still as relevant song as it was in 2014 ;-)

https://www.youtube.com/watch?v=NWxISwEBU0U

Great landed kickoff commit for casting TPM data to the main branch:

https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git/commit/?id=03ffb2a9fc5026dbbedd2e1bbdf52bb3cc7dc564

@Dr_Emann, and yep:

- ($ty:ty, $variant:ident) => {
+ ($ty:ident, $variant:ident) => {

EDIT: extended further to lists (and commit ID above updated) as TpmList was a pretty good test case for the trait definition itself. Luckily I had used PhantomData a few times when contributing to Enarx few years ago so I was able to make this stretch :-) Now I have like the baseline for doing zercopy in place.

This starts to “feel right” when it comes to “zerocopy”:

pub trait TpmCast<'a>: Sized {
    fn cast(slice: &'a [u8]) -> TpmResult<Self>;
    fn as_slice(&self) -> &'a [u8];
}

And pretty analogus to pre-existing TpmBuild and TpmParse i.e., they provide clone semantics and this is like hierarchical pointer.

It’s pretty easy to squeeze in because I only really have to edit macros for the most part. I have already basic types, and buffers and lists will follow the same patterns.

@cehteh yeah i know :-) i might try GNU make proc macro compilation for the sake of experiment at least. in tpm2-protocol i have everything building with make including all test programs: https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git/tree/Makefile.

For this crate per se I think procedural macros would be a bad idea, it is good as it is but I might give them a shot in a crate called "tpm2-policy", which uses tpm2-protocol to create expression language for policies.

@Dr_Emann OK I tested it and it looks like it is true. Thanks for the great remark!

Still leaves me a bit confused tho of when the "real" ty fragment is the only working option

@Dr_Emann I'm building the ladders up in a separate branch first getting basic types, lists and buffers right and finding most appropriate patterns. After I have those right it is easy to populate rest of the macro generation.

E.g. first PoC TpmBuffer I have from trait instead of get(), which I likely change also in integer: https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git/commit/?h=zerocopy&id=68caecf1eceac25d8f3f819ef5f7c794ffcc9177. And next thing is TpmList and then some weeks bouncing around these basic data types until they "feel" right :-)

I.e. I try to create zerocopy non-destructively without breaking the working build/parse implementation while putting this stuff in...

@Dr_Emann It's possible that I've missed something just learning by trial and error

Can you use ident to play a type e.g.,

            impl<'a> PartialEq<$ty> for TpmView<'a> {
                fn eq(&self, other: &$ty) -> bool {
                    self.get() == *other
                }
            }

If “$ty” was ident, would this work?

There's an astronomical difference between "having the same name" and "being the same".

[should be evident also from the git commit]

@Dr_Emann Absolutely 110% not as the whole point of view trait is to map a slice to a type.

Another more fun Rust related activity is figuring out how to nail batch file transfer test planning with emulated serial port that throttles the speed to a target BPS (in future also should have also signal noise emulation):

const ADJECTIVES: &[&str] = &["Quiet", "Loud", "Fast", "Slow", "Bright", "Dark"];
const NOUNS: &[&str] = &["One", "Two", "Three", "Four", "Five,", "Six"];
const EXTENSIONS: &[&str] = &["dat", "BIN", "log", "TMP", "txt"];

struct MockPort<R: Read, W: Write> {
    r: R,
    w: W,
    bits_per_second: u32,
    next_byte_due: Instant,
}

It generates 10 pseudorandom filenames and 100 KiB payloads.

Just solved a Rust sudoku for the next version of tpm2-protocol

I think this is quite clever trick to surpass some of the limitation of syntax tree macros:

macro_rules! tpm_integer {
    ($ty:ty) => {
        pub mod $ty {
            #[derive(Clone, Copy, Debug)]
            pub struct TpmView<'a> {
                pub slice: &'a [u8],
            }
        }
    };
}

Further, TpmView implements a trait called TpmView. This circulates around limitation that type cannot be used to name things in syntax tree macros.

Otherwise, unless moving into procedural macros, I’d end up ugly declarations along the lines of:

tpm_integer!(u8, TpmViewU8, Unsigned);
tpm_integer!(i8, TpmViewI8, Signed);
tpm_integer!(u16, TpmViewU16, Unsigned);
tpm_integer!(i32, TpmViewI32, Signed);
tpm_integer!(u32, TpmViewU32, Unsigned);
tpm_integer!(u64, TpmViewU64, Unsigned);

Transparency has been the single biggest blocker in moving forward with zerocopy parser and this sort of “nails it”.

EDIT

I was wrong in that you could type as module name. However, the trick does still resolve the name coflict with the original type and view type. The minor inconvience of having to repeat it twice is totally acceptable vs having to manually name stuff:

tpm_integer!(u8, u8, Unsigned);
tpm_integer!(i8, i8, Signed);
tpm_integer!(u16, u16, Unsigned);
tpm_integer!(i32, i32, Signed);
tpm_integer!(u32, u32, Unsigned);
tpm_integer!(u64, u64, Unsigned);

This is absolutely sustainable for me :-) I.e. second parameter is name of the module.

Here’s a working proof of concept: https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git/commit/?h=zerocopy&id=42f61d9d85e17f784f71c8ac64ee6adbb7171997

#rust #rustlang

zmodem2 0.1.4 release with split subproject "zmodem2-bin" (cargo install zmodem2-bin).

#rust #zmodem #tty #serial

The policy module in tpm2sh is growing enough meaning that I will eventually fully decouple it and introduce 'tpm2-policy' crate.

Just like tpm2-protcol, this is a mailing list project and will be hosted at git.kernel.org.

'tpm2-policy' provides an expressive language for policies and can additionally "open code" input expressions e.g., set actual values for PCRs (if they are unspecified and digest is composed it queries them from TPM).

It can compose digests both via means of TPM2_Policy* command but in addition is capable for software composition (not yet landed tho but coming soon ;-))

The big picture design principle in this crate is, just like in tpm2-protocol, that it scales both to client use, and at the same time software composition engine is capable of empowering TPM emulator or even a real chip.

#linux #rust #tpm

The goal is to convert all tests to data first and then start refactoring the crate fully zerocopy. Then tests anchor stability as they are based on the only immutable portion of the project i.e., protocol data itself.

In tpm2-protocol, extended "response round-trip" test to understand crate's error codes with the worst parser ever written:

0176 Success 80010000002000000000800200000010bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
017E TrailingData 800100000038000000000000000100000000000000010020aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadeadbeef
0144 NotDiscriminant("TpmSt", Unsigned(0xffff)) ffff0000000a00000000
0176 Success 80010000003000000000030000000020ab967bc21b9c90096051d1e0f0dbfb29fc27258b03705fbc0c40aaaac88ed5e5

This also helps to better understand whether the pre-existing error codes make sense, how they should be modified, what should be added/removed etc. in the future versions of this crate.

There's no separate "pcr-read" command anymore in tpm2sh as policy command is robust enough to address that task too:

❯ sudo target/debug/tpm2sh policy "pcr(sha256:0,7)"
pcr(sha256:0,7, 9c367f8c268d51ced151a664d88e37e74fcd84485eff8ff9bc26d22aa9091020)

With --compose flag it creates the policy digest.

The goal in in tpm2sh 0.11 is to repeal and replace the pre-existing uses of tpm2-tools to enable things like PCR sealed hard drive encryption. I'm focusing on smooth and for a sysadmin type of a person common sense type of flow.

It's more like UI problem than a technical problem. A great cli is such that you can put it powerpoint sheet and everyone will get it down to reconfiguring your computers.

#tpm #rust #linux

https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git/commit/?id=f085a5107eb140c1708a0e9ec11e4c3b4aa962ca

Migrated few more tests to data-driven format and renamed the original test tool as 'adhoc.rs' for tests that don't fit to the data-driven framework (yet).

I think this will cage the implementation right way and over time the factor to break it will grow...