Jarkko Sakkinen
Posts
4841Following
322Followers
492OpenPGP: 3AB05486C7752FE1
Jarkko Sakkinen
jarkko
Edited 1 month ago
I had these shitty with_* wrappers for doig shit with handles in tpm2sh.
Now I'm switching to Drop traits + threadpool i.e. pretty much what every other driver does in kernel with workqueue, so using a known good pattern.
As I've understood it (might be wrong too please correct) e.g., in a Drop trait implementation it is disallowed to block.
[in drivers you tend to do this a lot e.g., given possible race conditions with fput() and releasing the resources]
Now I'm switching to Drop traits + threadpool i.e. pretty much what every other driver does in kernel with workqueue, so using a known good pattern.
As I've understood it (might be wrong too please correct) e.g., in a Drop trait implementation it is disallowed to block.
[in drivers you tend to do this a lot e.g., given possible race conditions with fput() and releasing the resources]
0
0
0
Jarkko Sakkinen
jarkko
Edited 1 month ago
All these TPM bug I've baffled around have nothing to do with tpm2-protocol. It's working perfectly :-) It's all about parameters in tpm2sh.
Two real issues so far after 0.10.0 specifically in tpm2-protocol:
1. I had deleted over half of TPM_RC values from enum during mangling it together. tpm2-protocol did not trip it returned error called InvalidDiscriminant, which also reports the integer value of undefined discriminant.
2. I had ill-defined capacity for couple of things. The error propagation and range checks worked perfectly and returned CapacityExceeded.
It's designed to be zero panic even for unreachable and "impossible" situations and error propagation seems to really work in practice too :-)
At one point I did not having parsing and building traits defined for "i8" as I was not then aware that there was enum with negative discriminants. That already was catched by the compiler as everything has TpmBuild, TpmParse and TpmSized traits down to atoms.
That i8 issue was exactly kind of twist that could easily go into production unnoticed and made me pretty convinced that the "DSL" I've defined actually does work.
Two real issues so far after 0.10.0 specifically in tpm2-protocol:
1. I had deleted over half of TPM_RC values from enum during mangling it together. tpm2-protocol did not trip it returned error called InvalidDiscriminant, which also reports the integer value of undefined discriminant.
2. I had ill-defined capacity for couple of things. The error propagation and range checks worked perfectly and returned CapacityExceeded.
It's designed to be zero panic even for unreachable and "impossible" situations and error propagation seems to really work in practice too :-)
At one point I did not having parsing and building traits defined for "i8" as I was not then aware that there was enum with negative discriminants. That already was catched by the compiler as everything has TpmBuild, TpmParse and TpmSized traits down to atoms.
That i8 issue was exactly kind of twist that could easily go into production unnoticed and made me pretty convinced that the "DSL" I've defined actually does work.
0
0
0
@lanodan It's like with Rust ecosystem that they've made the right analysis of situation i.e. for most stuff we put everything to somekind of container etc. and for 99% of stuff we pile it's great call.
But the thing is nothing ever works ideally except maybe computer science class and there is 1% where that makes absolutely no sense. So to level up I'd address these type of details too, and accept the reality. Up until that Rust is pretty much destined to be a Java for system programming sandboxed by C based ecosystem.
But the thing is nothing ever works ideally except maybe computer science class and there is 1% where that makes absolutely no sense. So to level up I'd address these type of details too, and accept the reality. Up until that Rust is pretty much destined to be a Java for system programming sandboxed by C based ecosystem.
0
0
0
@lanodan it's a special corner case and i'm talking about deployments at scale of even hundreds or thousands nodes and fucking armed guards and shit xD usually corps have this thing called Secure Development Lifecycle (SDL) process that everything to needs to comply and it is hard to map to bunch of Rust programs with random versions of random crypto.
1
0
0
Jarkko Sakkinen
jarkko
@lanodan it does not rely on assumptions. it is more like that in production you often need to have somehow certified/audited crypto. I.e. it is irrelevant how strong or weak the crypto is in some sense as long as it has gone through that process.
thus, statically linked crypto is a problem.
also it is a problem even when the crypto would audited that you can only hotfix all deployed rust by updating all possible rust programs. it's much easier to hotfix a single crypto entity, which could be DSO.
thus, statically linked crypto is a problem.
also it is a problem even when the crypto would audited that you can only hotfix all deployed rust by updating all possible rust programs. it's much easier to hotfix a single crypto entity, which could be DSO.
1
0
0
Jarkko Sakkinen
jarkko
Easiest way to test Windows compilation in Linux for Rust crate?
I'd like to add a target for https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git
I'd like to add a target for https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git
1
0
0
It would be comptetitive advantage for Rust to have first class DSO support. It's like 99% of things Rusts static linking model is exactly right thing to do but for 1% of use cases you should just have a DSO.
Prime examples:
- Core crypto libraries. These need to be hotfixe when CVE arises.
- Core graphic libraries.
- System GUI libraries.
Prime examples:
- Core crypto libraries. These need to be hotfixe when CVE arises.
- Core graphic libraries.
- System GUI libraries.
1
1
1
Jarkko Sakkinen
jarkko
i feel like a winner now when I reached TPM_RC_INTEGRITY. this is easy to squash :D crypto works fully or does not work at all
0
0
0
Jarkko Sakkinen
jarkko
day 2 fighting with TPM2_Import. and it's not the first time. the protocol crate is doing nothing wrong, it's a bug in tpm2sh
0
0
0
Jarkko Sakkinen
jarkko
I should have remember by now that for KDFa's you feed "DUPLICATE\0" not "DUPLICATE" and so forth. But no, I fought with TPM_RC_VALUE for half a day.
0
0
0