Jarkko Sakkinen
Posts
4947Following
329Followers
495OpenPGP: 3AB05486C7752FE1
Jarkko Sakkinen
jarkko
I sometimes wish that I'd see more "Skilled Skateboarders" than "Skilled Board Members" at LinkedIn. World would probably be a better place if that would ever happen.
2
4
12
@oleksandr for that reason i've paused this patch set over a year https://lore.kernel.org/linux-integrity/20240528210823.28798-1-jarkko@kernel.org/
0
0
0
@oleksandr i'm planning to put abstract to cfp of linux security summit about the tool and stack. there's no other tool for creating, processing and converting TPM keys for kernel consumption.
1
0
0
another spin off: https://crates.io/crates/tpm2-policy-language
0
0
0
Jarkko Sakkinen
jarkko
Edited 26 days ago
Decomposition time now that tpm2sh has matured to a usable peace of software.
First off, here's basic set of cryptographic routines defined in the TCG TPM 2.0 architecture specification:
https://crates.io/crates/tpm2-crypto
They've been tested equally in client and emulator implementation.
More to come as I dislike the size of current tpm2sh code base (7 KSLOC).
#linux #tpm #rustlang
First off, here's basic set of cryptographic routines defined in the TCG TPM 2.0 architecture specification:
https://crates.io/crates/tpm2-crypto
They've been tested equally in client and emulator implementation.
More to come as I dislike the size of current tpm2sh code base (7 KSLOC).
#linux #tpm #rustlang
1
0
0
Jarkko Sakkinen
jarkko
@notbobbytables these are weird times. people PAY to get pwnd (as a service).
0
0
1
@jwildeboer i'm sorry :-) please don't let ruin your joy! i'm just an idiot on a keyboard :D
0
0
1
@jwildeboer plus everyone loves to hate steinberg (for a good reason) how they've e.g., managed vst2 with an army lawyers.
0
0
0
Jarkko Sakkinen
jarkko
@jwildeboer they are a bit late as most popular daws and best plugins are supporting clap.
i guess that's why they did this :-) vst is somewhat obsolete compared to cool modulation features etc. offered by clap.
i guess that's why they did this :-) vst is somewhat obsolete compared to cool modulation features etc. offered by clap.
1
0
2
Jarkko Sakkinen
jarkko
Yet another reason for improving DSO support in Rust would be to give people freedom of choice to license with LGPL.
0
0
0
Jarkko Sakkinen
jarkko
https://crates.io/crates/tpm2sh/0.13.0
With the tpm2sh 0.13.0 the goals that I set when I started working on this in August are fulfilled:
1. First class handling of TPMKey ASN.1 format, and import capabilities from the most common formats for ECC and RSA keys (PKCS#1, PCKS#8 and SEC1).
2. Meaningful and "human" way to describe key policies (e.g., "(pcr(sha256:16) or pcr(sha256:7)) and secret(tpm:81000001)").
3. Intutive interface to browse the TPM memory and download EK certificates.
4. Virtual TPM address space with transparent context handling and clean up of stale contexts (from earlier power cycles).
In other words, tpm2sh addresses now the immediate kernel hacking needs for TPM driver itself, Linux keyring, IMA etc. One additional feature I'm going to finish off at some point is parameter encryption, which won't take long tas tpm2sh already creates unsalted and unbound HMAC sessions for different tasks.
Patches are always welcome, and can be sent to tpmprotocol@lists.linux.dev ;-)
#linux #kernel #tpm #rustlang
With the tpm2sh 0.13.0 the goals that I set when I started working on this in August are fulfilled:
1. First class handling of TPMKey ASN.1 format, and import capabilities from the most common formats for ECC and RSA keys (PKCS#1, PCKS#8 and SEC1).
2. Meaningful and "human" way to describe key policies (e.g., "(pcr(sha256:16) or pcr(sha256:7)) and secret(tpm:81000001)").
3. Intutive interface to browse the TPM memory and download EK certificates.
4. Virtual TPM address space with transparent context handling and clean up of stale contexts (from earlier power cycles).
In other words, tpm2sh addresses now the immediate kernel hacking needs for TPM driver itself, Linux keyring, IMA etc. One additional feature I'm going to finish off at some point is parameter encryption, which won't take long tas tpm2sh already creates unsalted and unbound HMAC sessions for different tasks.
Patches are always welcome, and can be sent to tpmprotocol@lists.linux.dev ;-)
#linux #kernel #tpm #rustlang
0
1
2
Jarkko Sakkinen
jarkko
tpm2sh 0.12.4 uses hmac sessions but they are not very useful tho as they are both unsalted and unbound sessions. This is of course on purpose because the infrastructure needs to be polished first. Right now it is a mess (but works) :-)
Just like you never do "start-session" for policies but instead describe them in expressions HMAC functionality is transparent to the user and does not require any configuration.
Just like you never do "start-session" for policies but instead describe them in expressions HMAC functionality is transparent to the user and does not require any configuration.
0
0
0
Since language will grow only on policy primitives but not so much in syntax it made sense to:
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2sh.git/tree/src/policy/mod.rs?h=main
It's not whole a lot of code, and I'm sure this will get more streamlined over time.
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2sh.git/tree/src/policy/mod.rs?h=main
It's not whole a lot of code, and I'm sure this will get more streamlined over time.
0
0
1
Jarkko Sakkinen
jarkko
Edited 29 days ago
tpm2sh 0.12.3 loads and processes multi-level ancestor chains correctly, policy expressions have now a more stable manually implemented custom-built parser.
https://crates.io/crates/tpm2sh/0.12.3
#linux #tpm #rustlang
https://crates.io/crates/tpm2sh/0.12.3
#linux #tpm #rustlang
1
0
3