Posts
4728
Following
319
Followers
489
Linux kernel hacker and maintainer etc.

OpenPGP: 3AB05486C7752FE1

Jarkko Sakkinen

Edited 13 hours ago
A literally WYSIWYG pattern for command-line usage and help where each subcommand has a directory with 'mod.rs', 'usage.txt' and 'help.txt':

- Text files are more readable than code generation (unless you are a compiler).
- Text files has factors better outreach than code generation.
- Text files are non-executable read-only data.
- A bug in a static text file is a typo. Typo is a distraction for sure, but it does not radiate software bugs.
- The factor it simplifies command argument processing is much heavier than some minor redundancy that using text files introduces.
- Text files can be read without building a project.

#rust #clap #lexopt
1
3
2

Jarkko Sakkinen

Edited yesterday
It took a lot of effort but now all parts of running TPM2_Import are fixed in both tpm2sh and TPM2_Import and integration tests runs perfectly.

Last fix: https://github.com/puavo-org/tpm2sh/commit/3627530516fdcc8739b3c7aea6fab6a136201bfa

It's a bidirectional test where both the client and the emulator are based on tpm2-protocol. The other side sends commands and parses responses, and the other side send responses and parses commands.

Given the fair amount of software crypto involved to perform any possible bidirectional handshake it is shows off pretty well how robust the implementation is.

#rust #tpm #linux
0
2
2

Jarkko Sakkinen

While tpm2-protocol feels really stable tpm2sh is still somewhat unstable and has bunch of bugs here and there. It is expected, as tpm2sh served only as a dumpster for test code while developing the protocol crate.

Now that I don't do active development on tpm2-protocol, I'm going to make the first actually somewhat stable 0.11.0 release of tpm2sh.

It has quite verbose interface, which will break also easily for that reason. Thus, before pursuing seriously to the possible bugs, I developed MockTPM, a simple TPM emulator that is used as the "TPM end" for subcommand integration tests..,

#linux #kernel #rust #tpm
0
0
0

Jarkko Sakkinen

This is the gist how you would go on implementing TPM emulator, or vTPM inside confidential computing (SGX, SNP, TDX) enclave:

#linux #kernel #rust #tpm
1
2
1

Jarkko Sakkinen

new uri based json stack with tpm and key objects depending on binding etc. and things start to actually work.
1
0
0

Jarkko Sakkinen

from my daughters 20th anniversary dinner friday :----)
0
0
3

Jarkko Sakkinen

Edited 11 days ago
this SVG garbage fuck. is there something we could put .gitattributes, .gitignore or something that would make it not to destroy git grep experience?
2
0
0

Jarkko Sakkinen

Edited 14 days ago
I migrated dyn trait (or Box<dyn TpmObject>) as part of tpm2_protocol test suite just to demonstrate that on-wire TPM2 protocol can be dynamically detected without any spurious dependencies ;-)

Screencast demonstrates also the time that it takes to run the full kselftest compatible test suite.

#linux #kernel #tpm #rust
0
0
1

Jarkko Sakkinen

Edited 14 days ago
My standalone and kselftest exit code compatible test program might be archaic yes but it sure executes fast as hell compared to running cargo test :-)

On first run it also fully compiles the test program togehter with crate's source code linked into it.

#linux #kernel #tpm #rust
0
1
2
Also this is fucking ridiculous. I mean why not still have different cc's.Ultimate stupidity have to say.
0
0
0

Jarkko Sakkinen

Well... hell... TCG TPM 2.0 specification 184 minus one command coverage.
2
0
0

Jarkko Sakkinen

Edited 17 days ago
tpm2sh 0.8.0 with print-stack sink:
1
0
0
I'm quite optimistic that SLOC will be reduced as few months pass as this was put together in a very short period of time :-) i processed the architecture for a year tho in my head so that's why it came together so fast.
0
0
0

Jarkko Sakkinen

tpm2sh starts to look pretty good and has at least the features i want it to have for kernel testing.

tpm2_protocol is "kernel-ready" (including Box<dyn TpmObject>, which is essential for a driver uapi) and this the full list of commands it lacks for 100% TCG TPM 2.0 specification coverage:

https://github.com/puavo-org/tpm2_library/issues/4

I'm pretty much done with this project for the moment :-)
1
0
0
Pretty printer is maturizing too:
0
0
0

Jarkko Sakkinen

still in progress but this will be a nice debugging feature:
1
0
0

Jarkko Sakkinen

This was nasty one to fix and took many days (and nights tbh) but now finally command parsing is fixed and all my tests pass:

https://github.com/puavo-org/tpm2_library/commit/7b0fc824bd341fb21c90a06b945f01feb1c20f5e

There's MS TPM 2.0 emulator and swtpm, and that's like all of command parsing and response synthesis I'm aware of. I.e. by practical means there was no useful existing work to take example of :-) I'm pretty happy and a bit proud too that I've reach unipolarity by writing Rust macros reflecting TCG specifications.

I don't have now known bugs in the protocol crate. I'm sure there's a bunch but still feels nice after 1.5 weeks of sleepless nights and 7K SLOC of code (protocol + cli).

#linux #kernel #rust #tpm
1
0
1

Jarkko Sakkinen

Edited 24 days ago
I'm ready to push this online, but not for a while tag a release because cli should be made to work optimally.

E.g., policy-secret is placeholder. it would much nicer to have "policy [--train] <expression>" with some combinatorial language.

It could take advantage of object references provided my baked-in stack machine:

1. Subcommands a take list of JSON objects from stdin and consume as many as they need from top of te stack.
2. Each subcommand then produce results to the top.

Of course some things come through arguments (e.g. for key creation I have "--persistent").

Also perhaps load and import should be combined to a single smart command. The point is that this is where I don't know what to do exactly and changes for cli interface are welcome :-) I'm now happy that I got allocs and panics away from protocol crate making it "linux-rust ready".

In the protocol crate itself there is one single puzzle where constant improvement makes sense both in kernel and user space: narrowing the delta between "SIZE" and "len()" of TpmSize trait. Ideally the delta would be zero t some point. To be usable in kernel I've now reach that goal (easily) but optimizing this equation makes it substantially better.
2
1
2
Show older