kata-security-coordinator: move test_mailbox to the real impl

Make the mailbox_api dependency optional so builds without a security core work as intended. This means users of the fake lose the test_mailbox shell command but given it was only a test vehicle it should be ok to require configuring the sel4 feature. As part of this update the "real impl" skeleton to the current traits. Change-Id: I2a8628d316cca576d9c5dc579f099e16003a8f19 GitOrigin-RevId: e6232073ed02aa6919ef2ed11a80dee1bcb11872
2025-05-08 07:26:41 +00:00 · 2022-10-13 23:26:22 +00:00 · 2022-10-13 23:26:22 +00:00 · a9901bfff9
commit a9901bfff9
parent 34809a47e1
3 changed files with 119 additions and 190 deletions
--- a/apps/system/components/SecurityCoordinator/SecurityCoordinator.camkes
+++ b/apps/system/components/SecurityCoordinator/SecurityCoordinator.camkes
@ -24,7 +24,7 @@ component SecurityCoordinator {

  maybe uses LoggerInterface logger;
  uses MemoryInterface memory;
-  uses MailboxAPI mailbox_api;
+  maybe uses MailboxAPI mailbox_api;

  // Enable KataOS CAmkES support.
  attribute int kataos = true;
--- a/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/fakeimpl/mod.rs
+++ b/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/fakeimpl/mod.rs
@ -20,20 +20,17 @@ use alloc::string::{String, ToString};
 use core::mem::size_of;
 use core::ptr;
 use hashbrown::HashMap;
-use kata_memory_interface::kata_frame_alloc;
 use kata_memory_interface::kata_frame_alloc_in_cnode;
 use kata_memory_interface::kata_object_free_in_cnode;
-use kata_memory_interface::kata_object_free_toplevel;
 use kata_memory_interface::ObjDescBundle;
 use kata_os_common::copyregion::CopyRegion;
 use kata_os_common::cspace_slot::CSpaceSlot;
 use kata_os_common::sel4_sys;
 use kata_security_interface::*;
-use log::trace;
+use log::info;

 use sel4_sys::seL4_Error;
 use sel4_sys::seL4_PageBits;
-use sel4_sys::seL4_Page_GetAddress;
 use sel4_sys::seL4_Word;

 const PAGE_SIZE: usize = 1 << seL4_PageBits;
@ -216,77 +213,7 @@ impl SecurityCoordinatorInterface for FakeSecurityCoordinator {
    }

    fn test_mailbox(&mut self) -> Result<(), SecurityRequestError> {
-        trace!("test_mailbox_command()");
-
-        const MESSAGE_SIZE_DWORDS: usize = 17; // Just a random message size for testing.
-
-        extern "C" {
-            fn mailbox_api_send(paddr: u32, size: u32);
-            fn mailbox_api_receive(paddr: *mut u32, size: *mut u32);
-        }
-
-        // Allocate a 4k page to serve as our message buffer.
-        let frame_bundle =
-            kata_frame_alloc(PAGE_SIZE).map_err(|_| SecurityRequestError::SreTestFailed)?;
-        trace!("test_mailbox: Frame {:?}", frame_bundle);
-
-        unsafe {
-            // Map the message buffer into our copyregion so we can access it.
-            // NB: re-use one of the deep_copy copyregions.
-            let mut msg_region = CopyRegion::new(ptr::addr_of_mut!(DEEP_COPY_SRC[0]), PAGE_SIZE);
-            msg_region
-                .map(frame_bundle.objs[0].cptr)
-                .map_err(|_| SecurityRequestError::SreTestFailed)?;
-
-            let message_ptr = msg_region.as_word_mut();
-
-            // Write to the message buffer through the copyregion.
-            let offset_a = 0;
-            let offset_b = MESSAGE_SIZE_DWORDS - 1;
-            message_ptr[offset_a] = 0xDEADBEEF;
-            message_ptr[offset_b] = 0xF00DCAFE;
-            trace!(
-                "test_mailbox: old buf contents  0x{:X} 0x{:X}",
-                message_ptr[offset_a],
-                message_ptr[offset_b]
-            );
-
-            // Send the _physical_ address of the message buffer to the security
-            // core.
-            let paddr = seL4_Page_GetAddress(frame_bundle.objs[0].cptr);
-            mailbox_api_send(paddr.paddr as u32, (MESSAGE_SIZE_DWORDS * size_of::<u32>()) as u32);
-
-            // Wait for the response to arrive.
-            let mut response_paddr: u32 = 0;
-            let mut response_size: u32 = 0;
-            mailbox_api_receive(&mut response_paddr as *mut u32, &mut response_size as *mut u32);
-
-            // The security core should have replaced the first and last dwords
-            // with 0x12345678 and 0x87654321.
-            trace!("test_mailbox: expected contents 0x12345678 0x87654321");
-            trace!(
-                "test_mailbox: new buf contents  0x{:X} 0x{:X}",
-                message_ptr[offset_a],
-                message_ptr[offset_b]
-            );
-
-            let dword_a = message_ptr[offset_a];
-            let dword_b = message_ptr[offset_b];
-
-            msg_region
-                .unmap()
-                .map_err(|_| SecurityRequestError::SreTestFailed)?;
-
-            // Done, free the message buffer.
-            kata_object_free_toplevel(&frame_bundle)
-                .map_err(|_| SecurityRequestError::SreTestFailed)?;
-
-            if dword_a != 0x12345678 || dword_b != 0x87654321 {
-                return Err(SecurityRequestError::SreTestFailed);
-            }
-        }
-
-        trace!("test_mailbox_command() done");
-        Ok(())
+        info!("This is a fake with no mailbox api");
+        Err(SecurityRequestError::SreTestFailed)
    }
 }
--- a/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/impl.rs
+++ b/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/impl.rs
@ -14,27 +14,21 @@

 //! Kata OS security coordinator seL4 support

-use kata_security_interface::DeleteKeyRequest;
-use kata_security_interface::GetManifestRequest;
-use kata_security_interface::LoadApplicationRequest;
-use kata_security_interface::LoadModelRequest;
-use kata_security_interface::ReadKeyRequest;
-use kata_security_interface::SecurityCoordinatorInterface;
-use kata_security_interface::SecurityRequest;
-use kata_security_interface::SecurityRequestCapability;
-use kata_security_interface::SecurityRequestError;
-use kata_security_interface::SizeBufferRequest;
-use kata_security_interface::UninstallRequest;
-use kata_security_interface::WriteKeyRequest;
+use kata_memory_interface::kata_frame_alloc;
+use kata_memory_interface::kata_object_free_toplevel;
+use kata_os_common::sel4_sys;
+use kata_security_interface::*;
 use log::trace;
-use postcard;
+
+use sel4_sys::seL4_CPtr;
+use sel4_sys::seL4_Page_GetAddress;

 extern "C" {
    static SECURITY_RECV_SLOT: seL4_CPtr;
 }

 pub struct SeL4SecurityCoordinator {
-    // TODO(sleffler): mailbox ipc state
+    // TODO(sleffler): mailbox api state
 }
 impl SeL4SecurityCoordinator {
    pub fn new() -> Self { SeL4SecurityCoordinator {} }
@ -42,111 +36,119 @@ impl SeL4SecurityCoordinator {
 pub type KataSecurityCoordinatorInterface = SeL4SecurityCoordinator;

 impl SecurityCoordinatorInterface for SeL4SecurityCoordinator {
-    fn request(
+    fn install(&mut self, _pkg_contents: &ObjDescBundle) -> Result<String, SecurityRequestError> {
+        Err(SreInstallFailed)
+    }
+    fn uninstall(&mut self, _bundle_id: &str) -> Result<(), SecurityRequestError> {
+        Err(SreUninstallFailed)
+    }
+    fn size_buffer(&self, _bundle_id: &str) -> Result<usize, SecurityRequestError> {
+        Err(SreSizeBufferFailed)
+    }
+    fn get_manifest(&self, _bundle_id: &str) -> Result<String, SecurityRequestError> {
+        Err(SreGetManifestFailed)
+    }
+    fn load_application(&self, _bundle_id: &str) -> Result<ObjDescBundle, SecurityRequestError> {
+        Err(SreLoadApplicationFailed)
+    }
+    fn load_model(
+        &self,
+        _bundle_id: &str,
+        _model_id: &str,
+    ) -> Result<ObjDescBundle, SecurityRequestError> {
+        Err(SreLoadModelFailed)
+    }
+    fn read_key(
+        &self,
+        _bundle_id: &str,
+        _key: &str,
+    ) -> Result<&KeyValueData, SecurityRequestError> {
+        Err(SreReadFailed)
+    }
+    fn write_key(
        &mut self,
-        request_id: SecurityRequest,
-        request_buffer: &[u8],
-        _reply_buffer: &mut [u8],
+        _bundle_id: &str,
+        _key: &str,
+        _value: &KeyValueData,
    ) -> Result<(), SecurityRequestError> {
-        use SecurityRequestError::*;
+        Err(SreWriteFailed)
+    }
+    fn delete_key(&mut self, _bundle_id: &str, _key: &str) -> Result<(), SecurityRequestError> {
+        Err(SreDeleteFailed)
+    }

-        fn _serialize_failure(e: postcard::Error) -> SecurityRequestError {
-            trace!("serialize failed: {:?}", e);
-            SreBundleDataInvalid
-        }
-        fn deserialize_failure(e: postcard::Error) -> SecurityRequestError {
-            trace!("deserialize failed: {:?}", e);
-            SreBundleDataInvalid
+    fn test_mailbox(&mut self) -> Result<(), SecurityRequestError> {
+        trace!("test_mailbox_command()");
+
+        const MESSAGE_SIZE_DWORDS: usize = 17; // Just a random message size for testing.
+
+        extern "C" {
+            fn mailbox_api_send(paddr: u32, size: u32);
+            fn mailbox_api_receive(paddr: *mut u32, size: *mut u32);
        }

-        // TODO(sleffler): mailbox ipc
-        match request_id {
-            SecurityRequest::SrEcho => {
-                trace!("ECHO {:?}", request_buffer);
-                // TODO(sleffler): fill-in
-                Err(SreEchoFailed)
-            }
-            SecurityRequest::SrInstall => {
-                let mut request = postcard::from_bytes::<InstallRequest>(&request_buffer[..])
-                    .map_err(deserialize_failure)?;
-                request.set_container_cap(unsafe { SECURITY_RECV_SLOT });
-                trace!("INSTALL pkg_contents {:?}", request.pkg_contents);
-                // TODO(sleffler): fill-in
-                Err(SreInstallFailed)
-            }
-            SecurityRequest::SrUninstall => {
-                let request = postcard::from_bytes::<UninstallRequest>(&request_buffer[..])
-                    .map_err(deserialize_failure)?;
-                trace!("UNINSTALL {}", request.bundle_id);
-                // TODO(sleffler): fill-in
-                Err(SreUninstallFailed)
-            }
-            SecurityRequest::SrSizeBuffer => {
-                let request = postcard::from_bytes::<SizeBufferRequest>(&request_buffer[..])
-                    .map_err(deserialize_failure)?;
-                trace!("SIZE BUFFER bundle_id {}", request.bundle_id);
-                // TODO(sleffler): fill-in
-                Err(SreSizeBufferFailed)
-            }
-            SecurityRequest::SrGetManifest => {
-                let request = postcard::from_bytes::<GetManifestRequest>(&request_buffer[..])
-                    .map_err(deserialize_failure)?;
-                trace!("GET MANIFEST bundle_id {}", request.bundle_id);
-                // TODO(sleffler): fill-in
-                Err(SreGetManifestFailed)
-            }
-            SecurityRequest::SrLoadApplication => {
-                let mut request =
-                    postcard::from_bytes::<LoadApplicationRequest>(&request_buffer[..])
-                        .map_err(deserialize_failure)?;
-                request.set_container_cap(unsafe { SECURITY_RECV_SLOT });
-                trace!(
-                    "LOAD APPLICATION bundle_id {} app_binary {:?}",
-                    request.bundle_id,
-                    request.app_binary
-                );
-                // TODO(sleffler): fill-in
-                Err(SreLoadApplicationFailed)
-            }
-            SecurityRequest::SrLoadModel => {
-                let mut request = postcard::from_bytes::<LoadModelRequest>(&request_buffer[..])
-                    .map_err(deserialize_failure)?;
-                request.set_container_cap(unsafe { SECURITY_RECV_SLOT });
-                trace!(
-                    "LOAD MODEL bundle_id {} model_id {} model_binary {:?}",
-                    request.bundle_id,
-                    request.model_id,
-                    request.model_binary
-                );
-                // TODO(sleffler): fill-in
-                Err(SreLoadModelFailed)
-            }
-            SecurityRequest::SrReadKey => {
-                let request = postcard::from_bytes::<ReadKeyRequest>(&request_buffer[..])
-                    .map_err(deserialize_failure)?;
-                trace!("READ KEY bundle_id {} key {}", request.bundle_id, request.key,);
-                // TODO(sleffler): fill-in
-                Err(SreReadFailed)
-            }
-            SecurityRequest::SrWriteKey => {
-                let request = postcard::from_bytes::<WriteKeyRequest>(&request_buffer[..])
-                    .map_err(deserialize_failure)?;
-                trace!(
-                    "WRITE KEY bundle_id {} key {} value {:?}",
-                    request.bundle_id,
-                    request.key,
-                    request.value,
-                );
-                // TODO(sleffler): fill-in
-                Err(SreWriteFailed)
-            }
-            SecurityRequest::SrDeleteKey => {
-                let request = postcard::from_bytes::<DeleteKeyRequest>(&request_buffer[..])
-                    .map_err(deserialize_failure)?;
-                trace!("DELETE KEY bundle_id {} key {}", request.bundle_id, request.key,);
-                // TODO(sleffler): fill-in
-                Err(SreDeleteFailed)
+        // Allocate a 4k page to serve as our message buffer.
+        let frame_bundle =
+            kata_frame_alloc(PAGE_SIZE).map_err(|_| SecurityRequestError::SreTestFailed)?;
+        trace!("test_mailbox: Frame {:?}", frame_bundle);
+
+        unsafe {
+            // Map the message buffer into our copyregion so we can access it.
+            // NB: re-use one of the deep_copy copyregions.
+            let mut msg_region = CopyRegion::new(ptr::addr_of_mut!(DEEP_COPY_SRC[0]), PAGE_SIZE);
+            msg_region
+                .map(frame_bundle.objs[0].cptr)
+                .map_err(|_| SecurityRequestError::SreTestFailed)?;
+
+            let message_ptr = msg_region.as_word_mut();
+
+            // Write to the message buffer through the copyregion.
+            let offset_a = 0;
+            let offset_b = MESSAGE_SIZE_DWORDS - 1;
+            message_ptr[offset_a] = 0xDEADBEEF;
+            message_ptr[offset_b] = 0xF00DCAFE;
+            trace!(
+                "test_mailbox: old buf contents  0x{:X} 0x{:X}",
+                message_ptr[offset_a],
+                message_ptr[offset_b]
+            );
+
+            // Send the _physical_ address of the message buffer to the security
+            // core.
+            let paddr = seL4_Page_GetAddress(frame_bundle.objs[0].cptr);
+            mailbox_api_send(paddr.paddr as u32, (MESSAGE_SIZE_DWORDS * size_of::<u32>()) as u32);
+
+            // Wait for the response to arrive.
+            let mut response_paddr: u32 = 0;
+            let mut response_size: u32 = 0;
+            mailbox_api_receive(&mut response_paddr as *mut u32, &mut response_size as *mut u32);
+
+            // The security core should have replaced the first and last dwords
+            // with 0x12345678 and 0x87654321.
+            trace!("test_mailbox: expected contents 0x12345678 0x87654321");
+            trace!(
+                "test_mailbox: new buf contents  0x{:X} 0x{:X}",
+                message_ptr[offset_a],
+                message_ptr[offset_b]
+            );
+
+            let dword_a = message_ptr[offset_a];
+            let dword_b = message_ptr[offset_b];
+
+            msg_region
+                .unmap()
+                .map_err(|_| SecurityRequestError::SreTestFailed)?;
+
+            // Done, free the message buffer.
+            kata_object_free_toplevel(&frame_bundle)
+                .map_err(|_| SecurityRequestError::SreTestFailed)?;
+
+            if dword_a != 0x12345678 || dword_b != 0x87654321 {
+                return Err(SecurityRequestError::SreTestFailed);
            }
        }
+
+        trace!("test_mailbox_command() done");
+        Ok(())
    }
 }