genode

Commit Graph

Author	SHA1	Message	Date
Josef Söntgen	aaf0454956	tool: wrapper script for rumpkernel tools The rumpkernel based tools are intended to be used by executing 'tool/rump'. Since it covers the most common use cases for these tools, this script is comparatively extensive, hence giving a short tutorial seems reasonable: * Format a disk image with Ext2: To format a disk image with the Ext2 file system, first prepare the actual image by executing dd: ! dd if=/dev/zero of=/path/to/disk_image bs=1M count=128 Second, use 'tool/rump' to format the disk image: ! rump -f -F ext2fs /path/to/disk_image Afterwards the just created file system may be populated with the content of another directory by executing ! rump -F ext2fs -p /path/to/another_dir /path/to/disk_image The content of the file system image can be listed by executing ! rump -F ext2fs -l /path/to/disk_image * Create a encrypted disk image: Creating a cryptographic disk image based on cgd(4) is done by executing the following command: ! rump -c /path/to/disk_image This will generate a key that may be used to decrypt the image later on. Since this command will _only_ generate a key and NOT initialize the disk image, it is highly advised to prepare the disk image by using '/dev/urandom' instead of '/dev/zero' (only new blocks that will be written to the disk image are encrypted). In addition while generating the key a temporary configuration file will be created. Although this file has proper permissions, it may leak the generated key if it is created on persistent storage. To specify a more secure directory the '-t' option should be used: ! rump -c -t /path/to/secure/directory /path/to/disk_image Decrypting the disk image requires the key generated in the previous step: ! rump -c -k <key> /path/to/disk_image For now this key has to specified as command line argument. This is an issue if the shell, which is used, is maintaing a history of executed commands. For completness sake let us put all examples together by creating a encrypted Ext2 image that will contain all files of Genode's _demo_ scenario: ! dd if=/dev/urandom of=/tmp/demo.img bs=1M count=16 ! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs /tmp/demo.img > \ ! /ramfs/key # key is printed out to stdout ! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs -k <key> \ ! -p $(BUILD_DIR)/var/run/demo /tmp/demo.img To check if the image was populated succesfully, execute the following: ! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs -k <key> -l \ ! /tmp/demo.img	2014-05-27 11:14:45 +02:00

Author

SHA1

Message

Date

Josef Söntgen

aaf0454956

tool: wrapper script for rumpkernel tools

The rumpkernel based tools are intended to be used by executing
'tool/rump'. Since it covers the most common use cases for these
tools, this script is comparatively extensive, hence giving a short
tutorial seems reasonable:

* Format a disk image with Ext2:

To format a disk image with the Ext2 file system, first prepare the
actual image by executing dd:

! dd if=/dev/zero of=/path/to/disk_image bs=1M count=128

Second, use 'tool/rump' to format the disk image:

! rump -f -F ext2fs /path/to/disk_image

Afterwards the just created file system may be populated with the
content of another directory by executing

! rump -F ext2fs -p /path/to/another_dir /path/to/disk_image

The content of the file system image can be listed by executing

! rump -F ext2fs -l /path/to/disk_image

* Create a encrypted disk image:

Creating a cryptographic disk image based on cgd(4) is done by
executing the following command:
! rump -c /path/to/disk_image

This will generate a key that may be used to decrypt the image
later on. Since this command will _only_ generate a key and NOT
initialize the disk image, it is highly advised to prepare the disk
image by using '/dev/urandom' instead of '/dev/zero' (only new blocks
that will be written to the disk image are encrypted). In addition
while generating the key a temporary configuration file will be
created. Although this file has proper permissions, it may leak the
generated key if it is created on persistent storage. To specify a more
secure directory the '-t' option should be used:

! rump -c -t /path/to/secure/directory /path/to/disk_image

Decrypting the disk image requires the key generated in the previous
step:

! rump -c -k <key> /path/to/disk_image

For now this key has to specified as command line argument. This is
an issue if the shell, which is used, is maintaing a history of
executed commands.

For completness sake let us put all examples together by creating a
encrypted Ext2 image that will contain all files of Genode's _demo_
scenario:

! dd if=/dev/urandom of=/tmp/demo.img bs=1M count=16
! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs /tmp/demo.img > \
!         /ramfs/key # key is printed out to stdout
! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs -k <key> \
!         -p $(BUILD_DIR)/var/run/demo /tmp/demo.img

To check if the image was populated succesfully, execute the
following:

! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs -k <key> -l \
!         /tmp/demo.img

2014-05-27 11:14:45 +02:00

1 Commits