- eliominate direct use of KATA_CSPACE_SLOTS
- simplify some code now that CSpaceSlot::release returns the released slot
Change-Id: I95300c476a514de7cbe9aa08ccba336878149c23
GitOrigin-RevId: 4c1441f44ff1565610c156fb6c1af60fba554904
StorageManager (the component) did nothing useful so remove it and plumb
the only user (DebugConsole) directly to the SecurityCoordinator. When
the SDKRuntime is ready it likewise will talk directly to
SecurityCoordinator. The only visible change in this is the "kvread" shell
command displays the raw key value instead of converting it to a string.
Change-Id: I5a285dc083e5f02ecbf0defc83deebb34a7b38d7
GitOrigin-RevId: 70d04d8155167f9bf3f88291363760d91c10a279
This includes adding it to TOML files and CAmkES assembly files.
Change-Id: I263e7a566df91fccc04f9b2186edab13331290c5
GitOrigin-RevId: 48a35b06ca868a0a4d379f881068cc4dad491669
* changes:
kata: LSC: rustfmt with global rustfmt.toml
kata: update global rustfmt flags
kata: Promote rustfmt.toml to all kata crates
GitOrigin-RevId: 452e66fa7231f39cff81dc2fbe37ad1a1fc62fb9
Add support to output the contents of the top-level CNode of a CAmkES
service or KataOS application to the serial console. This is dependent
on kernel support that is enabled with CONFIG_PRINTING. Applications
must be running; otherwise there is no CSpace to dump.
Specific changes:
- add a "capscan" shell command
- add capscan method to each CAmkES interface
- add capscan_bundle method to the ProcessControlInterface
- add Camkes::capscan() to dump the top-level CNode
- add ProcessManager support to dump the CNode for a bundle
TODO: fix syscall wrapper error return
Change-Id: If6ca222decdb4c40a1d3a63e69792eb3feb30f6a
GitOrigin-RevId: 504c0182ccccf287b5d58cd8e33981c11d7539d7
Add Camkes::set_reply_cap and Camkes:set_reply_cap_release to attach
an seL4 capability to a reply message. The latter ensures the attached
capability is deleted after the seL4 rpc reply is done (this happens
inside the CAmkES C code).
Change-Id: I42fad2e70e6c02fcc0de5ab9a460c5a773041900
GitOrigin-RevId: 7f59e75b10697501a217f943672a40ff67f48229
- fix size_buffer & get_manifest requests to marshal responses
- fix size_buffer marshaling (was always returning zero)
- format fakeimpl manifest string
- add shell test commands that exercise the api's (including the
key api's that were only reachable via the StorageManager)
Change-Id: Ia36906d975fb497e6de81e81fdaf2ff04c7a1e9a
GitOrigin-RevId: cad976c55c99724c2b7c5186b2864f7c44edef13
Add a new "camkes" submodule that consolidates KataOS CAmkES component
integration boilerplate. Each component is expected to declare:
static mut CAMKES: Camkes = Camkes::new("ProcessManager");
and then (typically) use "pre_init" to setup the logger, heap, and the
slot allocator. More fine-grained control is provided by:
fn init_logger(self: &Cmakes, level: Log::LevelFilter);
fn init_allocator(self: &Camkes, heap: &'static mut [u8]);
fn init_slot_allocator(self: &Camkes, first_slot: seL4_CPtr, last_slot: seL4_CPtr);
When receiving capabilities use "init_recv_path" to setup the IPCBuffer
receive path and "assert_recv_path" & "check_recv_path" calls to verify
noting has clobbered the setting.
The debug_assert_slot_* macros are wrapped in Camkes:: functions and a
"top_level_path" function for constructing seL4_CPath objects. Altogether
this normally allows a component to be written without direct use of the
CAmkES global static identifiers SELF_CNODE*.
Change-Id: Ia1351e411a5355789cf74bc0fcfe0e41a418b7d4
GitOrigin-RevId: fb81a8e0687ed9321c9961410edd5dbd54093ce5
Having CSpaceSlot be a submodule of kata-slot-allocator caused an sel-4sys
dependency that broke unit tests. Split it out to it's own crate.
Change-Id: Iea531e36284b58e932eb0cbd84f90abc81823fe3
GitOrigin-RevId: 39abb4510f66cfe026b12fcacf78b429ddd8f0b5
This mostly cleans up my bad idea of how to process SecurityRequests.
- accept an ObjDescBundle attached in an InstallRequest
- return a BundleImage in LoadApplication & LoadNModel replies
- integrate with the slot allocator
- integrate with MemoryManager (for the fake)
Change-Id: I695efbecabfa3e71d7d2cfdd013c113a5a915b40
GitOrigin-RevId: 623ffdf19f5550918da530b57a299659061832aa
- kata-allocator, kata-kata-logger, kata-panic, and kata-slot-allocator
are now submodules of kata-os-common
- be more consistent on use stmts (and remove unneeded deps)
- cleanup various deps on kata-panic that no longer seem to be needed
(likely due to using resolver=2)
Change-Id: I5d3f4b399e3be66c09c2f97c75d5e3053993ebdd
GitOrigin-RevId: 393e28fbb975959cba35388bab749b256cda0095
- add SecurityCoordinator component (needs mailbox support, just
a fake which should be enabled with a feature flag)
- connect to ProcessManager & MlCoordinator - temproarily connect
to DebugConsole to enable scecho test command
- expand Bundle to hold application information (may need more elf)
- connect ProcessManager::{install, uninstall} to SecurityCoordinator
(no application binary yet, needs global page allocator)
Notes:
- SecurityCoordinator depends on camkes for thread synchronization
- private heap is 8KB (and could possible be less; need to tune)
- camkes interface connection uses seL4RPCOverMultiSharedData so ipc
buffers are 4KB; the request & reply serde buffers are 2KB but could
be near 4KB since they are used sequentially and the other params
are a few bytes (but beware of camkes stack allocation)
- the camkes SecurityCoordinator::request rpc is defined so that the
request param has reasonable handling but the reply param requires
a full copy (even if only partly used); haven't found a way to
express the desired handling
Change-Id: I686dc2d501e39bc8c27fe22db40657165a55b472
GitOrigin-RevId: db1536c241e28ddda1dc8f8da341b8c667ed6646
