Linux 6.10-rc1 got released yesterday. With brand new `mseal()` system call.

So my automation kicked in, posted pull request, I merged, page with system calls table got rebuilt:

https://gpages.juszkiewicz.com.pl/syscalls-table/syscalls.html

v6 of #TPM2 #asymmetric #keys patch set: https://lkml.org/lkml/2024/5/28/150

The new version includes also sub-type for ECDSA signing and verification.

#linux #kernel

For #kernel it is critical to have gccrs features in par with rustc.

Up until that rust-on-linux is a toy feature at most.

IMHO, the language spec should be an ISO/IEC standard and not a "Github standard". This way two toolchains would be easier to keep in par.

With the current infrastructure Rust should be really renamed as MS Rust ;-) It is a semi open-source project controlled by MS infrastructure
and LLVM toolchain. ISO standard would fix a lot here.

#rustlang #rust

For this worktree is useful:

git worktree add ~/work/linux-tpmdd-master master

When you have find a bug while working on feature branch and want to quickly do a fix without too much context switch…

Then later:

git worktree remove linux-tpmdd-master 

Anyone tried out GNU Poke?

Have a few possible job options post September so looking quite good. Obviously nothing is closed given the 4 month window but I think it was good idea to knock some doors now to rise awareness.

I guess my priority when picking a job is to get to do something out of sec space, but otherwise as long as it is kernel, all works for me, because everything in that space is (still) interesting.

My first touch of Rust in kernel is not to write code myself but help to get existing ASN.1 code integrated with ASN1_RUST flag. I think learning testing/QA process is the first thing focus in any area of kernel, not writing code. Once you have edit-compile-run in place all comes so much easier...

Next version of #TPM2 asymmetric keys will also have ECDSA signatures. Almost got it ready during the weekend :-)

Should provide pretty good first coverage for https://datatracker.ietf.org/doc/draft-woodhouse-cert-best-practice/.

#linux #kernel #tpm #keys

https://yotam.net/posts/linux-namespaces-are-a-poor-mans-plan9-namespaces/

CONFIG_ASN1_RUST opt-in early drafting: https://github.com/alex/rust-asn1/issues/462

#linux #kernel #rustlang

Kävin eilen huvikseen #DigiABC-koulutuksen, tässä jotain highlighteja: https://bsky.app/profile/jarkk0.bsky.social/post/3ktbnrsdw4s2x

The Rust project that I disagree the most must be oreboot. "Saturation of an ecosystem" is not my favorite feature ever tbh. And it is just initializing the hardware. Not making world a better place, which should be always the goal. #coreboot

We're hiring a policy analyst in Europe #OpenSource #Policy
https://opensource.org/about/team/vacancy-osi-policy-analyst

I wish it had been titled "Swaptraction Layer" :-/ Article was interesting tho.

Probably it meant for something more advanced like scheduler than I'm working on right now but I'm not sure if I get in my use (emphasis on this) these scoped allocations.

They feels as bad and confusing as the cleanup stack in Symbian. So I just use regular gotos for exceptions. That is more transparent.

So I guess they are just for different application than I have.

ECC creation for ECDSA:

tpm2_createprimary --hierarchy o -G ecc -c owner.txt
tpm2_evictcontrol -c owner.txt 0x81000001
openssl ecparam -name prime256v1 -genkey -noout -out private.pem
tpm2_import -C 0x81000001 -G ecc -i private.pem -u key.pub -r key.priv
tpm2_encodeobject -C 0x81000001 -u key.pub -r key.priv -o key.priv.pem
openssl asn1parse -inform pem -in key.priv.pem -noout -out key.priv.der
serial=`cat key.priv.der | keyctl padd asymmetric tpm @u`

Is it me or why akcipher has two undocumented parameters: "algo OID" and "params length". They are still considered as ABI but not even their size types are documented, let alone the semantics.

Only module I can find that uses algo OID is crypto/testmgr.h, or sets a value into it.

From crypto/asymmetric/public_key.c I found that they are u32's.

And I set them zero by looking my call chain layer by layer where in all layers they are ignored:

1. tpm2_key_rsa_encrypt
2. pkcs1pad_set_pub_key
3. rsa_set_pub_key

And I found the actual call chain by tracing with kprobes.

So I just memset 8 bytes after my key data to zero given that everything is undocumented but by tracing and grepping I've managed to nail them hopefully stable values.

Feels flakky tbh to have documentation based on reverse engineering o_O I wonder why there is no even some struct for those last magical 8 bytes...

#linux #kernel #crypto

https://thenewstack.io/c-gordon-bell-father-of-the-pdp-8-and-vax-has-died/

So the gist of is_module() would be that it would have different semantics than IS_MODULE(): it could be used to e.g. check modules in a loop.

Compilation would generate a new ELF section with following entries:

<ASCIIZ string><0 or 1>

The string would contain module name.

Also, it would enabled to add lsmod -b to enumerate built-in modules, which give nice way to carve up more information about a running test kernel. This would obviously need perhaps a new file to procfs for built-in modules (for regular there is /proc/modules).

I guess recent crypto bug can be sorted otherwise but this feels useful enough to document it.

#linux #kernel #kmod #module

I guess not required for the bug fix but as an idea this type of thing for kmod could be perhaps useful:

https://lore.kernel.org/linux-crypto/D1GXRKNG42V4.1ZHV4H7HVNXHO@kernel.org/

#linux #kernel