diff --git a/apps/system/components/SecurityCoordinator/SecurityCoordinator.camkes b/apps/system/components/SecurityCoordinator/SecurityCoordinator.camkes index 5cafda3..1ac7003 100644 --- a/apps/system/components/SecurityCoordinator/SecurityCoordinator.camkes +++ b/apps/system/components/SecurityCoordinator/SecurityCoordinator.camkes @@ -24,7 +24,7 @@ component SecurityCoordinator { maybe uses LoggerInterface logger; uses MemoryInterface memory; - uses MailboxAPI mailbox_api; + maybe uses MailboxAPI mailbox_api; // Enable KataOS CAmkES support. attribute int kataos = true; diff --git a/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/fakeimpl/mod.rs b/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/fakeimpl/mod.rs index aced15d..d91400f 100644 --- a/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/fakeimpl/mod.rs +++ b/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/fakeimpl/mod.rs @@ -20,20 +20,17 @@ use alloc::string::{String, ToString}; use core::mem::size_of; use core::ptr; use hashbrown::HashMap; -use kata_memory_interface::kata_frame_alloc; use kata_memory_interface::kata_frame_alloc_in_cnode; use kata_memory_interface::kata_object_free_in_cnode; -use kata_memory_interface::kata_object_free_toplevel; use kata_memory_interface::ObjDescBundle; use kata_os_common::copyregion::CopyRegion; use kata_os_common::cspace_slot::CSpaceSlot; use kata_os_common::sel4_sys; use kata_security_interface::*; -use log::trace; +use log::info; use sel4_sys::seL4_Error; use sel4_sys::seL4_PageBits; -use sel4_sys::seL4_Page_GetAddress; use sel4_sys::seL4_Word; const PAGE_SIZE: usize = 1 << seL4_PageBits; @@ -216,77 +213,7 @@ impl SecurityCoordinatorInterface for FakeSecurityCoordinator { } fn test_mailbox(&mut self) -> Result<(), SecurityRequestError> { - trace!("test_mailbox_command()"); - - const MESSAGE_SIZE_DWORDS: usize = 17; // Just a random message size for testing. - - extern "C" { - fn mailbox_api_send(paddr: u32, size: u32); - fn mailbox_api_receive(paddr: *mut u32, size: *mut u32); - } - - // Allocate a 4k page to serve as our message buffer. - let frame_bundle = - kata_frame_alloc(PAGE_SIZE).map_err(|_| SecurityRequestError::SreTestFailed)?; - trace!("test_mailbox: Frame {:?}", frame_bundle); - - unsafe { - // Map the message buffer into our copyregion so we can access it. - // NB: re-use one of the deep_copy copyregions. - let mut msg_region = CopyRegion::new(ptr::addr_of_mut!(DEEP_COPY_SRC[0]), PAGE_SIZE); - msg_region - .map(frame_bundle.objs[0].cptr) - .map_err(|_| SecurityRequestError::SreTestFailed)?; - - let message_ptr = msg_region.as_word_mut(); - - // Write to the message buffer through the copyregion. - let offset_a = 0; - let offset_b = MESSAGE_SIZE_DWORDS - 1; - message_ptr[offset_a] = 0xDEADBEEF; - message_ptr[offset_b] = 0xF00DCAFE; - trace!( - "test_mailbox: old buf contents 0x{:X} 0x{:X}", - message_ptr[offset_a], - message_ptr[offset_b] - ); - - // Send the _physical_ address of the message buffer to the security - // core. - let paddr = seL4_Page_GetAddress(frame_bundle.objs[0].cptr); - mailbox_api_send(paddr.paddr as u32, (MESSAGE_SIZE_DWORDS * size_of::()) as u32); - - // Wait for the response to arrive. - let mut response_paddr: u32 = 0; - let mut response_size: u32 = 0; - mailbox_api_receive(&mut response_paddr as *mut u32, &mut response_size as *mut u32); - - // The security core should have replaced the first and last dwords - // with 0x12345678 and 0x87654321. - trace!("test_mailbox: expected contents 0x12345678 0x87654321"); - trace!( - "test_mailbox: new buf contents 0x{:X} 0x{:X}", - message_ptr[offset_a], - message_ptr[offset_b] - ); - - let dword_a = message_ptr[offset_a]; - let dword_b = message_ptr[offset_b]; - - msg_region - .unmap() - .map_err(|_| SecurityRequestError::SreTestFailed)?; - - // Done, free the message buffer. - kata_object_free_toplevel(&frame_bundle) - .map_err(|_| SecurityRequestError::SreTestFailed)?; - - if dword_a != 0x12345678 || dword_b != 0x87654321 { - return Err(SecurityRequestError::SreTestFailed); - } - } - - trace!("test_mailbox_command() done"); - Ok(()) + info!("This is a fake with no mailbox api"); + Err(SecurityRequestError::SreTestFailed) } } diff --git a/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/impl.rs b/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/impl.rs index c5f7e7c..8b3d0c9 100644 --- a/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/impl.rs +++ b/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/impl.rs @@ -14,27 +14,21 @@ //! Kata OS security coordinator seL4 support -use kata_security_interface::DeleteKeyRequest; -use kata_security_interface::GetManifestRequest; -use kata_security_interface::LoadApplicationRequest; -use kata_security_interface::LoadModelRequest; -use kata_security_interface::ReadKeyRequest; -use kata_security_interface::SecurityCoordinatorInterface; -use kata_security_interface::SecurityRequest; -use kata_security_interface::SecurityRequestCapability; -use kata_security_interface::SecurityRequestError; -use kata_security_interface::SizeBufferRequest; -use kata_security_interface::UninstallRequest; -use kata_security_interface::WriteKeyRequest; +use kata_memory_interface::kata_frame_alloc; +use kata_memory_interface::kata_object_free_toplevel; +use kata_os_common::sel4_sys; +use kata_security_interface::*; use log::trace; -use postcard; + +use sel4_sys::seL4_CPtr; +use sel4_sys::seL4_Page_GetAddress; extern "C" { static SECURITY_RECV_SLOT: seL4_CPtr; } pub struct SeL4SecurityCoordinator { - // TODO(sleffler): mailbox ipc state + // TODO(sleffler): mailbox api state } impl SeL4SecurityCoordinator { pub fn new() -> Self { SeL4SecurityCoordinator {} } @@ -42,111 +36,119 @@ impl SeL4SecurityCoordinator { pub type KataSecurityCoordinatorInterface = SeL4SecurityCoordinator; impl SecurityCoordinatorInterface for SeL4SecurityCoordinator { - fn request( + fn install(&mut self, _pkg_contents: &ObjDescBundle) -> Result { + Err(SreInstallFailed) + } + fn uninstall(&mut self, _bundle_id: &str) -> Result<(), SecurityRequestError> { + Err(SreUninstallFailed) + } + fn size_buffer(&self, _bundle_id: &str) -> Result { + Err(SreSizeBufferFailed) + } + fn get_manifest(&self, _bundle_id: &str) -> Result { + Err(SreGetManifestFailed) + } + fn load_application(&self, _bundle_id: &str) -> Result { + Err(SreLoadApplicationFailed) + } + fn load_model( + &self, + _bundle_id: &str, + _model_id: &str, + ) -> Result { + Err(SreLoadModelFailed) + } + fn read_key( + &self, + _bundle_id: &str, + _key: &str, + ) -> Result<&KeyValueData, SecurityRequestError> { + Err(SreReadFailed) + } + fn write_key( &mut self, - request_id: SecurityRequest, - request_buffer: &[u8], - _reply_buffer: &mut [u8], + _bundle_id: &str, + _key: &str, + _value: &KeyValueData, ) -> Result<(), SecurityRequestError> { - use SecurityRequestError::*; + Err(SreWriteFailed) + } + fn delete_key(&mut self, _bundle_id: &str, _key: &str) -> Result<(), SecurityRequestError> { + Err(SreDeleteFailed) + } - fn _serialize_failure(e: postcard::Error) -> SecurityRequestError { - trace!("serialize failed: {:?}", e); - SreBundleDataInvalid - } - fn deserialize_failure(e: postcard::Error) -> SecurityRequestError { - trace!("deserialize failed: {:?}", e); - SreBundleDataInvalid + fn test_mailbox(&mut self) -> Result<(), SecurityRequestError> { + trace!("test_mailbox_command()"); + + const MESSAGE_SIZE_DWORDS: usize = 17; // Just a random message size for testing. + + extern "C" { + fn mailbox_api_send(paddr: u32, size: u32); + fn mailbox_api_receive(paddr: *mut u32, size: *mut u32); } - // TODO(sleffler): mailbox ipc - match request_id { - SecurityRequest::SrEcho => { - trace!("ECHO {:?}", request_buffer); - // TODO(sleffler): fill-in - Err(SreEchoFailed) - } - SecurityRequest::SrInstall => { - let mut request = postcard::from_bytes::(&request_buffer[..]) - .map_err(deserialize_failure)?; - request.set_container_cap(unsafe { SECURITY_RECV_SLOT }); - trace!("INSTALL pkg_contents {:?}", request.pkg_contents); - // TODO(sleffler): fill-in - Err(SreInstallFailed) - } - SecurityRequest::SrUninstall => { - let request = postcard::from_bytes::(&request_buffer[..]) - .map_err(deserialize_failure)?; - trace!("UNINSTALL {}", request.bundle_id); - // TODO(sleffler): fill-in - Err(SreUninstallFailed) - } - SecurityRequest::SrSizeBuffer => { - let request = postcard::from_bytes::(&request_buffer[..]) - .map_err(deserialize_failure)?; - trace!("SIZE BUFFER bundle_id {}", request.bundle_id); - // TODO(sleffler): fill-in - Err(SreSizeBufferFailed) - } - SecurityRequest::SrGetManifest => { - let request = postcard::from_bytes::(&request_buffer[..]) - .map_err(deserialize_failure)?; - trace!("GET MANIFEST bundle_id {}", request.bundle_id); - // TODO(sleffler): fill-in - Err(SreGetManifestFailed) - } - SecurityRequest::SrLoadApplication => { - let mut request = - postcard::from_bytes::(&request_buffer[..]) - .map_err(deserialize_failure)?; - request.set_container_cap(unsafe { SECURITY_RECV_SLOT }); - trace!( - "LOAD APPLICATION bundle_id {} app_binary {:?}", - request.bundle_id, - request.app_binary - ); - // TODO(sleffler): fill-in - Err(SreLoadApplicationFailed) - } - SecurityRequest::SrLoadModel => { - let mut request = postcard::from_bytes::(&request_buffer[..]) - .map_err(deserialize_failure)?; - request.set_container_cap(unsafe { SECURITY_RECV_SLOT }); - trace!( - "LOAD MODEL bundle_id {} model_id {} model_binary {:?}", - request.bundle_id, - request.model_id, - request.model_binary - ); - // TODO(sleffler): fill-in - Err(SreLoadModelFailed) - } - SecurityRequest::SrReadKey => { - let request = postcard::from_bytes::(&request_buffer[..]) - .map_err(deserialize_failure)?; - trace!("READ KEY bundle_id {} key {}", request.bundle_id, request.key,); - // TODO(sleffler): fill-in - Err(SreReadFailed) - } - SecurityRequest::SrWriteKey => { - let request = postcard::from_bytes::(&request_buffer[..]) - .map_err(deserialize_failure)?; - trace!( - "WRITE KEY bundle_id {} key {} value {:?}", - request.bundle_id, - request.key, - request.value, - ); - // TODO(sleffler): fill-in - Err(SreWriteFailed) - } - SecurityRequest::SrDeleteKey => { - let request = postcard::from_bytes::(&request_buffer[..]) - .map_err(deserialize_failure)?; - trace!("DELETE KEY bundle_id {} key {}", request.bundle_id, request.key,); - // TODO(sleffler): fill-in - Err(SreDeleteFailed) + // Allocate a 4k page to serve as our message buffer. + let frame_bundle = + kata_frame_alloc(PAGE_SIZE).map_err(|_| SecurityRequestError::SreTestFailed)?; + trace!("test_mailbox: Frame {:?}", frame_bundle); + + unsafe { + // Map the message buffer into our copyregion so we can access it. + // NB: re-use one of the deep_copy copyregions. + let mut msg_region = CopyRegion::new(ptr::addr_of_mut!(DEEP_COPY_SRC[0]), PAGE_SIZE); + msg_region + .map(frame_bundle.objs[0].cptr) + .map_err(|_| SecurityRequestError::SreTestFailed)?; + + let message_ptr = msg_region.as_word_mut(); + + // Write to the message buffer through the copyregion. + let offset_a = 0; + let offset_b = MESSAGE_SIZE_DWORDS - 1; + message_ptr[offset_a] = 0xDEADBEEF; + message_ptr[offset_b] = 0xF00DCAFE; + trace!( + "test_mailbox: old buf contents 0x{:X} 0x{:X}", + message_ptr[offset_a], + message_ptr[offset_b] + ); + + // Send the _physical_ address of the message buffer to the security + // core. + let paddr = seL4_Page_GetAddress(frame_bundle.objs[0].cptr); + mailbox_api_send(paddr.paddr as u32, (MESSAGE_SIZE_DWORDS * size_of::()) as u32); + + // Wait for the response to arrive. + let mut response_paddr: u32 = 0; + let mut response_size: u32 = 0; + mailbox_api_receive(&mut response_paddr as *mut u32, &mut response_size as *mut u32); + + // The security core should have replaced the first and last dwords + // with 0x12345678 and 0x87654321. + trace!("test_mailbox: expected contents 0x12345678 0x87654321"); + trace!( + "test_mailbox: new buf contents 0x{:X} 0x{:X}", + message_ptr[offset_a], + message_ptr[offset_b] + ); + + let dword_a = message_ptr[offset_a]; + let dword_b = message_ptr[offset_b]; + + msg_region + .unmap() + .map_err(|_| SecurityRequestError::SreTestFailed)?; + + // Done, free the message buffer. + kata_object_free_toplevel(&frame_bundle) + .map_err(|_| SecurityRequestError::SreTestFailed)?; + + if dword_a != 0x12345678 || dword_b != 0x87654321 { + return Err(SecurityRequestError::SreTestFailed); } } + + trace!("test_mailbox_command() done"); + Ok(()) } }