Posts
5046
Following
330
Followers
504
Linux kernel hacker and maintainer etc.

OpenPGP: 3AB05486C7752FE1
jarkko
repeated
karppinen@mastodon.online

Marko Karppinen

Heh, Amazon's satellite internet service launched yesterday and their first marketing angle is “how about you get your AWS Direct Connect over satellite instead of paying for cross connects”
https://www.aboutamazon.com/news/amazon-leo/amazon-leo-satellite-internet-ultra-pro

1
1
1
jarkko
repeated
randahl@mastodon.social

Randahl Fink

Here is my Ukraine peace proposal:

1. Putin is sent to The Hague.
2. Russian soldiers leave Ukraine including Crimea.
3. Russia returns all kidnapped Ukrainian children.
4. Russia releases all Ukrainian prisoners.
5. Russia pays damages for everything their war has destroyed.
6. Russia pays damages to Ukrainian families who have lost family members.
7. Russia pays damages to every person who has been tortured, abducted or otherwise criminally mistreated.
8. Ukraine becomes a member of the EU.

2
13
2
jarkko

Jarkko Sakkinen

the main problem with confidential computing is and will be that it is not hacker enabled ecosystem.

or it's as hacker enabled as IBM mainframes.

i.e., there is no such thing as distruptive innovation.

it might be commercially viable story for companies that produce the hardware to other big companies but it is still a sad story ;-)

and you do not own the hardware EVEN if you buy it because it's locked in to the CPU companies CA.
0
0
1
jarkko

Jarkko Sakkinen

This screenshot shows strong evidence of:

1. OpenSSL cross-compatibility.
2. tpm2-tools cross-compatibility.
3. Linux kernel compatibility (as in trusted keys and in future also asymmetric keys).

#linux #kernel #tpm #rustlang
0
0
3
jarkko

Jarkko Sakkinen

in kernel testing i've moved from qemu to "libvirt + qemu" :-) why i haven't done this before...
1
0
0
jarkko

Jarkko Sakkinen

Reply to @jarkko
0.15.21
0
0
0
jarkko

Jarkko Sakkinen

As of tpm2sh 0.15.14 my microecosystem :-)

#linux #tpm #rustlang
1
0
0
jarkko

Jarkko Sakkinen

In tpm2sh 0.15.14 TPMKey ASN.1 policy engine starts to be actually stable. I've committed into not expanding features up until key and cache management are polished and it starts to deliver results :-)

#linux #tpm #rustlang
0
0
0
jarkko

Jarkko Sakkinen

Reply to @mupuf@social.treehouse.systems
Edited 1 month ago
@mupuf,
Ya, looks great!

I've started to use this package for Typst called 'pitorita', which allows to do diagrams embedded to the document you should check this out:

https://typst.app/universe/package/pintorita/

IMHO, it's also investment to decks with typst because you get from every presentation bunch of re-usable slides and diagrams :-)
0
0
1
jarkko

Jarkko Sakkinen

Reply to @jarkko
and also i did the one thing right at the bottom that sort of enables all these great components: wrote a decent marshaller/unmarshaller. This is mostly ignored and complex stuff built on top :-)
0
0
0
jarkko

Jarkko Sakkinen

the next piece sliced from tpm2sh: https://crates.io/crates/tpm2-vtpm

Still in very early phases. Now my micro ecosystem has:

1. tpm2-protocol
2. tpm2-crypto (software crypto for doing TPM2 related operations like generating encrypted seeds).
3. tpm2-policy-language
4. tpm2-tpmkey
5. tpm2-vtpm

I think what I get right vs. TSS2 etc. that I'm not building a "big SDK" but instead of common sense re-usable components not enforcing architecture or policy.

#linux #rustlang #tpm
3
1
4
jarkko

Jarkko Sakkinen

typst is superb, have been using it for two years now for all documentation. especially for presentations polylux is a viable alternative for beamer.
1
1
2
jarkko

Jarkko Sakkinen

tdf is super nice previewer when doing presentations, have "typst watch" refreshing it :-)

BTW, diagram is also made with Typst.
0
0
0
jarkko
repeated
greenpeace@mastodon.social

Greenpeace International

57 companies are responsible for 80% of the global greenhouse gas emissions since 2016.

Unless you run those companies, why are you being forced to pay for climate change damage?

1
5
0
jarkko

Jarkko Sakkinen

I've uplifted tpm2-tpmkey [1] to address quirks of the TPM policy command encoding in the ASN.1 [2] spec.

It has quite short errata now: TPM2_PolicyAuthorize returns InvalidPolicy (which will be addressed some day). Other than that it addresses empty policies, special handling for TPM2_PolicySecret and other weirdness.

Plus, has 'parentPublic" extension, which enables implict and automatic parent key discovery.

Other than this crate is decoupled from all crypto libraries, other than pem crate and implementing encoder and decoder with rasn. I
Lot's of stuff have been piled, so it needs boil for a while after all these changes but now it is at least in the ballpark.

[1] https://docs.rs/tpm2-tpmkey/latest/tpm2_tpmkey/
[2] https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.txt
0
0
0
jarkko

Jarkko Sakkinen

bpftop is super nice (just learned about its existence)
0
0
2
jarkko

Jarkko Sakkinen

Is there some "good known" ECDH reference income-outcomes documented? Lacking unit tests for ECHD in tpm2-crypto. OK, I'll go check RFC first ;-)

#linux #tpm #rustlang
0
0
0
jarkko
repeated
phoronix@masto.ai

Phoronix

sudo-rs Affected By Multiple Security Vulnerabilities - Impacting Ubuntu 25.10

The Ubuntu 25.10 transition to using some Rust system utilities continues proving quite rocky. Beyond some early performance issues with Rust Coreutils, breakage for some executables, and broken unattended upgrades due to a Rust Coreutils bug, it's also sudo-rs now causing Ubuntu developers some headaches. There are two moderate security issues affecting su…
https://www.phoronix.com/news/sudo-rs-security-ubuntu-25.10

0
2
0
jarkko

Jarkko Sakkinen

Reply to @tshepang@hachyderm.io
@tshepang i just wanted to see how it works and see if i could bend it do stuff i was doing :-)

i did not observe any actual functional issues.
0
0
1
jarkko

Jarkko Sakkinen

Reply to @jwildeboer@social.wildeboer.net
@jwildeboer and we should enforce apple to unlock the bootloader, at bare minimum when they stop supplying operating system updates :-)
1
0
2
Show older
About social.kernel.org

Terms of service

  1. Please do not use this service in violation of the Linux Kernel Code of Conduct. Doing so will result in your account suspension with the referral of the matter to the CoC committee.

  2. "Repeating"/"boosting" someone else's status on this platform will be treated as endorsement and will fall under rule #1.

  3. You are encouraged to use this platform to promote your work on the Linux Kernel, but there is no restriction on permitted topics (with the exception of anything covered by #1 above).

  4. There is no requirement to post in English, but it should be considered the primary language of communication on this platform.

Privacy notice

The admins of this service have access to all posted statuses. They aren't looking, but if it's something they shouldn't know about, then you should not post it on this platform.

Please see the Linux Foundation Privacy Policy, which applies to this platform as well.

Getting your own account

If you would like an account on this instance, please check that the following applies to you:

  • You are listed in MAINTAINERS or CREDITS

  • OR: You have a kernel.org account or email address

  • OR: You have a long and established history of involvement with the Linux Kernel

If the above is true and you agree with the Terms of Service and Privacy Notice listed above, please use these instructions to request an account: