Posts
4417
Following
315
Followers
471
Linux kernel hacker and maintainer etc.

OpenPGP: 3AB05486C7752FE1

Jarkko Sakkinen

Don’t you see why many Americans see such talk of dictatorship as contrary to our most cherished principles? Trump says no. Quite the opposite, he insists. “I think a lot of people like it.” -Trump in https://time.com/6972021/donald-trump-2024-election-interview/

Not my vote so no further comments. I just imagine that I did not read this 🤷

#democracy
0
0
0

LWN.net is now @LWN@lwn.net

[$] Inheritable credentials for directory file descriptors https://lwn.net/Articles/971825/

0
2
0

Jarkko Sakkinen

Edited 1 year ago

Despite the misleading name, apparently rust-vmm/vm-memory can do memory mapped I/O on a wider scope. I.e. it could be used in a project having nothing to do with virtualization. In Enarx the situation is two-folded:

  • SGX needs device memory maps
  • KVM based confidential computing needs whatever the name of “the thing” providing private memory areas is ATM through KVM shenanigans ;-) Have to check.
0
0
0

WhatsApp Spam has been increasingly annoying recently, how can someone be calling me on WhatsApp that ISN'T a WhatsApp user?

2
1
2

Happy 60th, BASIC!

0
2
1
@pid_eins with this, TPM2 measured/encrypted boot and also TPM bus protection (which I'm hoping to pick today) we are finally reaching to a security model that is getting competitive with proprietary Mac's security despite being factors more open and giving the user control and choice :-)
0
0
1

Jarkko Sakkinen

Edited 1 year ago
I don't usually put my own pics to social media but here's one that I randomly found from my girlfriends daughters 12th birthday (about year ago). I also take kids birthdays like a pro :-------)

EDIT: i do put a lot of pics of cool hardware tho...
0
0
1
Duh, stupid of me. Obviously for build deps :-) I had them enabled in my earlier Ubuntu installation that had forgotten.
0
0
0

Jarkko Sakkinen

Edited 1 year ago

I’m wondering why in #OpenSUSE #Tumbleweed zypper si -d needs the source package as -d should tell to get only build dependencies, and not the source package.

1
0
0
I'll hold my pull request to next week as it is so near the finish line and I just got testing guidelines from @jejb (author of the patch set). It would be great timing given the work already happening on hard drive encryption side.
0
0
0
I will need to get this done tho even if it is manual troff. Cannot help it being a huge demotivating factor tho... Especially writing something like code examples with manual troff is a tedious job tbh.
0
0
0

Jarkko Sakkinen

Edited 1 year ago
#TPM integrity protection is almost there:

https://lore.kernel.org/linux-integrity/D0X00LTUCCC8.X8LKLJHZZRGP@kernel.org/#t

Those are my only remaining remarks for v8.

The idea is that HMAC pipe is used for communication derived from null seed (which changes each power cycle). If the integrity is compromised access to the TPM device will be denied.

I still need to figure out the negative testing. This series has been already tested when machine works as expected and the bus is not compromised.

Combined with TPM2 sealed hard drive encryption should be quite reasonable way to secure a system (of course nothing never is perfect).
1
6
7

Jarkko Sakkinen

Edited 1 year ago
Kernel man page generation: is that acceptable for the official linux man pages? I should put out SGX man pages at some point (has been in queue for 2 years) but using troff is not something I can say that I enjoy doing.

I.e. there is man page generation instructions here: https://www.kernel.org/doc/html/latest/doc-guide/kernel-doc.html
1
0
0
@jonmasters IMHO better way to define multiple things would be think there main applications:

- With MMU spec.
- Without MMU-spec for microcontroller type of stuff.
- Co-processor spec for things like GPU cores (not sure how much this would differ from MMUless tho).

Now it sort of "split by IP block" almost or something like that which is not a good basis for implementing software stack. Probably my split is not exactly correct but the idea is that splits should happen per key applications.
0
0
0
@jonmasters Even some pretty basic things that would be essential to make meaningful operating system kernels are left out unspecified like decent caching mode configuration (like x86 PAT/MTRR scheme).
1
0
0
@Andi For what it is worth this was now in X11. I used it because thought it might be stabler with Steam. I can revert back to Wayland and see if that makes any difference.
0
0
0

@Andi OK so it still trips but at least the dump is longer now:

[   48.070785] x86/split lock detection: #AC: CJobMgr::m_Work/4188 took a split_lock trap at address: 0xe768347f
[   48.151575] x86/split lock detection: #AC: CJobMgr::m_Work/4200 took a split_lock trap at address: 0xe768347f
[   48.830151] x86/split lock detection: #AC: CJobMgr::m_Work/4274 took a split_lock trap at address: 0xe768347f
[   50.154695] x86/split lock detection: #AC: CJobMgr::m_Work/4392 took a split_lock trap at address: 0xe768347f
[   62.952187] x86/split lock detection: #AC: IPC:CSteamEngin/4183 took a split_lock trap at address: 0xe76834ba
[   80.611973] umip: ChaosGate.exe[5397] ip:6ffff686aa76 sp:6357f9d0: SGDT instruction cannot be used by applications.
[   80.611981] umip: ChaosGate.exe[5397] ip:6ffff686aa76 sp:6357f9d0: For now, expensive software emulation returns the result.
[   80.616544] umip: ChaosGate.exe[5397] ip:6fffeb42bb50 sp:6357f9d0: SGDT instruction cannot be used by applications.
[   80.616548] umip: ChaosGate.exe[5397] ip:6fffeb42bb50 sp:6357f9d0: For now, expensive software emulation returns the result.
[   81.334429] umip: ChaosGate.exe[5361] ip:6fffe874c11e sp:10f6c8: SGDT instruction cannot be used by applications.
[   81.357831] x86/split lock detection: #AC: ChaosGate.exe/5361 took a split_lock trap at address: 0x6fffe5f51242
[   84.552845] x86/split lock detection: #AC: ChaosGate.exe/5554 took a split_lock trap at address: 0x6ffff6801001
[   89.917136] x86/split lock detection: #AC: Loading.Preload/5471 took a split_lock trap at address: 0x6ffff6a3aee0
[  673.720113] BTRFS info (device dm-2): qgroup scan completed (inconsistency flag cleared)
[  907.829729] umip_printk: 51 callbacks suppressed
[  907.829732] umip: ChaosGate.exe[5361] ip:6ffff4fc53a0 sp:10e0c8: SGDT instruction cannot be used by applications.
[  907.829737] umip: ChaosGate.exe[5361] ip:6ffff4fc53a0 sp:10e0c8: For now, expensive software emulation returns the result.
[ 7778.421556] umip: ChaosGate.exe[13366] ip:6ffff686aa76 sp:6357f9d0: SGDT instruction cannot be used by applications.
[ 7778.421561] umip: ChaosGate.exe[13366] ip:6ffff686aa76 sp:6357f9d0: For now, expensive software emulation returns the result.
[ 7778.425809] umip: ChaosGate.exe[13366] ip:6fffeb42bb50 sp:6357f9d0: SGDT instruction cannot be used by applications.
[ 7778.425811] umip: ChaosGate.exe[13366] ip:6fffeb42bb50 sp:6357f9d0: For now, expensive software emulation returns the result.
[ 7778.499061] umip: ChaosGate.exe[13330] ip:6fffe874c11e sp:10f6c8: SGDT instruction cannot be used by applications.
[ 7778.516548] x86/split lock detection: #AC: ChaosGate.exe/13330 took a split_lock trap at address: 0x6fffe5f51242
[ 7781.596951] x86/split lock detection: #AC: ChaosGate.exe/13562 took a split_lock trap at address: 0x6ffff6801001
[ 7786.871080] x86/split lock detection: #AC: Loading.Preload/13448 took a split_lock trap at address: 0x6ffff6a3aee0
[ 7911.623629] i915 0000:03:00.0: [drm] GPU HANG: ecode 12:1:84dfd7f7, in ChaosGate.exe [13330]
[ 7911.623637] i915 0000:03:00.0: [drm] ChaosGate.exe[13330] context reset due to GPU hang
[ 7922.254173] umip_printk: 41 callbacks suppressed
[ 7922.254176] umip: ChaosGate.exe[13330] ip:6ffff4fc53a0 sp:10d0c8: SGDT instruction cannot be used by applications.
[ 7922.254182] umip: ChaosGate.exe[13330] ip:6ffff4fc53a0 sp:10d0c8: For now, expensive software emulation returns the result.

Modules loaded:

$ lsmod|grep i915
i915                 4284416  115
i2c_algo_bit           24576  2 xe,i915
drm_buddy              20480  2 xe,i915
ttm                   110592  3 drm_ttm_helper,xe,i915
drm_display_helper    282624  2 xe,i915
cec                    94208  3 drm_display_helper,xe,i915
video                  77824  4 asus_wmi,asus_nb_wmi,xe,i915
1
0
0

Some Ideas and thoughts about the new Bitwig 5.2 beta. Compressor+ things, OVER clipper and the new Shift Register in action.

👉 https://youtu.be/_7nl1wrU5vY

0
1
1
Show older