#swtpm and #libtpms packages in progress for #buildroot: https://gitlab.com/jarkkojs/buildroot/-/commits/swtpm/?ref_type=heads #linux #tpm

In addition to "show me the code", there is always also "show me the payload".

The easiest way to move forward with a feature is not to have best possible code quality (at least when tagged as RFC). Instead, having a provable payload for the feature is essential.

https://lore.kernel.org/all/D1BC3VWXKTNC.2DB9JIIDOFIOQ@kernel.org/

I had no idea that we have that many sets of capabilities, oh dear... https://lore.kernel.org/all/D1BBFWKGIA94.JP53QNURY3J4@kernel.org/

I fixed some bugs in page tables of RISC-V Keystone enclaves (bootstrapping code of page tables) last Fall to get them working with CVA6 RISC-V CPU, and now I get steadily emails from people who are trying to use Keystone but cannot get it working for various reasons.

Not blaming those people but clearly the project is not too community oriented 🤷 I try respond politely that I don’t have the bandwidth.

Does not come as surprise tho because I wrote a trivial in-kernel driver PoC to which project showed no interest, still continuing with their OOT-drver:

• https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-riscv-keystone.git/commit/?h=keystone-5.19.y
• https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-riscv-keystone.git/commit/?h=keystone

Cannot recall which one was newer version because it is such a long time since I wrote these :-)

#riscv #keystone #enclave #linux

I love it that my play stats on Bandcamp look like an MSEG envelope curve.

#MusicProduction #Bandcamp

Submitted a security issue to Signal App about the privacy issue on how they use Intel SGX :-) Let's see how this goes...

⚡️ 🇦🇷 A theft of a radioactive material capsule in Buenos Aires, Argentina has raised concerns among the population. The capsule contained a 45ml container of radioactive liquid and was stolen from a nuclear medicine company. Authorities have been alerted and are investigating the incident. https://www.riskmap.com/incidents/2132301/articles/222305988/

New development policy: code generated by a large language model or similar technology (e.g. ChatGPT, GitHub Copilot) is presumed to be tainted (i.e. of unclear copyright, not fitting NetBSD's licensing goals) and cannot be committed to NetBSD.

https://www.NetBSD.org/developers/commit-guidelines.html

"No Arduino! If you aim to master embedded systems, Arduino won’t cut it. It’s a playground for hobbyists, not the battleground for engineers. The purpose is not to scare you — It’s to help you out. It is to give you a proper direction." -https://medium.com/@umerfarooqai/embedded-engineering-roadmap-say-no-to-arduino-a0eed8e1bf10

Well, that at least scares me. How I think is that one should take the simplest possible tool to get a PoC.

Otherwise, all energy might be consumed in useless and pointless battles. Conserving energy, prioritizing and picking the right battles is what engineers IMHO do.

#arduino #engineer

Last bit from my side for TPM2 asymmetric keys: https://lore.kernel.org/linux-crypto/20240515150213.32491-1-jarkko@kernel.org/T/#u

Now I'll wait for some patches from James Prestwood based on his previous work: https://lore.kernel.org/keyrings/20200518172704.29608-1-prestwoj@gmail.com/

"FBI seize BreachForums hacking forum used to leak stolen data"

https://www.bleepingcomputer.com/news/security/fbi-seize-breachforums-hacking-forum-used-to-leak-stolen-data/

Pull request 4/4 pulled this time for asymmetric keys :-) https://lkml.org/lkml/2024/5/15/699

My PR's were in chaos about a year ago, and Linus also complained about the quality. This was mostly because the startup I was in went out of business and lots of stuff going on in life overall but I've gradually improved my process to make it more fail-safe. Results start to show and four PR's to four subsystems was a non-issue :-)

In the next life crisis: I'm prepared

Will Google release an ad today that can outcringe Apple's latest?

#gemini
#googleIO
#encringification

"i use linux as my operating system," i state proudly to the unkempt, bearded man. he swivels around in his desk chair with a devilish gleam in his eyes, ready to mansplain with extreme precision.
"actually," he says with a grin, "linux is just the kernel. you use GNU+linux."
i don't miss a beat and reply with a smirk, "i use alpine, a distro that doesn't include the GNU coreutils, or any other GNU code. it's linux, but it's not GNU+linux."

the smile quickly drops from the man's face. his body begins convulsing and he foams at the mouth as he drop to the floor with a sickly thud. as he writhes around he screams "I-IT WAS COMPILED WITH GCC! THAT MEANS IT'S STILL GNU!"
coolly, i reply "if windows was compiled with gcc, would that make it GNU?" i interrupt his response with "and work is being made on the kernel to make it more compiler-agnostic. even if you were correct, you won't be for long."

with a sickly wheeze, the last of the man's life is ejected from his body. he lies on the floor, cold and limp. i've womansplained him to death.

Who called it “code review” instead of “objection-oriented programming”

Time to write Linux PAM module in Rust for the ethprague conference. Rust over C because it is much nicer environment to talk web APIs. And yeah, pam-rs exists. It is about ethereum network based authentication, details at the con.

a conference committee wanted to know my telegram nick so...

If I ever had a tattoo, it would probably say: "x.509". It already feels like one 🤷 #x509

The TPM bus encryption and integrity protection changes prepared by @jejb and @jarkko were merged for #Linux 6.10: https://git.kernel.org/torvalds/c/b19239143e393d4b52b3b9a17c7ac07138f2cfd4

"[…] The key pair on TPM side is generated from so called null random seed per power on of the machine [1]. This supports the TPM encryption of the hard drive by adding layer of protection against bus interposer attacks. […]"

[1 https://lore.kernel.org/linux-integrity/20240429202811.13643-1-James.Bottomley@HansenPartnership.com/

you first, asshole