|
|
<service name="File_system" label="fs_backend"> <parent label="fs"/> </service>
|
|
<service name="File_system" label="ta"> <parent label="ta"/> </service>
|
|
<any-service> <parent/> </any-service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="vfs" caps="120">
|
|
<resource name="RAM" quantum="30M"/>
|
|
<provides><service name="File_system"/></provides>
|
|
<config>
|
|
<vfs>
|
|
<tar name="coreutils.tar"/>
|
|
<tar name="bash.tar"/>
|
|
|
|
<dir name="home"> <ram/> </dir>
|
|
<dir name="share"> </dir>
|
|
<dir name="tmp"> <ram/> </dir>
|
|
<dir name="dev">
|
|
<zero/> <null/> <terminal/>
|
|
<dir name="pipe"> <pipe/> </dir>
|
|
<inline name="rtc">2018-01-01 00:01</inline>
|
|
</dir>
|
|
</vfs>
|
|
|
|
<policy label_prefix="vfs_rom" root="/"/>
|
|
<default-policy root="/" writeable="yes"/>
|
|
</config>
|
|
<route>
|
|
<service name="Terminal"> <parent label="terminal_service"/> </service>
|
|
<service name="Timer"> <child name="timer"/> </service>
|
|
<any-service> <parent/> </any-service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="vfs_rom">
|
|
<resource name="RAM" quantum="30M"/>
|
|
<binary name="fs_rom"/>
|
|
<provides> <service name="ROM"/> </provides>
|
|
<config/>
|
|
<route>
|
|
<service name="File_system"> <child name="vfs"/> </service>
|
|
<any-service> <parent/> </any-service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="/bin/bash" caps="1000">
|
|
<resource name="RAM" quantum="64M"/>
|
|
<config ld_verbose="yes">
|
|
<libc stdin="/dev/terminal" stdout="/dev/terminal"
|
|
stderr="/dev/terminal" rtc="/dev/rtc" pipe="/dev/pipe"/>
|
|
<vfs>
|
|
<fs label="shell" buffer_size="1M"/>
|
|
<dir name="dev">
|
|
<fs label="cbe" buffer_size="1M"/>
|
|
</dir>
|
|
<rom name=".bashrc" label="vfs_cbe.sh"/>
|
|
</vfs>
|
|
<arg value="bash"/>
|
|
<env key="TERM" value="screen"/>
|
|
<env key="HOME" value="/"/>
|
|
<env key="PATH" value="/bin"/>
|
|
</config>
|
|
<route>
|
|
<service name="File_system" label="shell"> <child name="vfs"/> </service>
|
|
<service name="File_system" label="cbe"> <child name="vfs_cbe"/> </service>
|
|
<service name="ROM" label_suffix=".lib.so"> <parent/> </service>
|
|
<service name="ROM" label_last="/bin/bash"> <child name="vfs_rom"/> </service>
|
|
<service name="ROM" label_prefix="/bin"> <child name="vfs_rom"/> </service>
|
|
<any-service> <parent/> <any-child/> </any-service>
|
|
</route>
|
|
</start>
|
|
</config>
|
|
</start>
|
|
</config>
|
|
<route>
|
|
<service name="Terminal"> <child name="terminal_service"/> </service>
|
|
<service name="File_system" label_last="fs"> <child name="lx_fs"/> </service>
|
|
<service name="File_system" label_last="ta"> <child name="vfs_cbe_trust_anchor"/> </service>
|
|
<service name="Timer"> <child name="timer"/> </service>
|
|
<any-service> <parent/> </any-service>
|
|
</route>
|
|
</start>
|
|
|
|
</config>}
|
|
|
|
install_config $config
|
|
|
|
set shell_script "run/vfs_cbe.sh"
|
|
set repo "[repository_contains $shell_script]"
|
|
exec cp $repo/$shell_script bin/
|
|
|
|
append boot_modules {
|
|
lx_fs
|
|
cbe_init_trust_anchor
|
|
spark.lib.so
|
|
libsparkcrypto.lib.so
|
|
cbe_cxx.lib.so
|
|
vfs_cbe.lib.so
|
|
vfs_cbe_crypto_aes_cbc.lib.so
|
|
vfs_cbe_crypto_memcopy.lib.so
|
|
vfs_cbe_trust_anchor.lib.so
|
|
vfs_cbe.sh
|
|
vfs.lib.so
|
|
vfs_import.lib.so
|
|
vfs_pipe.lib.so
|
|
posix.lib.so
|
|
libc.lib.so
|
|
libcrypto.lib.so
|
|
log_terminal
|
|
fs_rom
|
|
report_rom
|
|
sequence
|
|
init
|
|
core
|
|
timer
|
|
ld.lib.so
|
|
}
|
|
|
|
append boot_modules {
|
|
encrypted_private_key superblock_hash
|
|
}
|
|
append boot_modules [cbe_image_file]
|
|
|
|
set fd [open [run_dir]/genode/focus w]
|
|
puts $fd "<focus label=\"terminal_service -> \" domain=\"default\"/>"
|
|
close $fd
|
|
|
|
build_boot_image $boot_modules
|
|
|
|
if {$use_interactively} {
|
|
run_genode_until forever
|
|
} else {
|
|
run_genode_until {.*--- Automated CBE testing finished.*} 1800
|
|
}
|