Fs update #5

mmisono · 2025-01-11T21:04:10Z

Support dir_open / dir_read
Support trusted files
read file with a bigger buffer
cache file contents in memory

This add support of trusted files for svsm. The PAL calculates the hash values of trusted files when loading and checks if it mathes the value in the manifest. We can get the sha256 hash value with `sha256sum` command. The code (tf_file.c and tf_file.h) is adopted from the gramine-tdx. As the comment in the original file says, most of the code is the same as the trusted file handling of linux-sgx' pal and we should unify them. Example of manifest: ``` [fs] root.type = "tmpfs" mounts = [ { type = "pseudo", path = "/lib", uri = "lib" }, { path = "/external", uri = "file:/root/module/libwallet/external" }, ] [svsm] file_check_policy = "strict" allowed_files = [ "file:/root/module/libwallet/external/lib", ] trusted_files = [ { uri="file:/root/module/libwallet/external/helloworld", sha256="9e7f594364c7d8b3bff5cc4984c7192fce14aa676a9ce145fe3553119b557258"}, { uri="file:/root/module/libwallet/external/test.txt", sha256="5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03"}, ] ```

…memory

mmisono force-pushed the fs-update branch from b6f48c7 to 2010ca0 Compare January 12, 2025 10:52

mmisono added 4 commits January 12, 2025 11:14

pal: svsm: check return value of file read

60e73f4

pal: svsm: preload file

f5b5738

pal: svsm: read file with a large buffer (guest request read2)

a6d1983

pal: svsm: file_map: populate memory when the file is already in the …

9237c5b

…memory

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fs update #5

Fs update #5

mmisono commented Jan 11, 2025 •

edited

Loading

Fs update #5

Are you sure you want to change the base?

Fs update #5

Conversation

mmisono commented Jan 11, 2025 • edited Loading

mmisono commented Jan 11, 2025 •

edited

Loading