@vathpela @dr2chase @ariadne Do you mean Intel SDM and it is verbose pseudo code by this. If that was the connection, yep, I do appreciate that side in x86 specs :-) I can more easily grasp stuff from SDM than from RISC-V specs.

Ramping up #systemd #kernel #QA: DONE!

URL: https://gitlab.com/jarkkojs/linux-tpmdd-test

Contents:

CMakeLists.txt
Config.in
LICENSE
README.md
board/x86_64/buildroot.conf
board/x86_64/genimage.cfg
board/x86_64/kselftest-tpm2.exp.in
board/x86_64/linux.config
board/x86_64/post-build.sh
board/x86_64/post-image.sh
board/x86_64/run-qemu.sh.in
board/x86_64/run-tests.sh.in
board/x86_64/ssh_config.in
buildroot-2024.02.3.patch
configs/x86_64_defconfig
external.desc
external.mk

I’ve been editing the history while ramping up this starting point but I will stop this chaotic workflow now and commit to this baseline :-) So no worries if sending pull requests…

This is also CI capable environment assuming that runner has:

• QEMU
• swtpm

The GIF-animation shows the proof that it actually also works.

Yup, I think it is most sensible to make asymmetric TPM2 key signer only, and import public key to software asymmetric key.

It's not purely just doing TPM2_Sign but also per signature type (RSAPSS, ECDSA etc.) it needs signature specific encoder to ASN.1 format.

Still sufficient to have only a single tpm2_signing_key type of module.

@cherti In my books a claim without evidence is a false claim, and frankly I don't care what your interpretation is. Even if that random guess would actually shown to be true.

@cherti Please go away, thanks.

@cherti And making false claims does not help anyone. On the contrary it leads to false beliefs.

@cherti No you made a claim without evidence.

This happens to me at least every second or third day:

# poweroff

And then my computer shuts down :-) #qemu

Those took care of remaining errors, now systemd gives zero fails awesome :---)

CONFIG_NLS_ISO8859_1=y

Given “codepage cp437 not found” adding: CONFIG_NLS_CODEPAGE_437=y

Before even considering any changes to the #kernel #PGP #maintainer guide I wonder what is the use and purpose of:

- gpg-agent-browser.socket
- gpg-agent-extra.socket

I keep them disabled because I need only gpg-agent.socket and gpg-agent-ssh.socket but for completeness sake would be nice to know what they are.

@cherti Why are you making such claims then?

First could not find them because I was searching for https://longhorn.ms/

Sorry do not connect Intel, Loonghorn and RISC_V to the same sentence ;-)

There's also Russian Elbrus line of CPU's but not Elbrus sold at Ali Express (unfortunately). I might have even bought one if they had that for plain interest... Loongson products I can find easily.

@vathpela @dr2chase @ariadne Yep, in the end of 2021 but how does that connect to RISC-V? :-) My experiences with RISC-V connect to this project: https://sochub.fi/. I've been on industry "sabbatical" for over a year (returning back to some yet-to-be defined company next Oct).

@vathpela @ariadne @dr2chase And RISC-V specs are as thin as they are as they are lacking proper semantics definitions, e.g. in pseudo code.

@vathpela @ariadne @dr2chase RISC-V with MMU is somewhat unfinished experiment. Hard to even say what it is really, given huge holes in the spec's and a few by definition ambiguous opcodes. Mostly RISC-V in reality is what SiFive implements :-)

I sometimes wonder why people don't just take OpenMIPS, which is almost like finished RISC-V with MMU...

Well one FAILED less at least ;-)

FAT-fs (vda1): codepage cp437 not found           
[FAILED] Failed to mount EFI System Partition Automount.
See 'systemctl status efi.mount' for details.                                                                                
random: crng init done                                        
[  OK  ] Finished Update Boot Loader Random Seed.                                                                            
[FAILED] Failed to start Automatic Boot Loader Update.                                                                       
See 'systemctl status systemd-boot-update.service' for details.                                                              

OK probably this is the reason:

# mount /dev/vda1 /boot
mount: /boot: unknown filesystem type 'vfat'.
       dmesg(1) may have more information after failed mount system call.

So the fix would be then:

diff --git a/board/x86_64/linux.config b/board/x86_64/linux.config
index fd088a5..1477d65 100644
--- a/board/x86_64/linux.config
+++ b/board/x86_64/linux.config
@@ -101,6 +101,8 @@ CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y
 CONFIG_EXT4_FS=y
 CONFIG_AUTOFS_FS=y
 CONFIG_FUSE_FS=y
+CONFIG_VFAT_FS=y
+CONFIG_FAT_DEFAULT_UTF8=y
 CONFIG_TMPFS_POSIX_ACL=y
 CONFIG_SQUASHFS=y
 CONFIG_TRUSTED_KEYS=y