https://counterhate.com/research/musk-political-posts-x/

Found a cool fabric brand while cleaning up some old boxes full of all kinds of shit. Have to learn how to sew and attach it to something. #acid #303

Trying to make a new version of my “TPM2 signers” patch set and stumbling into a weird problem.

Here’s the script I’m looking at:

#!/usr/bin/env bash

set -e

PRIMARY=0x81000001

function egress {
  keyctl clear @u
  tpm2_evictcontrol -C o -c $PRIMARY 2> /dev/null
  tpm2_getcap handles-transient
  tpm2_getcap handles-persistent
}
trap egress EXIT

openssl ecparam -name prime256v1 -genkey -noout -out ecc.pem
openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in ecc.pem -out ecc_pkcs8.der

tpm2_createprimary --hierarchy o -G ecc -c owner.txt
tpm2_evictcontrol -c owner.txt $PRIMARY

# EC parameters to TPM2 blob:
tpm2_import -C $PRIMARY -G ecc -i ecc.pem -u tpm2.pub -r tpm2.priv

# TPM2 blob to ASN.1:
tpm2_encodeobject -C $PRIMARY -u tpm2.pub -r tpm2.priv -o tpm2.pem
openssl asn1parse -inform pem -in tpm2.pem -noout -out tpm2.der

# Populate asymmetric keys:
tpm2_ecc_key=`keyctl padd asymmetric "tpm_ecc" @u < tpm2.der`
kernel_ecc_key=`keyctl padd asymmetric "kernel_ecc" @u < ecc_pkcs8.der`

echo "SECRET" > doc.txt

echo TPM2 ECC SIGN
keyctl pkey_sign $tpm2_ecc_key 0 doc.txt hash=sha256 > doc.txt.sig

echo TPM2 VERIFY
keyctl pkey_verify $kernel_ecc_key 0 doc.txt doc.txt.sig

The error message generated is:

keyctl_pkey_verify: Invalid argument

If I verify with the TPM2 ECC key /it will pass, in other words replacing the list statement with:

keyctl pkey_verify $tpm2_ecc_key 0 doc.txt doc.txt.sig hash=sha256

In the final version I’m going to remove signature verification from TPM2 ECC key as that is kind of the point here: sign certificate with a private key protected by TPM and allow any party verify the signature with the known public key.

#linux #kernel #tpm

PR for 6.12-rc7 with a fix for recently reported bug:

1. https://lore.kernel.org/linux-integrity/D5CYH0IJXX72.35A25M1YICZRP@kernel.org/T/#u
2. https://bugzilla.kernel.org/show_bug.cgi?id=219383

This bug for early weeks of the current release cycle has already landed: https://bugzilla.kernel.org/show_bug.cgi?id=219229

Right now that I don't do kernel as my main job I prioritize users instead kernel developers when picking fixes for during the cycle PR's :-) Other fixes can wait until 6.13 PR.

#linux #kernel

The “convenience of LSP” with kernel:

make ARCH=x86_64 O=../linux-tpmdd-clangd x86_64_defconfig
make O=../linux-tpmdd-clangd/ CC="ccache gcc" -j`nproc`
scripts/clang-tools/gen_compile_commands.py -d ../linux-tpmdd-clangd

This is least distracting way I’ve found to use it (I use it only with VSCodium when just browsing around):

1. Uses host architecture (target architecture can be “whatever”).
2. Uses defconfig that works well for this task.
3. Does not disturb other uses of the Git tree.

E.g. I use LINUX_OVERRIDE_SRCDIR a lot with BuildRoot and usually clean kernel directory in such cases causes least troubles…

my main hardware test platform for Linux kernel. spot the tpm chip 🙂 #linux #kernel

"I can replace you lazy fucks with spicy autocomplete."

"More than a quarter of all new code at Google is generated by AI, then reviewed and accepted by engineers," CEO Sundar Pichai said on the company's third quarter 2024 earnings call. If you work...
https://jwz.org/b/ykb8

Midnight Commander is still the best file manager thanks to '--printwd', which writes the last seen working directory to a file. This amazes me because it is a feature that requires almost nothing to implement.

For Trenchboot: https://lore.kernel.org/linux-integrity/20241102013716.1036396-1-jarkko@kernel.org/

#linux #kernel

was interesting read:

https://lwn.net/Articles/995196/

First system upgrade ever I’ve tried for Asahi Linux ongoing *fingers crossed* (40 to 41)

Learned how to install a “VSCode only” extension to VSCodium:

1. Go to a page: https://marketplace.visualstudio.com/items?itemName=nordic-semiconductor.nrf-kconfig
2. Download vsix.
3. codium --install-extension nordic-semiconductor.nrf-kconfig-2024.9.20.vsix

Now Kconfig looks pretty ;-)

Why only Apple laptops have an 3,5mm audio port that is of super sonic quality?

All other audio ports suck. It's the literal truth. It's the killer feature in Apple products.

Try to connect your Thinkpad directly to a stage sound system and it will be hell. This applies to all PC laptops I've ever tried.

Why it is like this?

I don't have personal laptop at the moment but soon going to get a new one, and it definitely will be Apple laptop, and it is ONLY because of 3,5mm audio port.

Noteworthy is that also the latency metrics of Apple's audio are in par with an external audio interface.

#laptop #audio #apple

Can OpenPGP signing key used also as Machine Owner Key (MOK) for signing kernel and modules by some means? That would be the most practical way as I have that always available in my Yubikey.

I can use my OpenPGP keyring to:

1. Sign tags for Linus.
2. Sign commits at work.
3. Authenticate to all SSH servers I have access to.
4. Authenticate to all Git repositories I have access to.
5. Right and manage my "root of trust" with pass: https://www.passwordstore.org/

I'm sure it must be applicable in a way or another also as MOK.

#linux #security #yubikey

The interface is a bit rough but Firefox actually has profiles just like Chrome. This from my work Thinkpad.

Have been converting once again to Firefox from Chrome only because I want to use at least the same browser in every platform and aarch64 has only Firefox (i.e. my Mac mini).

This is how I usually switch between Chrome and Firefox: a dead-end comes and I switch to the other.

Last time I switched to Chrome was because of broken WebMIDI support in Firefox, which now fully works with Novation hardware so the browser table tennis continues.

#firefox #chrome #ping #pong

Only issue I've had with Fedora 41 has been Signal but then I recalled this:

https://github.com/BarbossHack/Signal-Desktop-Fedora

Building RPM packages and installing them fixed all the issues.

#fedora #signal

"libLISA is a library for automatically discovering and analyzing CPU instructions. It relies on minimal human input: only a definition of CPU state and a CPU observer are required to be implemented."

https://github.com/liblisa/liblisa

Fedora 41 upgrade ongoing. More worried when I do the same for Asahi Linux (because never upgraded it before).

4/32 GB of RAM and 1/8 GB of swap used when this popped up (had only time to look 'free' quickly 🤷 no other effect #firefox

@ljs you got it, i did my fedora ark test (compile a random tip as distribution kernel) with a "random patch set".