#neovim in #fedora 40 does this when opening a #lua file:

Error detected while processing BufReadPost Autocommands for "*":
Error executing lua callback: /usr/share/nvim/runtime/filetype.lua:35: Error executing lua: /usr/share/nvim/runtime/filetype.lua:36:
 BufReadPost Autocommands for "*"..FileType Autocommands for "*"..function <SNR>1_LoadFTPlugin[20]..script /usr/share/nvim/runtime/f
tplugin/lua.lua: Vim(runtime):E5113: Error while calling lua chunk: /usr/share/nvim/runtime/lua/vim/treesitter/language.lua:107: no
parser for 'lua' language, see :help treesitter-parsers
stack traceback:
        [C]: in function 'error'
        /usr/share/nvim/runtime/lua/vim/treesitter/language.lua:107: in function 'add'
        /usr/share/nvim/runtime/lua/vim/treesitter/languagetree.lua:111: in function 'new'
        /usr/share/nvim/runtime/lua/vim/treesitter.lua:41: in function '_create_parser'
        /usr/share/nvim/runtime/lua/vim/treesitter.lua:108: in function 'get_parser'
        /usr/share/nvim/runtime/lua/vim/treesitter.lua:416: in function 'start'
        /usr/share/nvim/runtime/ftplugin/lua.lua:2: in main chunk
        [C]: in function 'nvim_cmd'
        /usr/share/nvim/runtime/filetype.lua:36: in function </usr/share/nvim/runtime/filetype.lua:35>
        [C]: in function 'nvim_buf_call'
        /usr/share/nvim/runtime/filetype.lua:35: in function </usr/share/nvim/runtime/filetype.lua:10>
stack traceback:
        [C]: in function 'nvim_cmd'
        /usr/share/nvim/runtime/filetype.lua:36: in function </usr/share/nvim/runtime/filetype.lua:35>
        [C]: in function 'nvim_buf_call'
        /usr/share/nvim/runtime/filetype.lua:35: in function </usr/share/nvim/runtime/filetype.lua:10>
stack traceback:
        [C]: in function 'nvim_buf_call'
        /usr/share/nvim/runtime/filetype.lua:35: in function </usr/share/nvim/runtime/filetype.lua:10>
Press ENTER or type command to continue

When cargo publish -p tpm2_cli , I need to

tpm2_call = "0.1.1"

… while building locally:

tpm2_call = { path = "../tpm2_call" }

How to sort this out in “idiomatic manner”?

#rust #rustlang

A crate for #TPM 2.0 library protocol, or beginnings of it: https://gitlab.com/jarkkojs/tpm2_library/

Sub-crates:

1. tpm2_call for TPM 2.0 library protocol shenanigans.
2. tpm2_cli for a command-line interfaces.

Development process:

• https://www.conventionalcommits.org/en/v1.0.0/
• https://semver.org/
• Signed-off-by’s.

I aim to do cli first as Linux tied but it could also have e.g. Windows backend. tpm2_call will be portable between operating systems.

#TPM2 #Rust #rustlang

Not really a real project. I've been ad-hoc scripting with #python since 2005, and wanted to learn how to "devops" a properly pipeline at #gitlab, with a release ending to the #pypi: https://pypi.org/project/eth0/

PS. I deleted 0.1.0 tag and release from pypi, because the tag was not signed ;-) you could never trust it...

So for my TPM2 crate I was thinking to rename the project Git as tpm2_library and have sub-crates tpm2_call for protoco and tpm2_cli with a sub-command tpm2cli rc.

Is it acceptable to name for consistency sake the sub-crate directory as tpm2_cli but generate an executable as tpm2cli?

Root project’s name inherits from https://trustedcomputinggroup.org/resource/tpm-library-specification/

#Rust #rustlang #TPM2

I initiated my own #TPM2 #Rust crate partly because the output given by tpm2_rc_decode does not give back the mnemonic of a return code.

Here’s the example from its man page:

tpm2_rc_decode 0x1d5
tpm:parameter(1):structure is the wrong size

So I wrote my return code decoder, and here’s how it works with the previous example:

target/debug/examples/tpm2rc 0x1d5
TPM_RC_SIZE

The Git-repository is available here: https://gitlab.com/jarkkojs/tpm2_call

I’m not going to add any code this crate dealing with /dev/tpm0. Instead the plan is to implement command buffer builder and parser with similar high-level ideas as I’ve done in the #Linux #kernel.

#rustlang

📣 Only 2 days (today and tomorrow) left to get your talk proposals in for the All Systems Go! 2024 CFP.
The clock ⏲️ is ticking!
🏃‍♂️ Hurry over to get yours in: https://cfp.all-systems-go.io/all-systems-go-2024/cfp

Still cannot believe this: I could reserve account name "jarkko" from #pypi, and it is the year 2024. #python #python3

I think #Zola is my favorite tools so far that spans from the #Rust ecosystem: a single binary static web generator.

For a non-web person like me it is easy to grasp. I got a page quickly created that I can send to the employers in the early Fall.

Another earlier mentioned tool, which has someone real innovation embedded is of course #Typst :-)

Making forks of old craft is mostly counter-productive and causes unnecessary drift and divergence, so I oppose all the Rust fork garbage.

It is morally legit to be in opposition against software that is developed from toxic standing point, considering open source community overall. Being toxic against toxic is not toxic.

#rustlang

(_Rum-tum-tiddle-um-tum._)

Someone complained that my home page, which should provide more information regarding recruitment leads to void so I put together this :-) I think it is good enough.

https://jarkkojs.gitlab.io/

After I have finished with #TPM2 signing keys, I'll create a branch called p256k1 to my linux-tpmdd tree, and start doing a PoC of that #ECC curve...

I'll start with #ECDSA signature verification because that is secure without specialized hardware, and as of today #TCG is yet to support P256K1 in its #algorithm #registry.

Also this requires to implement the early version of Keccack-256 #hash algorithm because there are AFAIK padding differences with SHA-3.

#linux #kernel #keys #blockchain

I wonder why vfat in kconfig does not select these options:

• CONFIG_NLS_CODEPAGE_437
• CONFIG_NLS_ISO8859_1

Noticed this while putting together #systemd image. You really cannot use FAT meaningfully without 437, so there should be IMHO either depends or select relation between these and FAT kconfig options.

In my opinion selecting VFAT in 2024 from kconfig should lead to selecting all the options that are required for filenames at minimum because it has exactly two use cases:

1. USB sticks
2. ESP

In both cases proper interpretation of filenames is required.

PS. I also wonder why systemd does not list them as its required CONFIG_*. They are not obvious kconfig options in the context of kernel QA ;-) I always begin with tinyconfig and add up from there when doing this. Using ESP is required by practical means with systemd-boot so all three options should exist in this file: https://github.com/systemd/systemd/blob/main/README. I used it as a reference and failed.

#linux #kernel #vfat #codepage #437

Ramping up #systemd #kernel #QA: DONE!

URL: https://gitlab.com/jarkkojs/linux-tpmdd-test

Contents:

CMakeLists.txt
Config.in
LICENSE
README.md
board/x86_64/buildroot.conf
board/x86_64/genimage.cfg
board/x86_64/kselftest-tpm2.exp.in
board/x86_64/linux.config
board/x86_64/post-build.sh
board/x86_64/post-image.sh
board/x86_64/run-qemu.sh.in
board/x86_64/run-tests.sh.in
board/x86_64/ssh_config.in
buildroot-2024.02.3.patch
configs/x86_64_defconfig
external.desc
external.mk

I’ve been editing the history while ramping up this starting point but I will stop this chaotic workflow now and commit to this baseline :-) So no worries if sending pull requests…

This is also CI capable environment assuming that runner has:

• QEMU
• swtpm

The GIF-animation shows the proof that it actually also works.

Yup, I think it is most sensible to make asymmetric TPM2 key signer only, and import public key to software asymmetric key.

It's not purely just doing TPM2_Sign but also per signature type (RSAPSS, ECDSA etc.) it needs signature specific encoder to ASN.1 format.

Still sufficient to have only a single tpm2_signing_key type of module.

This happens to me at least every second or third day:

# poweroff

And then my computer shuts down :-) #qemu

Before even considering any changes to the #kernel #PGP #maintainer guide I wonder what is the use and purpose of:

- gpg-agent-browser.socket
- gpg-agent-extra.socket

I keep them disabled because I need only gpg-agent.socket and gpg-agent-ssh.socket but for completeness sake would be nice to know what they are.

What do in my custom #BuildRoot and #systemd based image to this error:

[FAILED] Failed to mount EFI System Partition Automount.                                                                     
See 'systemctl status efi.mount' for details.                 
[  OK  ] Finished Update Boot Loader Random Seed.             
tpm_tis MSFT0101:00: 2.0 TPM (device-id 0x1, rev-id 1)        
random: crng init done                                        
[  OK  ] Started Network Name Resolution.                                                                                    
[  OK  ] Reached target Host and Network Name Lookups.                                                                       
         Mounting EFI System Partition Automount...           
         Starting Virtual Console Setup...                    
[FAILED] Failed to mount EFI System Partition Automount.                                                                     
See 'systemctl status efi.mount' for details.                 
[FAILED] Failed to start Automatic Boot Loader Update.        
See 'systemctl status systemd-boot-update.service' for details.

I have no idea what those error messages mean.

The source is here: https://gitlab.com/jarkkojs/linux-tpmdd-test

And here’s the output for the “details”:

# systemctl status systemd-boot-update.service
× systemd-boot-update.service - Automatic Boot Loader Update
     Loaded: loaded (/usr/lib/systemd/system/systemd-boot-update.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Wed 2024-06-12 01:50:17 UTC; 2h 58min left
       Docs: man:bootctl(1)
    Process: 87 ExecStart=bootctl --no-variables --graceful update (code=exited, status=1/FAILURE)
   Main PID: 87 (code=exited, status=1/FAILURE)
        CPU: 28ms

Jun 12 01:50:15 tpmdd systemd[1]: Starting Automatic Boot Loader Update...
Jun 12 01:50:17 tpmdd bootctl[87]: Failed to open parent directory of "/efi": No such device
Jun 12 01:50:17 tpmdd systemd[1]: systemd-boot-update.service: Main process exited, code=exited, status=1/FAILURE
Jun 12 01:50:17 tpmdd systemd[1]: systemd-boot-update.service: Failed with result 'exit-code'.
Jun 12 01:50:17 tpmdd systemd[1]: Failed to start Automatic Boot Loader Update.

#linux #kernel #testing

OK, cool, #systemd is booting now with systemd-#boot. The problem was simply that I did not package all the required files with #genimage :-)

Even tho this image built only for #kernel test and could in theory run just bzImage as #ELF-executable, systemd-boot makes sense given the ability to modify the kernel command-line without compiling the kernel.

So I can now conclude that I've migrated from #busybox to systemd in my kernel testing workflow :-)

#linux

I'm re-formalizing my question because I could wrong too

Using any formation of #Signal App, is it possible to get #SGX #attestation of contact discovery back to the client and view the certificate, or how does it benefit the end user?

Or is from client possible to get this attestation using the raw protocol that the app uses?