Jarkko Sakkinen
Posts
4941Following
327Followers
492OpenPGP: 3AB05486C7752FE1
Since GlobalAlloc is not required from the get go it's easy to get from nothing to something with enclaves as stack will do (and obviously data and rodata are cool too, they don't require alloc).
It also means that one can be light on run-time if wanted and compile-time decided memory pool is good enough (placed in .data). This relaxes the SDK requirements quite a lot as with enclaves (for any technology) allocating new pages from untrusted host is super complex and involved process. Static memory size generally tends to also improve both security, privacy and availability properties of ANY piece of software.
It also means that one can be light on run-time if wanted and compile-time decided memory pool is good enough (placed in .data). This relaxes the SDK requirements quite a lot as with enclaves (for any technology) allocating new pages from untrusted host is super complex and involved process. Static memory size generally tends to also improve both security, privacy and availability properties of ANY piece of software.
0
0
0
Jarkko Sakkinen
jarkko
Edited 2 months ago
Normally software that uses TPM2 creates integration tests by setting up e.g., swtpm.
Once I land the fix for ATM broken tpm2sh import, I'll also add tests/commands.rs, which will demonstrate how you can use tpm2-protocol crate to mock the TPM device.
If you want to take the test to the device level, tpm_vtpm_proxy can be used for this purpose (a driver by Stefan Berger who has also created the awesome swtpm, which is *obviously* the ultimate solution with QEMU) .
#linux #kernel #tpm #rust
Once I land the fix for ATM broken tpm2sh import, I'll also add tests/commands.rs, which will demonstrate how you can use tpm2-protocol crate to mock the TPM device.
If you want to take the test to the device level, tpm_vtpm_proxy can be used for this purpose (a driver by Stefan Berger who has also created the awesome swtpm, which is *obviously* the ultimate solution with QEMU) .
#linux #kernel #tpm #rust
1
1
0
Jarkko Sakkinen
jarkko
Edited 2 months ago
zero issues advertising this as i think it really does right things right:
https://github.com/himmelblau-idm/himmelblau/issues/662
buffering and parsing this protocol stream is just one thing i have pretty solid grip off so why not make best of it
https://github.com/himmelblau-idm/himmelblau/issues/662
buffering and parsing this protocol stream is just one thing i have pretty solid grip off so why not make best of it
0
0
0
Jarkko Sakkinen
jarkko
the uncrowned king of RS-232 file transfer protocols: https://en.wikipedia.org/wiki/SMODEM
0
0
1
Jarkko Sakkinen
jarkko
lifting weights felt great after three week break :-) that's the timeline for tpm2-protocol. it was unhealthy stretch as fuck but now it is done and my rust concerns have been mitigated!
i'm ready and i've fully prepared the next five year plan in the linux kernel, and more specifically in kernel sec...
i'm ready and i've fully prepared the next five year plan in the linux kernel, and more specifically in kernel sec...
0
0
1
refactor!(pipeline): uri base schema
Introduce a new object model with separation between 'tpm' objects (on-chip
references) and 'key' objects (portable key material), simplifying the
object lifecycle.
Replace the inconsistent scheme with a URI based scheme ('tpm://',
'file://', 'data://', 'pipe://') for all resource references.
Jarkko Sakkinen
jarkko
new uri based json stack with tpm and key objects depending on binding etc. and things start to actually work.
1
0
0
Jarkko Sakkinen
repeated
repeated
Canonical Ubuntu
ubuntu@ubuntu.socialHappy birthday, Linux! 🐧🎂
Here’s to 34 years of open source, community, and innovation.
1
2
0
Jarkko Sakkinen
jarkko
(sort of) EOF for this project:
https://lore.kernel.org/tpm2/aKzaTYCI2GO_UPRB@kernel.org/T/#u
The thing that really did not exist before is there, features too, stability most likely not, processes and constraints are adequate for the goals and purpose 🤷
#linux #kernel #tpm #rust
https://lore.kernel.org/tpm2/aKzaTYCI2GO_UPRB@kernel.org/T/#u
The thing that really did not exist before is there, features too, stability most likely not, processes and constraints are adequate for the goals and purpose 🤷
#linux #kernel #tpm #rust
0
0
0
Jarkko Sakkinen
jarkko
Edited 2 months ago
I had these shitty with_* wrappers for doig shit with handles in tpm2sh.
Now I'm switching to Drop traits + threadpool i.e. pretty much what every other driver does in kernel with workqueue, so using a known good pattern.
As I've understood it (might be wrong too please correct) e.g., in a Drop trait implementation it is disallowed to block.
[in drivers you tend to do this a lot e.g., given possible race conditions with fput() and releasing the resources]
Now I'm switching to Drop traits + threadpool i.e. pretty much what every other driver does in kernel with workqueue, so using a known good pattern.
As I've understood it (might be wrong too please correct) e.g., in a Drop trait implementation it is disallowed to block.
[in drivers you tend to do this a lot e.g., given possible race conditions with fput() and releasing the resources]
0
0
0
Jarkko Sakkinen
jarkko
Edited 2 months ago
All these TPM bug I've baffled around have nothing to do with tpm2-protocol. It's working perfectly :-) It's all about parameters in tpm2sh.
Two real issues so far after 0.10.0 specifically in tpm2-protocol:
1. I had deleted over half of TPM_RC values from enum during mangling it together. tpm2-protocol did not trip it returned error called InvalidDiscriminant, which also reports the integer value of undefined discriminant.
2. I had ill-defined capacity for couple of things. The error propagation and range checks worked perfectly and returned CapacityExceeded.
It's designed to be zero panic even for unreachable and "impossible" situations and error propagation seems to really work in practice too :-)
At one point I did not having parsing and building traits defined for "i8" as I was not then aware that there was enum with negative discriminants. That already was catched by the compiler as everything has TpmBuild, TpmParse and TpmSized traits down to atoms.
That i8 issue was exactly kind of twist that could easily go into production unnoticed and made me pretty convinced that the "DSL" I've defined actually does work.
Two real issues so far after 0.10.0 specifically in tpm2-protocol:
1. I had deleted over half of TPM_RC values from enum during mangling it together. tpm2-protocol did not trip it returned error called InvalidDiscriminant, which also reports the integer value of undefined discriminant.
2. I had ill-defined capacity for couple of things. The error propagation and range checks worked perfectly and returned CapacityExceeded.
It's designed to be zero panic even for unreachable and "impossible" situations and error propagation seems to really work in practice too :-)
At one point I did not having parsing and building traits defined for "i8" as I was not then aware that there was enum with negative discriminants. That already was catched by the compiler as everything has TpmBuild, TpmParse and TpmSized traits down to atoms.
That i8 issue was exactly kind of twist that could easily go into production unnoticed and made me pretty convinced that the "DSL" I've defined actually does work.
0
0
0
