the next piece sliced from tpm2sh: https://crates.io/crates/tpm2-vtpm

Still in very early phases. Now my micro ecosystem has:

1. tpm2-protocol
2. tpm2-crypto (software crypto for doing TPM2 related operations like generating encrypted seeds).
3. tpm2-policy-language
4. tpm2-tpmkey
5. tpm2-vtpm

I think what I get right vs. TSS2 etc. that I'm not building a "big SDK" but instead of common sense re-usable components not enforcing architecture or policy.

#linux #rustlang #tpm

typst is superb, have been using it for two years now for all documentation. especially for presentations polylux is a viable alternative for beamer.

tdf is super nice previewer when doing presentations, have "typst watch" refreshing it :-)

BTW, diagram is also made with Typst.

57 companies are responsible for 80% of the global greenhouse gas emissions since 2016.

Unless you run those companies, why are you being forced to pay for climate change damage?

I've uplifted tpm2-tpmkey [1] to address quirks of the TPM policy command encoding in the ASN.1 [2] spec.

It has quite short errata now: TPM2_PolicyAuthorize returns InvalidPolicy (which will be addressed some day). Other than that it addresses empty policies, special handling for TPM2_PolicySecret and other weirdness.

Plus, has 'parentPublic" extension, which enables implict and automatic parent key discovery.

Other than this crate is decoupled from all crypto libraries, other than pem crate and implementing encoder and decoder with rasn. I
Lot's of stuff have been piled, so it needs boil for a while after all these changes but now it is at least in the ballpark.

[1] https://docs.rs/tpm2-tpmkey/latest/tpm2_tpmkey/
[2] https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.txt

bpftop is super nice (just learned about its existence)

Is there some "good known" ECDH reference income-outcomes documented? Lacking unit tests for ECHD in tpm2-crypto. OK, I'll go check RFC first ;-)

#linux #tpm #rustlang

sudo-rs Affected By Multiple Security Vulnerabilities - Impacting Ubuntu 25.10

The Ubuntu 25.10 transition to using some Rust system utilities continues proving quite rocky. Beyond some early performance issues with Rust Coreutils, breakage for some executables, and broken unattended upgrades due to a Rust Coreutils bug, it's also sudo-rs now causing Ubuntu developers some headaches. There are two moderate security issues affecting su…
https://www.phoronix.com/news/sudo-rs-security-ubuntu-25.10

In my personal opinion: Instead of banning, say, Chinese companies from delivering infrastructure components like the EU is pondering with Huawei and mobile networks, the ultimate goal should be to demand open source software/firmware for these components and reproducible builds of all software components so #DigitalSovereignty becomes default.

I wrote my views about AI policy proposal:

https://lore.kernel.org/all/aRKeLRx2NeozFUrc@kernel.org/

#linux #kernel #ai

Developing a rendering engine for mailweb 0.3. The gist in that is Servo rendering the mail as a set of offline rendered tiles.

Given that Servo is complicated I'm figuring offline rendering part in a separate project.

I needed some tileable content to work with so I wrote "a classic" fractal cloud generator out of my memory (decades ago literally) ("diamond alike" recursion and periodic perlin noise) :-)

This was also great finding: https://github.com/rust-windowing/softbuffer

What is a common set of algorithms in a "typical" TPM2 chip at Chinese market. I.e., something like Infineon 967x but SM3 based?

I dropped MockTPM from tpm2sh but I'm plannig to resurrect it as a focused and almost zero configuration TPM emulator with exactly two preset configuration. I will pay also attention to QEMU integration. I think presets could be even named after chips.

Options will be something along lines:

1. --cache-dir
2. --preset (not sure about option name yet)
3. Options for supplying certificates for endorsement CA.

That's it.

#linux #kernel #mocktpm #tpm

Maemo Leste is a mobile Linux distro that carries on the legacy of Nokia's short-lived Linux-based smartphone OS. Ccurrently based on Devuan Daedalus (Debian Bookworm), work is underway to migrate to Excalibur (Trixie). Here's a summary of recent developments. https://maemo-leste.github.io/maemo-leste-2025-daedalus-release.html #MobileLinux #MaemoLeste #Maemo #Debian #Duvian

Through dependency graph GItoxide has a RSVM requirement of 1.88.

For me that means exactly to never use Gitoxide and stick using libgit2 bindings because they retain software ubiquitos across environment and toolchains.

This also thought me an important lesson: using well established C-library throught bindings is 9/10 times a better choice than using equivalent "pure Rust" implementation. This does not mean that the Rust implementation would be somehow"worse", generally it just seems that Rust developers are completely ignorant of optimizing things like RSVM.

That leaves you two options.

1. Use a really old version of "pure Rust" library in order to maintain RSVM of your choice. Usually this means using a version, which never will be updated.
2. Use Rust-bindings of a C-library and have always up to date version of the dependency while retaining RSVM of your choice.

The crazy RSVM requirement of Gitoxide zeros down its applicability for anything production. I will never touch it again.

#rustlang

tpm2-protocol 0.14.0 #linux #tpm #rustlang

Can you somehow make rz and sz to transfer files in hex mode instead of bin32?

#zmodem

We’re happy to announce that Mastodon 4.5 is now ready for prime time! Quote posts, async fetching of replies, server timeline visibility settings, more moderation tools, and lots and lots of other tweaks and improvements.

Announcement on our blog: https://blog.joinmastodon.org/2025/11/mastodon-4.5/

Full release notes and update instructions are available on our GitHub release page: https://github.com/mastodon/mastodon/releases/tag/v4.5.0

#mastoadmin

this is how my little stack plays out as a dep graph

#linux #rustlang #tpm

I'm using Servo in the next (0.3.x) version of mailweb, which will no longer open browser like viewhtmlmail.

Instead using servo this will happen when showing HTML mail in mutt:

1. Render page as bitmap(s) to the cache after extracting CID shenanigans using Servo.
2. Page is showed then in the terminal sixel first and fallback to unicode rendering.

This way sixels performance issues won't get in the way and will overall much nice experience than opening a random tab in a browser.

https://crates.io/crates/mailweb

#mutt #viewhtmlmail #mailweb #servo

i wish this was the last day when i hear the word "memory safety" ;-)