mirror of
https://github.com/AmbiML/sparrow-kata-full.git
synced 2025-07-13 14:04:19 +00:00
kata-security-coordinator: move test_mailbox to the real impl
Make the mailbox_api dependency optional so builds without a security core work as intended. This means users of the fake lose the test_mailbox shell command but given it was only a test vehicle it should be ok to require configuring the sel4 feature. As part of this update the "real impl" skeleton to the current traits. Change-Id: I2a8628d316cca576d9c5dc579f099e16003a8f19 GitOrigin-RevId: e6232073ed02aa6919ef2ed11a80dee1bcb11872
This commit is contained in:
parent
34809a47e1
commit
a9901bfff9
@ -24,7 +24,7 @@ component SecurityCoordinator {
|
|||||||
|
|
||||||
maybe uses LoggerInterface logger;
|
maybe uses LoggerInterface logger;
|
||||||
uses MemoryInterface memory;
|
uses MemoryInterface memory;
|
||||||
uses MailboxAPI mailbox_api;
|
maybe uses MailboxAPI mailbox_api;
|
||||||
|
|
||||||
// Enable KataOS CAmkES support.
|
// Enable KataOS CAmkES support.
|
||||||
attribute int kataos = true;
|
attribute int kataos = true;
|
||||||
|
@ -20,20 +20,17 @@ use alloc::string::{String, ToString};
|
|||||||
use core::mem::size_of;
|
use core::mem::size_of;
|
||||||
use core::ptr;
|
use core::ptr;
|
||||||
use hashbrown::HashMap;
|
use hashbrown::HashMap;
|
||||||
use kata_memory_interface::kata_frame_alloc;
|
|
||||||
use kata_memory_interface::kata_frame_alloc_in_cnode;
|
use kata_memory_interface::kata_frame_alloc_in_cnode;
|
||||||
use kata_memory_interface::kata_object_free_in_cnode;
|
use kata_memory_interface::kata_object_free_in_cnode;
|
||||||
use kata_memory_interface::kata_object_free_toplevel;
|
|
||||||
use kata_memory_interface::ObjDescBundle;
|
use kata_memory_interface::ObjDescBundle;
|
||||||
use kata_os_common::copyregion::CopyRegion;
|
use kata_os_common::copyregion::CopyRegion;
|
||||||
use kata_os_common::cspace_slot::CSpaceSlot;
|
use kata_os_common::cspace_slot::CSpaceSlot;
|
||||||
use kata_os_common::sel4_sys;
|
use kata_os_common::sel4_sys;
|
||||||
use kata_security_interface::*;
|
use kata_security_interface::*;
|
||||||
use log::trace;
|
use log::info;
|
||||||
|
|
||||||
use sel4_sys::seL4_Error;
|
use sel4_sys::seL4_Error;
|
||||||
use sel4_sys::seL4_PageBits;
|
use sel4_sys::seL4_PageBits;
|
||||||
use sel4_sys::seL4_Page_GetAddress;
|
|
||||||
use sel4_sys::seL4_Word;
|
use sel4_sys::seL4_Word;
|
||||||
|
|
||||||
const PAGE_SIZE: usize = 1 << seL4_PageBits;
|
const PAGE_SIZE: usize = 1 << seL4_PageBits;
|
||||||
@ -216,77 +213,7 @@ impl SecurityCoordinatorInterface for FakeSecurityCoordinator {
|
|||||||
}
|
}
|
||||||
|
|
||||||
fn test_mailbox(&mut self) -> Result<(), SecurityRequestError> {
|
fn test_mailbox(&mut self) -> Result<(), SecurityRequestError> {
|
||||||
trace!("test_mailbox_command()");
|
info!("This is a fake with no mailbox api");
|
||||||
|
Err(SecurityRequestError::SreTestFailed)
|
||||||
const MESSAGE_SIZE_DWORDS: usize = 17; // Just a random message size for testing.
|
|
||||||
|
|
||||||
extern "C" {
|
|
||||||
fn mailbox_api_send(paddr: u32, size: u32);
|
|
||||||
fn mailbox_api_receive(paddr: *mut u32, size: *mut u32);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Allocate a 4k page to serve as our message buffer.
|
|
||||||
let frame_bundle =
|
|
||||||
kata_frame_alloc(PAGE_SIZE).map_err(|_| SecurityRequestError::SreTestFailed)?;
|
|
||||||
trace!("test_mailbox: Frame {:?}", frame_bundle);
|
|
||||||
|
|
||||||
unsafe {
|
|
||||||
// Map the message buffer into our copyregion so we can access it.
|
|
||||||
// NB: re-use one of the deep_copy copyregions.
|
|
||||||
let mut msg_region = CopyRegion::new(ptr::addr_of_mut!(DEEP_COPY_SRC[0]), PAGE_SIZE);
|
|
||||||
msg_region
|
|
||||||
.map(frame_bundle.objs[0].cptr)
|
|
||||||
.map_err(|_| SecurityRequestError::SreTestFailed)?;
|
|
||||||
|
|
||||||
let message_ptr = msg_region.as_word_mut();
|
|
||||||
|
|
||||||
// Write to the message buffer through the copyregion.
|
|
||||||
let offset_a = 0;
|
|
||||||
let offset_b = MESSAGE_SIZE_DWORDS - 1;
|
|
||||||
message_ptr[offset_a] = 0xDEADBEEF;
|
|
||||||
message_ptr[offset_b] = 0xF00DCAFE;
|
|
||||||
trace!(
|
|
||||||
"test_mailbox: old buf contents 0x{:X} 0x{:X}",
|
|
||||||
message_ptr[offset_a],
|
|
||||||
message_ptr[offset_b]
|
|
||||||
);
|
|
||||||
|
|
||||||
// Send the _physical_ address of the message buffer to the security
|
|
||||||
// core.
|
|
||||||
let paddr = seL4_Page_GetAddress(frame_bundle.objs[0].cptr);
|
|
||||||
mailbox_api_send(paddr.paddr as u32, (MESSAGE_SIZE_DWORDS * size_of::<u32>()) as u32);
|
|
||||||
|
|
||||||
// Wait for the response to arrive.
|
|
||||||
let mut response_paddr: u32 = 0;
|
|
||||||
let mut response_size: u32 = 0;
|
|
||||||
mailbox_api_receive(&mut response_paddr as *mut u32, &mut response_size as *mut u32);
|
|
||||||
|
|
||||||
// The security core should have replaced the first and last dwords
|
|
||||||
// with 0x12345678 and 0x87654321.
|
|
||||||
trace!("test_mailbox: expected contents 0x12345678 0x87654321");
|
|
||||||
trace!(
|
|
||||||
"test_mailbox: new buf contents 0x{:X} 0x{:X}",
|
|
||||||
message_ptr[offset_a],
|
|
||||||
message_ptr[offset_b]
|
|
||||||
);
|
|
||||||
|
|
||||||
let dword_a = message_ptr[offset_a];
|
|
||||||
let dword_b = message_ptr[offset_b];
|
|
||||||
|
|
||||||
msg_region
|
|
||||||
.unmap()
|
|
||||||
.map_err(|_| SecurityRequestError::SreTestFailed)?;
|
|
||||||
|
|
||||||
// Done, free the message buffer.
|
|
||||||
kata_object_free_toplevel(&frame_bundle)
|
|
||||||
.map_err(|_| SecurityRequestError::SreTestFailed)?;
|
|
||||||
|
|
||||||
if dword_a != 0x12345678 || dword_b != 0x87654321 {
|
|
||||||
return Err(SecurityRequestError::SreTestFailed);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
trace!("test_mailbox_command() done");
|
|
||||||
Ok(())
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -14,27 +14,21 @@
|
|||||||
|
|
||||||
//! Kata OS security coordinator seL4 support
|
//! Kata OS security coordinator seL4 support
|
||||||
|
|
||||||
use kata_security_interface::DeleteKeyRequest;
|
use kata_memory_interface::kata_frame_alloc;
|
||||||
use kata_security_interface::GetManifestRequest;
|
use kata_memory_interface::kata_object_free_toplevel;
|
||||||
use kata_security_interface::LoadApplicationRequest;
|
use kata_os_common::sel4_sys;
|
||||||
use kata_security_interface::LoadModelRequest;
|
use kata_security_interface::*;
|
||||||
use kata_security_interface::ReadKeyRequest;
|
|
||||||
use kata_security_interface::SecurityCoordinatorInterface;
|
|
||||||
use kata_security_interface::SecurityRequest;
|
|
||||||
use kata_security_interface::SecurityRequestCapability;
|
|
||||||
use kata_security_interface::SecurityRequestError;
|
|
||||||
use kata_security_interface::SizeBufferRequest;
|
|
||||||
use kata_security_interface::UninstallRequest;
|
|
||||||
use kata_security_interface::WriteKeyRequest;
|
|
||||||
use log::trace;
|
use log::trace;
|
||||||
use postcard;
|
|
||||||
|
use sel4_sys::seL4_CPtr;
|
||||||
|
use sel4_sys::seL4_Page_GetAddress;
|
||||||
|
|
||||||
extern "C" {
|
extern "C" {
|
||||||
static SECURITY_RECV_SLOT: seL4_CPtr;
|
static SECURITY_RECV_SLOT: seL4_CPtr;
|
||||||
}
|
}
|
||||||
|
|
||||||
pub struct SeL4SecurityCoordinator {
|
pub struct SeL4SecurityCoordinator {
|
||||||
// TODO(sleffler): mailbox ipc state
|
// TODO(sleffler): mailbox api state
|
||||||
}
|
}
|
||||||
impl SeL4SecurityCoordinator {
|
impl SeL4SecurityCoordinator {
|
||||||
pub fn new() -> Self { SeL4SecurityCoordinator {} }
|
pub fn new() -> Self { SeL4SecurityCoordinator {} }
|
||||||
@ -42,111 +36,119 @@ impl SeL4SecurityCoordinator {
|
|||||||
pub type KataSecurityCoordinatorInterface = SeL4SecurityCoordinator;
|
pub type KataSecurityCoordinatorInterface = SeL4SecurityCoordinator;
|
||||||
|
|
||||||
impl SecurityCoordinatorInterface for SeL4SecurityCoordinator {
|
impl SecurityCoordinatorInterface for SeL4SecurityCoordinator {
|
||||||
fn request(
|
fn install(&mut self, _pkg_contents: &ObjDescBundle) -> Result<String, SecurityRequestError> {
|
||||||
|
Err(SreInstallFailed)
|
||||||
|
}
|
||||||
|
fn uninstall(&mut self, _bundle_id: &str) -> Result<(), SecurityRequestError> {
|
||||||
|
Err(SreUninstallFailed)
|
||||||
|
}
|
||||||
|
fn size_buffer(&self, _bundle_id: &str) -> Result<usize, SecurityRequestError> {
|
||||||
|
Err(SreSizeBufferFailed)
|
||||||
|
}
|
||||||
|
fn get_manifest(&self, _bundle_id: &str) -> Result<String, SecurityRequestError> {
|
||||||
|
Err(SreGetManifestFailed)
|
||||||
|
}
|
||||||
|
fn load_application(&self, _bundle_id: &str) -> Result<ObjDescBundle, SecurityRequestError> {
|
||||||
|
Err(SreLoadApplicationFailed)
|
||||||
|
}
|
||||||
|
fn load_model(
|
||||||
|
&self,
|
||||||
|
_bundle_id: &str,
|
||||||
|
_model_id: &str,
|
||||||
|
) -> Result<ObjDescBundle, SecurityRequestError> {
|
||||||
|
Err(SreLoadModelFailed)
|
||||||
|
}
|
||||||
|
fn read_key(
|
||||||
|
&self,
|
||||||
|
_bundle_id: &str,
|
||||||
|
_key: &str,
|
||||||
|
) -> Result<&KeyValueData, SecurityRequestError> {
|
||||||
|
Err(SreReadFailed)
|
||||||
|
}
|
||||||
|
fn write_key(
|
||||||
&mut self,
|
&mut self,
|
||||||
request_id: SecurityRequest,
|
_bundle_id: &str,
|
||||||
request_buffer: &[u8],
|
_key: &str,
|
||||||
_reply_buffer: &mut [u8],
|
_value: &KeyValueData,
|
||||||
) -> Result<(), SecurityRequestError> {
|
) -> Result<(), SecurityRequestError> {
|
||||||
use SecurityRequestError::*;
|
Err(SreWriteFailed)
|
||||||
|
}
|
||||||
|
fn delete_key(&mut self, _bundle_id: &str, _key: &str) -> Result<(), SecurityRequestError> {
|
||||||
|
Err(SreDeleteFailed)
|
||||||
|
}
|
||||||
|
|
||||||
fn _serialize_failure(e: postcard::Error) -> SecurityRequestError {
|
fn test_mailbox(&mut self) -> Result<(), SecurityRequestError> {
|
||||||
trace!("serialize failed: {:?}", e);
|
trace!("test_mailbox_command()");
|
||||||
SreBundleDataInvalid
|
|
||||||
}
|
const MESSAGE_SIZE_DWORDS: usize = 17; // Just a random message size for testing.
|
||||||
fn deserialize_failure(e: postcard::Error) -> SecurityRequestError {
|
|
||||||
trace!("deserialize failed: {:?}", e);
|
extern "C" {
|
||||||
SreBundleDataInvalid
|
fn mailbox_api_send(paddr: u32, size: u32);
|
||||||
|
fn mailbox_api_receive(paddr: *mut u32, size: *mut u32);
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO(sleffler): mailbox ipc
|
// Allocate a 4k page to serve as our message buffer.
|
||||||
match request_id {
|
let frame_bundle =
|
||||||
SecurityRequest::SrEcho => {
|
kata_frame_alloc(PAGE_SIZE).map_err(|_| SecurityRequestError::SreTestFailed)?;
|
||||||
trace!("ECHO {:?}", request_buffer);
|
trace!("test_mailbox: Frame {:?}", frame_bundle);
|
||||||
// TODO(sleffler): fill-in
|
|
||||||
Err(SreEchoFailed)
|
unsafe {
|
||||||
}
|
// Map the message buffer into our copyregion so we can access it.
|
||||||
SecurityRequest::SrInstall => {
|
// NB: re-use one of the deep_copy copyregions.
|
||||||
let mut request = postcard::from_bytes::<InstallRequest>(&request_buffer[..])
|
let mut msg_region = CopyRegion::new(ptr::addr_of_mut!(DEEP_COPY_SRC[0]), PAGE_SIZE);
|
||||||
.map_err(deserialize_failure)?;
|
msg_region
|
||||||
request.set_container_cap(unsafe { SECURITY_RECV_SLOT });
|
.map(frame_bundle.objs[0].cptr)
|
||||||
trace!("INSTALL pkg_contents {:?}", request.pkg_contents);
|
.map_err(|_| SecurityRequestError::SreTestFailed)?;
|
||||||
// TODO(sleffler): fill-in
|
|
||||||
Err(SreInstallFailed)
|
let message_ptr = msg_region.as_word_mut();
|
||||||
}
|
|
||||||
SecurityRequest::SrUninstall => {
|
// Write to the message buffer through the copyregion.
|
||||||
let request = postcard::from_bytes::<UninstallRequest>(&request_buffer[..])
|
let offset_a = 0;
|
||||||
.map_err(deserialize_failure)?;
|
let offset_b = MESSAGE_SIZE_DWORDS - 1;
|
||||||
trace!("UNINSTALL {}", request.bundle_id);
|
message_ptr[offset_a] = 0xDEADBEEF;
|
||||||
// TODO(sleffler): fill-in
|
message_ptr[offset_b] = 0xF00DCAFE;
|
||||||
Err(SreUninstallFailed)
|
trace!(
|
||||||
}
|
"test_mailbox: old buf contents 0x{:X} 0x{:X}",
|
||||||
SecurityRequest::SrSizeBuffer => {
|
message_ptr[offset_a],
|
||||||
let request = postcard::from_bytes::<SizeBufferRequest>(&request_buffer[..])
|
message_ptr[offset_b]
|
||||||
.map_err(deserialize_failure)?;
|
);
|
||||||
trace!("SIZE BUFFER bundle_id {}", request.bundle_id);
|
|
||||||
// TODO(sleffler): fill-in
|
// Send the _physical_ address of the message buffer to the security
|
||||||
Err(SreSizeBufferFailed)
|
// core.
|
||||||
}
|
let paddr = seL4_Page_GetAddress(frame_bundle.objs[0].cptr);
|
||||||
SecurityRequest::SrGetManifest => {
|
mailbox_api_send(paddr.paddr as u32, (MESSAGE_SIZE_DWORDS * size_of::<u32>()) as u32);
|
||||||
let request = postcard::from_bytes::<GetManifestRequest>(&request_buffer[..])
|
|
||||||
.map_err(deserialize_failure)?;
|
// Wait for the response to arrive.
|
||||||
trace!("GET MANIFEST bundle_id {}", request.bundle_id);
|
let mut response_paddr: u32 = 0;
|
||||||
// TODO(sleffler): fill-in
|
let mut response_size: u32 = 0;
|
||||||
Err(SreGetManifestFailed)
|
mailbox_api_receive(&mut response_paddr as *mut u32, &mut response_size as *mut u32);
|
||||||
}
|
|
||||||
SecurityRequest::SrLoadApplication => {
|
// The security core should have replaced the first and last dwords
|
||||||
let mut request =
|
// with 0x12345678 and 0x87654321.
|
||||||
postcard::from_bytes::<LoadApplicationRequest>(&request_buffer[..])
|
trace!("test_mailbox: expected contents 0x12345678 0x87654321");
|
||||||
.map_err(deserialize_failure)?;
|
trace!(
|
||||||
request.set_container_cap(unsafe { SECURITY_RECV_SLOT });
|
"test_mailbox: new buf contents 0x{:X} 0x{:X}",
|
||||||
trace!(
|
message_ptr[offset_a],
|
||||||
"LOAD APPLICATION bundle_id {} app_binary {:?}",
|
message_ptr[offset_b]
|
||||||
request.bundle_id,
|
);
|
||||||
request.app_binary
|
|
||||||
);
|
let dword_a = message_ptr[offset_a];
|
||||||
// TODO(sleffler): fill-in
|
let dword_b = message_ptr[offset_b];
|
||||||
Err(SreLoadApplicationFailed)
|
|
||||||
}
|
msg_region
|
||||||
SecurityRequest::SrLoadModel => {
|
.unmap()
|
||||||
let mut request = postcard::from_bytes::<LoadModelRequest>(&request_buffer[..])
|
.map_err(|_| SecurityRequestError::SreTestFailed)?;
|
||||||
.map_err(deserialize_failure)?;
|
|
||||||
request.set_container_cap(unsafe { SECURITY_RECV_SLOT });
|
// Done, free the message buffer.
|
||||||
trace!(
|
kata_object_free_toplevel(&frame_bundle)
|
||||||
"LOAD MODEL bundle_id {} model_id {} model_binary {:?}",
|
.map_err(|_| SecurityRequestError::SreTestFailed)?;
|
||||||
request.bundle_id,
|
|
||||||
request.model_id,
|
if dword_a != 0x12345678 || dword_b != 0x87654321 {
|
||||||
request.model_binary
|
return Err(SecurityRequestError::SreTestFailed);
|
||||||
);
|
|
||||||
// TODO(sleffler): fill-in
|
|
||||||
Err(SreLoadModelFailed)
|
|
||||||
}
|
|
||||||
SecurityRequest::SrReadKey => {
|
|
||||||
let request = postcard::from_bytes::<ReadKeyRequest>(&request_buffer[..])
|
|
||||||
.map_err(deserialize_failure)?;
|
|
||||||
trace!("READ KEY bundle_id {} key {}", request.bundle_id, request.key,);
|
|
||||||
// TODO(sleffler): fill-in
|
|
||||||
Err(SreReadFailed)
|
|
||||||
}
|
|
||||||
SecurityRequest::SrWriteKey => {
|
|
||||||
let request = postcard::from_bytes::<WriteKeyRequest>(&request_buffer[..])
|
|
||||||
.map_err(deserialize_failure)?;
|
|
||||||
trace!(
|
|
||||||
"WRITE KEY bundle_id {} key {} value {:?}",
|
|
||||||
request.bundle_id,
|
|
||||||
request.key,
|
|
||||||
request.value,
|
|
||||||
);
|
|
||||||
// TODO(sleffler): fill-in
|
|
||||||
Err(SreWriteFailed)
|
|
||||||
}
|
|
||||||
SecurityRequest::SrDeleteKey => {
|
|
||||||
let request = postcard::from_bytes::<DeleteKeyRequest>(&request_buffer[..])
|
|
||||||
.map_err(deserialize_failure)?;
|
|
||||||
trace!("DELETE KEY bundle_id {} key {}", request.bundle_id, request.key,);
|
|
||||||
// TODO(sleffler): fill-in
|
|
||||||
Err(SreDeleteFailed)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
trace!("test_mailbox_command() done");
|
||||||
|
Ok(())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user