A shallow #Git clone with shallow clones of the #submodule’s:

git clone --depth=1 \
          --recurse-submodules \
          --shallow-submodules \
          <URL>          

#note

A generic flashing and verification script draft (will be edited over time):

#!/usr/bin/env bash
#
# Authors:
# Jarkko Sakkinen <jarkko.sakkinen@tuni.fi>

set -e

if [ $# -ne 2 ]; then
    echo "`basename $0` <payload> <block device>"
    exit 1
fi

PAYLOAD=`realpath $1`
SIZE=`wc -c $1 | cut -d' ' -f1`
START="2048"
END="$((START + (SIZE >> 9)  + 1))"

parted --script $2 mklabel gpt
parted --script $2 mkpart primary fat32 ${START}s ${END}s

PARTITION="${2}1"
if [ ! -b $PARTITION ]; then
  echo "Invalid partition"
  exit 1
fi

echo "Payload: $PAYLOAD"
echo "Partition: $PARTITION"

DD_OPTIONS="count=$((END - START)) bs=512 status=progress conv=sync"

dd if="$PAYLOAD" of="$PARTITION" $DD_OPTIONS
sync

echo "Payload MD5: `dd if="$PAYLOAD" $DD_OPTIONS 2> /dev/null | md5sum`"
echo "Partition MD5: `dd if="$PARTITION" $DD_OPTIONS 2> /dev/null | md5sum`"

#flashing #firmware #image #riscv #CVA6 #Keystone #EFI #note

Something that has probably existed forever but I just learned. You can pass status=progress to dd, and it will show progress. #note

Would be nice if you could at least simulate #keystone with widely available SBC's, even with insecure #attestation (or no attestation at all). #riscv #opensbi #sanctum.

https://github.com/keystone-enclave/keystone/issues/339

I love the new #feature in #openssh, which breaks backwards #compatibility with e.g. #dropbear with the default options: https://www.openssh.com/txt/release-9.0 #ssh

OK cool:

$ sudo apt dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
#
# You can verify the status of security fixes using the `pro fix` command.
# E.g., a recent Ruby vulnerability can be checked with: `pro fix USN-6219-1`
# For more detail see: https://ubuntu.com/security/notices/USN-6219-1
#
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

$ pro fix
usage: pro fix <CVE-yyyy-nnnn+>|<USN-nnnn-d+> [flags]
the following arguments are required: security_issue

#ubuntu #cve #security #note

An example of creating a minimal #Linux #kernel config that boots and prints output to the console:

make tinyconfig
./scripts/config -e CONFIG_MULTIUSER -e CONFIG_TTY -e CONFIG_64BIT -e CONFIG_PRINTK
make -j `nproc`
qemu-system-x86_64 -kernel arch/x86/boot/bzImage

#note

#home #skeleton #dotfiles https://github.com/jarkkojs/home

I still think that #Intel #SGX has some advantages over #SEV and #TDX. Its #security model is easier to understand and is always per page granularity. For anything ulta-secure I would not have hard time to pick the right option.

Setting up #FPGA #lab. #Digilent #Genesys2

refine struct tpm_buf to handle sized buffers (TPM2B): https://lore.kernel.org/linux-integrity/20230821033630.1039527-1-jarkko@kernel.org/ #Linux #kernel #TPM #LKML

Two common #GNU #make patterns I tend to use often with #Buildroot:

1. time ( make &> build.txt; )

2. time ( make 2>&1 | tee build.txt; )

#note

cosmetic but still useful: https://lkml.org/lkml/2023/8/19/213 #linux #kernel #tpm #selftests #lkml

I created a #Buildroot environment that I’ve started to use for #Linux #kernel #testing, targeted to my kernel tree.

as simple as this function might seem, it has reduced the number of remotes I have by large numbers:

function git-fetch-tag { git fetch --no-tags "$1" "refs/tags/$2:refs/tags/$2"; }

#git #note

#ubuntu #multipass look like something for my needs as i use mostly ubuntu virtual machines for test #kernel's. especially it could replace #vmware fusion in my mac mini, which I use to test #arm64 kernels. in my #linux desktop it is not as useful because #libvirtd and #qemu are already perfect for my needs.

cleaning up tpm_tis #linux #lkml https://lkml.org/lkml/2023/8/14/1065

i wonder in what state is explicit heap oom handling in #rust today. it was still pretty bad year ago.

especially i’m interested what has been already fixed when mirroring against a great #analysis from #crowstrike’s blog.

#rustlang #programming

Taking care of the #finance with #awk :-)

$ awk '!/Payer/ {amount[$1] += $2} END { for (i in amount) print i " " amount[i]}'  2023-08.csv
Jarkko 400
Lotta 515

File format:

$ head -1 2023-08.csv
Payer               Amount              Date                Type

linux-tpmdd pull request for v6.5-rc7: https://lkml.org/lkml/2023/8/11/1305 #linux #kernel #lkml