A new asymmetric key type tpm2_key_rsa: https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=tpm2_key

Missing still integration to the pre-existing ASN.1 parser but can already sign with the null seed (default if parent is not defined).

I though this would be most logical way to define asymmetric key. Later on tpm2_key_ecdsa can be added. Also for RSA we should use TPM2_RSA_Decrypt for decryption and signing, whereas ECDSA requires potentially more expensive TPM2_Sign and TPM2_EncryptDecrypt.

It is still experimental. Testing the key type itself without parser first with the help of null seed, and then adding bits to call the ASN.1 parser by implementing asymmetric_key_parser. This derived work from James Prestwood’s earlier work from 2020.

when saving kconfig files with nvim for some reason all text paragraphs show diff in all lines of the paragraph. no configuration changes in nvim, suddenly appeared issue, maybe because some update dunno.

never happens anywhere else (tested e.g. with Sublime Text with NeoVintageous).

Highly recommended, actually almost mandatory, for anyone using TPM2 encrypted boot but in that case this problem does not exist in the first place.

rc1 will have this slowdown issue because the patch will go to my rc2 PR. for most part on desktop you still want this so not a big deal.

... pushed already to master/next w/o review comments, it is just making upcoming feature opt-in. Turning default later off is much more tedious than turning it on so it is the right thing to do.

So soon available in linux-next...

IMHO, a rational choice. Distributors know how to enable this for workstation/server, and for devices that are not fast enough have always e.g. fTPM in TrustZone option.

https://lore.kernel.org/linux-integrity/20240518113424.13486-1-jarkko@kernel.org/T/#u

v2: https://lists.buildroot.org/pipermail/buildroot/2024-May/753662.html

#Rust crate for #zmodem: https://crates.io/crates/zmodem2 #rustlang

checkpoint: https://lists.buildroot.org/pipermail/buildroot/2024-May/753633.html

looks like it is working now:

#buildroot is probably quite nice way to generate initramfs and kernel for systemd-ukify.

ukify build --linux=images/bzImage --initrd=images/roofs.cpio

Or along the lines.

I.e use Unified Kernel Image (UKI) in kernel testing.

#linux #kernel

#swtpm and #libtpms packages in progress for #buildroot: https://gitlab.com/jarkkojs/buildroot/-/commits/swtpm/?ref_type=heads #linux #tpm

In addition to "show me the code", there is always also "show me the payload".

The easiest way to move forward with a feature is not to have best possible code quality (at least when tagged as RFC). Instead, having a provable payload for the feature is essential.

https://lore.kernel.org/all/D1BC3VWXKTNC.2DB9JIIDOFIOQ@kernel.org/

@mikebabcock the single best way to use caps is to try avoid using them imho...

I had no idea that we have that many sets of capabilities, oh dear... https://lore.kernel.org/all/D1BBFWKGIA94.JP53QNURY3J4@kernel.org/

@ohmrun Mathematically (as per field of category theory which is sort of "superset" of set theory) Haskell is more "perfect" but as a practical hammer like tool OCaml is IMHO so much more useful ;-)

@ohmrun I've found for some reason OCaml to be much more digestible at least for my brains. I see it also more in the wild.

@ohmrun Helped me to make all conclusions I ever need to make from that language so I guess it was worth it :-)

@ohmrun I wrote this 2D maze in Haskell circa 2011 (not likely to compile today):

module Maze where

import Control.Monad
import Foreign
import qualified Graphics.UI.SDL as SDL
import System.Random
import Data.List
import Data.Array

data Cell = Cell {
    top :: Bool,
    left :: Bool,
    visited :: Bool
} deriving (Show, Eq)

type Maze = Array (Int, Int) Cell

newCell = Cell {top = True, left = True, visited = False}

newMaze :: Int -> Int -> Maze
newMaze rows columns = listArray ((0, 0), (rows - 1, columns - 1)) (repeat newCell)

genMaze maze (r, c) (seed:seeds)
    | visited (maze ! (r, c)) == True = maze
    | otherwise = foldl traverse maze' ((permutations neighbours) !! index)
    where maze' = maze//[((r, c), (maze ! (r, c)) { visited = True })]
          locs = [(r - 1, c), (r + 1, c), (r, c - 1), (r, c + 1)]
          ((_, _), (rmax, cmax)) = (bounds maze)
          neighbours = [(r', c') | (r', c') <- locs,
                        r' >= 0 && r' <= rmax, c' >= 0 &&  c' <= cmax]
          index = seed `mod` (length neighbours)
          moveTo maze (r, c) (r', c')
              | visited cell'  = maze
              | r' < r = maze//[((r, c), cell { top = False })]
              | r' > r = maze//[((r', c'), cell' { top = False })]
              | c' < c = maze//[((r, c), cell { left = False })]
              | c' > c = maze//[((r', c'), cell' { left = False })]
              | otherwise = error "Invalid move"
              where cell = maze ! (r, c)
                    cell' = maze ! (r', c')
          traverse maze' (r', c') = genMaze (moveTo maze' (r, c) (r', c')) (r', c') seeds

hline :: Int -> Int -> Int -> SDL.Pixel -> SDL.Surface -> IO ()
hline x y width (SDL.Pixel pixel) screen = do
    screenWidth <- return (SDL.surfaceGetWidth screen)
    pixels <- castPtr `liftM` SDL.surfaceGetPixels screen
    forM_ [0..(width - 1)] $ \dx -> do
        pokeElemOff pixels (y * screenWidth + x + dx) pixel

vline :: Int -> Int -> Int -> SDL.Pixel -> SDL.Surface -> IO ()
vline x y height (SDL.Pixel pixel) screen = do
    screenWidth <- return (SDL.surfaceGetWidth screen)
    pixels <- castPtr `liftM` SDL.surfaceGetPixels screen
    forM_ [0..(height - 1)] $ \dy -> do
        pokeElemOff pixels ((y + dy) * screenWidth + x) pixel

main :: IO()
main = do
    startRow <- randomRIO (0 :: Int, rows - 1)
    startColumn <- randomRIO (0 :: Int, columns - 1)
    seeds <- replicateM (rows * columns) (randomRIO (0 :: Int, (max rows columns)))

    maze <- return (genMaze (newMaze rows columns) (startRow, startColumn) seeds)
    SDL.init [SDL.InitEverything]
    screen <- SDL.setVideoMode screenWidth screenHeight 32 []

    hline 0 0 screenWidth whitePixel screen
    hline 0 (screenHeight - 1) screenWidth whitePixel screen
    vline 0 0 screenHeight whitePixel screen
    vline (screenWidth - 1) 0 screenHeight whitePixel screen

    forM (assocs maze) $ \((r, c), cell) ->
        if (top cell) then do
            hline (blockWidth * c) (blockHeight * r) blockWidth whitePixel screen
        else do return ()

    forM (assocs maze) $ \((r, c), cell) ->
        if (left cell) then do
            vline (blockWidth * c) (blockHeight * r) blockHeight whitePixel screen
        else do return ()

    SDL.flip screen
    eventLoop
    SDL.quit

    where
        eventLoop = SDL.waitEvent >>= checkEvent
        checkEvent SDL.Quit = return()
        checkEvent (SDL.KeyUp _) = return()
        checkEvent _ = eventLoop

        blockWidth = 32
        blockHeight = 32
        rows = 16
        columns = 16
        screenWidth = columns * blockWidth
        screenHeight = rows * blockHeight
        whitePixel = SDL.Pixel 0x00FFFFFF

Ur welcome ;-)

@mattdm @pchestek At least my daughter's vespa that i bought for her is in the moped category, which you can drive in Finland before turning 18 (like from 15 years or similar).