We are pleased to announce the release of Alpine Linux 3.20.0, the first in the v3.20 stable series.

This is the first stable release that includes Risc-V 64 support thanks to Milk-V.

Upgrades includes among others:

- Rust 1.78
- Python 3.12
- KDE 6

https://www.alpinelinux.org/posts/Alpine-3.20.0-released.html

Thanks to all the contributors who worked hard on getting this release out!

#AlpineLinux

Good news and this is what I use (before that #vim).

Still, I would take editor any day with zero plugins and best picks of the plugins as additional features :-) And by heart compatibility with the familiar vim commands.

https://neovim.io/doc/user/news-0.10.html

#neovim

Booked flights to Prague, will go there from 30-May to 03-Jun in order to attend and present at Ethprague conference.

I think this is quite good middle ways with enabling HMAC by default: https://lkml.org/lkml/2024/5/21/583

For longer story:
https://lore.kernel.org/linux-integrity/D1FCAPJSYLTS.R9VC1CXDCIHH@kernel.org/

#linux #kernel #tpm #hmac

I’d like to switch A-subkey from RSA to ECDSA one. Do I just send the public key via email to helpdesk@kernel.org?

Took six review rounds to get it but learned something pretty basic about #BuildRoot: pure dependencies should not have Config.ih{.host} at all. In my case the main asset is swtpm, which depends on libtpms. Only swtpm has Config.in.host now and libtpms has only libtpms.{mk,hash}.

Time test packaging Rust program for BuildRoot. Need a full system build for testing a pam module in dev (written in rust).

Any ways to trace more like bpftrace way between core_initcall and before init starts? Like somehow e.g. compiling eBPF blobs to vmlinux or similar.

I use bootconfig and boot-time tracing stuff and it is nice but barely shadow of what you can do with e.g. bpftrace.

I'm actually sort of wondering this #Gitlab CI thing. I mean it is quite easy to run kselftest even today without any patches to mainline kernel. What's the value added?

#linux #kernel

Made my first post to rust-for-linux list given a pratical need and use. 

I'll make a PoC with asn1rs by simply deleting everything not needed and hammering the rest 🤷 And first in user space and maybe someone with more kernel rust experience can help me out to fit it there.

https://lore.kernel.org/rust-for-linux/D1F44P3VLTBN.30LUQ60X5J3DN@kernel.org/T/#u

v2 of #TPM2 asymmetric keys: https://lore.kernel.org/linux-integrity/20240521031645.17008-1-jarkko@kernel.org/

Crypto stuff is so easy to break especially in format conversions so decided to save low-hanging fruit clean up for a separate version. From this version forward, I'll promise to stop spamming :-)

#linux #kernel

With confidential computing established it might make sense to have a TPM blob in linux-firmware compiled from open source base and way to certify that for distributors.

Most have some form of certificate authority alike thing in place so this would be good use of that.

Then SGX/SNP/TDX could provide a way to establish a sealed device from that and further distribute a vTPM for each virtual machine.

Probably would make sense for e.g. Linux Foundation or similar industry faction to develop AI that would look for license infringements from code similarly as it works for code generation.

Probably it will happen that someone uses this new stuff, makes some money, injects GPL with the help of AI and is enforced to open up the whole thing. Detecting these early is also beneficial for those who use AI for their business because it is less damage when the infringement is detected early.

So not for "fighting against AI" but to make it more legit (sort of).

One more PR for Linux v6.10 https://lore.kernel.org/linux-integrity/D1EVFNB6HJZ8.2ZRZB8Y0K3TV5@kernel.org/T/#u

#linux #kernel

OK, I submitted an abstract for kernel summit track: "TPM2 story so far...". It would be from the angle of thinking it more like a protocol or contract that all kinds of hardware and TEE's can speak than just a chip per se...

Not that motivated to travel, so not a huge disappointment if not accepted :-) But yeah I have an angle and will prepare that one properly if accepted. So done my duty I guess at least...

https://lpc.events/event/18/abstracts/1801/

#linux #kernel #tpm

My 5 cents on #POSIX capabilities: https://lore.kernel.org/keyrings/D1ETFJFE9Y48.1T8I7SIPGFMQ2@kernel.org

Not that realistic effort tho...

Would be nice if there was more lean openssl like command-line tool that would all that openssl, keyctl and tpm2-tools does in this test:

https://lore.kernel.org/linux-integrity/D1ERDC16XLUO.578U4ZE7VXW@kernel.org/T/#m262b2fdde64286acaa3879e552b0ba70c79328d4

Remarks:

• openssl: RSA key generation and PEM-to-DER conversion.
• tpm2-tools: Hardware bound object generation and raw-to-PEM conversion.
• keyctl operates with the Linux keyring and sets up asymmetric key with private key in TPM2.

Would be nice if with one command at least I could get a DER blob with the binding to the machine where it is run and then use keyctl. Head hurts watching that script dump. I’m surprised that I got it working at all.

#linux #kernel #tpm #tpm2 #keyctl #openssl

My #CI hack can do kernel CI in any possible runner: https://gitlab.com/jarkkojs/linux-tpmdd-test

It builds #BuildRoot environment and runs tests inside it. Probably this something more infrastructural, dunno have not checked :-)

I.e.

git clone https://gitlab.com/jarkkojs/linux-tpmdd-test.git
cd linux-tpmdd-test
cmake -Bbuild && make -Cbuild buildroot-prepare
make -Cbuild/buildroot/build
build/buildroot/build/images/run-tests.sh

It uses TCL’s (in)famous expect to check the output and uses socat and UNIX socket for communications with appropriate QEMU options. And yeah it supports also TPM chips so can be made to boot up modern #systemd installation (have not done so but might in future).

Runner’s ISA does not matter as everything is built up from ground, including toolchain so supports both x86 and ARM although the build itself is x86 ATM. Essentially it can run tests exactly how I would run them on desktop.

https://lwn.net/Articles/972713/

#linux #kernel #gitlab

[$] What's next for the SLUB allocator https://lwn.net/Articles/974138/ #LWN

Sent a patch set that adds a new driver tpm2_key_rsa, which is asymmetric key type for the sake of interoperability with #x509. Also covers grounds for future drivers such as probably tpm2_key_ecdsa.

https://lore.kernel.org/linux-integrity/20240520184727.22038-1-jarkko@kernel.org/T/#t

#linux #kernel #tpm