Looking #LTO #tape #drives :-) I might get one at some point to support my #NAS. There's a lot of options below 1000 EUR range, and tapes are neither that expensive, when archiving frequency is maybe few times a year.

Learning #Inkscape in order to substitute #LibreOffice Draw. I moved into LibreOffice Draw some years ago from #Xfig, only because it had turned into legacy. However, I've learned over the time that the structural complexity of actual diagram tools tend to take my focus away from the actual problem, and more into fiddling between the choices in the tool itself.

I created my own12 cm x 9 cm template, which are pretty good starting point metrics (and aspect ratio) for many situations, especially when you have to embed pictures. These metrics are also in good harmony with the primitive (but functional) connector tool of Inkscape, and on keeping complexity of the diagram low :-)

Installed #Debian 12 to my #desktop #PC (migrated back from #Ubuntu). Recent switch to #Intel #ARC #GPU considerably lowered the barrier.

A shallow #Git clone with shallow clones of the #submodule’s:

git clone --depth=1 \
          --recurse-submodules \
          --shallow-submodules \
          <URL>          

#note

A generic flashing and verification script draft (will be edited over time):

#!/usr/bin/env bash
#
# Authors:
# Jarkko Sakkinen <jarkko.sakkinen@tuni.fi>

set -e

if [ $# -ne 2 ]; then
    echo "`basename $0` <payload> <block device>"
    exit 1
fi

PAYLOAD=`realpath $1`
SIZE=`wc -c $1 | cut -d' ' -f1`
START="2048"
END="$((START + (SIZE >> 9)  + 1))"

parted --script $2 mklabel gpt
parted --script $2 mkpart primary fat32 ${START}s ${END}s

PARTITION="${2}1"
if [ ! -b $PARTITION ]; then
  echo "Invalid partition"
  exit 1
fi

echo "Payload: $PAYLOAD"
echo "Partition: $PARTITION"

DD_OPTIONS="count=$((END - START)) bs=512 status=progress conv=sync"

dd if="$PAYLOAD" of="$PARTITION" $DD_OPTIONS
sync

echo "Payload MD5: `dd if="$PAYLOAD" $DD_OPTIONS 2> /dev/null | md5sum`"
echo "Partition MD5: `dd if="$PARTITION" $DD_OPTIONS 2> /dev/null | md5sum`"

#flashing #firmware #image #riscv #CVA6 #Keystone #EFI #note

Something that has probably existed forever but I just learned. You can pass status=progress to dd, and it will show progress. #note

Would be nice if you could at least simulate #keystone with widely available SBC's, even with insecure #attestation (or no attestation at all). #riscv #opensbi #sanctum.

https://github.com/keystone-enclave/keystone/issues/339

I love the new #feature in #openssh, which breaks backwards #compatibility with e.g. #dropbear with the default options: https://www.openssh.com/txt/release-9.0 #ssh

OK cool:

$ sudo apt dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
#
# You can verify the status of security fixes using the `pro fix` command.
# E.g., a recent Ruby vulnerability can be checked with: `pro fix USN-6219-1`
# For more detail see: https://ubuntu.com/security/notices/USN-6219-1
#
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

$ pro fix
usage: pro fix <CVE-yyyy-nnnn+>|<USN-nnnn-d+> [flags]
the following arguments are required: security_issue

#ubuntu #cve #security #note

An example of creating a minimal #Linux #kernel config that boots and prints output to the console:

make tinyconfig
./scripts/config -e CONFIG_MULTIUSER -e CONFIG_TTY -e CONFIG_64BIT -e CONFIG_PRINTK
make -j `nproc`
qemu-system-x86_64 -kernel arch/x86/boot/bzImage

#note

#home #skeleton #dotfiles https://github.com/jarkkojs/home

I still think that #Intel #SGX has some advantages over #SEV and #TDX. Its #security model is easier to understand and is always per page granularity. For anything ulta-secure I would not have hard time to pick the right option.

Setting up #FPGA #lab. #Digilent #Genesys2

refine struct tpm_buf to handle sized buffers (TPM2B): https://lore.kernel.org/linux-integrity/20230821033630.1039527-1-jarkko@kernel.org/ #Linux #kernel #TPM #LKML

Two common #GNU #make patterns I tend to use often with #Buildroot:

1. time ( make &> build.txt; )

2. time ( make 2>&1 | tee build.txt; )

#note

cosmetic but still useful: https://lkml.org/lkml/2023/8/19/213 #linux #kernel #tpm #selftests #lkml

I created a #Buildroot environment that I’ve started to use for #Linux #kernel #testing, targeted to my kernel tree.

as simple as this function might seem, it has reduced the number of remotes I have by large numbers:

function git-fetch-tag { git fetch --no-tags "$1" "refs/tags/$2:refs/tags/$2"; }

#git #note

#ubuntu #multipass look like something for my needs as i use mostly ubuntu virtual machines for test #kernel's. especially it could replace #vmware fusion in my mac mini, which I use to test #arm64 kernels. in my #linux desktop it is not as useful because #libvirtd and #qemu are already perfect for my needs.

cleaning up tpm_tis #linux #lkml https://lkml.org/lkml/2023/8/14/1065