kata-security-coordinator: move test_mailbox to the real impl

Make the mailbox_api dependency optional so builds without a security core work as intended. This means users of the fake lose the test_mailbox shell command but given it was only a test vehicle it should be ok to require configuring the sel4 feature. As part of this update the "real impl" skeleton to the current traits. Change-Id: I2a8628d316cca576d9c5dc579f099e16003a8f19 GitOrigin-RevId: e6232073ed02aa6919ef2ed11a80dee1bcb11872
2025-07-31 05:30:34 +00:00 · 2022-10-13 23:26:22 +00:00 · 2022-10-13 23:26:22 +00:00 · a9901bfff9
commit a9901bfff9
parent 34809a47e1
3 changed files with 119 additions and 190 deletions
--- a/apps/system/components/SecurityCoordinator/SecurityCoordinator.camkes
+++ b/apps/system/components/SecurityCoordinator/SecurityCoordinator.camkes
@ -24,7 +24,7 @@ component SecurityCoordinator {
  maybe uses LoggerInterface logger;
  uses MemoryInterface memory;
-  uses MailboxAPI mailbox_api;
+  maybe uses MailboxAPI mailbox_api;
  // Enable KataOS CAmkES support.
  attribute int kataos = true;
--- a/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/fakeimpl/mod.rs
+++ b/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/fakeimpl/mod.rs
@ -20,20 +20,17 @@ use alloc::string::{String, ToString};
 use core::mem::size_of;
 use core::ptr;
 use hashbrown::HashMap;
 use kata_memory_interface::kata_frame_alloc;
 use kata_memory_interface::kata_frame_alloc_in_cnode;
 use kata_memory_interface::kata_object_free_in_cnode;
 use kata_memory_interface::kata_object_free_toplevel;
 use kata_memory_interface::ObjDescBundle;
 use kata_os_common::copyregion::CopyRegion;
 use kata_os_common::cspace_slot::CSpaceSlot;
 use kata_os_common::sel4_sys;
 use kata_security_interface::*;
-use log::trace;
+use log::info;
 use sel4_sys::seL4_Error;
 use sel4_sys::seL4_PageBits;
 use sel4_sys::seL4_Page_GetAddress;
 use sel4_sys::seL4_Word;
 const PAGE_SIZE: usize = 1 << seL4_PageBits;
@ -216,77 +213,7 @@ impl SecurityCoordinatorInterface for FakeSecurityCoordinator {
    }
    fn test_mailbox(&mut self) -> Result<(), SecurityRequestError> {
-        trace!("test_mailbox_command()");
+        info!("This is a fake with no mailbox api");
-
+        Err(SecurityRequestError::SreTestFailed)
        const MESSAGE_SIZE_DWORDS: usize = 17; // Just a random message size for testing.
        extern "C" {
            fn mailbox_api_send(paddr: u32, size: u32);
            fn mailbox_api_receive(paddr: *mut u32, size: *mut u32);
        }
        // Allocate a 4k page to serve as our message buffer.
        let frame_bundle =
            kata_frame_alloc(PAGE_SIZE).map_err(|_| SecurityRequestError::SreTestFailed)?;
        trace!("test_mailbox: Frame {:?}", frame_bundle);
        unsafe {
            // Map the message buffer into our copyregion so we can access it.
            // NB: re-use one of the deep_copy copyregions.
            let mut msg_region = CopyRegion::new(ptr::addr_of_mut!(DEEP_COPY_SRC[0]), PAGE_SIZE);
            msg_region
                .map(frame_bundle.objs[0].cptr)
                .map_err(|_| SecurityRequestError::SreTestFailed)?;
            let message_ptr = msg_region.as_word_mut();
            // Write to the message buffer through the copyregion.
            let offset_a = 0;
            let offset_b = MESSAGE_SIZE_DWORDS - 1;
            message_ptr[offset_a] = 0xDEADBEEF;
            message_ptr[offset_b] = 0xF00DCAFE;
            trace!(
                "test_mailbox: old buf contents  0x{:X} 0x{:X}",
                message_ptr[offset_a],
                message_ptr[offset_b]
            );
            // Send the _physical_ address of the message buffer to the security
            // core.
            let paddr = seL4_Page_GetAddress(frame_bundle.objs[0].cptr);
            mailbox_api_send(paddr.paddr as u32, (MESSAGE_SIZE_DWORDS * size_of::<u32>()) as u32);
            // Wait for the response to arrive.
            let mut response_paddr: u32 = 0;
            let mut response_size: u32 = 0;
            mailbox_api_receive(&mut response_paddr as *mut u32, &mut response_size as *mut u32);
            // The security core should have replaced the first and last dwords
            // with 0x12345678 and 0x87654321.
            trace!("test_mailbox: expected contents 0x12345678 0x87654321");
            trace!(
                "test_mailbox: new buf contents  0x{:X} 0x{:X}",
                message_ptr[offset_a],
                message_ptr[offset_b]
            );
            let dword_a = message_ptr[offset_a];
            let dword_b = message_ptr[offset_b];
            msg_region
                .unmap()
                .map_err(|_| SecurityRequestError::SreTestFailed)?;
            // Done, free the message buffer.
            kata_object_free_toplevel(&frame_bundle)
                .map_err(|_| SecurityRequestError::SreTestFailed)?;
            if dword_a != 0x12345678 || dword_b != 0x87654321 {
                return Err(SecurityRequestError::SreTestFailed);
            }
        }
        trace!("test_mailbox_command() done");
        Ok(())
    }
 }
--- a/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/impl.rs
+++ b/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/impl.rs
@ -14,27 +14,21 @@
 //! Kata OS security coordinator seL4 support
-use kata_security_interface::DeleteKeyRequest;
+use kata_memory_interface::kata_frame_alloc;
-use kata_security_interface::GetManifestRequest;
+use kata_memory_interface::kata_object_free_toplevel;
-use kata_security_interface::LoadApplicationRequest;
+use kata_os_common::sel4_sys;
-use kata_security_interface::LoadModelRequest;
+use kata_security_interface::*;
 use kata_security_interface::ReadKeyRequest;
 use kata_security_interface::SecurityCoordinatorInterface;
 use kata_security_interface::SecurityRequest;
 use kata_security_interface::SecurityRequestCapability;
 use kata_security_interface::SecurityRequestError;
 use kata_security_interface::SizeBufferRequest;
 use kata_security_interface::UninstallRequest;
 use kata_security_interface::WriteKeyRequest;
 use log::trace;
-use postcard;
+
 use sel4_sys::seL4_CPtr;
 use sel4_sys::seL4_Page_GetAddress;
 extern "C" {
    static SECURITY_RECV_SLOT: seL4_CPtr;
 }
 pub struct SeL4SecurityCoordinator {
-    // TODO(sleffler): mailbox ipc state
+    // TODO(sleffler): mailbox api state
 }
 impl SeL4SecurityCoordinator {
    pub fn new() -> Self { SeL4SecurityCoordinator {} }
@ -42,111 +36,119 @@ impl SeL4SecurityCoordinator {
 pub type KataSecurityCoordinatorInterface = SeL4SecurityCoordinator;
 impl SecurityCoordinatorInterface for SeL4SecurityCoordinator {
-    fn request(
+    fn install(&mut self, _pkg_contents: &ObjDescBundle) -> Result<String, SecurityRequestError> {
        Err(SreInstallFailed)
    }
    fn uninstall(&mut self, _bundle_id: &str) -> Result<(), SecurityRequestError> {
        Err(SreUninstallFailed)
    }
    fn size_buffer(&self, _bundle_id: &str) -> Result<usize, SecurityRequestError> {
        Err(SreSizeBufferFailed)
    }
    fn get_manifest(&self, _bundle_id: &str) -> Result<String, SecurityRequestError> {
        Err(SreGetManifestFailed)
    }
    fn load_application(&self, _bundle_id: &str) -> Result<ObjDescBundle, SecurityRequestError> {
        Err(SreLoadApplicationFailed)
    }
    fn load_model(
        &self,
        _bundle_id: &str,
        _model_id: &str,
    ) -> Result<ObjDescBundle, SecurityRequestError> {
        Err(SreLoadModelFailed)
    }
    fn read_key(
        &self,
        _bundle_id: &str,
        _key: &str,
    ) -> Result<&KeyValueData, SecurityRequestError> {
        Err(SreReadFailed)
    }
    fn write_key(
        &mut self,
-        request_id: SecurityRequest,
+        _bundle_id: &str,
-        request_buffer: &[u8],
+        _key: &str,
-        _reply_buffer: &mut [u8],
+        _value: &KeyValueData,
    ) -> Result<(), SecurityRequestError> {
-        use SecurityRequestError::*;
+        Err(SreWriteFailed)
    }
    fn delete_key(&mut self, _bundle_id: &str, _key: &str) -> Result<(), SecurityRequestError> {
        Err(SreDeleteFailed)
    }
-        fn _serialize_failure(e: postcard::Error) -> SecurityRequestError {
+    fn test_mailbox(&mut self) -> Result<(), SecurityRequestError> {
-            trace!("serialize failed: {:?}", e);
+        trace!("test_mailbox_command()");
-            SreBundleDataInvalid
+
-        }
+        const MESSAGE_SIZE_DWORDS: usize = 17; // Just a random message size for testing.
-        fn deserialize_failure(e: postcard::Error) -> SecurityRequestError {
+
-            trace!("deserialize failed: {:?}", e);
+        extern "C" {
-            SreBundleDataInvalid
+            fn mailbox_api_send(paddr: u32, size: u32);
            fn mailbox_api_receive(paddr: *mut u32, size: *mut u32);
        }
-        // TODO(sleffler): mailbox ipc
+        // Allocate a 4k page to serve as our message buffer.
-        match request_id {
+        let frame_bundle =
-            SecurityRequest::SrEcho => {
+            kata_frame_alloc(PAGE_SIZE).map_err(|_| SecurityRequestError::SreTestFailed)?;
-                trace!("ECHO {:?}", request_buffer);
+        trace!("test_mailbox: Frame {:?}", frame_bundle);
-                // TODO(sleffler): fill-in
+
-                Err(SreEchoFailed)
+        unsafe {
-            }
+            // Map the message buffer into our copyregion so we can access it.
-            SecurityRequest::SrInstall => {
+            // NB: re-use one of the deep_copy copyregions.
-                let mut request = postcard::from_bytes::<InstallRequest>(&request_buffer[..])
+            let mut msg_region = CopyRegion::new(ptr::addr_of_mut!(DEEP_COPY_SRC[0]), PAGE_SIZE);
-                    .map_err(deserialize_failure)?;
+            msg_region
-                request.set_container_cap(unsafe { SECURITY_RECV_SLOT });
+                .map(frame_bundle.objs[0].cptr)
-                trace!("INSTALL pkg_contents {:?}", request.pkg_contents);
+                .map_err(|_| SecurityRequestError::SreTestFailed)?;
-                // TODO(sleffler): fill-in
+
-                Err(SreInstallFailed)
+            let message_ptr = msg_region.as_word_mut();
-            }
+
-            SecurityRequest::SrUninstall => {
+            // Write to the message buffer through the copyregion.
-                let request = postcard::from_bytes::<UninstallRequest>(&request_buffer[..])
+            let offset_a = 0;
-                    .map_err(deserialize_failure)?;
+            let offset_b = MESSAGE_SIZE_DWORDS - 1;
-                trace!("UNINSTALL {}", request.bundle_id);
+            message_ptr[offset_a] = 0xDEADBEEF;
-                // TODO(sleffler): fill-in
+            message_ptr[offset_b] = 0xF00DCAFE;
-                Err(SreUninstallFailed)
+            trace!(
-            }
+                "test_mailbox: old buf contents  0x{:X} 0x{:X}",
-            SecurityRequest::SrSizeBuffer => {
+                message_ptr[offset_a],
-                let request = postcard::from_bytes::<SizeBufferRequest>(&request_buffer[..])
+                message_ptr[offset_b]
-                    .map_err(deserialize_failure)?;
+            );
-                trace!("SIZE BUFFER bundle_id {}", request.bundle_id);
+
-                // TODO(sleffler): fill-in
+            // Send the _physical_ address of the message buffer to the security
-                Err(SreSizeBufferFailed)
+            // core.
-            }
+            let paddr = seL4_Page_GetAddress(frame_bundle.objs[0].cptr);
-            SecurityRequest::SrGetManifest => {
+            mailbox_api_send(paddr.paddr as u32, (MESSAGE_SIZE_DWORDS * size_of::<u32>()) as u32);
-                let request = postcard::from_bytes::<GetManifestRequest>(&request_buffer[..])
+
-                    .map_err(deserialize_failure)?;
+            // Wait for the response to arrive.
-                trace!("GET MANIFEST bundle_id {}", request.bundle_id);
+            let mut response_paddr: u32 = 0;
-                // TODO(sleffler): fill-in
+            let mut response_size: u32 = 0;
-                Err(SreGetManifestFailed)
+            mailbox_api_receive(&mut response_paddr as *mut u32, &mut response_size as *mut u32);
-            }
+
-            SecurityRequest::SrLoadApplication => {
+            // The security core should have replaced the first and last dwords
-                let mut request =
+            // with 0x12345678 and 0x87654321.
-                    postcard::from_bytes::<LoadApplicationRequest>(&request_buffer[..])
+            trace!("test_mailbox: expected contents 0x12345678 0x87654321");
-                        .map_err(deserialize_failure)?;
+            trace!(
-                request.set_container_cap(unsafe { SECURITY_RECV_SLOT });
+                "test_mailbox: new buf contents  0x{:X} 0x{:X}",
-                trace!(
+                message_ptr[offset_a],
-                    "LOAD APPLICATION bundle_id {} app_binary {:?}",
+                message_ptr[offset_b]
-                    request.bundle_id,
+            );
-                    request.app_binary
+
-                );
+            let dword_a = message_ptr[offset_a];
-                // TODO(sleffler): fill-in
+            let dword_b = message_ptr[offset_b];
-                Err(SreLoadApplicationFailed)
+
-            }
+            msg_region
-            SecurityRequest::SrLoadModel => {
+                .unmap()
-                let mut request = postcard::from_bytes::<LoadModelRequest>(&request_buffer[..])
+                .map_err(|_| SecurityRequestError::SreTestFailed)?;
-                    .map_err(deserialize_failure)?;
+
-                request.set_container_cap(unsafe { SECURITY_RECV_SLOT });
+            // Done, free the message buffer.
-                trace!(
+            kata_object_free_toplevel(&frame_bundle)
-                    "LOAD MODEL bundle_id {} model_id {} model_binary {:?}",
+                .map_err(|_| SecurityRequestError::SreTestFailed)?;
-                    request.bundle_id,
+
-                    request.model_id,
+            if dword_a != 0x12345678 || dword_b != 0x87654321 {
-                    request.model_binary
+                return Err(SecurityRequestError::SreTestFailed);
                );
                // TODO(sleffler): fill-in
                Err(SreLoadModelFailed)
            }
            SecurityRequest::SrReadKey => {
                let request = postcard::from_bytes::<ReadKeyRequest>(&request_buffer[..])
                    .map_err(deserialize_failure)?;
                trace!("READ KEY bundle_id {} key {}", request.bundle_id, request.key,);
                // TODO(sleffler): fill-in
                Err(SreReadFailed)
            }
            SecurityRequest::SrWriteKey => {
                let request = postcard::from_bytes::<WriteKeyRequest>(&request_buffer[..])
                    .map_err(deserialize_failure)?;
                trace!(
                    "WRITE KEY bundle_id {} key {} value {:?}",
                    request.bundle_id,
                    request.key,
                    request.value,
                );
                // TODO(sleffler): fill-in
                Err(SreWriteFailed)
            }
            SecurityRequest::SrDeleteKey => {
                let request = postcard::from_bytes::<DeleteKeyRequest>(&request_buffer[..])
                    .map_err(deserialize_failure)?;
                trace!("DELETE KEY bundle_id {} key {}", request.bundle_id, request.key,);
                // TODO(sleffler): fill-in
                Err(SreDeleteFailed)
            }
        }
        trace!("test_mailbox_command() done");
        Ok(())
    }
 }