@vbabka @ariadne @dr2chase @vathpela Yeah one of the most common root design failures when it comes to various side-channel attacks :-) Vulnerability by design. Other would be CPU caches or combination of these two :-)

I wonder why vfat in kconfig does not select these options:

• CONFIG_NLS_CODEPAGE_437
• CONFIG_NLS_ISO8859_1

Noticed this while putting together #systemd image. You really cannot use FAT meaningfully without 437, so there should be IMHO either depends or select relation between these and FAT kconfig options.

In my opinion selecting VFAT in 2024 from kconfig should lead to selecting all the options that are required for filenames at minimum because it has exactly two use cases:

1. USB sticks
2. ESP

In both cases proper interpretation of filenames is required.

PS. I also wonder why systemd does not list them as its required CONFIG_*. They are not obvious kconfig options in the context of kernel QA ;-) I always begin with tinyconfig and add up from there when doing this. Using ESP is required by practical means with systemd-boot so all three options should exist in this file: https://github.com/systemd/systemd/blob/main/README. I used it as a reference and failed.

#linux #kernel #vfat #codepage #437

@vathpela @dr2chase @ariadne Do you mean Intel SDM and it is verbose pseudo code by this. If that was the connection, yep, I do appreciate that side in x86 specs :-) I can more easily grasp stuff from SDM than from RISC-V specs.

Ramping up #systemd #kernel #QA: DONE!

URL: https://gitlab.com/jarkkojs/linux-tpmdd-test

Contents:

CMakeLists.txt
Config.in
LICENSE
README.md
board/x86_64/buildroot.conf
board/x86_64/genimage.cfg
board/x86_64/kselftest-tpm2.exp.in
board/x86_64/linux.config
board/x86_64/post-build.sh
board/x86_64/post-image.sh
board/x86_64/run-qemu.sh.in
board/x86_64/run-tests.sh.in
board/x86_64/ssh_config.in
buildroot-2024.02.3.patch
configs/x86_64_defconfig
external.desc
external.mk

I’ve been editing the history while ramping up this starting point but I will stop this chaotic workflow now and commit to this baseline :-) So no worries if sending pull requests…

This is also CI capable environment assuming that runner has:

• QEMU
• swtpm

The GIF-animation shows the proof that it actually also works.

Yup, I think it is most sensible to make asymmetric TPM2 key signer only, and import public key to software asymmetric key.

It's not purely just doing TPM2_Sign but also per signature type (RSAPSS, ECDSA etc.) it needs signature specific encoder to ASN.1 format.

Still sufficient to have only a single tpm2_signing_key type of module.

@cherti In my books a claim without evidence is a false claim, and frankly I don't care what your interpretation is. Even if that random guess would actually shown to be true.

@cherti Please go away, thanks.

@cherti And making false claims does not help anyone. On the contrary it leads to false beliefs.

@cherti No you made a claim without evidence.

This happens to me at least every second or third day:

# poweroff

And then my computer shuts down :-) #qemu

Those took care of remaining errors, now systemd gives zero fails awesome :---)

CONFIG_NLS_ISO8859_1=y

Given “codepage cp437 not found” adding: CONFIG_NLS_CODEPAGE_437=y

Before even considering any changes to the #kernel #PGP #maintainer guide I wonder what is the use and purpose of:

- gpg-agent-browser.socket
- gpg-agent-extra.socket

I keep them disabled because I need only gpg-agent.socket and gpg-agent-ssh.socket but for completeness sake would be nice to know what they are.

@cherti Why are you making such claims then?

First could not find them because I was searching for https://longhorn.ms/

Sorry do not connect Intel, Loonghorn and RISC_V to the same sentence ;-)

There's also Russian Elbrus line of CPU's but not Elbrus sold at Ali Express (unfortunately). I might have even bought one if they had that for plain interest... Loongson products I can find easily.

@vathpela @dr2chase @ariadne Yep, in the end of 2021 but how does that connect to RISC-V? :-) My experiences with RISC-V connect to this project: https://sochub.fi/. I've been on industry "sabbatical" for over a year (returning back to some yet-to-be defined company next Oct).

@vathpela @ariadne @dr2chase And RISC-V specs are as thin as they are as they are lacking proper semantics definitions, e.g. in pseudo code.

@vathpela @ariadne @dr2chase RISC-V with MMU is somewhat unfinished experiment. Hard to even say what it is really, given huge holes in the spec's and a few by definition ambiguous opcodes. Mostly RISC-V in reality is what SiFive implements :-)

I sometimes wonder why people don't just take OpenMIPS, which is almost like finished RISC-V with MMU...