mirror of
https://github.com/genodelabs/genode.git
synced 2025-01-04 21:14:13 +00:00
870c5c7a81
Warning! The current version of the file vault is not thought for productive use but for mere demonstrational purpose! Please refrain from storing sensitive data with it! The File Vault component implements a graphical frontend for setting up and controlling encrypted virtual file systems using the Consistent Block Encrypter (CBE) for encryption and snapshot management. For more details see 'repos/gems/src/app/file_vault/README'. Fixes #4032
301 lines
9.7 KiB
Plaintext
301 lines
9.7 KiB
Plaintext
assert_spec x86_64
|
|
|
|
build { app/file_vault }
|
|
|
|
create_boot_directory
|
|
|
|
append archives "
|
|
[depot_user]/src/[base_src]
|
|
[depot_user]/pkg/[drivers_interactive_pkg]
|
|
[depot_user]/pkg/fonts_fs
|
|
[depot_user]/src/init
|
|
[depot_user]/src/nitpicker
|
|
[depot_user]/src/libc
|
|
[depot_user]/src/libpng
|
|
[depot_user]/src/zlib
|
|
[depot_user]/src/fs_query
|
|
[depot_user]/src/menu_view
|
|
[depot_user]/src/cbe
|
|
[depot_user]/src/spark
|
|
[depot_user]/src/libsparkcrypto
|
|
[depot_user]/src/vfs_block
|
|
[depot_user]/src/vfs_jitterentropy
|
|
[depot_user]/src/vfs
|
|
[depot_user]/src/openssl
|
|
[depot_user]/src/fs_tool
|
|
[depot_user]/src/fs_utils
|
|
[depot_user]/src/posix
|
|
[depot_user]/src/rump
|
|
[depot_user]/src/sandbox
|
|
"
|
|
|
|
append_if [have_board linux] archives [depot_user]/src/lx_fs
|
|
|
|
import_from_depot $archives
|
|
|
|
append config {
|
|
|
|
<config>
|
|
|
|
<parent-provides>
|
|
<service name="ROM"/>
|
|
<service name="LOG"/>
|
|
<service name="RM"/>
|
|
<service name="CPU"/>
|
|
<service name="PD"/>
|
|
<service name="IRQ"/>
|
|
<service name="IO_MEM"/>
|
|
<service name="IO_PORT"/>
|
|
</parent-provides>
|
|
|
|
<start name="timer" caps="100">
|
|
<resource name="RAM" quantum="1M"/>
|
|
<provides> <service name="Timer"/> </provides>
|
|
<route>
|
|
<service name="PD"> <parent/> </service>
|
|
<service name="ROM"> <parent/> </service>
|
|
<service name="LOG"> <parent/> </service>
|
|
<service name="CPU"> <parent/> </service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="drivers" caps="1500" managing_system="yes">
|
|
<resource name="RAM" quantum="64M"/>
|
|
<binary name="init"/>
|
|
<route>
|
|
<service name="Timer"> <child name="timer"/> </service>
|
|
<service name="Capture"> <child name="nitpicker"/> </service>
|
|
<service name="Event"> <child name="nitpicker"/> </service>
|
|
<service name="ROM" label="config"> <parent label="drivers.config"/> </service>
|
|
<service name="PD"> <parent/> </service>
|
|
<service name="ROM"> <parent/> </service>
|
|
<service name="LOG"> <parent/> </service>
|
|
<service name="CPU"> <parent/> </service>
|
|
<service name="RM"> <parent/> </service>
|
|
<service name="IO_MEM"> <parent/> </service>
|
|
<service name="IO_PORT"> <parent/> </service>
|
|
<service name="IRQ"> <parent/> </service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="nitpicker" caps="100">
|
|
<resource name="RAM" quantum="4M"/>
|
|
<provides>
|
|
<service name="Gui"/> <service name="Capture"/> <service name="Event"/>
|
|
</provides>
|
|
<config focus="rom">
|
|
<capture/> <event/>
|
|
<background color="#123456"/>
|
|
<domain name="pointer" layer="1" content="client" label="no" origin="pointer" />
|
|
<domain name="default" layer="3" content="client" label="no" hover="always" />
|
|
<domain name="second" layer="2" xpos="200" ypos="300" content="client" label="no" hover="always" />
|
|
|
|
<policy label_prefix="pointer" domain="pointer"/>
|
|
<policy label_prefix="text_area.2" domain="second"/>
|
|
<default-policy domain="default"/>
|
|
</config>
|
|
<route>
|
|
<service name="Timer"> <child name="timer" /> </service>
|
|
<service name="PD"> <parent/> </service>
|
|
<service name="ROM"> <parent/> </service>
|
|
<service name="LOG"> <parent/> </service>
|
|
<service name="CPU"> <parent/> </service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="pointer" caps="100">
|
|
<resource name="RAM" quantum="1M"/>
|
|
<route>
|
|
<service name="Gui"> <child name="nitpicker" /> </service>
|
|
<service name="PD"> <parent/> </service>
|
|
<service name="ROM"> <parent/> </service>
|
|
<service name="LOG"> <parent/> </service>
|
|
<service name="CPU"> <parent/> </service>
|
|
</route>
|
|
</start>
|
|
}
|
|
if {[have_board linux]} {
|
|
|
|
append config {
|
|
|
|
<start name="data_fs" caps="200" ld="no">
|
|
<binary name="lx_fs"/>
|
|
<resource name="RAM" quantum="4M"/>
|
|
<provides>
|
|
<service name="File_system"/>
|
|
</provides>
|
|
<config>
|
|
<policy label="file_vault -> data"
|
|
root="/file_vault_dir/data"
|
|
writeable="yes"/>
|
|
</config>
|
|
<route>
|
|
<service name="Timer"> <child name="timer"/> </service>
|
|
<service name="PD"> <parent/> </service>
|
|
<service name="ROM"> <parent/> </service>
|
|
<service name="LOG"> <parent/> </service>
|
|
<service name="CPU"> <parent/> </service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="trust_anchor_fs" caps="200" ld="no">
|
|
<binary name="lx_fs"/>
|
|
<resource name="RAM" quantum="4M"/>
|
|
<provides>
|
|
<service name="File_system"/>
|
|
</provides>
|
|
<config>
|
|
<policy label="file_vault -> trust_anchor"
|
|
root="/file_vault_dir/trust_anchor"
|
|
writeable="yes"/>
|
|
</config>
|
|
<route>
|
|
<service name="Timer"> <child name="timer"/> </service>
|
|
<service name="PD"> <parent/> </service>
|
|
<service name="ROM"> <parent/> </service>
|
|
<service name="LOG"> <parent/> </service>
|
|
<service name="CPU"> <parent/> </service>
|
|
</route>
|
|
</start>
|
|
}
|
|
|
|
} else {
|
|
|
|
append config {
|
|
|
|
<start name="data_fs" caps="2000">
|
|
<binary name="vfs"/>
|
|
<resource name="RAM" quantum="200M"/>
|
|
<provides><service name="File_system"/></provides>
|
|
<config>
|
|
<vfs>
|
|
<dir name="data">
|
|
<ram/>
|
|
</dir>
|
|
</vfs>
|
|
<policy label="file_vault -> data" root="/data" writeable="yes"/>
|
|
</config>
|
|
<route>
|
|
<service name="PD"> <parent/> </service>
|
|
<service name="ROM"> <parent/> </service>
|
|
<service name="LOG"> <parent/> </service>
|
|
<service name="CPU"> <parent/> </service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="trust_anchor_fs" caps="100">
|
|
<binary name="vfs"/>
|
|
<resource name="RAM" quantum="5M"/>
|
|
<provides><service name="File_system"/></provides>
|
|
<config>
|
|
<vfs>
|
|
<dir name="trust_anchor">
|
|
<ram/>
|
|
</dir>
|
|
</vfs>
|
|
<policy label="file_vault -> trust_anchor" root="/trust_anchor" writeable="yes"/>
|
|
</config>
|
|
<route>
|
|
<service name="PD"> <parent/> </service>
|
|
<service name="ROM"> <parent/> </service>
|
|
<service name="LOG"> <parent/> </service>
|
|
<service name="CPU"> <parent/> </service>
|
|
</route>
|
|
</start>
|
|
}
|
|
}
|
|
append config {
|
|
|
|
<start name="fonts_fs" caps="150">
|
|
<binary name="vfs"/>
|
|
<resource name="RAM" quantum="4M"/>
|
|
<provides>
|
|
<service name="File_system"/>
|
|
</provides>
|
|
<config>
|
|
<vfs>
|
|
<rom name="Vera.ttf"/>
|
|
<rom name="VeraMono.ttf"/>
|
|
<dir name="fonts">
|
|
<dir name="title">
|
|
<ttf name="regular" path="/Vera.ttf" size_px="18" cache="256K"/>
|
|
</dir>
|
|
<dir name="text">
|
|
<ttf name="regular" path="/Vera.ttf" size_px="14" cache="256K"/>
|
|
</dir>
|
|
<dir name="annotation">
|
|
<ttf name="regular" path="/Vera.ttf" size_px="11" cache="256K"/>
|
|
</dir>
|
|
<dir name="monospace">
|
|
<ttf name="regular" path="/VeraMono.ttf" size_px="14" cache="256K"/>
|
|
</dir>
|
|
</dir>
|
|
</vfs>
|
|
|
|
<policy label="file_vault -> fonts" root="/fonts" />
|
|
</config>
|
|
<route>
|
|
<service name="ROM" label="config"> <parent label="fonts_fs.config"/> </service>
|
|
<service name="PD"> <parent/> </service>
|
|
<service name="ROM"> <parent/> </service>
|
|
<service name="LOG"> <parent/> </service>
|
|
<service name="CPU"> <parent/> </service>
|
|
</route>
|
|
</start>
|
|
|
|
<start name="file_vault" caps="2000">
|
|
<resource name="RAM" quantum="200M"/>
|
|
<config>
|
|
<vfs>
|
|
<dir name="cbe">
|
|
<fs label="cbe"/>
|
|
</dir>
|
|
</vfs>
|
|
</config>
|
|
<route>
|
|
<service name="File_system" label="cbe_trust_anchor_vfs -> storage_dir"> <child name="trust_anchor_fs" label="file_vault -> trust_anchor"/> </service>
|
|
<service name="File_system" label="vfs_block -> "> <child name="data_fs" label="file_vault -> data"/> </service>
|
|
<service name="File_system" label="cbe"> <child name="data_fs" label="file_vault -> data"/> </service>
|
|
<service name="File_system" label="fs_query -> "> <child name="data_fs" label="file_vault -> data"/> </service>
|
|
<service name="File_system" label="image_fs_query -> "> <child name="data_fs" label="file_vault -> data"/> </service>
|
|
<service name="File_system" label="cbe_vfs -> cbe_fs"> <child name="data_fs" label="file_vault -> data"/> </service>
|
|
<service name="File_system" label="truncate_file -> cbe"> <child name="data_fs" label="file_vault -> data"/> </service>
|
|
<service name="File_system" label="menu_view -> fonts"> <child name="fonts_fs" label="file_vault -> fonts"/> </service>
|
|
<service name="Timer"> <child name="timer"/> </service>
|
|
<service name="Gui"> <child name="nitpicker"/> </service>
|
|
<service name="PD"> <parent/> </service>
|
|
<service name="ROM"> <parent/> </service>
|
|
<service name="CPU"> <parent/> </service>
|
|
<service name="LOG"> <parent/> </service>
|
|
<service name="RM"> <parent/> </service>
|
|
</route>
|
|
</start>
|
|
|
|
</config>
|
|
}
|
|
|
|
install_config $config
|
|
|
|
set fd [open [run_dir]/genode/focus w]
|
|
puts $fd "<focus label=\"file_vault -> \"/>"
|
|
close $fd
|
|
|
|
if {[have_board linux]} {
|
|
exec mkdir -p bin/file_vault_dir/data
|
|
exec mkdir -p bin/file_vault_dir/trust_anchor
|
|
}
|
|
|
|
append boot_modules {
|
|
file_vault
|
|
file_vault-sync_to_cbe_vfs_init
|
|
file_vault-truncate_file
|
|
}
|
|
|
|
append qemu_args " -display gtk "
|
|
|
|
append_if [have_board linux] boot_modules file_vault_dir
|
|
|
|
build_boot_image $boot_modules
|
|
|
|
run_genode_until forever
|