Posts
4943
Following
327
Followers
492
Linux kernel hacker and maintainer etc.

OpenPGP: 3AB05486C7752FE1
jarkko

Jarkko Sakkinen

Edited 1 year ago
Time to write Linux PAM module in Rust for the ethprague conference. Rust over C because it is much nicer environment to talk web APIs. And yeah, pam-rs exists. It is about ethereum network based authentication, details at the con.
0
0
1
jarkko

Jarkko Sakkinen

Reply to @jarkko
Edited 1 year ago
@pid_eins @jejb @kernellogger I did now integration shenanigans and some reorg in kernel code base for James Prestwood (iwd dev). He will write RSA/ECDSA ops for asym keys and test them with iwd. It made sense because iwd being good test target and he has PoC'd the RSA part before.

The idea is to have a single key crypto primitive API in the main TPM driver (selected with TCG_TPM2_KEY) and all primitives there and none in the subsystems that call TPM. Initially it contains ASN.1 encoder/decoder relocated from trusted keys.

https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=tpm2_key

Even if some bits are still missing, I think the topology of this code nice right for a longer period of time, and not such a sprinkled mess like it used to be.
1
0
0
jarkko

Jarkko Sakkinen

Reply to @pid_eins@mastodon.social
Edited 1 year ago
@pid_eins @kernellogger @jejb I paid attention to the state year ago or similar timeline when I bought that Mac Mini :-) it worked but i did not switch from passphrase because of the bus issue. This closed the scheme enough for me to be ready to fully switch. In that sense it is complete and along the lines of macOS (without requiring vendor lock-in chip).
1
0
0
jarkko

Jarkko Sakkinen

Reply to @jejb@mastodon.online
Edited 1 year ago
@jejb @kernellogger true but the basic frames have been set at least and more to come.

like before this there was something in one axe and nothing in the other. now both have something so it is at minimum a complete iteration ;-)
0
0
1
jarkko

Jarkko Sakkinen

a conference committee wanted to know my telegram nick so...
0
0
0
jarkko

Jarkko Sakkinen

Reply to @kernellogger@fosstodon.org
@kernellogger @jejb The main reason I went to the attic, wiped the dust and started cleaning up this was that I bought Mac Mini M2 Pro and was disappointed that I need to type text before the system even boots itself. So literally user experience made me work on a sec feature ;-) There was already somewhat recent support in systemd and LUKS2 for the TPM2 encrypted boot but it is not really compelling security model overall if the busses leak... So this kind of completes that work.
2
0
0
jarkko

Jarkko Sakkinen

Reply to @jarkko
@raiderrobert but the Larry Wall "quote" came to mind just to remind to relax even if it has been a while so that's why I put it there :-)
0
0
1
jarkko

Jarkko Sakkinen

Reply to @raiderrobert@mastodon.social
@raiderrobert lol, I actually have been dealing with a search tree yesterday, or more like planning one, otherwise would maybe once a year ;-) a coincidence
1
0
1
jarkko

Jarkko Sakkinen

Reply to @raiderrobert@mastodon.social
Edited 1 year ago
@raiderrobert Larry Wall said in one interview said that he learns when things come across and then deals with them, but otherwise does not worry about too much. I'm believer of this philosophy, so any time window is fine :-)
1
1
1
jarkko

Jarkko Sakkinen

Reply to @raiderrobert@mastodon.social
Edited 1 year ago
@raiderrobert Larry Wall said in one interview said that he learns when things come across and then deals with them, but otherwise does not worry about too much. I'm believer of this philosophy, so any time window is fine :-)
1
1
1
jarkko

Jarkko Sakkinen

Reply to @monsieuricon
@monsieuricon LOL, thanks, great advice :-D
0
0
0
jarkko

Jarkko Sakkinen

Reply to @kernellogger@fosstodon.org
@kernellogger yeah! it's a start still.
0
0
1
jarkko

Jarkko Sakkinen

Reply to @jarkko
Always lurking in the corner and making guest appearances every now and then but never gone, and in every possible context.
0
0
0
jarkko

Jarkko Sakkinen

If I ever had a tattoo, it would probably say: "x.509". It already feels like one 🤷 #x509
2
0
0
jarkko
repeated
kernellogger@fosstodon.org

Thorsten Leemhuis (acct. 1/4)

The TPM bus encryption and integrity protection changes prepared by @jejb and @jarkko were merged for 6.10: https://git.kernel.org/torvalds/c/b19239143e393d4b52b3b9a17c7ac07138f2cfd4

"[…] The key pair on TPM side is generated from so called null random seed per power on of the machine [1]. This supports the TPM encryption of the hard drive by adding layer of protection against bus interposer attacks. […]"

[1 https://lore.kernel.org/linux-integrity/20240429202811.13643-1-James.Bottomley@HansenPartnership.com/

1
1
1
jarkko
repeated
beep@follow.ethanmarcotte.com

Ethan Marcotte

you first, asshole

1
4
4
jarkko

Jarkko Sakkinen

In addition to @LWN subscription I renewed now my #Medium subscription :-)

I also order Computer Music through pocketmags.com, Helsingin Sanomat (digital version https://www.hs.fi/) and of course @skrollilehti.

I like to read good stuff, and am willing to pay for it I guess. I also generally prefer paid version of any web service rather than a free service because then there is less hidden gotchas involved.
0
0
0
jarkko

Jarkko Sakkinen

Edited 1 year ago

I should publish this humble and not so exciting crate (stalled since Dec) and now I found the motivating factor. I make it compile with gccrs.

Maybe this will leads to contributions, who knows, or epic failure but should be interesting and exciting in all cases :-)

The stimulus obviously comes from GCC 14 release, which has the first experimental version of gccrs. And in my free time I do prefer GPL licensed code base for utilities and apps over MIT/Apache, so gccrs makes more sense for me than rustc in that sense (and not judging other viewpoints, it is my personal and subjective preference).

https://gitlab.com/jarkkojs/zmodem2

#gcc #rust #zmodem #gpl

0
2
4
jarkko

Jarkko Sakkinen

Reply to @jarkko
@Foxboron @stepan ill give it a shot in a vm and see how much i need to tweak since cryptenroll is there. soonish
0
0
0
jarkko

Jarkko Sakkinen

Reply to @jarkko
@Foxboron @stepan TBH, nice to hear anyway that my knowledge of Arch Linux is deprecated :-) So that actually made this useful! Now I know.
1
0
0
Show older
About social.kernel.org

Terms of service

  1. Please do not use this service in violation of the Linux Kernel Code of Conduct. Doing so will result in your account suspension with the referral of the matter to the CoC committee.

  2. "Repeating"/"boosting" someone else's status on this platform will be treated as endorsement and will fall under rule #1.

  3. You are encouraged to use this platform to promote your work on the Linux Kernel, but there is no restriction on permitted topics (with the exception of anything covered by #1 above).

  4. There is no requirement to post in English, but it should be considered the primary language of communication on this platform.

Privacy notice

The admins of this service have access to all posted statuses. They aren't looking, but if it's something they shouldn't know about, then you should not post it on this platform.

Please see the Linux Foundation Privacy Policy, which applies to this platform as well.

Getting your own account

If you would like an account on this instance, please check that the following applies to you:

  • You are listed in MAINTAINERS or CREDITS

  • OR: You have a kernel.org account or email address

  • OR: You have a long and established history of involvement with the Linux Kernel

If the above is true and you agree with the Terms of Service and Privacy Notice listed above, please use these instructions to request an account: