Reviewed on: 2022-01-13
Stash exists to hold persistent mutable state for early boot system services that are restricted from using general mutable storage (usually for security reasons). Persisted state takes the form of a key/value store, which can be accessed over FIDL.
Multiple instances of stash are provided, each serving a different
fuchsia.stash protocol. An instance of stash cannot securely identify the clients connecting to it and therefore cannot guarantee isolation between those clients. This means that the clients of each protocol must be carefully reviewed to assess the impact of any compromise in one client on the other clients.
It is likely that stash will be deprecated and new clients are no longer being accepted.
To add this project to your build, append
--with //src/sys/stash to the
fx set invocation.
Stash provides the
fuchsia.stash.SecureStore services on Fuchsia, and there is a
stash_ctl command to demonstrate how to access these services.
stash_ctl is included in the
> fx set workstation_eng.x64 > fx build
> ffx component explore /core/stash $ stash_ctl --help
Unit tests for stash are available in the
$ fx test stash-tests
The entrypoint is located in
src/main.rs, the FIDL service implementation exists in
src/accessor.rs, and the logic for storing bytes on disk is located in
src/store.rs. Unit tests are co-located with the implementation.