Here are the slides for a talk I just gave about using perf c2c to find cache line contention in postgres:
https://anarazel.de/talks/2024-05-29-pgconf-dev-c2c/postgres-perf-c2c.pdf

I think there would be still space for systems programming language with a constraint from day zero that it would 1:1 compatible with plain C”s binary layout and memory model:

1. Roughly just .text, .bss, .rodata and ,data.
2. No symbol mangling at all.

All the memory safety etc. fancy features would be then designed within exactly those constraints.

#Rust is essentially a derivative of C++ when compiled to binary, which does not really make it a strong competitor for plain #C. It can substitute C in many cases for sure, just like C++ did, but there’s always need for minimal systems programming language, which also looks elegant in binary, not just in source code.

A compiled C program can be quite easily understood with a binary with no debug symbols at all if you understand the CPU architecture well enough. That is, and will be a strong asset for C.

#cplusplus #rustlang

My game plan for the next weekends Ethprague is this:

1. Introduce roles in authentication: user and machine both I think should be represented with their own private keys. I.e. consider ENS as a fancy LDAP that the machine can access.
2. Represent asymmetric TPM2 keys (tpm2_key_rsa, tpm2_key_ecdsa) as a way to give a guarded identity for the machine (or node).
3. The lack of TPM_ECC_P256_K1 in TCG Algorithm Repository means that TPM’s cannot natively store Ethereum private keys. Could and should change tho.
4. Workaround that I’m going to do after my first patch set is completed: software ECDSA for p256k1, i.e. signing and verification. Allows to root the keychain to an asymmetric TPM2 key.

Feels like 25-30 mins to me. Most importantly, not much knowledge required of #Ethereum, which is pretty alien topic to me :-) About to head soon to the #Tampere airport.

I’m not really even a fan of blockchains or cryptocurrency but I still think that it is good to provide safe and usable mechanisms for any legit task that user wants to use Linux for. So thus I want to enable those and free of charge, in order to keep my position regarding this topic (no affiliations). I only benefit flights to Prague from this work (pay for Airbnb myself).

#linux #kernel #crypto

I completely forgot I uploaded VistaPro 3.20 (the scenery renderer) to the Internet Archive, where you can run it from your browser. For those sudden urges of wanting to create some landscapes.

https://archive.org/details/vistapro320

Includes the MakePath tool.

Don't forget to take screenshots of your creations! Nothing can be retrieved from the disk the in-browser DOSBox keeps, as far as I know.

(Please be patient with the Archive's speed, they're dealing with persistent DDoS attacks at the moment)

While developing asymmetric TPM2 keys, and reviewing TPM bus encryption earlier, I came to realize that both tpm2-tools and ibmtss feel unintuitive.

So I started to seek, if some had ever backed up my old tpm2-scripts, from which kselftest was inherited. I did not have anymore any repo for that one.

With Google I luckily found a backup from the Github profile of @colinianking, so thank you for that. Then I just copied over latest version of just tpm2.py (GPL/BSD dual-licensed file).

Probably will have some incompatibility issues with old scripts and updated main module (less than 10 updates in its total life-time tho) but I will fix them as soon as I need to test anything.

Anyway, a new and to-be-lean TPM2 hacking tool has been initiated: tpm2ctl (there’s no even file of that name yet but definitely will be at some point ;-)).

URL: https://gitlab.com/jarkkojs/tpm2ctl

A plea for more thoughtful comments https://lwn.net/Articles/975597/ #tech #linux

Ever wondered why @torvalds coined the #Linux #kernel's "no regressions" rule? He just explained it again here: https://lore.kernel.org/all/CAHk-=wgtb7y-bEh7tPDvDWru7ZKQ8-KMjZ53Tsk37zsPPdwXbA@mail.gmail.com/

'"[…] I introduced that "no regressions" rule something like two decades ago, because people need to be able to update their kernel without fear of something they relied on suddenly stopping to work. […]"'

Follow the link for context and other statements that did not fit into a toot.

#LinuxKernel #regressions

Emailed to TCG:

Forwarded message from Trusted Computing Group on Wed May 29, 2024 at 1:58 PM:
Message Body:
Some views on topic I've written:
- https://social.kernel.org/notice/AiNuw35YY9uOSrhiK0
- https://github.com/wolfSSL/wolfTPM/issues/356
Linux kernel patch set ongoing which made me realize that p256k1 is lacking from your registry:
- https://lore.kernel.org/linux-integrity/20240528210823.28798-1-jarkko@kernel.org/
This really should exist despite not being the most secure ECC given the compatibility to a number o
f open source projects and platforms (not just ETH and BTC). Please read also the above links, the w
rite ups are short and to the point. This would add by factors the importance of TPM2 ecosystem spre
ading to new applications.

--
This e-mail was sent from a contact form on Trusted Computing Group (https://trustedcomputinggroup.o
rg)

On possibility of adding TPM_ECC_SECP_P256_K1 curve to https://trustedcomputinggroup.org/wp-content/uploads/TCG-Algorithm-Registry-Revision-1.34_pub-1.pdf

Unless I overlooked something, which is entirely possible, Linux does not know how to sign even NIST-ECDSA (p256r1). That would make tpm2_key_ecdsa the first module that can do ECDSA signatures at all.

I think after TPM2 RSA/ECDSA work lands to mainline, I'll make software implementation of p256k1 ECDSA verification, and some time later, signing. That way at least TPM2 keys can root a key hierarchy for p256k1 keys to the Linux keyring, despite being just software implementation.

Stefan Berger has done during last 2-3 years a decent ecc_* API so should not be even a huge stretch.

So tpm2_key_ecdsa (if I did not overlook anything, cannot be 100% sure) might even enable ECDSA signing overall for Linux kernel for the first time.

#linux #kernel #keys #keyring

Connecting to #Ethereum Name Service and similar crazy crypto distributed hellholes is dead easy with C: #libcurl. Also much more transparent than those crazy #Web3-frameworks :-) I don't know what they do in the machinery, so thus do not like them.

#Microsoft has invested considerable amount of money on #Ethereum but still nobody has put forward p256k1 to the TCG Algorithm Registry. IMHO, would be somewhat dead obvious thing to do...

https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/

#TPM #blockchain

Asymmetric #TPM2 #keys v7:

https://lore.kernel.org/linux-crypto/20240528210823.28798-1-jarkko@kernel.org/T/#mb07f85a8c3f4af388cbc08438e71ac8aea447d85

This is the first version with fully working #ECDSA signing and signature verification with the public key.

Implementation notes:

1. Accepts only sha256 at this point. Can be easily extended later. It is best overall choice for the first version.
2. Does not accept any authentication policy yet. Can be extended later by adding a new parameter to match_table_t param_keys in security/keys/keyctl_pkey.c. E.g. "policy=%s".

I’m pretty happy with this, given that I did it fully during 1.5 week period on my free time and unpaid ;-)

#Linux #kernel #TPM

Linux 6.10-rc1 got released yesterday. With brand new `mseal()` system call.

So my automation kicked in, posted pull request, I merged, page with system calls table got rebuilt:

https://gpages.juszkiewicz.com.pl/syscalls-table/syscalls.html

v6 of #TPM2 #asymmetric #keys patch set: https://lkml.org/lkml/2024/5/28/150

The new version includes also sub-type for ECDSA signing and verification.

#linux #kernel

For #kernel it is critical to have gccrs features in par with rustc.

Up until that rust-on-linux is a toy feature at most.

IMHO, the language spec should be an ISO/IEC standard and not a "Github standard". This way two toolchains would be easier to keep in par.

With the current infrastructure Rust should be really renamed as MS Rust ;-) It is a semi open-source project controlled by MS infrastructure
and LLVM toolchain. ISO standard would fix a lot here.

#rustlang #rust

For this worktree is useful:

git worktree add ~/work/linux-tpmdd-master master

When you have find a bug while working on feature branch and want to quickly do a fix without too much context switch…

Then later:

git worktree remove linux-tpmdd-master 

Anyone tried out GNU Poke?

Have a few possible job options post September so looking quite good. Obviously nothing is closed given the 4 month window but I think it was good idea to knock some doors now to rise awareness.

I guess my priority when picking a job is to get to do something out of sec space, but otherwise as long as it is kernel, all works for me, because everything in that space is (still) interesting.

My first touch of Rust in kernel is not to write code myself but help to get existing ASN.1 code integrated with ASN1_RUST flag. I think learning testing/QA process is the first thing focus in any area of kernel, not writing code. Once you have edit-compile-run in place all comes so much easier...

Next version of #TPM2 asymmetric keys will also have ECDSA signatures. Almost got it ready during the weekend :-)

Should provide pretty good first coverage for https://datatracker.ietf.org/doc/draft-woodhouse-cert-best-practice/.

#linux #kernel #tpm #keys