#Virtualization adds enough complexity to make the evaluation of threat scenarios more "closed box", whereas with SGX you have a better overall picture of the points of leakage in-between the #secure and #insecure worlds. I mean #TDX even authenticates by using good old SGX.

I still think that #Intel #SGX has some advantages over #SEV and #TDX. Its #security model is easier to understand and is always per page granularity. For anything ulta-secure I would not have hard time to pick the right option.

@dvdmonster The specific application I'm using it for I unfortunately cannot share. Since I'm still pretty unseasoned with FPGAs, the workflow is stil in the seek position :-)

Setting up #FPGA #lab. #Digilent #Genesys2

refine struct tpm_buf to handle sized buffers (TPM2B): https://lore.kernel.org/linux-integrity/20230821033630.1039527-1-jarkko@kernel.org/ #Linux #kernel #TPM #LKML

Now it is possible to emulate both TPM1 and TPM2 with TIS and CRB interfaces:

commit 993b0e9dceebc11e38b3156069b7e4fa5cf20abc (HEAD -> linux-6.5.y, origin/linux-6.5.y)
Author: Jarkko Sakkinen <jarkko.sakkinen@iki.fi>
Date:   Sun Aug 20 15:15:23 2023 +0000

    configs/qemu_x86_64: add --tpm-crb and --tpm1 to start-qemu.sh

    Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@iki.fi>

Two common #GNU #make patterns I tend to use often with #Buildroot:

1. time ( make &> build.txt; )

2. time ( make 2>&1 | tee build.txt; )

#note

@mjg59 @wamserma Not sure if this you are aiming for but Intel SGX records all page updates to mrenclave field residing in the SGX Enclave Control Structure (SECS) of an enclave.

cosmetic but still useful: https://lkml.org/lkml/2023/8/19/213 #linux #kernel #tpm #selftests #lkml

See also new options added to start-qemu.sh.

There is a 6.x.y branch for each kernel version for each kernel release, which I won’t rebase after its creation (e.g. #Github style requests are semantically possible to such branch). For 6.5.y only qemu_x86_64_defconfig target is supported but I might add new targets in future. Testing is also now limited to kselftest, which I might expand in the future (as time allows). Pull requests are of course welcome for improvements.

I created a #Buildroot environment that I’ve started to use for #Linux #kernel #testing, targeted to my kernel tree.

@rockorager thanks for adding that patch it is pretty essential with all these command-line tools (I missed that part earlier)!

as simple as this function might seem, it has reduced the number of remotes I have by large numbers:

function git-fetch-tag { git fetch --no-tags "$1" "refs/tags/$2:refs/tags/$2"; }

#git #note

@jjdavis yeah, it wraps qemu nicely IMHO (and so libvirtd) :-)

#ubuntu #multipass look like something for my needs as i use mostly ubuntu virtual machines for test #kernel's. especially it could replace #vmware fusion in my mac mini, which I use to test #arm64 kernels. in my #linux desktop it is not as useful because #libvirtd and #qemu are already perfect for my needs.

cleaning up tpm_tis #linux #lkml https://lkml.org/lkml/2023/8/14/1065

@mwcz Yeah, I know :-) I was more interested on user space workloads (should have mentioned). Fair argument in any case.

i wonder in what state is explicit heap oom handling in #rust today. it was still pretty bad year ago.

especially i’m interested what has been already fixed when mirroring against a great #analysis from #crowstrike’s blog.

#rustlang #programming

Taking care of the #finance with #awk :-)

$ awk '!/Payer/ {amount[$1] += $2} END { for (i in amount) print i " " amount[i]}'  2023-08.csv
Jarkko 400
Lotta 515

File format:

$ head -1 2023-08.csv
Payer               Amount              Date                Type