genode

mirror of https://github.com/genodelabs/genode.git synced 2024-12-18 21:27:56 +00:00

History

Josef Söntgen e777165090 dde_rump: block encryption server using cgd(4) The 'rump_cgd' server provides block level encryption for a block session by employing the 'cgd(4)' device provided by the rumpkernel. 'rump_cgd' uses a Block_session to get access to an existing block device and provides another Block_session to its clients. Each block written or read by the client is transperently encrypted or decrypted by the server. For now 'rump_cgd' may only _configure_ a 'cgd' device but is unable to generate a configuration. The used cipher is hardcoded to _aes-cbc_ with a keysize of 256 bit. Furthermore the server is able to serve one client only. To ease the usage, its interface is modelled after the interface of 'cgdconfig(8)'. As implications thereof the key must have the same format as used by 'cgdconfig'. That means the key is a base 64 encoded string in which the first 4 bytes denote the actual length of the key in bits (these 4 bytes are stored in big endian order). Preparing a raw (e.g. without partition table) encrypted Ext2 disk image is done by executing 'tool/rump': ! dd if=/dev/urandom of=/path/to/disk_image ! rump -c /path/to/disk_image # key is printed to stdout ! rump -c -k <key> -F ext2fs /path/to/disk_image To use this disk image the following config snippet can be used: ! <start name="rump_cgd"> ! <resource name="RAM" quantum="8M" /> ! <provides><service name="Block"/></provides> ! <config action="configure"> ! <params> ! <method>key</method>} ! <key>AAABAJhpB2Y2UvVjkFdlP4m44449Pi3A/uW211mkanSulJo8</key> ! </params> ! </config> ! <route> ! <service name="Block"> <child name="ahci"/> </service> ! <any-service> <parent/> <any-child/> </any-service> ! </route> ! </start> the Block service provided by rump_cgd may be used by a file system server in return: ! <start name="rump_fs"> ! <resource name="RAM" quantum="16M"/> ! <provides><service name="File_system"/></provides> ! <config fs="ext2fs"> ! <policy label="" root="/" writeable="yes"/> ! </config> ! <route> ! <service name="Block"> <child name="rump_cgd"/> </service> ! <any-service> <parent/> <any-child/> </any-service> ! </route> ! </start> Since 'tool/rump' just utilizes the rumpkernel running on the host system to do its duty there is a script called 'tool/cgdconf' that extracts the key from a 'cgdconfig(8)' generated configuration file and also is able to generade such a file from a given key. Thereby the interoperabilty between 'rump_cgd' and the general rumpkernel based tools is secured.		2014-05-27 11:14:45 +02:00
..
include	dde_rump: block encryption server using cgd(4)	2014-05-27 11:14:45 +02:00
lib	dde_rump: block encryption server using cgd(4)	2014-05-27 11:14:45 +02:00
patches	Move repositories to 'repos/' subdirectory	2014-05-14 16:08:00 +02:00
run	dde_rump: block encryption server using cgd(4)	2014-05-27 11:14:45 +02:00
src	dde_rump: block encryption server using cgd(4)	2014-05-27 11:14:45 +02:00
Makefile	Move repositories to 'repos/' subdirectory	2014-05-14 16:08:00 +02:00
README	Move repositories to 'repos/' subdirectory	2014-05-14 16:08:00 +02:00

README

                             ================================
                             Genode's Rump Kernel kernel port
                             ================================

This repository contains the Genode version of the [http://wiki.netbsd.org/rumpkernel/ - rump kernel].
The kernel is currently used to gain file-system access from within Genode. In
order to achieve that, a Genode file-system server is located at
_src/server/rump_fs_. For accessing the server through the libc, the _libc_fs_
plugin can be facilitated, which is available in the _libports_ repository.

Building instructions
#####################

In order to build the file-system server, issue

! make prepare

from the directory this file is contained in.


Add

! REPOSITORIES += $(GENODE_DIR)/repos/dde_rump

to your _etc/build.conf_ file of you build directory.

Finally,

! make server/rumps_fs

called from your build directory will build the server. You may also specify

! make run/rump_ext2

to run a simple test scenario.


Configuration
#############

Here is an example snippet that configures the server:

!<start name="rump_fs">
!  <resource name="RAM" quantum="8M" />
!  <provides><service name="File_system"/></provides>
!  <config fs="ext2fs"><policy label="" root="/" writeable="yes"/></config>
!</start>

The server is looking for a service that provides a Genode block session. If
there is more than one block session in the system, the block session must be
routed to the right block-session server. The value of the _fs_ attribute of
the _config_ node can be one of the following: _ext2fs_ for EXT2, _cd9660_ for
ISO-9660, or _msdos_ for FAT file-system support. _root_ defines the directory
of the file system as seen as root directory by the client. The server hands
most of its RAM quota to the rump kernel. This means the larger the quota is,
the larger the internal block caches of the rump kernel will be.