Would be nice if you could at least simulate #keystone with widely available SBC's, even with insecure #attestation (or no attestation at all). #riscv #opensbi #sanctum.

https://github.com/keystone-enclave/keystone/issues/339

I love the new #feature in #openssh, which breaks backwards #compatibility with e.g. #dropbear with the default options: https://www.openssh.com/txt/release-9.0 #ssh

OK cool:

$ sudo apt dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
#
# You can verify the status of security fixes using the `pro fix` command.
# E.g., a recent Ruby vulnerability can be checked with: `pro fix USN-6219-1`
# For more detail see: https://ubuntu.com/security/notices/USN-6219-1
#
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

$ pro fix
usage: pro fix <CVE-yyyy-nnnn+>|<USN-nnnn-d+> [flags]
the following arguments are required: security_issue

#ubuntu #cve #security #note

An example of creating a minimal #Linux #kernel config that boots and prints output to the console:

make tinyconfig
./scripts/config -e CONFIG_MULTIUSER -e CONFIG_TTY -e CONFIG_64BIT -e CONFIG_PRINTK
make -j `nproc`
qemu-system-x86_64 -kernel arch/x86/boot/bzImage

#note

#home #skeleton #dotfiles https://github.com/jarkkojs/home

I still think that #Intel #SGX has some advantages over #SEV and #TDX. Its #security model is easier to understand and is always per page granularity. For anything ulta-secure I would not have hard time to pick the right option.

Setting up #FPGA #lab. #Digilent #Genesys2

refine struct tpm_buf to handle sized buffers (TPM2B): https://lore.kernel.org/linux-integrity/20230821033630.1039527-1-jarkko@kernel.org/ #Linux #kernel #TPM #LKML

Two common #GNU #make patterns I tend to use often with #Buildroot:

1. time ( make &> build.txt; )

2. time ( make 2>&1 | tee build.txt; )

#note

cosmetic but still useful: https://lkml.org/lkml/2023/8/19/213 #linux #kernel #tpm #selftests #lkml

I created a #Buildroot environment that I’ve started to use for #Linux #kernel #testing, targeted to my kernel tree.

as simple as this function might seem, it has reduced the number of remotes I have by large numbers:

function git-fetch-tag { git fetch --no-tags "$1" "refs/tags/$2:refs/tags/$2"; }

#git #note

#ubuntu #multipass look like something for my needs as i use mostly ubuntu virtual machines for test #kernel's. especially it could replace #vmware fusion in my mac mini, which I use to test #arm64 kernels. in my #linux desktop it is not as useful because #libvirtd and #qemu are already perfect for my needs.

cleaning up tpm_tis #linux #lkml https://lkml.org/lkml/2023/8/14/1065

i wonder in what state is explicit heap oom handling in #rust today. it was still pretty bad year ago.

especially i’m interested what has been already fixed when mirroring against a great #analysis from #crowstrike’s blog.

#rustlang #programming

Taking care of the #finance with #awk :-)

$ awk '!/Payer/ {amount[$1] += $2} END { for (i in amount) print i " " amount[i]}'  2023-08.csv
Jarkko 400
Lotta 515

File format:

$ head -1 2023-08.csv
Payer               Amount              Date                Type

linux-tpmdd pull request for v6.5-rc7: https://lkml.org/lkml/2023/8/11/1305 #linux #kernel #lkml

I always return to #ctags once tried on LSP. E.g. it does not have dependency hell bundled. It always works as expected. Even with LSP I always disable auto-complete, which takes away a lot of its value, assuming that you care about this feature in the first place.

Let's not forget that one of the two #cofounder's of #Gitlab is also #Ukrainian

git grep -l -v "\.ident =" | xargs git grep -l "\.callback =" | xargs git grep -l "\.matches = "

I wanted to find all files, which have DMI table entries with matches and callback set, but not ident. #git #note #linux #kernel