A smoke test for trusted keys: https://gitlab.com/jarkkojs/linux-tpmdd-test/-/commit/b737d6ca4f45fa171e623f8e1038801edf17c323

Running:

cmake -Bbuild && make -Cbuild buildroot-prepare
pushd build/buildroot/build
make
images/run-tests.sh

Runs successfully at least with my master, containing the HMAC encryption patches.

Failing in in-progress asymmetric key branch so had to extend the test to cover trusted keys (vs. writing commands manually):

https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/log/?h=tpm2_key

#linux #kernel #tpm #keys

Submitted abstract to #ethprague CfP. I own 0 ETH 🤷 #Linux and authentication related stuff. #ethereum

Learned a cool trick in Python, if need to have more deterministic latency for a thread: shutdown the gc as prologue and do collection once as epilogue.

I.e.

gc.disable()
# Do stuff that does not cause CPU
# exceptions or interrupts.
gc.collect()

I also noticed that MicroPython has pretty usable inline assembler.

This makes me wonder if you could implement Python version of https://rtic.rs/2/book/en/ running hard real-time tasks on bare metal.

This is more like learning thing than challenging thing… I.e. by doing the similar thing perhaps in limited scope in other language it is easier to get grip of the original target…

#python #rustlang

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients.

https://krebsonsecurity.com/2024/04/man-who-mass-extorted-psychotherapy-patients-gets-six-years/

Even though Julius "Zeekill" Kivimaki has a cybercrime rap sheet thicker than a dictionary, he will end up serving roughly half that time, because all that stuff he did before he turned 18 doesn't count toward first-time offender status.

BTW, the CEO of the now-bankrupt psychotherapy practice was prosecuted as well (database credentials "root/root") but received a suspended sentence.

hmm... https://www.phoronix.com/news/Linux-610-TPM-Encrypt-Integrity. so it is not yet pulled so no need to announce in the current state "unfinished work" (by definition, given that it is not pulled) ;-)

I'll try to get asymmetric keys soon out which cleans this stack up further as a side-effect. If this did not make into 6.10 then I'll just add it on top of that patch set.

The single biggest issue in confidential computing is still. that there is no legit way to deliver cryptographic proof to client/browser inherited from CPU attestation. i.e. a x509 certificate. and so that it is vendor-neutral. not sure if even @signalapp can do this. who cares what you run in the backend if you cannot prove it.

this is still somewhat solid reference: https://www.decentriq.com/article/swiss-cheese-to-cheddar-securing-amd-sev-snp-early-boot

I wonder if it would make sense to elf stamp kernel images with some sort of. identifier to check where the image is at in the mainline reflecting to the latest of https://docs.kernel.org/process/cve.html. Or maybe this already exist. It would make in the mainline perhaps because then you could detect "too old" when running multiple distributions.

imho at least qemu would need snp and tdx emulation in upstream for like testing patches. i mean most have x86 so even rigged emulation would do the job for trivial patch testing

SDL3 Adds PipeWire Camera Support

Adding to the growing list of features coming with the SDL3 release for this hardware/software abstraction layer commonly used by cross-platform games and other software is PipeWire camera capturing support...
https://www.phoronix.com/news/SDL3-PipeWire-Camera-Capture

#GNOME 47 Desktop Environment Is Slated for Release on September 18th, 2024 https://9to5linux.com/gnome-47-desktop-environment-release-date-slated-for-september-18th-2024

@gnome #Linux #OpenSource

#Amaranth sounds like a name of a black/death metal band from Scandinavia but is actually pretty neat hardware (#FPGA) synthesis framework:

https://amaranth-lang.org/docs/amaranth/latest/intro.html

working on RFC patch for TPM2 asymmetric keys (will use null seed encrypted session) for supporting x509: https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/commit/?h=tpm2_key

https://datatracker.ietf.org/doc/draft-woodhouse-cert-best-practice/

Splitting my pull request. For v6.10 not yet fully finished/polished but the idea is to have simple script to create the PR from signed git tag and then have a few #aerc templates for each subsystem:

https://lore.kernel.org/linux-integrity/D15DSV117DQZ.3GJOTXCTGZHE9@kernel.org/T/#u

Two first I did for keyring and trusted key did not yet use this scheme but learned along the way that I need to scale a bit. Slowly figuring out how to do this properly.

https://man.archlinux.org/man/aerc-templates.7.en

this looks cool: https://aya-rs.dev/

(speaking for myself here) One of the cooler things about Google is getting just the slightest glimpse of the power of some of the tooling your wizard coworkers use.

https://perfetto.dev/ is one of those very cool tools. It's like kernel shark, but has really powerful SQL capabilities. It's well configured for use with Android and CrOS, but with classic Linux environments it can be a little daunting. So here are my notes on using it for upstream kernel development: https://gist.github.com/johnstultz-work/0ec4974e0929c4707bfd89c876ae4735

In colloquial computing Finnish the work for a cache is "kakku", because it's similar in pronunciation. Kakku means "cake". Thus, in Finnish people ask each other how much cake their CPU has.

Language is funny.

after quitting consumer social media i found this site again: https://thedailywtf.com/articles/totally-valid

... Finland making to the EBU finals ;-)

Windows NT guy here supporting Windows95Man in #eurovision #esc2024