Jarkko Sakkinen
Posts
5042Following
329Followers
503OpenPGP: 3AB05486C7752FE1
Jarkko Sakkinen
jarkko
this was hell to fix and locked me from progressing with my swTPM called MockTPM:
https://lore.kernel.org/tpm-protocol/20250902165455.3680143-1-jarkko@kernel.org/
Fixed in https://crates.io/crates/tpm2-protocol/0.10.21
Once MockTPM is mature enough I use it also as the unprivileged default backed for tpm2sh.
That enabled two useful features:
1. Dry-run TPM operations with tpm2sh against swTPM with support also for e.g. persistence.
2. Windows and macOS support! They just compile out device parameter and use MockTPM unconditionally.
#linux #rust #tpm
https://lore.kernel.org/tpm-protocol/20250902165455.3680143-1-jarkko@kernel.org/
Fixed in https://crates.io/crates/tpm2-protocol/0.10.21
Once MockTPM is mature enough I use it also as the unprivileged default backed for tpm2sh.
That enabled two useful features:
1. Dry-run TPM operations with tpm2sh against swTPM with support also for e.g. persistence.
2. Windows and macOS support! They just compile out device parameter and use MockTPM unconditionally.
#linux #rust #tpm
1
0
1
Jarkko Sakkinen
jarkko
Edited 3 months ago
I have now a single unified expression language in tpm2sh, which is used in all PCR and policy commands.
You can e.g., express crazy things like or(pcr("sha256:0"), secret(tpm://0x40000001)) with it for instance.
I’ve replaced three separate pest parsers with a single unified nom parser. So much manual control was required anyhow so that diff was pretty much +- 0.
1
0
2
Jarkko Sakkinen
jarkko
I still need to update tests/runner.rs but this bug took quite a long time to address properly and also this commit message really required effort :-)
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git/commit/?h=queue&id=4efa57b484039b8fa9fb41b647b11b623e60fcde
I actually had to re-learn partly how my own software works but it all looks like fairly sound and logical to me :-) Was a good mental exercise really.
#linux #rust #tpm
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git/commit/?h=queue&id=4efa57b484039b8fa9fb41b647b11b623e60fcde
I actually had to re-learn partly how my own software works but it all looks like fairly sound and logical to me :-) Was a good mental exercise really.
#linux #rust #tpm
0
0
1
And I added some niceties like for instance:
- When defining a PCR in a policy you can write the data down.
- Altermatively, you can leave it output and the "policy compiler" will read the current PCR value.
Generally it is a great project as without doing tpm2sh simultaneously tpm2-protocol would be shadow of what it is right now. I constantly discover critical bugs while thinking crazy features for this tool :-)
Like one that I have in done is to provide mechanism to do remote attestation from command-line so that you can have e.g., remote attestating applications written in bash.
- When defining a PCR in a policy you can write the data down.
- Altermatively, you can leave it output and the "policy compiler" will read the current PCR value.
Generally it is a great project as without doing tpm2sh simultaneously tpm2-protocol would be shadow of what it is right now. I constantly discover critical bugs while thinking crazy features for this tool :-)
Like one that I have in done is to provide mechanism to do remote attestation from command-line so that you can have e.g., remote attestating applications written in bash.
0
0
0
Jarkko Sakkinen
jarkko
That pipeline system is gone in tpm2sh. It's now about tags such as "tpm://80000001", "data://base64,..." etc. and expressive policy language which is used by everything from pcr functionality to policy definitions.
Had to do the cli extremely wrong, unintuive and pain to maintain to discover what would be actually right in this case. No one has really ever though how to make TPM2 nice to use from command-line so this part of the process :-)
Had to do the cli extremely wrong, unintuive and pain to maintain to discover what would be actually right in this case. No one has really ever though how to make TPM2 nice to use from command-line so this part of the process :-)
1
0
0
Jarkko Sakkinen
jarkko
@Tutanota Apple has always been morally more in the right side than Google ever has been. Apple's ecosystem is *honestly proprietary* i.e. you need to pay for everything, nothing is free, and that is fully transparent.
Google's ecosystem on the other hand is *dishonestly proprietary" where the real payment comes from your privacy, your data etc., and to fully understad what you actually end up paying is hard or impossible to understand in detail, unless you hire an IT specialized legal firm for you to decipher that from Google's legal and contractual documents.
For these reason I don't agree with this comparison :-)
Google's ecosystem on the other hand is *dishonestly proprietary" where the real payment comes from your privacy, your data etc., and to fully understad what you actually end up paying is hard or impossible to understand in detail, unless you hire an IT specialized legal firm for you to decipher that from Google's legal and contractual documents.
For these reason I don't agree with this comparison :-)
0
0
0
Jarkko Sakkinen
jarkko
LF these days is like the prime definition of corporate crap:
https://bsky.app/profile/linuxfoundation.org/post/3lxu6seyxzc2m
https://bsky.app/profile/linuxfoundation.org/post/3lxu6seyxzc2m
0
0
0
Jarkko Sakkinen
jarkko
@listening_post it's very much wasm compatible code :-) so if you want to build a webTPM: can be done
0
0
0
Jarkko Sakkinen
jarkko
In tpm2-protocol 0.11 requirement for requiring a working stack are heavily relaxed.
In the current stable (0.10.x) memory interaction can be broken down as follows:
1. There is no internal buffering, meaning that internal state does not consume stack.
2. The result is stored in stack.
In the next version (0.11.x) the memory semantics reduce into:
1. Like in the previous version no internal buffering.
2. There's neither parsing nor building. The macros generate a set of interfacs and all parts can be observed with a set of macro generated traits. This builds on the foundation of the DSL developed for describing TCG specs.
I.e. absolutely minimum requirements to run it are:
1. ROM
2. CPU or microcontroller with reasonable register space.
In the current stable (0.10.x) memory interaction can be broken down as follows:
1. There is no internal buffering, meaning that internal state does not consume stack.
2. The result is stored in stack.
In the next version (0.11.x) the memory semantics reduce into:
1. Like in the previous version no internal buffering.
2. There's neither parsing nor building. The macros generate a set of interfacs and all parts can be observed with a set of macro generated traits. This builds on the foundation of the DSL developed for describing TCG specs.
I.e. absolutely minimum requirements to run it are:
1. ROM
2. CPU or microcontroller with reasonable register space.
0
0
0
second patch through list https://lore.kernel.org/tpm-protocol/20250831150145.386502-1-jarkko@kernel.org/T/#u
0
0
0
Jarkko Sakkinen
jarkko
While tpm2-protocol feels really stable tpm2sh is still somewhat unstable and has bunch of bugs here and there. It is expected, as tpm2sh served only as a dumpster for test code while developing the protocol crate.
Now that I don't do active development on tpm2-protocol, I'm going to make the first actually somewhat stable 0.11.0 release of tpm2sh.
It has quite verbose interface, which will break also easily for that reason. Thus, before pursuing seriously to the possible bugs, I developed MockTPM, a simple TPM emulator that is used as the "TPM end" for subcommand integration tests..,
#linux #kernel #rust #tpm
Now that I don't do active development on tpm2-protocol, I'm going to make the first actually somewhat stable 0.11.0 release of tpm2sh.
It has quite verbose interface, which will break also easily for that reason. Thus, before pursuing seriously to the possible bugs, I developed MockTPM, a simple TPM emulator that is used as the "TPM end" for subcommand integration tests..,
#linux #kernel #rust #tpm
0
0
0
Jarkko Sakkinen
jarkko
Edited 3 months ago
there's this infosec researcher personality archetype whose only social media activity is to repost shit about random and uninteresting vulnerabilities
0
0
1
@amackif for this i just read the Rust documentation and for TCG specs I have 11 years familiarity so it's then it was just basically synthesis of those. As the word is defined you need to have a deep understanding of the domain really. From that angle, it is also impossible question to give any correct answer.
0
0
0
Jarkko Sakkinen
jarkko
Edited 3 months ago
tpm2-protocol is the first thing i've done with Rust which would not be existentially possible achieve without some of the Rust features.
With TPM protocol shenanigans people tend to go generation path because writing all data types manually would be ridiculous amount of work.
By creating DSL with macros, "ridiculous" factored down to "huge" but only for the initial pass i.e., to reach the current TCG standard version. And given that I have now efficient DSL, keeping the implementation up to date is almost cost-free. And since none of the compiled code is a generation artifact, it is easy to "shift away" in selected places, and write down traits manually.
With TPM protocol shenanigans people tend to go generation path because writing all data types manually would be ridiculous amount of work.
By creating DSL with macros, "ridiculous" factored down to "huge" but only for the initial pass i.e., to reach the current TCG standard version. And given that I have now efficient DSL, keeping the implementation up to date is almost cost-free. And since none of the compiled code is a generation artifact, it is easy to "shift away" in selected places, and write down traits manually.
1
1
1