Simplify Store implementation

.gitlab-ci.yml

@@ -197,6 +197,8 @@ metrics:
   stage: metrics
   script:
     - repometrics generate --cache > metrics.toml
+  after_script:
+    - !reference [notify_github, script] # use notify_github from include
     - repometrics run --base origin/main --output-format markdown | tee --append metrics-comment.md
     - if [ -n "$CI_COMMIT_BRANCH" ] && [ "$CI_COMMIT_BRANCH" != "main" ] ; then
           nitrokey-ci write-comment --owner Nitrokey --repo nitrokey-3-firmware --id repometrics --commit $(git rev-parse HEAD) metrics-comment.md ;

Cargo.toml

@@ -22,11 +22,11 @@ memory-regions = { path = "components/memory-regions" }
 # unreleased libraries
 p256-cortex-m4  = { git = "https://github.com/ycrypto/p256-cortex-m4.git", rev = "cdb31e12594b4dc1f045b860a885fdc94d96aee2" }
 lpc55-hal = { git = "https://github.com/lpc55/lpc55-hal.git", rev = "1a25fc366013503b46af938646c88aed4e36d74c" }
-trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "ede9fc02dc69eba7b35536b2bf4fd189a82e50b7" }
+trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "5003249c3187dca841f83551ba625921611a5ace" }
 trussed-usbip = { git = "https://github.com/trussed-dev/pc-usbip-runner.git", rev = "a0e9b855809577f0067a93e08c716aa285b03700" }
 
 # applications
-admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.19" }
+admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.20" }
 fido-authenticator = { git = "https://github.com/Nitrokey/fido-authenticator.git",tag = "v0.1.1-nitrokey.25" }
 opcard = { git = "https://github.com/Nitrokey/opcard-rs", rev = "39ec4c37f808c0cfeb84e0a8493bbee06f02c8e2" }
 piv-authenticator = { git = "https://github.com/Nitrokey/piv-authenticator.git", rev = "65552820b4f931c21e1c7675b1bd6072cb872531" }
@@ -37,7 +37,7 @@ webcrypt = { git = "https://github.com/nitrokey/nitrokey-websmartcard-rust", tag
 trussed-auth-backend = { git = "https://github.com/trussed-dev/trussed-auth", tag = "v0.4.0" }
 trussed-rsa-alloc = { git = "https://github.com/trussed-dev/trussed-rsa-backend.git", rev = "743d9aaa3d8a17d7dbf492bd54dc18ab8fca3dc0" }
 trussed-se050-backend = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", rev = "131c973fbe74d677fb8c8df97c210f78608994f0" }
-trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "1e1ca03a3a62ea9b802f4070ea4bce002eeb4bec" }
+trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "7f305b8db3cc9dc0cd2c1bfb8470e9f531e34abe" }
 
 [profile.release]
 codegen-units = 1

components/apps/src/lib.rs

@@ -319,7 +319,7 @@ pub trait Runner {
     type Syscall: Syscall + Clone + 'static;
 
     type Reboot: Reboot;
-    type Store: trussed::store::Store;
+    type Store: trussed::store::Store + Clone;
     #[cfg(feature = "provisioner-app")]
     type Filesystem: trussed::types::LfsStorage + 'static;
     #[cfg(feature = "se050")]
@@ -612,7 +612,7 @@ impl<R: Runner> Apps<R> {
 
         let trussed = client_builder.client::<AdminApp<R>>(runner, &());
         // TODO: use CLIENT_ID directly
-        let mut filestore = ClientFilestore::new(ADMIN_APP_CLIENT_ID.into(), data.store);
+        let mut filestore = ClientFilestore::new(ADMIN_APP_CLIENT_ID.into(), data.store.clone());
         let version = data.version.encode();
 
         let valid_migrators = migrations::MIGRATORS;
@@ -653,10 +653,10 @@ impl<R: Runner> Apps<R> {
                 trussed_auth_backend::FilesystemLayout::V0,
                 dispatch::AUTH_LOCATION,
                 path!("opcard"),
-                data.store,
+                data.store.clone(),
             )
             .unwrap_or_default();
-            let mut fs = ClientFilestore::new(path!("opcard").into(), data.store);
+            let mut fs = ClientFilestore::new(path!("opcard").into(), data.store.clone());
             let opcard_used = fs
                 .read_dir_first(path!(""), Location::External, &NotBefore::None)
                 .unwrap_or_default()
@@ -711,7 +711,7 @@ impl<R: Runner> Apps<R> {
             .unwrap_or_default();
 
         let migration_success = app
-            .migrate(migration_version, data.store, &mut filestore)
+            .migrate(migration_version, data.store.clone(), &mut filestore)
             .is_ok();
         if !migration_success {
             data.init_status.insert(InitStatus::MIGRATION_ERROR);
@@ -1262,7 +1262,7 @@ impl<R: Runner> App<R> for ProvisionerApp<R> {
         let uuid = runner.uuid();
         Self::new(
             trussed,
-            data.store,
+            data.store.clone(),
             data.stolen_filesystem,
             data.nfc_powered,
             uuid,

components/boards/src/store.rs

@@ -6,8 +6,9 @@ use littlefs2::{
     driver::Storage,
     fs::{Allocation, Filesystem},
     io::Result,
+    object_safe::DynFilesystem,
 };
-use trussed::store::{Fs, Store};
+use trussed::store::Store;
 
 use crate::Board;
 
@@ -66,9 +67,6 @@ pub trait StoragePointers: 'static {
     type ExternalStorage: Storage;
 
     unsafe fn ifs_storage() -> &'static mut MaybeUninit<Self::InternalStorage>;
-    unsafe fn ifs_ptr() -> *mut Fs<Self::InternalStorage>;
-
-    unsafe fn efs_ptr() -> *mut Fs<Self::ExternalStorage>;
 }
 
 #[cfg_attr(
@@ -87,20 +85,6 @@ macro_rules! impl_storage_pointers {
                     ::core::mem::MaybeUninit::uninit();
                 (&mut *&raw mut IFS_STORAGE)
             }
-
-            unsafe fn ifs_ptr() -> *mut ::trussed::store::Fs<Self::InternalStorage> {
-                static mut IFS: ::core::mem::MaybeUninit<::trussed::store::Fs<$I>> =
-                    ::core::mem::MaybeUninit::uninit();
-                let ifs_ptr: *mut ::core::mem::MaybeUninit<::trussed::store::Fs<$I>> = &raw mut IFS;
-                ifs_ptr as _
-            }
-
-            unsafe fn efs_ptr() -> *mut ::trussed::store::Fs<Self::ExternalStorage> {
-                static mut EFS: ::core::mem::MaybeUninit<::trussed::store::Fs<$E>> =
-                    ::core::mem::MaybeUninit::uninit();
-                let efs_ptr: *mut ::core::mem::MaybeUninit<::trussed::store::Fs<$E>> = &raw mut EFS;
-                efs_ptr as _
-            }
         }
     };
 }
@@ -111,31 +95,47 @@ macro_rules! impl_storage_pointers {
 )]
 pub(crate) use impl_storage_pointers;
 
+struct StorePointers {
+    ifs: MaybeUninit<&'static dyn DynFilesystem>,
+    efs: MaybeUninit<&'static dyn DynFilesystem>,
+    vfs: MaybeUninit<&'static dyn DynFilesystem>,
+}
+
+impl StorePointers {
+    const fn new() -> Self {
+        Self {
+            ifs: MaybeUninit::uninit(),
+            efs: MaybeUninit::uninit(),
+            vfs: MaybeUninit::uninit(),
+        }
+    }
+}
+
 pub struct RunnerStore<S> {
     _marker: PhantomData<*mut S>,
 }
 
 impl<S: StoragePointers> RunnerStore<S> {
     fn new(
-        ifs: &'static Filesystem<'static, S::InternalStorage>,
-        efs: &'static Filesystem<'static, S::ExternalStorage>,
-        vfs: &'static Filesystem<'static, VolatileStorage>,
+        ifs: &'static dyn DynFilesystem,
+        efs: &'static dyn DynFilesystem,
+        vfs: &'static dyn DynFilesystem,
     ) -> Self {
         unsafe {
-            S::ifs_ptr().write(Fs::new(ifs));
-            S::efs_ptr().write(Fs::new(efs));
-            Self::vfs_ptr().write(Fs::new(vfs));
+            let pointers = Self::pointers();
+            pointers.ifs.write(ifs);
+            pointers.efs.write(efs);
+            pointers.vfs.write(vfs);
         }
 
         Self {
             _marker: Default::default(),
         }
     }
 
-    unsafe fn vfs_ptr() -> *mut Fs<VolatileStorage> {
-        static mut VFS: MaybeUninit<Fs<VolatileStorage>> = MaybeUninit::uninit();
-        let vfs_ptr: *mut MaybeUninit<Fs<VolatileStorage>> = &raw mut VFS;
-        vfs_ptr as _
+    unsafe fn pointers() -> &'static mut StorePointers {
+        static mut POINTERS: StorePointers = StorePointers::new();
+        (&raw mut POINTERS).as_mut().unwrap()
     }
 }
 
@@ -147,21 +147,17 @@ impl<S> Clone for RunnerStore<S> {
 
 impl<S> Copy for RunnerStore<S> {}
 
-unsafe impl<S: StoragePointers> Store for RunnerStore<S> {
-    type I = S::InternalStorage;
-    type E = S::ExternalStorage;
-    type V = VolatileStorage;
-
-    fn ifs(self) -> &'static Fs<Self::I> {
-        unsafe { &*S::ifs_ptr() }
+impl<S: StoragePointers> Store for RunnerStore<S> {
+    fn ifs(&self) -> &dyn DynFilesystem {
+        unsafe { Self::pointers().ifs.assume_init() }
     }
 
-    fn efs(self) -> &'static Fs<Self::E> {
-        unsafe { &*S::efs_ptr() }
+    fn efs(&self) -> &dyn DynFilesystem {
+        unsafe { Self::pointers().efs.assume_init() }
     }
 
-    fn vfs(self) -> &'static Fs<Self::V> {
-        unsafe { &*Self::vfs_ptr() }
+    fn vfs(&self) -> &dyn DynFilesystem {
+        unsafe { Self::pointers().vfs.assume_init() }
     }
 }
 

components/provisioner-app/src/lib.rs

@@ -194,7 +194,7 @@ where
                     // logging::dump_hex(&self.buffer_file_contents, self.buffer_file_contents.len());
 
                     let res = store::store(
-                        self.store,
+                        &self.store,
                         trussed::types::Location::Internal,
                         &buffer_path,
                         &self.buffer_file_contents,
@@ -241,7 +241,7 @@ where
                 let serialized_bytes = serialized_key.serialize();
 
                 store::store(
-                    self.store,
+                    &self.store,
                     trussed::types::Location::Internal,
                     FILENAME_P256_SECRET,
                     &serialized_bytes,
@@ -271,7 +271,7 @@ where
                 let serialized_bytes = serialized_key.serialize();
 
                 store::store(
-                    self.store,
+                    &self.store,
                     trussed::types::Location::Internal,
                     FILENAME_ED255_SECRET,
                     &serialized_bytes,
@@ -300,7 +300,7 @@ where
                 let serialized_bytes = serialized_key.serialize();
 
                 store::store(
-                    self.store,
+                    &self.store,
                     trussed::types::Location::Internal,
                     FILENAME_X255_SECRET,
                     &serialized_bytes,
@@ -320,7 +320,7 @@ where
                 } else {
                     info!("saving P256 CERT, {} bytes", data.len());
                     store::store(
-                        self.store,
+                        &self.store,
                         trussed::types::Location::Internal,
                         FILENAME_P256_CERT,
                         data,
@@ -336,7 +336,7 @@ where
                 } else {
                     info!("saving ED25519 CERT, {} bytes", data.len());
                     store::store(
-                        self.store,
+                        &self.store,
                         trussed::types::Location::Internal,
                         FILENAME_ED255_CERT,
                         data,
@@ -352,7 +352,7 @@ where
                 } else {
                     info!("saving X25519 CERT, {} bytes", data.len());
                     store::store(
-                        self.store,
+                        &self.store,
                         trussed::types::Location::Internal,
                         FILENAME_X255_CERT,
                         data,
@@ -375,7 +375,7 @@ where
                     let serialized_key = serialized_key.serialize();
 
                     store::store(
-                        self.store,
+                        &self.store,
                         trussed::types::Location::Internal,
                         FILENAME_T1_PUBLIC,
                         &serialized_key,

runners/embedded/src/nk3xn/init.rs

@@ -791,7 +791,7 @@ impl Stage6 {
         if self.basic.old_firmware_version <= 4194306 {
             debug!("data migration: updating FIDO2 attestation cert");
             let res = trussed::store::store(
-                self.store,
+                &self.store,
                 Location::Internal,
                 path!("fido/x5c/00"),
                 include_bytes!("../../data/fido-cert.der"),

runners/usbip/src/main.rs

@@ -115,7 +115,7 @@ impl apps::Runner for Runner {
     type Store = store::Store;
 
     #[cfg(feature = "provisioner")]
-    type Filesystem = <store::Store as trussed::store::Store>::I;
+    type Filesystem = store::InternalStorage;
 
     type Twi = ();
     type Se050Timer = ();

runners/usbip/src/store.rs

@@ -50,7 +50,7 @@ const_ram_storage!(
 const_ram_storage!(VolatileStorage, IFS_STORAGE_SIZE);
 
 // TODO: use 256 -- would cause a panic because formatting fails
-type InternalStorage = FilesystemOrRamStorage<InternalRamStorage>;
+pub type InternalStorage = FilesystemOrRamStorage<InternalRamStorage>;
 type ExternalStorage = FilesystemOrRamStorage<ExternalRamStorage>;
 
 pub struct FilesystemStorage<S: LfsStorage> {
@@ -207,6 +207,7 @@ impl FilesystemOrRam {
 
 impl StoreProvider for FilesystemOrRam {
     type Store = Store;
+    type Ifs = InternalStorage;
 
     unsafe fn ifs() -> &'static mut InternalStorage {
         #[allow(clippy::deref_addrof)]