mirror of
https://github.com/genodelabs/genode.git
synced 2024-12-22 06:57:51 +00:00
313 lines
8.9 KiB
Plaintext
313 lines
8.9 KiB
Plaintext
assert_spec linux
|
|
|
|
create_boot_directory
|
|
|
|
proc tresor_image_file { } {
|
|
return "vfs_tresor_block.img"
|
|
}
|
|
|
|
set use_interactively [expr ![get_cmd_switch --autopilot]]
|
|
|
|
import_from_depot [depot_user]/pkg/[drivers_interactive_pkg] \
|
|
[depot_user]/pkg/terminal \
|
|
[depot_user]/src/ncurses \
|
|
[depot_user]/src/bash \
|
|
[depot_user]/src/coreutils \
|
|
[depot_user]/src/nitpicker
|
|
|
|
|
|
build {
|
|
core lib/ld timer init
|
|
server/lx_fs
|
|
lib/vfs_tresor
|
|
lib/vfs_tresor_crypto_aes_cbc
|
|
lib/vfs_tresor_crypto_memcopy
|
|
lib/vfs_tresor_trust_anchor
|
|
lib/vfs_import
|
|
lib/vfs_jitterentropy
|
|
lib/vfs_pipe
|
|
lib/vfs lib/libc lib/posix lib/libcrypto
|
|
test/vfs_stress
|
|
test/libc
|
|
server/log_terminal
|
|
server/report_rom
|
|
server/fs_rom
|
|
app/tresor_init_trust_anchor
|
|
app/sequence
|
|
}
|
|
|
|
set config {
|
|
<config verbose="yes">
|
|
<parent-provides>
|
|
<service name="ROM"/>
|
|
<service name="IRQ"/>
|
|
<service name="IO_MEM"/>
|
|
<service name="IO_PORT"/>
|
|
<service name="PD"/>
|
|
<service name="RM"/>
|
|
<service name="CPU"/>
|
|
<service name="LOG"/>
|
|
</parent-provides>
|
|
|
|
<default-route>
|
|
<any-service> <parent/> <any-child/> </any-service>
|
|
</default-route>
|
|
|
|
<default caps="100"/>
|
|
<start name="timer">
|
|
<resource name="RAM" quantum="1M"/>
|
|
<provides><service name="Timer"/></provides>
|
|
</start>
|
|
|
|
<start name="drivers" caps="1000" managing_system="yes">
|
|
<resource name="RAM" quantum="32M"/>
|
|
<binary name="init"/>
|
|
<route>
|
|
<service name="ROM" label="config"> <parent label="drivers.config"/> </service>
|
|
<service name="Timer"> <child name="timer"/> </service>
|
|
<service name="Capture"> <child name="nitpicker"/> </service>
|
|
<service name="Event"> <child name="nitpicker"/> </service>
|
|
<any-service> <parent/> </any-service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="nitpicker">
|
|
<resource name="RAM" quantum="4M"/>
|
|
<provides>
|
|
<service name="Gui"/>
|
|
<service name="Capture"/>
|
|
<service name="Event"/>
|
|
</provides>
|
|
<config focus="rom" request_framebuffer="no" request_input="no">
|
|
<capture/> <event/>
|
|
<domain name="default" layer="2" content="client" label="no" hover="always"/>
|
|
<default-policy domain="default"/>
|
|
</config>
|
|
<route>
|
|
<any-service> <parent/> <any-child/> </any-service>
|
|
</route>
|
|
</start>}
|
|
|
|
append_if $use_interactively config {
|
|
|
|
<start name="terminal_service" caps="110">
|
|
<binary name="terminal"/>
|
|
<resource name="RAM" quantum="12M"/>
|
|
<provides><service name="Terminal"/></provides>
|
|
<route>
|
|
<service name="ROM" label="config"> <parent label="terminal.config"/> </service>
|
|
<service name="Gui"> <child name="nitpicker"/> </service>
|
|
<any-service> <parent/> <any-child/> </any-service>
|
|
</route>
|
|
</start>}
|
|
|
|
append_if [expr !$use_interactively] config {
|
|
<start name="terminal_service" caps="110">
|
|
<binary name="log_terminal"/>
|
|
<resource name="RAM" quantum="2M"/>
|
|
<provides><service name="Terminal"/></provides>
|
|
<route>
|
|
<any-service> <parent/> <any-child/> </any-service>
|
|
</route>
|
|
</start>}
|
|
|
|
append config {
|
|
<start name="lx_fs" ld="no">
|
|
<resource name="RAM" quantum="4M"/>
|
|
<provides> <service name="File_system"/> </provides>
|
|
<config>
|
|
<default-policy root="/" writeable="yes"/>
|
|
</config>
|
|
</start>
|
|
|
|
<start name="vfs_tresor_trust_anchor" caps="120">
|
|
<binary name="vfs"/>
|
|
<resource name="RAM" quantum="16M"/>
|
|
<provides><service name="File_system"/></provides>
|
|
<config>
|
|
<vfs>
|
|
<ram/>
|
|
<import>
|
|
<rom name="encrypted_private_key"/>
|
|
<rom name="superblock_hash"/>
|
|
</import>
|
|
|
|
<dir name="dev">
|
|
<jitterentropy/>
|
|
<tresor_trust_anchor name="tresor_trust_anchor"
|
|
storage_dir="/"/>
|
|
</dir>
|
|
</vfs>
|
|
|
|
<default-policy root="/dev/tresor_trust_anchor" writeable="yes"/>
|
|
</config>
|
|
<route>
|
|
<any-service> <parent/> </any-service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="initialize_tresor" caps="3000">
|
|
<binary name="sequence"/>
|
|
<resource name="RAM" quantum="300M"/>
|
|
<config>
|
|
|
|
<start name="tresor_init_trust_anchor">
|
|
<resource name="RAM" quantum="4M"/>
|
|
<config passphrase="foobar" trust_anchor_dir="/trust_anchor">
|
|
<vfs>
|
|
<dir name="trust_anchor">
|
|
<fs label="ta"/>
|
|
</dir>
|
|
</vfs>
|
|
</config>
|
|
</start>
|
|
|
|
<start name="init" caps="1600">
|
|
<resource name="RAM" quantum="256M"/>
|
|
<config verbose="yes">
|
|
|
|
<parent-provides>
|
|
<service name="ROM"/>
|
|
<service name="PD"/>
|
|
<service name="RM"/>
|
|
<service name="CPU"/>
|
|
<service name="LOG"/>
|
|
<service name="Nic"/>
|
|
<service name="Timer"/>
|
|
<service name="File_system"/>
|
|
<service name="Terminal"/>
|
|
</parent-provides>
|
|
|
|
<default-route> <any-service> <parent/> </any-service> </default-route>
|
|
|
|
<default caps="100"/>
|
|
|
|
<start name="vfs_tresor" caps="200">
|
|
<binary name="vfs"/>
|
|
<resource name="RAM" quantum="16M"/>
|
|
<provides><service name="File_system"/></provides>
|
|
<config>
|
|
<vfs>
|
|
<fs buffer_size="1M" label="fs_backend"/>
|
|
<tresor_crypto_aes_cbc name="tresor_crypto"/>
|
|
<dir name="ta"> <fs buffer_size="1M" label="ta"/> </dir>
|
|
<dir name="dev">
|
|
<tresor name="tresor" debug="no" verbose="yes"
|
|
block="/} [tresor_image_file] {"
|
|
crypto="/tresor_crypto"
|
|
trust_anchor="/ta"/>
|
|
</dir>
|
|
</vfs>
|
|
|
|
<default-policy root="/dev" writeable="yes"/>
|
|
</config>
|
|
<route>
|
|
<service name="File_system" label="fs_backend"> <parent label="fs"/> </service>
|
|
<service name="File_system" label="ta"> <parent label="ta"/> </service>
|
|
<any-service> <parent/> </any-service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="vfs" caps="120">
|
|
<resource name="RAM" quantum="30M"/>
|
|
<provides><service name="File_system"/></provides>
|
|
<config>
|
|
<vfs>
|
|
<tar name="coreutils.tar"/>
|
|
<tar name="bash.tar"/>
|
|
|
|
<dir name="home"> <ram/> </dir>
|
|
<dir name="share"> </dir>
|
|
<dir name="tmp"> <ram/> </dir>
|
|
<dir name="dev">
|
|
<zero/> <null/> <terminal/>
|
|
<dir name="pipe"> <pipe/> </dir>
|
|
<inline name="rtc">2018-01-01 00:01</inline>
|
|
</dir>
|
|
</vfs>
|
|
|
|
<policy label_prefix="vfs_rom" root="/"/>
|
|
<default-policy root="/" writeable="yes"/>
|
|
</config>
|
|
<route>
|
|
<service name="Terminal"> <parent label="terminal_service"/> </service>
|
|
<service name="Timer"> <child name="timer"/> </service>
|
|
<any-service> <parent/> </any-service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="vfs_rom">
|
|
<resource name="RAM" quantum="30M"/>
|
|
<binary name="fs_rom"/>
|
|
<provides> <service name="ROM"/> </provides>
|
|
<config/>
|
|
<route>
|
|
<service name="File_system"> <child name="vfs"/> </service>
|
|
<any-service> <parent/> </any-service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="/bin/bash" caps="1000">
|
|
<resource name="RAM" quantum="64M"/>
|
|
<config ld_verbose="yes">
|
|
<libc stdin="/dev/terminal" stdout="/dev/terminal"
|
|
stderr="/dev/terminal" rtc="/dev/rtc" pipe="/dev/pipe"/>
|
|
<vfs>
|
|
<fs label="shell" buffer_size="1M"/>
|
|
<dir name="dev">
|
|
<fs label="tresor" buffer_size="1M"/>
|
|
</dir>
|
|
<rom name=".profile" label="vfs_tresor.sh"/>
|
|
</vfs>
|
|
<arg value="bash"/>
|
|
<arg value="--login"/>
|
|
<env key="TERM" value="screen"/>
|
|
<env key="HOME" value="/"/>
|
|
<env key="PATH" value="/bin"/>
|
|
</config>
|
|
<route>
|
|
<service name="File_system" label="shell"> <child name="vfs"/> </service>
|
|
<service name="File_system" label="tresor"> <child name="vfs_tresor"/> </service>
|
|
<service name="ROM" label_suffix=".lib.so"> <parent/> </service>
|
|
<service name="ROM" label_last="/bin/bash"> <child name="vfs_rom"/> </service>
|
|
<service name="ROM" label_prefix="/bin"> <child name="vfs_rom"/> </service>
|
|
<any-service> <parent/> <any-child/> </any-service>
|
|
</route>
|
|
</start>
|
|
</config>
|
|
</start>
|
|
</config>
|
|
<route>
|
|
<service name="Terminal"> <child name="terminal_service"/> </service>
|
|
<service name="File_system" label_last="fs"> <child name="lx_fs"/> </service>
|
|
<service name="File_system" label_last="ta"> <child name="vfs_tresor_trust_anchor"/> </service>
|
|
<service name="Timer"> <child name="timer"/> </service>
|
|
<any-service> <parent/> </any-service>
|
|
</route>
|
|
</start>
|
|
|
|
</config>}
|
|
|
|
install_config $config
|
|
|
|
set shell_script "run/vfs_tresor.sh"
|
|
set repo "[repository_contains $shell_script]"
|
|
exec cp $repo/$shell_script bin/
|
|
|
|
set boot_modules [build_artifacts]
|
|
|
|
append boot_modules { vfs_tresor.sh encrypted_private_key superblock_hash }
|
|
lappend boot_modules [tresor_image_file]
|
|
|
|
set fd [open [run_dir]/genode/focus w]
|
|
puts $fd "<focus label=\"terminal_service -> \" domain=\"default\"/>"
|
|
close $fd
|
|
|
|
build_boot_image $boot_modules
|
|
|
|
if {$use_interactively} {
|
|
run_genode_until forever
|
|
} else {
|
|
run_genode_until {.*--- Automated Tresor testing finished.*} 1800
|
|
}
|