Jarkko Sakkinen
Posts
5011Following
329Followers
498OpenPGP: 3AB05486C7752FE1
Jarkko Sakkinen
jarkko
Edited 16 hours ago
One reason I've stuck on ext4 is that I also run Bitwig Studio on my Linux machine, and generally speaking ext4 has more predictable latency (and more options for recovering data). Ultimately the choice file system is a throughput vs latency question, and this is probably also why Apple never migrated from HFS(+) to ZFS :-)
1
0
0
Jarkko Sakkinen
jarkko
Edited 23 hours ago
Applied a largeish patch [1] to my master:
1. 11 files changed, 508 insertions(+), 566 deletions(-)
2. https://lore.kernel.org/linux-integrity/20251206113110.1793407-4-jarkko@kernel.org/
There's no really sane way to split this so thus I thought it is good idea to early merge it in the beginning of the release cycle in order to maximize coverage :-)
1. 11 files changed, 508 insertions(+), 566 deletions(-)
2. https://lore.kernel.org/linux-integrity/20251206113110.1793407-4-jarkko@kernel.org/
There's no really sane way to split this so thus I thought it is good idea to early merge it in the beginning of the release cycle in order to maximize coverage :-)
0
0
0
Jarkko Sakkinen
jarkko
Phew, total 4 separate pull requests for 6.19, all landed without complains :-)
0
0
1
Jarkko Sakkinen
jarkkoAwesome, it went through first time. Finally had time to actually enable secure boot with sbctl.
Here’s what I did:
- Enabled secure boot in custom mode (i.e., not standard mode) from BIOS settings.
- Erased all keys. This triggers so called “setup mode” for the next boot.
- Typed bunch of random commands :-)
I did the script couple of weeks ago but did not have time to test it live (until now).
1
0
2
Jarkko Sakkinen
jarkko
Just like there is this half-insulting term "SJW", or "social justice warrior", there should another term "NWW" aka "non-woke warrior" IMHO.
... when I was young IDEs had NON-WOKE names such as "Code Warrior" ;-)
... when I was young IDEs had NON-WOKE names such as "Code Warrior" ;-)
0
0
0
Jarkko Sakkinen
jarkko
alias readelf='readelf -W'
like the first thing to ever do with readelf ;-)
like the first thing to ever do with readelf ;-)
0
0
0
Jarkko Sakkinen
jarkko
This kernel patch embeds an extension for the TPMKey specification:
https://lore.kernel.org/linux-integrity/20251205030205.140842-3-jarkko@kernel.org/
I.e. optional 'parentName' attribute. It also populates kernel's ASN.1 definition with the full spec. It's a bottleneck in the ASN.1 format.
#linux #kernel #tpm
https://lore.kernel.org/linux-integrity/20251205030205.140842-3-jarkko@kernel.org/
I.e. optional 'parentName' attribute. It also populates kernel's ASN.1 definition with the full spec. It's a bottleneck in the ASN.1 format.
#linux #kernel #tpm
1
0
0
Jarkko Sakkinen
jarkko
UserHasNoMailboxAndNoLicenseAssignedError
Microsoft clearly makes the best error codes.
Microsoft clearly makes the best error codes.
0
0
2
Jarkko Sakkinen
jarkko
In Himmelblau evolution it will be interesting to see if there's someday perhaps a subset of graph API to provide "the service' too.
0
0
0
Jarkko Sakkinen
jarkko
Cool, got ssh logins through Azure/Intune working to built Ms after fighting for some time with systemd-creds :-) Himmelblau 2.0 feels surprsingly stable environment.
1
0
1
Jarkko Sakkinen
jarkko
This is how wrap get_compile_commands.py:
https://gist.github.com/jarkkojs/00d4fb05474d00bd64df51b4b0028a3b
Sometimes I feel that this should be made somehow a bit more convenient :-)
https://gist.github.com/jarkkojs/00d4fb05474d00bd64df51b4b0028a3b
Sometimes I feel that this should be made somehow a bit more convenient :-)
0
0
0
Jarkko Sakkinen
jarkko
One bottleneck in HMAC encryption that would be easy to solve if TPMKey ASN.1 format would store 'parentPublic', or alternatively 'parentPublicName'.
HMAC encryption requires "extra" TPM2_ReadPublic per unseal transaction because it cannot be stored to the key data.
If it had the field it would be trivial to calculate cryptographic name for the parent object without roundtrip to TPM2 chip when the key is used after creation.
I.e. it is classic value not cached that would be constantly required.
RT @Foxboron
HMAC encryption requires "extra" TPM2_ReadPublic per unseal transaction because it cannot be stored to the key data.
If it had the field it would be trivial to calculate cryptographic name for the parent object without roundtrip to TPM2 chip when the key is used after creation.
I.e. it is classic value not cached that would be constantly required.
RT @Foxboron
0
0
0
Jarkko Sakkinen
jarkko
3rd PR for 6.19: https://lore.kernel.org/linux-integrity/aSthHCovbsDZANsa@kernel.org/T/#u
at least i'm on schedule this time :-)
at least i'm on schedule this time :-)
0
0
0
Jarkko Sakkinen
jarkkoThis is how I manage my pull requests ATM (creating and pushing signed tags, request-pull etc.):
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-pull-request.git/tree/?h=main
I’m happy with the tiny jq based templating engine for moustache templates. Has worked surprisingly well.
1
1
0
Jarkko Sakkinen
jarkko
Edited 8 days ago
I've been fine-tuning the policy and caching engine in tpm2sh a lot and next version will allow to:
1. View policy as an expression via 'tpm2sh memory -p <handle>'
2. Create primary keys with arbitrary policies (was not just done nothing special in it).
3. Creating, viewing and maintaining policies for persistent keys.
These sort of come as "side-effect" of just cleaning up and polishing the groundwork :-)
#linux #tpm #rustlang
1. View policy as an expression via 'tpm2sh memory -p <handle>'
2. Create primary keys with arbitrary policies (was not just done nothing special in it).
3. Creating, viewing and maintaining policies for persistent keys.
These sort of come as "side-effect" of just cleaning up and polishing the groundwork :-)
#linux #tpm #rustlang
0
0
1
Jarkko Sakkinen
jarkko
What are known good workarounds with systemd-creds for situations like this:
https://github.com/himmelblau-idm/himmelblau/issues/901
I can admit that I don't really know what I'm doing ATM :-)
#systemd
https://github.com/himmelblau-idm/himmelblau/issues/901
I can admit that I don't really know what I'm doing ATM :-)
#systemd
0
0
0
