#TPM integrity protection is almost there:

https://lore.kernel.org/linux-integrity/D0X00LTUCCC8.X8LKLJHZZRGP@kernel.org/#t

Those are my only remaining remarks for v8.

The idea is that HMAC pipe is used for communication derived from null seed (which changes each power cycle). If the integrity is compromised access to the TPM device will be denied.

I still need to figure out the negative testing. This series has been already tested when machine works as expected and the bus is not compromised.

Combined with TPM2 sealed hard drive encryption should be quite reasonable way to secure a system (of course nothing never is perfect).

Kernel man page generation: is that acceptable for the official linux man pages? I should put out SGX man pages at some point (has been in queue for 2 years) but using troff is not something I can say that I enjoy doing.

I.e. there is man page generation instructions here: https://www.kernel.org/doc/html/latest/doc-guide/kernel-doc.html

@jonmasters IMHO better way to define multiple things would be think there main applications:

- With MMU spec.
- Without MMU-spec for microcontroller type of stuff.
- Co-processor spec for things like GPU cores (not sure how much this would differ from MMUless tho).

Now it sort of "split by IP block" almost or something like that which is not a good basis for implementing software stack. Probably my split is not exactly correct but the idea is that splits should happen per key applications.

@jonmasters Even some pretty basic things that would be essential to make meaningful operating system kernels are left out unspecified like decent caching mode configuration (like x86 PAT/MTRR scheme).

@Andi For what it is worth this was now in X11. I used it because thought it might be stabler with Steam. I can revert back to Wayland and see if that makes any difference.

@Andi OK so it still trips but at least the dump is longer now:

[   48.070785] x86/split lock detection: #AC: CJobMgr::m_Work/4188 took a split_lock trap at address: 0xe768347f
[   48.151575] x86/split lock detection: #AC: CJobMgr::m_Work/4200 took a split_lock trap at address: 0xe768347f
[   48.830151] x86/split lock detection: #AC: CJobMgr::m_Work/4274 took a split_lock trap at address: 0xe768347f
[   50.154695] x86/split lock detection: #AC: CJobMgr::m_Work/4392 took a split_lock trap at address: 0xe768347f
[   62.952187] x86/split lock detection: #AC: IPC:CSteamEngin/4183 took a split_lock trap at address: 0xe76834ba
[   80.611973] umip: ChaosGate.exe[5397] ip:6ffff686aa76 sp:6357f9d0: SGDT instruction cannot be used by applications.
[   80.611981] umip: ChaosGate.exe[5397] ip:6ffff686aa76 sp:6357f9d0: For now, expensive software emulation returns the result.
[   80.616544] umip: ChaosGate.exe[5397] ip:6fffeb42bb50 sp:6357f9d0: SGDT instruction cannot be used by applications.
[   80.616548] umip: ChaosGate.exe[5397] ip:6fffeb42bb50 sp:6357f9d0: For now, expensive software emulation returns the result.
[   81.334429] umip: ChaosGate.exe[5361] ip:6fffe874c11e sp:10f6c8: SGDT instruction cannot be used by applications.
[   81.357831] x86/split lock detection: #AC: ChaosGate.exe/5361 took a split_lock trap at address: 0x6fffe5f51242
[   84.552845] x86/split lock detection: #AC: ChaosGate.exe/5554 took a split_lock trap at address: 0x6ffff6801001
[   89.917136] x86/split lock detection: #AC: Loading.Preload/5471 took a split_lock trap at address: 0x6ffff6a3aee0
[  673.720113] BTRFS info (device dm-2): qgroup scan completed (inconsistency flag cleared)
[  907.829729] umip_printk: 51 callbacks suppressed
[  907.829732] umip: ChaosGate.exe[5361] ip:6ffff4fc53a0 sp:10e0c8: SGDT instruction cannot be used by applications.
[  907.829737] umip: ChaosGate.exe[5361] ip:6ffff4fc53a0 sp:10e0c8: For now, expensive software emulation returns the result.
[ 7778.421556] umip: ChaosGate.exe[13366] ip:6ffff686aa76 sp:6357f9d0: SGDT instruction cannot be used by applications.
[ 7778.421561] umip: ChaosGate.exe[13366] ip:6ffff686aa76 sp:6357f9d0: For now, expensive software emulation returns the result.
[ 7778.425809] umip: ChaosGate.exe[13366] ip:6fffeb42bb50 sp:6357f9d0: SGDT instruction cannot be used by applications.
[ 7778.425811] umip: ChaosGate.exe[13366] ip:6fffeb42bb50 sp:6357f9d0: For now, expensive software emulation returns the result.
[ 7778.499061] umip: ChaosGate.exe[13330] ip:6fffe874c11e sp:10f6c8: SGDT instruction cannot be used by applications.
[ 7778.516548] x86/split lock detection: #AC: ChaosGate.exe/13330 took a split_lock trap at address: 0x6fffe5f51242
[ 7781.596951] x86/split lock detection: #AC: ChaosGate.exe/13562 took a split_lock trap at address: 0x6ffff6801001
[ 7786.871080] x86/split lock detection: #AC: Loading.Preload/13448 took a split_lock trap at address: 0x6ffff6a3aee0
[ 7911.623629] i915 0000:03:00.0: [drm] GPU HANG: ecode 12:1:84dfd7f7, in ChaosGate.exe [13330]
[ 7911.623637] i915 0000:03:00.0: [drm] ChaosGate.exe[13330] context reset due to GPU hang
[ 7922.254173] umip_printk: 41 callbacks suppressed
[ 7922.254176] umip: ChaosGate.exe[13330] ip:6ffff4fc53a0 sp:10d0c8: SGDT instruction cannot be used by applications.
[ 7922.254182] umip: ChaosGate.exe[13330] ip:6ffff4fc53a0 sp:10d0c8: For now, expensive software emulation returns the result.

Modules loaded:

$ lsmod|grep i915
i915                 4284416  115
i2c_algo_bit           24576  2 xe,i915
drm_buddy              20480  2 xe,i915
ttm                   110592  3 drm_ttm_helper,xe,i915
drm_display_helper    282624  2 xe,i915
cec                    94208  3 drm_display_helper,xe,i915
video                  77824  4 asus_wmi,asus_nb_wmi,xe,i915

Some Ideas and thoughts about the new Bitwig 5.2 beta. Compressor+ things, OVER clipper and the new Shift Register in action.

👉 https://youtu.be/_7nl1wrU5vY

#bitwig #musicproduction #musodon

@Andi Hey, running drm-tip really does fix any issues. I tried to play for about 20 minutes so it is not like very comprehensive test but in the past things have failed with 2-5 minutes so at least to the right direction.

a git cheat sheet

@ptesarik @timojyrinki @vbabka i dare to say that me having bugzilla account is overall benefit of opensuse because i actually like finding at least ideas for the root cause before reporting anything :-)

@ptesarik @timojyrinki @vbabka this was is not a bug per se because TPM2 boot is not yet a "stable feature" (or is it?) but more like needed precursory step to make that happen.

@ptesarik @timojyrinki @vbabka I put this also here. I did mean to report this but just shows the extra steps one needs to accomplish to get a fully wayland system in Tumbleweed: https://social.kernel.org/notice/AgTCtsiojJvg17ry9w

@ptesarik @timojyrinki @vbabka I found it: https://social.kernel.org/notice/AgK92oAUsgYmGHB6sS

@ptesarik @vbabka the more recent issue was this but i’m still working on the root cause (just haven’t had yet time to spin): https://social.kernel.org/notice/AhAkgNAoOXUOD2ns4u

In this case it could be either or both upstream and downstream issue but I’m not sure. @timojyrinki said that perhaps xe driver is not in use but now that i checked:

$ lsmod|grep i915
i915                 4202496  69
i2c_algo_bit           20480  2 xe,i915
drm_buddy              20480  2 xe,i915
ttm                   110592  3 drm_ttm_helper,xe,i915
drm_display_helper    245760  2 xe,i915
cec                    90112  3 drm_display_helper,xe,i915
video                  77824  4 asus_wmi,asus_nb_wmi,xe,i915

I’m not a graphics driver expert but for me it looks based on loaded modules that OpenSUSE does actually select XE driver correctly but I could also understand something incorrectly. On this issue I’ll compile drm-tip as suggested in the thread and hopefully make some further conclusions.

The other issue I need to backtrack that from my mastodon spam :-)

@cloud_manul i think this should be readable from earlier comments.

@ptesarik @vbabka please denote that i've tried to change the password few times without success. sign on works otherwise. e.g. forums do work.

@vbabka @ptesarik not super critical but i might already have two bugs to report. can wait until there is time to check what is the problem :-)

@vbabka @ptesarik yeah, i sent email to admin address but no answer. obviously could have ended to junk mail so probably should retry.

Alastair captures one of the biggest problems with the current RISC-V spec. When I looked into this a while back I was (almost) shocked at the lack of rigor and state of the tooling. I say almost because I expected it, but was still sad. Read his blog.

https://alastairreid.github.io/riscv-spec-issues/

How people login to #OpenSUSE #Bugzilla? Does not work for me.