I wish it had been titled "Swaptraction Layer" :-/ Article was interesting tho.

Probably it meant for something more advanced like scheduler than I'm working on right now but I'm not sure if I get in my use (emphasis on this) these scoped allocations.

They feels as bad and confusing as the cleanup stack in Symbian. So I just use regular gotos for exceptions. That is more transparent.

So I guess they are just for different application than I have.

ECC creation for ECDSA:

tpm2_createprimary --hierarchy o -G ecc -c owner.txt
tpm2_evictcontrol -c owner.txt 0x81000001
openssl ecparam -name prime256v1 -genkey -noout -out private.pem
tpm2_import -C 0x81000001 -G ecc -i private.pem -u key.pub -r key.priv
tpm2_encodeobject -C 0x81000001 -u key.pub -r key.priv -o key.priv.pem
openssl asn1parse -inform pem -in key.priv.pem -noout -out key.priv.der
serial=`cat key.priv.der | keyctl padd asymmetric tpm @u`

Is it me or why akcipher has two undocumented parameters: "algo OID" and "params length". They are still considered as ABI but not even their size types are documented, let alone the semantics.

Only module I can find that uses algo OID is crypto/testmgr.h, or sets a value into it.

From crypto/asymmetric/public_key.c I found that they are u32's.

And I set them zero by looking my call chain layer by layer where in all layers they are ignored:

1. tpm2_key_rsa_encrypt
2. pkcs1pad_set_pub_key
3. rsa_set_pub_key

And I found the actual call chain by tracing with kprobes.

So I just memset 8 bytes after my key data to zero given that everything is undocumented but by tracing and grepping I've managed to nail them hopefully stable values.

Feels flakky tbh to have documentation based on reverse engineering o_O I wonder why there is no even some struct for those last magical 8 bytes...

#linux #kernel #crypto

https://thenewstack.io/c-gordon-bell-father-of-the-pdp-8-and-vax-has-died/

So the gist of is_module() would be that it would have different semantics than IS_MODULE(): it could be used to e.g. check modules in a loop.

Compilation would generate a new ELF section with following entries:

<ASCIIZ string><0 or 1>

The string would contain module name.

Also, it would enabled to add lsmod -b to enumerate built-in modules, which give nice way to carve up more information about a running test kernel. This would obviously need perhaps a new file to procfs for built-in modules (for regular there is /proc/modules).

I guess recent crypto bug can be sorted otherwise but this feels useful enough to document it.

#linux #kernel #kmod #module

I guess not required for the bug fix but as an idea this type of thing for kmod could be perhaps useful:

https://lore.kernel.org/linux-crypto/D1GXRKNG42V4.1ZHV4H7HVNXHO@kernel.org/

#linux #kernel

Removed #LSP shenanigans from my #nvim config. I don't really care about it and I hate to need external demons to make text editor do its job. It is even worse than plugins, which I neither love. And I never use auto-complete because it does stuff faster than my head can keep up.

Overall for me #ctags is still best possible experience when indexing source code. It crawls deep, does not do anything automatically and does not require external 3rd party prgrams.

And yeah it is stupid as hell, and thus can index whole #Linux tree without trying to understand it. With LSP indexing is build config dependent, which makes it crippled.

With #Rust I use rusty-tags: https://github.com/dan-t/rusty-tags

We are pleased to announce the release of Alpine Linux 3.20.0, the first in the v3.20 stable series.

This is the first stable release that includes Risc-V 64 support thanks to Milk-V.

Upgrades includes among others:

- Rust 1.78
- Python 3.12
- KDE 6

https://www.alpinelinux.org/posts/Alpine-3.20.0-released.html

Thanks to all the contributors who worked hard on getting this release out!

#AlpineLinux

Good news and this is what I use (before that #vim).

Still, I would take editor any day with zero plugins and best picks of the plugins as additional features :-) And by heart compatibility with the familiar vim commands.

https://neovim.io/doc/user/news-0.10.html

#neovim

Booked flights to Prague, will go there from 30-May to 03-Jun in order to attend and present at Ethprague conference.

I think this is quite good middle ways with enabling HMAC by default: https://lkml.org/lkml/2024/5/21/583

For longer story:
https://lore.kernel.org/linux-integrity/D1FCAPJSYLTS.R9VC1CXDCIHH@kernel.org/

#linux #kernel #tpm #hmac

I’d like to switch A-subkey from RSA to ECDSA one. Do I just send the public key via email to helpdesk@kernel.org?

Took six review rounds to get it but learned something pretty basic about #BuildRoot: pure dependencies should not have Config.ih{.host} at all. In my case the main asset is swtpm, which depends on libtpms. Only swtpm has Config.in.host now and libtpms has only libtpms.{mk,hash}.

Time test packaging Rust program for BuildRoot. Need a full system build for testing a pam module in dev (written in rust).

Any ways to trace more like bpftrace way between core_initcall and before init starts? Like somehow e.g. compiling eBPF blobs to vmlinux or similar.

I use bootconfig and boot-time tracing stuff and it is nice but barely shadow of what you can do with e.g. bpftrace.

I'm actually sort of wondering this #Gitlab CI thing. I mean it is quite easy to run kselftest even today without any patches to mainline kernel. What's the value added?

#linux #kernel

Made my first post to rust-for-linux list given a pratical need and use. 

I'll make a PoC with asn1rs by simply deleting everything not needed and hammering the rest 🤷 And first in user space and maybe someone with more kernel rust experience can help me out to fit it there.

https://lore.kernel.org/rust-for-linux/D1F44P3VLTBN.30LUQ60X5J3DN@kernel.org/T/#u

v2 of #TPM2 asymmetric keys: https://lore.kernel.org/linux-integrity/20240521031645.17008-1-jarkko@kernel.org/

Crypto stuff is so easy to break especially in format conversions so decided to save low-hanging fruit clean up for a separate version. From this version forward, I'll promise to stop spamming :-)

#linux #kernel

With confidential computing established it might make sense to have a TPM blob in linux-firmware compiled from open source base and way to certify that for distributors.

Most have some form of certificate authority alike thing in place so this would be good use of that.

Then SGX/SNP/TDX could provide a way to establish a sealed device from that and further distribute a vTPM for each virtual machine.