Jarkko Sakkinen
Posts
5202Following
336Followers
520OpenPGP: 3AB05486C7752FE1
Jarkko Sakkinen
jarkko
Edited 21 hours ago
Overall this looks stil very wrong but some very basics have been put in place:
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=container
Basic plumbing:
1. Some splitting to chunks that make more sense.
2. scripts/checkpatch.pl --strict -g master..container passes.
3. I implemented the missing container_wait and container_kill (only compiled-tested).
Next step is to substitute a random test program with a kselftest. After that this can be actually hammered.
These patches have at least a potential to simplify container runtimes quite a lot. And preparation and launch are well-ordered given container_fork().
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=container
Basic plumbing:
1. Some splitting to chunks that make more sense.
2. scripts/checkpatch.pl --strict -g master..container passes.
3. I implemented the missing container_wait and container_kill (only compiled-tested).
Next step is to substitute a random test program with a kselftest. After that this can be actually hammered.
These patches have at least a potential to simplify container runtimes quite a lot. And preparation and launch are well-ordered given container_fork().
0
0
0
Jarkko Sakkinen
jarkko
hooray, i have container_create() syscall running on top of mainline tip.
can't wait to write some cool tests for this :-)
this is by definition "against the odds" feature...
can't wait to write some cool tests for this :-)
this is by definition "against the odds" feature...
1
0
2
Jarkko Sakkinen
jarkko
The defence project in EU that could not get enough funding: https://defence-industry-space.ec.europa.eu/eu-space/iris2-secure-connectivity_en
Because option B is to call to Musk :-)
Because option B is to call to Musk :-)
0
0
0
Jarkko Sakkinen
jarkko
Edited yesterday
I think getting some kind of version of QEMU TPM integrated emulation by LSS 2026 CfP would be a resonable goal.
I was feeling that TPM2 crate stuff alone was somehow incomplete but that would definitely close the circle for the topic :-)
I have my command-line tool tpm2sh but it does not take the topic out of the closure of my own doings...
Great.
I was feeling that TPM2 crate stuff alone was somehow incomplete but that would definitely close the circle for the topic :-)
I have my command-line tool tpm2sh but it does not take the topic out of the closure of my own doings...
Great.
0
0
0
Jarkko Sakkinen
jarkko
https://github.com/rust-vmm/vm-memory/issues/371
https://github.com/enarx/enarx/pull/2617
This is not super important for me but I talked about this with vm-memory year ago and then I did not have any code to demonstrate the issue so it bothered me :-)
https://github.com/enarx/enarx/pull/2617
This is not super important for me but I talked about this with vm-memory year ago and then I did not have any code to demonstrate the issue so it bothered me :-)
0
0
1
Jarkko Sakkinen
jarkko
The first time I got copilot feedback: https://github.com/himmelblau-idm/himmelblau/pull/1079
4/7 require additional feedback i.e., this pretty much explains why *what* is really the time consuming part, at least when aiming to production quality. In other words, you have unlimited ways to implement a functionality but no computation can cherry pick exactly right form from the unlimited options.
4/7 require additional feedback i.e., this pretty much explains why *what* is really the time consuming part, at least when aiming to production quality. In other words, you have unlimited ways to implement a functionality but no computation can cherry pick exactly right form from the unlimited options.
0
0
1
Jarkko Sakkinen
jarkko
I started rebasing and tuning dhowell's old container patches.
Right now I've bumped into use of "init_cred", which was made static in the recent past.
I guess I can address this by:
1. Removing static initialization of the field from struct container.
2. Adding a snippet of code to kernel initialization that assigns the same field dynamically using kernel_cred().
Is this the path I should take?
#linux #kernel
Right now I've bumped into use of "init_cred", which was made static in the recent past.
I guess I can address this by:
1. Removing static initialization of the field from struct container.
2. Adding a snippet of code to kernel initialization that assigns the same field dynamically using kernel_cred().
Is this the path I should take?
#linux #kernel
1
0
0
Jarkko Sakkinen
jarkko
0
1
1
Jarkko Sakkinen
jarkko
Edited 4 days ago
Created beginnings of TPM 2.0 emulator integrated directly to QEMU based on Infineon SLB9672. It requires compilation with optionally enabled Rust shenanigans.
Right now it processes only self-test, reading of capabilities and stuff like that but is bound and wired to qemu. I.e. can do "-tpmdev vtpm,id=tpm0".
Not out anytime soon but will be out in foreseeable future :-)
#qemu #tpm #emulator
Right now it processes only self-test, reading of capabilities and stuff like that but is bound and wired to qemu. I.e. can do "-tpmdev vtpm,id=tpm0".
Not out anytime soon but will be out in foreseeable future :-)
#qemu #tpm #emulator
3
4
10
Jarkko Sakkinen
jarkko
Edited 4 days ago
Speaking of swcam R&D benefits.
I talked about drones at LKML but you don't have to go that far in order to find useful places to improve QA using a software-define camera.
E.g., one could use it to improve tests of libcamera, pipewire and gstreamer ;-)
EDIT: and it could be utilized with WSL2 to provide video source for the VM environment.
I talked about drones at LKML but you don't have to go that far in order to find useful places to improve QA using a software-define camera.
E.g., one could use it to improve tests of libcamera, pipewire and gstreamer ;-)
EDIT: and it could be utilized with WSL2 to provide video source for the VM environment.
0
0
2
Jarkko Sakkinen
jarkko
Edited 6 days ago
Not posting this any time soon but now I think swcam has a decent uAPI where vidioc configuration is decoupled from producer of the stream. The producer provides a dataset of <pix_format, frame_rate> pairs that constraint the vidioc API upon creation and via SWCAM_IOC_WAIT gets the specs for the currently playing stream, always in the expected space of configurations.
The streaming pipeline itself has remained the same from the get go.
See:
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/tree/include/uapi/linux/swcam.h?h=vcam
Just wanted to put this to rebasable and complete state just in case (and I will continue to rebase the branch).
The streaming pipeline itself has remained the same from the get go.
See:
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/tree/include/uapi/linux/swcam.h?h=vcam
Just wanted to put this to rebasable and complete state just in case (and I will continue to rebase the branch).
1
0
0
Jarkko Sakkinen
jarkko
drafted my first ever himmelblau idm patch for dynamic user credential resolution :-) will take a while before any prs result.
0
0
0
Jarkko Sakkinen
jarkko
-MODULE_DESCRIPTION("V4L2 virtual camera driver");+MODULE_DESCRIPTION("V4L2 software camera driver");
a cosmetic change but describes better the scope and purpose. I.e. vcam -> swcam
a cosmetic change but describes better the scope and purpose. I.e. vcam -> swcam
0
0
0
Jarkko Sakkinen
jarkko
Edited 7 days ago
the next item in my backlog (i have a project to do something to every item in my personal backlog) are container objects. expected outcome is similar as for vcam initially i.e. "fuck no".
but since these are totally sidechannel things and nothing i take too personally i can still work on these topics if nothing else for my own entertainment :-) two years in a review cycle - i have zero problems with that.
i do give up on patch sets even if i've made myself a fool promoting them every single time when objective facts fight against them that i can understand with my limited brain capacity. up until that i go against the wind :-)
but since these are totally sidechannel things and nothing i take too personally i can still work on these topics if nothing else for my own entertainment :-) two years in a review cycle - i have zero problems with that.
i do give up on patch sets even if i've made myself a fool promoting them every single time when objective facts fight against them that i can understand with my limited brain capacity. up until that i go against the wind :-)
0
0
1
Jarkko Sakkinen
jarkko
It is good to remark libcamerify from libcamera-tools is LD_PRELOAD based solution for "virtual camera", not ubiquitos solution really. It is also across the board much more stressing and higher latency solution for system than a well-designed loopback device.
0
0
0
Jarkko Sakkinen
jarkko
1
0
2
Jarkko Sakkinen
jarkko
For the v2 I think I have sane way to constrain the state i.e., in VCAM_IOC_CREATE:
__u32 nr_states;
__u32 states;
Each state (32 bytes per state) specifies configuration with pixel format, geometry, stride etc.
Obviously this means some redundancy perhaps because one has to address e.g. same width and height in different configurations but I think in the end this database approach is the most robust pick.
__u32 nr_states;
__u32 states;
Each state (32 bytes per state) specifies configuration with pixel format, geometry, stride etc.
Obviously this means some redundancy perhaps because one has to address e.g. same width and height in different configurations but I think in the end this database approach is the most robust pick.
1
0
0
Jarkko Sakkinen
jarkko
Edited 8 days ago
Test code I have cleaned up relocated:
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/vcam-test.git
From this i spin off at least some kind of initial kselftest.
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/vcam-test.git
From this i spin off at least some kind of initial kselftest.
1
0
0