genode/repos/gems/run/file_vault.run

proc jent_avail { } {

	if {[have_board pbxa9]} { return 0 }
	if {[have_board zynq_qemu]} { return 0 }
	return 1
}

proc jent_avail_attr { } {

	if {[jent_avail]} { return "yes" }
	return "no"
}

build { app/file_vault }

create_boot_directory

append archives "
	[depot_user]/src/[base_src]
	[depot_user]/src/init
	[depot_user]/src/libc
	[depot_user]/src/zlib
	[depot_user]/src/fs_query
	[depot_user]/src/tresor
	[depot_user]/src/vfs_block
	[depot_user]/src/vfs
	[depot_user]/src/openssl
	[depot_user]/src/fs_tool
	[depot_user]/src/fs_utils
	[depot_user]/src/posix
	[depot_user]/src/vfs_rump
	[depot_user]/src/sandbox
	[depot_user]/src/report_rom
	[depot_user]/src/dynamic_rom
"

append_if [jent_avail] archives " [depot_user]/src/vfs_jitterentropy "

lappend_if [have_board linux] archives [depot_user]/src/lx_fs

import_from_depot $archives

append config {

	<config>

		<parent-provides>
			<service name="ROM"/>
			<service name="LOG"/>
			<service name="RM"/>
			<service name="CPU"/>
			<service name="PD"/>
			<service name="IRQ"/>
			<service name="IO_MEM"/>
			<service name="IO_PORT"/>
		</parent-provides>

		<start name="timer" caps="200" ram="1M">
			<resource name="CPU" quantum="5"/>
			<provides> <service name="Timer"/> </provides>
			<route>
				<service name="PD"> <parent/> </service>
				<service name="ROM"> <parent/> </service>
				<service name="LOG"> <parent/> </service>
				<service name="CPU"> <parent/> </service>
				<service name="IO_PORT"> <parent/> </service>
				<service name="IRQ"> <parent/> </service>
			</route>
		</start>

		<start name="dynamic_rom" caps="100" ram="4M">
			<provides><service name="ROM"/> </provides>
			<config verbose="yes">
				<rom name="file_vault_ui_config">
					<inline> <ui_config/> </inline>
					<sleep milliseconds="6000"/>
					<inline> <ui_config passphrase="abcdefgh" client_fs_size="1M" journaling_buf_size="1M"/> </inline>
					<sleep milliseconds="10000"/>
					<inline> <ui_config/> </inline>
					<sleep milliseconds="6000"/>
					<inline> <ui_config passphrase="00000001"/> </inline>
					<sleep milliseconds="6000"/>
					<inline> <ui_config/> </inline>
					<sleep milliseconds="6000"/>
					<inline> <ui_config passphrase="abcdefgh"/> </inline>
					<sleep milliseconds="600000"/>
				</rom>
			</config>
			<route>
				<service name="Timer"> <child name="timer"/> </service>
				<service name="PD">  <parent/> </service>
				<service name="ROM"> <parent/> </service>
				<service name="LOG"> <parent/> </service>
				<service name="CPU"> <parent/> </service>
			</route>
		</start>

		<start name="report_rom" caps="70" ram="1M">
			<provides>
				<service name="ROM" />
				<service name="Report" />
			</provides>
			<config verbose="yes"/>
			<route>
				<service name="LOG"> <parent/> </service>
				<service name="PD">  <parent/> </service>
				<service name="CPU"> <parent/> </service>
				<service name="ROM"> <parent/> </service>
			</route>
		</start> }

append_if [have_board linux] config {

		<start name="data_fs" caps="200" ram="4M" ld="no">
			<binary name="lx_fs"/>
			<provides>
				<service name="File_system"/>
			</provides>
			<config>
				<policy label="file_vault -> data" root="/file_vault_dir/data" writeable="yes"/>
			</config>
			<route>
				<service name="Timer"> <child name="timer"/> </service>
				<service name="PD">  <parent/> </service>
				<service name="ROM"> <parent/> </service>
				<service name="LOG"> <parent/> </service>
				<service name="CPU"> <parent/> </service>
			</route>
		</start>

		<start name="trust_anchor_fs" caps="200" ram="4M" ld="no">
			<binary name="lx_fs"/>
			<provides>
				<service name="File_system"/>
			</provides>
			<config>
				<policy label="file_vault -> trust_anchor" root="/file_vault_dir/trust_anchor" writeable="yes"/>
			</config>
			<route>
				<service name="Timer"> <child name="timer"/> </service>
				<service name="PD">  <parent/> </service>
				<service name="ROM"> <parent/> </service>
				<service name="LOG"> <parent/> </service>
				<service name="CPU"> <parent/> </service>
			</route>
		</start> }

append_if [expr ![have_board linux]] config {

		<start name="data_fs" caps="2000" ram="200M">
			<binary name="vfs"/>
			<provides><service name="File_system"/></provides>
			<config>
				<vfs>
					<dir name="data">
						<ram/>
					</dir>
				</vfs>
				<policy label="file_vault -> data" root="/data" writeable="yes"/>
			</config>
			<route>
				<service name="PD">  <parent/> </service>
				<service name="ROM"> <parent/> </service>
				<service name="LOG"> <parent/> </service>
				<service name="CPU"> <parent/> </service>
			</route>
		</start>

		<start name="trust_anchor_fs" caps="100" ram="5M">
			<binary name="vfs"/>
			<provides><service name="File_system"/></provides>
			<config>
				<vfs>
					<dir name="trust_anchor">
						<ram/>
					</dir>
				</vfs>
				<policy label="file_vault -> trust_anchor" root="/trust_anchor" writeable="yes"/>
			</config>
			<route>
				<service name="PD"> <parent/> </service>
				<service name="ROM"> <parent/> </service>
				<service name="LOG"> <parent/> </service>
				<service name="CPU"> <parent/> </service>
			</route>
		</start> }

append config {

		<start name="file_vault" caps="1000" ram="80M">
			<config jitterentropy_available="} [jent_avail_attr] {">
				<vfs>
					<dir name="tresor">
						<fs label="tresor -> /"/>
					</dir>
				</vfs>
			</config>
			<route>
				<service name="ROM" label="ui_config"> <child name="dynamic_rom" label="file_vault_ui_config"/> </service>
				<service name="Report" label="ui_report"> <child name="report_rom"/> </service>
				<service name="File_system" label_prefix="tresor_trust_anchor_vfs -> storage_dir">
					<child name="trust_anchor_fs" identity="file_vault -> trust_anchor"/> </service>
				<service name="File_system" label_prefix="tresor_init ->">          <child name="data_fs" identity="file_vault -> data"/> </service>
				<service name="File_system" label_prefix="tresor ->">               <child name="data_fs" identity="file_vault -> data"/> </service>
				<service name="File_system" label_prefix="fs_query ->">             <child name="data_fs" identity="file_vault -> data"/> </service>
				<service name="File_system" label_prefix="image_fs_query ->">       <child name="data_fs" identity="file_vault -> data"/> </service>
				<service name="File_system" label_prefix="tresor_vfs -> tresor_fs"> <child name="data_fs" identity="file_vault -> data"/> </service>
				<service name="File_system" label_prefix="truncate_file -> tresor"> <child name="data_fs" identity="file_vault -> data"/> </service>
				<service name="Timer"> <child name="timer"/> </service>
				<service name="PD"> <parent/> </service>
				<service name="ROM"> <parent/> </service>
				<service name="CPU"> <parent/> </service>
				<service name="LOG"> <parent/> </service>
				<service name="RM"> <parent/> </service>
			</route>
		</start>

	</config> }

install_config $config

if {[have_board linux]} {
	exec rm -rf bin/file_vault_dir
	exec mkdir -p bin/file_vault_dir/data
	exec mkdir -p bin/file_vault_dir/trust_anchor
}

append boot_modules [build_artifacts]

lappend_if [have_board linux] boot_modules file_vault_dir

build_boot_image $boot_modules

append exp_output {.*<ui_report.* state=\"uninitialized\".*\n}
append exp_output {.*<ui_report.* state=\"initializing\".*\n}
append exp_output {.*<ui_report.* state=\"unlocked\".*\n}
append exp_output {.*<ui_report.* state=\"locked\".*\n}
append exp_output {.*<ui_report.* state=\"unlocked\".*\n}

append qemu_args " -display none "
run_genode_until $exp_output 70