Something I always tend to forget with a new #Debian #installation: sudo apt-get install iwlwifi

#note

i realized that i have a home page: https://jjs.kapsi.fi/. Had forgotten this but it looks still up to date :-) my web skills are not advanced enough to put the "music" playing background and looping so that could be a level up.

Social media platforms at the moment where I have an account:

1. Mastodon
2. Facebook
3. SoundCloud
4. LKML ;-)

Over the summer I've just made analysis does a platform provide measurable benefit for my life. This caused me to scrape away LinkedIn and Twitter for instance. I can literally feel how much more peaceful I am and a lot of anxiety has gone. Social media is IMHO a digital narcotic.

IMHO, both #AMD #SEV #SNP and #Intel #TDX are quite questionable technologies given the narrow span of user base limited only selected large companies. Very few maintainers can test any of the patches.

We should demand providing affordable #hardware for these technologies like NUC7 in the past for #SGX. IMHO, a technology should not land to the kernel in most cases, unless a college student can afford to buy at least some hardware for testing the tech in question.

I'm wondering why there is so little fuzz about this considering how much FUD was spread all over the community about #TPM's in the past.

What confidential computing would desperately need is new versions of Intel NUC (or is it now Asus NUC) and new UDOO BOLT for testing SEV-SNP.. Otherwise innovation will not exist.

#unpopular #opinion

I’ve ranted lately a lot at #LKML about how #kernel #Bugzilla’s role in the #development #process should be defined better in the #documentation. #linux

I wonder what is the best practice to remove #passphrase from #OpenPGP subkey. I’m using #gnupg2. I’ve spend hours on this and still not able to do it :-(

I.e. I have this:

$ gpg -K
/home/jarkko/.gnupg/pubring.kbx
-------------------------------
sec   rsa4096 2019-06-24 [C] [expires: 2024-07-04]
      5107E66D34788A93E3227C903AB05486C7752FE1
uid           [ unknown] Jarkko Sakkinen <jarkko.sakkinen@iki.fi>
uid           [ unknown] Jarkko Sakkinen <jarkko@kernel.org>
uid           [ unknown] Jarkko Sakkinen <jarkko.sakkinen@tuni.fi>
ssb   ed25519 2019-06-25 [S] [expires: 2025-07-27]
ssb   rsa4096 2020-08-11 [A]
ssb   rsa4096 2022-03-21 [E] [expires: 2024-03-20]
ssb   ed25519 2022-12-29 [A]

And I want to remove passphrase from #ed25519 #authentication #key.

Looking #LTO #tape #drives :-) I might get one at some point to support my #NAS. There's a lot of options below 1000 EUR range, and tapes are neither that expensive, when archiving frequency is maybe few times a year.

Learning #Inkscape in order to substitute #LibreOffice Draw. I moved into LibreOffice Draw some years ago from #Xfig, only because it had turned into legacy. However, I've learned over the time that the structural complexity of actual diagram tools tend to take my focus away from the actual problem, and more into fiddling between the choices in the tool itself.

I created my own12 cm x 9 cm template, which are pretty good starting point metrics (and aspect ratio) for many situations, especially when you have to embed pictures. These metrics are also in good harmony with the primitive (but functional) connector tool of Inkscape, and on keeping complexity of the diagram low :-)

Installed #Debian 12 to my #desktop #PC (migrated back from #Ubuntu). Recent switch to #Intel #ARC #GPU considerably lowered the barrier.

A shallow #Git clone with shallow clones of the #submodule’s:

git clone --depth=1 \
          --recurse-submodules \
          --shallow-submodules \
          <URL>          

#note

A generic flashing and verification script draft (will be edited over time):

#!/usr/bin/env bash
#
# Authors:
# Jarkko Sakkinen <jarkko.sakkinen@tuni.fi>

set -e

if [ $# -ne 2 ]; then
    echo "`basename $0` <payload> <block device>"
    exit 1
fi

PAYLOAD=`realpath $1`
SIZE=`wc -c $1 | cut -d' ' -f1`
START="2048"
END="$((START + (SIZE >> 9)  + 1))"

parted --script $2 mklabel gpt
parted --script $2 mkpart primary fat32 ${START}s ${END}s

PARTITION="${2}1"
if [ ! -b $PARTITION ]; then
  echo "Invalid partition"
  exit 1
fi

echo "Payload: $PAYLOAD"
echo "Partition: $PARTITION"

DD_OPTIONS="count=$((END - START)) bs=512 status=progress conv=sync"

dd if="$PAYLOAD" of="$PARTITION" $DD_OPTIONS
sync

echo "Payload MD5: `dd if="$PAYLOAD" $DD_OPTIONS 2> /dev/null | md5sum`"
echo "Partition MD5: `dd if="$PARTITION" $DD_OPTIONS 2> /dev/null | md5sum`"

#flashing #firmware #image #riscv #CVA6 #Keystone #EFI #note

Something that has probably existed forever but I just learned. You can pass status=progress to dd, and it will show progress. #note

Would be nice if you could at least simulate #keystone with widely available SBC's, even with insecure #attestation (or no attestation at all). #riscv #opensbi #sanctum.

https://github.com/keystone-enclave/keystone/issues/339

I love the new #feature in #openssh, which breaks backwards #compatibility with e.g. #dropbear with the default options: https://www.openssh.com/txt/release-9.0 #ssh

OK cool:

$ sudo apt dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
#
# You can verify the status of security fixes using the `pro fix` command.
# E.g., a recent Ruby vulnerability can be checked with: `pro fix USN-6219-1`
# For more detail see: https://ubuntu.com/security/notices/USN-6219-1
#
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

$ pro fix
usage: pro fix <CVE-yyyy-nnnn+>|<USN-nnnn-d+> [flags]
the following arguments are required: security_issue

#ubuntu #cve #security #note

An example of creating a minimal #Linux #kernel config that boots and prints output to the console:

make tinyconfig
./scripts/config -e CONFIG_MULTIUSER -e CONFIG_TTY -e CONFIG_64BIT -e CONFIG_PRINTK
make -j `nproc`
qemu-system-x86_64 -kernel arch/x86/boot/bzImage

#note

#home #skeleton #dotfiles https://github.com/jarkkojs/home

I still think that #Intel #SGX has some advantages over #SEV and #TDX. Its #security model is easier to understand and is always per page granularity. For anything ulta-secure I would not have hard time to pick the right option.

Setting up #FPGA #lab. #Digilent #Genesys2

refine struct tpm_buf to handle sized buffers (TPM2B): https://lore.kernel.org/linux-integrity/20230821033630.1039527-1-jarkko@kernel.org/ #Linux #kernel #TPM #LKML