ehmry/genode
ehmry
/
genode
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
genode/repos
History
Josef Söntgen e777165090 dde_rump: block encryption server using cgd(4) 
The 'rump_cgd' server provides block level encryption for a block
session by employing the 'cgd(4)' device provided by the rumpkernel.

'rump_cgd' uses a Block_session to get access to an existing block
device and provides another Block_session to its clients. Each block
written or read by the client is transperently encrypted or decrypted
by the server.

For now 'rump_cgd' may only _configure_ a 'cgd' device but is unable
to generate a configuration. The used cipher is hardcoded to
_aes-cbc_ with a keysize of 256 bit. Furthermore the server is able to
serve one client only.

To ease the usage, its interface is modelled after the interface of
'cgdconfig(8)'. As implications thereof the key must have the same
format as used by 'cgdconfig'. That means the key is a base 64 encoded
string in which the first 4 bytes denote the actual length of the key
in bits (these 4 bytes are stored in big endian order).

Preparing a raw (e.g. without partition table) encrypted Ext2 disk
image is done by executing 'tool/rump':

! dd if=/dev/urandom of=/path/to/disk_image
! rump -c /path/to/disk_image # key is printed to stdout
! rump -c -k <key> -F ext2fs /path/to/disk_image

To use this disk image the following config snippet can be used:

! <start name="rump_cgd">
! 	<resource name="RAM" quantum="8M" />
! 	<provides><service name="Block"/></provides>
! 	<config action="configure">
! 		<params>
! 			<method>key</method>}
! 			<key>AAABAJhpB2Y2UvVjkFdlP4m44449Pi3A/uW211mkanSulJo8</key>
! 		</params>
! 	</config>
! 	<route>
! 		<service name="Block"> <child name="ahci"/> </service>
! 		<any-service> <parent/> <any-child/> </any-service>
! 	</route>
! </start>

the Block service provided by rump_cgd may be used by a file system
server in return:

! <start name="rump_fs">
! 	<resource name="RAM" quantum="16M"/>
! 	<provides><service name="File_system"/></provides>
! 	<config fs="ext2fs">
! 		<policy label="" root="/" writeable="yes"/>
! 	</config>
! 	<route>
! 		<service name="Block"> <child name="rump_cgd"/> </service>
! 		<any-service> <parent/> <any-child/> </any-service>
! 	</route>
! </start>

Since 'tool/rump' just utilizes the rumpkernel running on the host
system to do its duty there is a script called 'tool/cgdconf' that
extracts the key from a 'cgdconfig(8)' generated configuration file
and also is able to generade such a file from a given key. Thereby
the interoperabilty between 'rump_cgd' and the general rumpkernel
based tools is secured.
 		2014-05-27 11:14:45 +02:00
..
base core: make parent EP stack size depend on addr_t 2014-05-27 11:14:44 +02:00
base-codezero Move repositories to 'repos/' subdirectory 2014-05-14 16:08:00 +02:00
base-fiasco base-fiasco: migrate to new ports mechanism 2014-05-27 11:14:43 +02:00
base-foc base-foc: migrate to new ports mechanism 2014-05-27 11:14:43 +02:00
base-host Move repositories to 'repos/' subdirectory 2014-05-14 16:08:00 +02:00
base-hw Move repositories to 'repos/' subdirectory 2014-05-14 16:08:00 +02:00
base-linux Move repositories to 'repos/' subdirectory 2014-05-14 16:08:00 +02:00
base-nova Temporarily disable hash checks 2014-05-27 11:14:44 +02:00
base-okl4 Temporarily disable hash checks 2014-05-27 11:14:44 +02:00
base-pistachio base-pistachio: migrate to new ports mechanism 2014-05-27 11:14:44 +02:00
dde_ipxe dde_ipxe: migrate to new ports mechanism 2014-05-27 11:14:43 +02:00
dde_linux dde_linux: migrate to new ports mechanism 2014-05-27 11:14:43 +02:00
dde_oss Temporarily disable hash checks 2014-05-27 11:14:44 +02:00
dde_rump dde_rump: block encryption server using cgd(4) 2014-05-27 11:14:45 +02:00
demo Move repositories to 'repos/' subdirectory 2014-05-14 16:08:00 +02:00
gems Move repositories to 'repos/' subdirectory 2014-05-14 16:08:00 +02:00
hello_tutorial Move repositories to 'repos/' subdirectory 2014-05-14 16:08:00 +02:00
libports libports: enable curl on arm 2014-05-27 11:14:45 +02:00
os Volatile_object: align the embedded object 2014-05-27 11:14:44 +02:00
ports noux_gdb: adapt to libc VFS 2014-05-27 11:14:44 +02:00
ports-foc ports-foc: migrate to new ports mechanism 2014-05-27 11:14:43 +02:00
qt4 Move repositories to 'repos/' subdirectory 2014-05-14 16:08:00 +02:00
README Move repositories to 'repos/' subdirectory 2014-05-14 16:08:00 +02:00

README 

                      ===============================
                      Genode source-code repositories
                      ===============================


This directory contains the source-code repositories of the Genode OS
Framework. Each sub directory has the same principle layout as described in the
build-system manual:

:Build-system manual:

  [http://genode.org/documentation/developer-resources/build_system]

The build system uses a configurable selection of those reposities to obtain
the source codes for the build process. The repositories are not independent
but build upon of each other:

:'base':

  This directory contains the source-code repository of the fundamental
  frameworks and interfaces of Genode. Furthermore, it contains the generic
  parts of core.

:'base-<platform>':
  These directories contain platform-specific source-code repositories
  complementing the 'base' repository. The following platforms are supported:

  :'linux':
    Linux kernel (both x86_32 and x86_64)

  :'nova':
    NOVA hypervisor developed at University of Technology Dresden
    See [http://genode.org/documentation/platforms/nova]

  :'foc':
    Fiasco.OC is a modernized version of the Fiasco microkernel with a
    completely revised kernel interface fostering capability-based
    security. It is not compatible with L4/Fiasco.
    See [http://genode.org/documentation/platforms/foc]

  :'hw':
    The hw platform allows the execution of Genode on bare ARM hardware
    without the need for a separate kernel. The kernel functionality is
    included in core.
    See [http://genode.org/documentation/platforms/hw]

  :'okl4':
    OKL4 kernel (x86_32 and ARM) developed at Open-Kernel-Labs.
    See [http://genode.org/documentation/platforms/okl4]

  :'pistachio':
    L4ka::Pistachio kernel developed at University of Karlsruhe.
    See [http://genode.org/documentation/platforms/pistachio]

  :'fiasco':
    L4/Fiasco kernel developed at University of Technology Dresden.
    See [http://genode.org/documentation/platforms/fiasco]

  :'codezero':
    Codezero microkernel developed by B-Labs
    See [http://genode.org/documentation/platforms/codezero]

  :'host':
    Pseudo platform documenting the interface between the generic and
    platform-specific parts of the base framework. This is not a functional
    base platform.

:'os':

  This directory contains the non-base OS components such as the init process,
  device drivers, and basic system services.

:'demo':

  This directory contains the source-code repository of various services and
  applications that we use for demonstration purposes. For example, a graphical
  application launcher called Launchpad and the Scout tutorial browser.

:'hello_tutorial':

  Tutorial for creating a simple client-server scenario with Genode. This
  repository includes documentation and the complete source code.

:'libports':

  This source-code repository contains ports of popular open-source libraries
  to Genode, most importantly the C library. The repository contains no
  upstream source code but means to download the code and adapt it to Genode.
  For instructions about how to use this mechanism, please consult the README
  file at the top level of the repository. Among the 3rd-party libraries
  are Qt5, libSDL, freetype, Python, ncurses, Mesa, and libav.

:'dde_linux':

  This source-code repository contains the device driver environment for
  executing Linux device drivers natively on Genode. Currently, this
  repository hosts the USB stack.

:'dde_ipxe':

  This source-code repository contains the device-driver environment for
  executing drivers of the iPXE project.

:'dde_oss':

  This source-code repository contains the device-driver environment for the
  audio drivers of the Open Sound System (OSS).

:'dde_rump':

  This source-code repository contains the port of rump kernels, which are
  used to execute subsystems of the NetBSD kernel as user level processes.
  The repository contains a server that uses a rump kernel to provide
  various NetBSD file systems to Genode.

:'qt4':

  This source-code repository contains the Genode version of Qt4 framework.
  Please find more information about using Qt4 with Genode in the repository's
  'README' file. Please note that the Qt4 support is deprecated. Use Qt5
  as contained in 'libports' instead.

:'ports':

  This source-code repository hosts ports of 3rd-party applications to
  Genode. The repository does not contain upstream source code but provides
  a mechanism for downloading the official source distributions and adapt
  them to the Genode environment. The used mechanism is roughly the same
  as used for the 'libports' repository. Please consult 'libports/README'
  for further information.

:'ports-<platform>':

  These platform-specific source-code repositories contain software that
  capitalizes special features of the respective kernel platform.
  For the Fiasco.OC platform, 'ports-foc' hosts a port of the L4Linux
  kernel. For further information, please refer to the README file at the
  top level of the respective repository.

:'gems':

  This source-code repository contains Genode applications that use
  both native Genode interfaces as well as features of other high-level
  repositories, in particular shared libraries provided by 'libports'.