Jarkko Sakkinen
Posts
4998Following
329Followers
496OpenPGP: 3AB05486C7752FE1
Jarkko Sakkinen
jarkko
UserHasNoMailboxAndNoLicenseAssignedError
Microsoft clearly makes the best error codes.
Microsoft clearly makes the best error codes.
0
0
2
Jarkko Sakkinen
jarkko
In Himmelblau evolution it will be interesting to see if there's someday perhaps a subset of graph API to provide "the service' too.
0
0
0
Jarkko Sakkinen
jarkko
Cool, got ssh logins through Azure/Intune working to built Ms after fighting for some time with systemd-creds :-) Himmelblau 2.0 feels surprsingly stable environment.
1
0
1
Jarkko Sakkinen
jarkko
This is how wrap get_compile_commands.py:
https://gist.github.com/jarkkojs/00d4fb05474d00bd64df51b4b0028a3b
Sometimes I feel that this should be made somehow a bit more convenient :-)
https://gist.github.com/jarkkojs/00d4fb05474d00bd64df51b4b0028a3b
Sometimes I feel that this should be made somehow a bit more convenient :-)
0
0
0
Jarkko Sakkinen
jarkko
One bottleneck in HMAC encryption that would be easy to solve if TPMKey ASN.1 format would store 'parentPublic', or alternatively 'parentPublicName'.
HMAC encryption requires "extra" TPM2_ReadPublic per unseal transaction because it cannot be stored to the key data.
If it had the field it would be trivial to calculate cryptographic name for the parent object without roundtrip to TPM2 chip when the key is used after creation.
I.e. it is classic value not cached that would be constantly required.
RT @Foxboron
HMAC encryption requires "extra" TPM2_ReadPublic per unseal transaction because it cannot be stored to the key data.
If it had the field it would be trivial to calculate cryptographic name for the parent object without roundtrip to TPM2 chip when the key is used after creation.
I.e. it is classic value not cached that would be constantly required.
RT @Foxboron
0
0
0
Jarkko Sakkinen
jarkko
3rd PR for 6.19: https://lore.kernel.org/linux-integrity/aSthHCovbsDZANsa@kernel.org/T/#u
at least i'm on schedule this time :-)
at least i'm on schedule this time :-)
0
0
0
Jarkko Sakkinen
jarkkoThis is how I manage my pull requests ATM (creating and pushing signed tags, request-pull etc.):
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-pull-request.git/tree/?h=main
I’m happy with the tiny jq based templating engine for moustache templates. Has worked surprisingly well.
1
1
0
Jarkko Sakkinen
jarkko
Edited 5 days ago
I've been fine-tuning the policy and caching engine in tpm2sh a lot and next version will allow to:
1. View policy as an expression via 'tpm2sh memory -p <handle>'
2. Create primary keys with arbitrary policies (was not just done nothing special in it).
3. Creating, viewing and maintaining policies for persistent keys.
These sort of come as "side-effect" of just cleaning up and polishing the groundwork :-)
#linux #tpm #rustlang
1. View policy as an expression via 'tpm2sh memory -p <handle>'
2. Create primary keys with arbitrary policies (was not just done nothing special in it).
3. Creating, viewing and maintaining policies for persistent keys.
These sort of come as "side-effect" of just cleaning up and polishing the groundwork :-)
#linux #tpm #rustlang
0
0
1
Jarkko Sakkinen
jarkko
What are known good workarounds with systemd-creds for situations like this:
https://github.com/himmelblau-idm/himmelblau/issues/901
I can admit that I don't really know what I'm doing ATM :-)
#systemd
https://github.com/himmelblau-idm/himmelblau/issues/901
I can admit that I don't really know what I'm doing ATM :-)
#systemd
0
0
0
Jarkko Sakkinen
repeated
repeated
OpenAI says dead teen violated TOS when he used ChatGPT to plan suicide.
Ghouls gonna ghoul: Facing five lawsuits alleging wrongful deaths, OpenAI lobbed its first defense Tuesday, denying in a court filing that ChatGPT caused a teen's suicide and...
https://jwz.org/b/ykxy
2
2
0
Jarkko Sakkinen
jarkko
https://thenewstack.io/ffmpeg-to-google-fund-us-or-stop-sending-bugs/ :-----------------------)
0
1
2
Jarkko Sakkinen
jarkko
Edited 8 days ago
one aspect in security, which has been wrong even in some of the linux foundations pages from time to time is that they differentiate answers between "incorrect password" and "acount does not exist". this should be obviously opaque.
it allows to query which sites user has an account, which is useful information in wrong hands already.
#infosec #oracle
it allows to query which sites user has an account, which is useful information in wrong hands already.
#infosec #oracle
0
1
1
Jarkko Sakkinen
jarkko
when it comes to infosec i'm glad at least that the "era of silly security questions" is over.
it was super-frustating to copy-paste set-and-forget one-time pad answers to questions such as "what was your mothers maiden name", when they were still a thing.
i don't know who invented them but the person should get some kind of worst invention of IT ever award or something.
#infosec #password
it was super-frustating to copy-paste set-and-forget one-time pad answers to questions such as "what was your mothers maiden name", when they were still a thing.
i don't know who invented them but the person should get some kind of worst invention of IT ever award or something.
#infosec #password
1
0
2
Jarkko Sakkinen
jarkko
Next thing I'll add to tpm2sh is direct support for keyctl syscall and key re-creation in kernel. After that I can revisit asymmetric keys kernel patch set :-)
0
0
0
Jarkko Sakkinen
jarkko
Edited 8 days ago
for what is worth here's arch installation running for my Ryzen 9950X desktop :-)
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/sysdarch.git/
Just though to upload it somewhere for backup.
It has secure boot (sbctl), TPM2 unlock, and finally EXT4, which is probably a twist from current standards (but is so convenient given universal support everywhere).
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/sysdarch.git/
Just though to upload it somewhere for backup.
It has secure boot (sbctl), TPM2 unlock, and finally EXT4, which is probably a twist from current standards (but is so convenient given universal support everywhere).
2
0
0
Jarkko Sakkinen
jarkkorust learning of today: to avoid integer overflows when summing up lengths, always use checked_add in such situations :-)
E.g., this is wrong:
let total_body_len =
handle_area_size + parameter_area_size_field_len + param_area_size + sessions_len;
And this is right:
let total_body_len = handle_area_size
.checked_add(parameter_area_size_field_len)
.and_then(|len| len.checked_add(param_area_size))
.and_then(|len| len.checked_add(sessions_len))
.ok_or(TpmProtocolError::IntegerTooLarge)?;
Jarkko Sakkinen
repeated
repeated
Marko Karppinen
karppinen@mastodon.onlineHeh, Amazon's satellite internet service launched yesterday and their first marketing angle is “how about you get your AWS Direct Connect over satellite instead of paying for cross connects”
https://www.aboutamazon.com/news/amazon-leo/amazon-leo-satellite-internet-ultra-pro
1
1
1