mirror of
https://github.com/genodelabs/genode.git
synced 2025-04-15 23:17:14 +00:00
e777165090
The 'rump_cgd' server provides block level encryption for a block session by employing the 'cgd(4)' device provided by the rumpkernel. 'rump_cgd' uses a Block_session to get access to an existing block device and provides another Block_session to its clients. Each block written or read by the client is transperently encrypted or decrypted by the server. For now 'rump_cgd' may only _configure_ a 'cgd' device but is unable to generate a configuration. The used cipher is hardcoded to _aes-cbc_ with a keysize of 256 bit. Furthermore the server is able to serve one client only. To ease the usage, its interface is modelled after the interface of 'cgdconfig(8)'. As implications thereof the key must have the same format as used by 'cgdconfig'. That means the key is a base 64 encoded string in which the first 4 bytes denote the actual length of the key in bits (these 4 bytes are stored in big endian order). Preparing a raw (e.g. without partition table) encrypted Ext2 disk image is done by executing 'tool/rump': ! dd if=/dev/urandom of=/path/to/disk_image ! rump -c /path/to/disk_image # key is printed to stdout ! rump -c -k <key> -F ext2fs /path/to/disk_image To use this disk image the following config snippet can be used: ! <start name="rump_cgd"> ! <resource name="RAM" quantum="8M" /> ! <provides><service name="Block"/></provides> ! <config action="configure"> ! <params> ! <method>key</method>} ! <key>AAABAJhpB2Y2UvVjkFdlP4m44449Pi3A/uW211mkanSulJo8</key> ! </params> ! </config> ! <route> ! <service name="Block"> <child name="ahci"/> </service> ! <any-service> <parent/> <any-child/> </any-service> ! </route> ! </start> the Block service provided by rump_cgd may be used by a file system server in return: ! <start name="rump_fs"> ! <resource name="RAM" quantum="16M"/> ! <provides><service name="File_system"/></provides> ! <config fs="ext2fs"> ! <policy label="" root="/" writeable="yes"/> ! </config> ! <route> ! <service name="Block"> <child name="rump_cgd"/> </service> ! <any-service> <parent/> <any-child/> </any-service> ! </route> ! </start> Since 'tool/rump' just utilizes the rumpkernel running on the host system to do its duty there is a script called 'tool/cgdconf' that extracts the key from a 'cgdconfig(8)' generated configuration file and also is able to generade such a file from a given key. Thereby the interoperabilty between 'rump_cgd' and the general rumpkernel based tools is secured.
===============================
Genode source-code repositories
===============================
This directory contains the source-code repositories of the Genode OS
Framework. Each sub directory has the same principle layout as described in the
build-system manual:
:Build-system manual:
[http://genode.org/documentation/developer-resources/build_system]
The build system uses a configurable selection of those reposities to obtain
the source codes for the build process. The repositories are not independent
but build upon of each other:
:'base':
This directory contains the source-code repository of the fundamental
frameworks and interfaces of Genode. Furthermore, it contains the generic
parts of core.
:'base-<platform>':
These directories contain platform-specific source-code repositories
complementing the 'base' repository. The following platforms are supported:
:'linux':
Linux kernel (both x86_32 and x86_64)
:'nova':
NOVA hypervisor developed at University of Technology Dresden
See [http://genode.org/documentation/platforms/nova]
:'foc':
Fiasco.OC is a modernized version of the Fiasco microkernel with a
completely revised kernel interface fostering capability-based
security. It is not compatible with L4/Fiasco.
See [http://genode.org/documentation/platforms/foc]
:'hw':
The hw platform allows the execution of Genode on bare ARM hardware
without the need for a separate kernel. The kernel functionality is
included in core.
See [http://genode.org/documentation/platforms/hw]
:'okl4':
OKL4 kernel (x86_32 and ARM) developed at Open-Kernel-Labs.
See [http://genode.org/documentation/platforms/okl4]
:'pistachio':
L4ka::Pistachio kernel developed at University of Karlsruhe.
See [http://genode.org/documentation/platforms/pistachio]
:'fiasco':
L4/Fiasco kernel developed at University of Technology Dresden.
See [http://genode.org/documentation/platforms/fiasco]
:'codezero':
Codezero microkernel developed by B-Labs
See [http://genode.org/documentation/platforms/codezero]
:'host':
Pseudo platform documenting the interface between the generic and
platform-specific parts of the base framework. This is not a functional
base platform.
:'os':
This directory contains the non-base OS components such as the init process,
device drivers, and basic system services.
:'demo':
This directory contains the source-code repository of various services and
applications that we use for demonstration purposes. For example, a graphical
application launcher called Launchpad and the Scout tutorial browser.
:'hello_tutorial':
Tutorial for creating a simple client-server scenario with Genode. This
repository includes documentation and the complete source code.
:'libports':
This source-code repository contains ports of popular open-source libraries
to Genode, most importantly the C library. The repository contains no
upstream source code but means to download the code and adapt it to Genode.
For instructions about how to use this mechanism, please consult the README
file at the top level of the repository. Among the 3rd-party libraries
are Qt5, libSDL, freetype, Python, ncurses, Mesa, and libav.
:'dde_linux':
This source-code repository contains the device driver environment for
executing Linux device drivers natively on Genode. Currently, this
repository hosts the USB stack.
:'dde_ipxe':
This source-code repository contains the device-driver environment for
executing drivers of the iPXE project.
:'dde_oss':
This source-code repository contains the device-driver environment for the
audio drivers of the Open Sound System (OSS).
:'dde_rump':
This source-code repository contains the port of rump kernels, which are
used to execute subsystems of the NetBSD kernel as user level processes.
The repository contains a server that uses a rump kernel to provide
various NetBSD file systems to Genode.
:'qt4':
This source-code repository contains the Genode version of Qt4 framework.
Please find more information about using Qt4 with Genode in the repository's
'README' file. Please note that the Qt4 support is deprecated. Use Qt5
as contained in 'libports' instead.
:'ports':
This source-code repository hosts ports of 3rd-party applications to
Genode. The repository does not contain upstream source code but provides
a mechanism for downloading the official source distributions and adapt
them to the Genode environment. The used mechanism is roughly the same
as used for the 'libports' repository. Please consult 'libports/README'
for further information.
:'ports-<platform>':
These platform-specific source-code repositories contain software that
capitalizes special features of the respective kernel platform.
For the Fiasco.OC platform, 'ports-foc' hosts a port of the L4Linux
kernel. For further information, please refer to the README file at the
top level of the respective repository.
:'gems':
This source-code repository contains Genode applications that use
both native Genode interfaces as well as features of other high-level
repositories, in particular shared libraries provided by 'libports'.