Jarkko Sakkinen
jarkko
I'm trying to figure out a name for C file containing minimal container manager (or distantly a container manager). All I can make up is kontainer.c :-/ I guess I have to fix to that then. This is for kselftest.
2
0
0
@kernellogger I was thinking first to give a shot with SGX because I know the opcodes really well but since I have already this crate [1] and TPM2 affects my life more than SGX ATM, let's try that at first :-)
[1] https://crates.io/crates/tpm2-protocol
[1] https://crates.io/crates/tpm2-protocol
0
0
0
@kernellogger For TPM2 type of devices having Rust to manage emulation is quite essential given the combination of structural complexity and cryptography in the binary protocol.
I could imagine that Rust could be also a great angle to deliver confidential computing opcodes for QEMU.
I could imagine that Rust could be also a great angle to deliver confidential computing opcodes for QEMU.
1
0
1
@kernellogger Not as many may know this but QEMU also has a nice Rust integration these days.
I implemented a feature for integrated TPM chip emulations in QEMU, and have a profile for Infienon SLB 9672 in progress. It's a half-C-half-Rust feature and so far progress has been smooth. VM sees my chip etc. and the developer experience has been surprisingly smooth :-)
I implemented a feature for integrated TPM chip emulations in QEMU, and have a profile for Infienon SLB 9672 in progress. It's a half-C-half-Rust feature and so far progress has been smooth. VM sees my chip etc. and the developer experience has been surprisingly smooth :-)
1
0
7
Jarkko Sakkinen
repeated
repeated
Thorsten Leemhuis (acct. 1/4)
kernellogger@hachyderm.ioThe #Rust support in the #Linux #kernel is now officially a first class citizen and not considered experimental any more:
https://git.kernel.org/torvalds/c/9fa7153c31a3e5fe578b83d23bc9f185fde115da; for more details, see also: https://lwn.net/Articles/1050174/
This is one of the highlights from the main #RustLang for #LinuxKernel 7.0 that was merged a few hours ago ; for others, see https://git.kernel.org/torvalds/c/a9aabb3b839aba094ed80861054993785c61462c
2
15
1
Jarkko Sakkinen
jarkko
Edited 3 months ago
I'll replace the test-container.c from the original patch set with kcontainer.c, which is a stripped down container manager, and a shell script containing the test cases.
It's really just a wrapper for container_* but should demonstrate with reasonable realism the capabilities of the kernel feature.
It's really just a wrapper for container_* but should demonstrate with reasonable realism the capabilities of the kernel feature.
0
0
0
Jarkko Sakkinen
jarkko
A new Git subcommand I was not aware of: git range-diff. It compares two versions of branch.
This came up now that I forked dhowell's container object patch set.
E.g.,
git range-diff refs/remotes/fs/container...container
This came up now that I forked dhowell's container object patch set.
E.g.,
git range-diff refs/remotes/fs/container...container
0
1
2
Jarkko Sakkinen
jarkko
Edited 3 months ago
Overall this looks stil very wrong but some very basics have been put in place:
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=container
Basic plumbing:
1. Some splitting to chunks that make more sense.
2. scripts/checkpatch.pl --strict -g master..container passes.
3. I implemented the missing container_wait and container_kill (only compiled-tested).
Next step is to substitute a random test program with a kselftest. After that this can be actually hammered.
These patches have at least a potential to simplify container runtimes quite a lot. And preparation and launch are well-ordered given container_fork().
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=container
Basic plumbing:
1. Some splitting to chunks that make more sense.
2. scripts/checkpatch.pl --strict -g master..container passes.
3. I implemented the missing container_wait and container_kill (only compiled-tested).
Next step is to substitute a random test program with a kselftest. After that this can be actually hammered.
These patches have at least a potential to simplify container runtimes quite a lot. And preparation and launch are well-ordered given container_fork().
0
0
0
@oleksandr With swcam the basis of nack was "not useful for companies creating V4L2 associated hardware => not useful for anyone", or this is how I summarized it at least in my mind.
I'd except at least a more reasonable nack and maybe even learn something in the process; the bar is quite low atm :-)
I'd except at least a more reasonable nack and maybe even learn something in the process; the bar is quite low atm :-)
0
0
0
Jarkko Sakkinen
jarkko
@oleksandr i consider nack as done :-) i just want fully drain my backlog.
1
0
0
Jarkko Sakkinen
jarkko
hooray, i have container_create() syscall running on top of mainline tip.
can't wait to write some cool tests for this :-)
this is by definition "against the odds" feature...
can't wait to write some cool tests for this :-)
this is by definition "against the odds" feature...
1
0
2
Jarkko Sakkinen
jarkko
The defence project in EU that could not get enough funding: https://defence-industry-space.ec.europa.eu/eu-space/iris2-secure-connectivity_en
Because option B is to call to Musk :-)
Because option B is to call to Musk :-)
0
0
0
@vbabka It has also a slightly different goal if I got it right. i do emulation and cocoon-tpm does production (in an enclave or whatever SEV VM workloads are called). they could find possibly tpm2-protocol crate useful tho as it is an isolated binariy parser (no IO or similar ties, requires only stack).
It's good to keep this project in mind tho. I mean probably there is a meningful intersection of code eventually. Just get things going on I'll take max redundancy path for the time being :-) Probably a bunch of projects would benefit a common emulator core (in SGX, TDX enclaves for instance and what-TEE-not).
It's good to keep this project in mind tho. I mean probably there is a meningful intersection of code eventually. Just get things going on I'll take max redundancy path for the time being :-) Probably a bunch of projects would benefit a common emulator core (in SGX, TDX enclaves for instance and what-TEE-not).
0
0
1
Jarkko Sakkinen
jarkko
Edited 3 months ago
I think getting some kind of version of QEMU TPM integrated emulation by LSS 2026 CfP would be a resonable goal.
I was feeling that TPM2 crate stuff alone was somehow incomplete but that would definitely close the circle for the topic :-)
I have my command-line tool tpm2sh but it does not take the topic out of the closure of my own doings...
Great.
I was feeling that TPM2 crate stuff alone was somehow incomplete but that would definitely close the circle for the topic :-)
I have my command-line tool tpm2sh but it does not take the topic out of the closure of my own doings...
Great.
0
0
0