Jarkko Sakkinen
Posts
4778Following
319Followers
489OpenPGP: 3AB05486C7752FE1
Jarkko Sakkinen
jarkko
day 2 fighting with TPM2_Import. and it's not the first time. the protocol crate is doing nothing wrong, it's a bug in tpm2sh
0
0
0
Jarkko Sakkinen
jarkko
I should have remember by now that for KDFa's you feed "DUPLICATE\0" not "DUPLICATE" and so forth. But no, I fought with TPM_RC_VALUE for half a day.
0
0
0
Jarkko Sakkinen
jarkko
Edited 19 days ago
this SVG garbage fuck. is there something we could put .gitattributes, .gitignore or something that would make it not to destroy git grep experience?
2
0
0
Jarkko Sakkinen
jarkko
Edited 19 days ago
Now it is carved to the stone:
https://github.com/puavo-org/tpm2sh/commit/f95d6aae1f5212c39349a77e066b4ceeb2ef580c
I'll need this once I have bandwidth to refine:
https://lore.kernel.org/linux-integrity/20240528210823.28798-1-jarkko@kernel.org/
https://github.com/puavo-org/tpm2sh/commit/f95d6aae1f5212c39349a77e066b4ceeb2ef580c
I'll need this once I have bandwidth to refine:
https://lore.kernel.org/linux-integrity/20240528210823.28798-1-jarkko@kernel.org/
0
0
0
Jarkko Sakkinen
jarkko
Edited 19 days ago
In the sense confidential computing holds it promise that since the hardware is inaccessible by practical means to *everyone*, you need to execute that type of code in your head. It is as confidential at least as computing can ever get [Side-note: even the name of the field is incorrect terminology at least when reflecting on how the terminology is usually defined in the field of information security. The so called "CIA Triad" defines trust as the sum of availability, confidentiality and integrity.]
This is what I literally do with SGX patches:
1. I pick up Intel SDM (which is IMHO pretty good ISA reference overall, zero complains on that).
2. I read the pseudocode for new opcodes or revisit old ones.
3. I look it is applied in kernel patch
4. Finally I "hallucinate" its execution :-----)
And based on this mental execution procedure I ack/nak patches.
You can extrapolate from this that probably most of any type of CoC code in kernel are the least audited areas of the Linux kernel source code. Even if working for a CPU company, it is hard to really hammer the code, if your only access to the hardware is a shitty company cloud.
This is what I literally do with SGX patches:
1. I pick up Intel SDM (which is IMHO pretty good ISA reference overall, zero complains on that).
2. I read the pseudocode for new opcodes or revisit old ones.
3. I look it is applied in kernel patch
4. Finally I "hallucinate" its execution :-----)
And based on this mental execution procedure I ack/nak patches.
You can extrapolate from this that probably most of any type of CoC code in kernel are the least audited areas of the Linux kernel source code. Even if working for a CPU company, it is hard to really hammer the code, if your only access to the hardware is a shitty company cloud.
0
0
0
Jarkko Sakkinen
repeated
repeated
Jarkko Sakkinen
jarkko
OOPS
it was more than TPM_RC_SIZE :-)
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git/commit/?id=9ba073e0d924fbeeff4f74a70bc76bbf29380862
0.10.5 released
BR, Jarkko
it was more than TPM_RC_SIZE :-)
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git/commit/?id=9ba073e0d924fbeeff4f74a70bc76bbf29380862
0.10.5 released
BR, Jarkko
0
0
0
Jarkko Sakkinen
jarkko
Edited 19 days ago
Software crypto would really need its own "official" systemd service as that way any application could have audited crypto. I.e. crypto operations would be executed by that service and results returned back to the caller. It could probably be just user service running inside session in order to guarantee better privacy.
This is partly because Rust does not have a proper DSO support, and this would address this flaw in Rust. It is not a question how great some random crate is but more like can you make software that can be used in production as per standards that companies use.
E.g., I cannot recommend to use tpm2sh to use anything else except kernel testing for this exact reason no matter how the crates are implemented or how well I might orchestrate the calls.
This is partly because Rust does not have a proper DSO support, and this would address this flaw in Rust. It is not a question how great some random crate is but more like can you make software that can be used in production as per standards that companies use.
E.g., I cannot recommend to use tpm2sh to use anything else except kernel testing for this exact reason no matter how the crates are implemented or how well I might orchestrate the calls.
1
0
1
Jarkko Sakkinen
jarkko
Edited 19 days ago
IMHO learnings from SGX, SNP and TDX: we should simply stop accepting enterprisy CPU features UNLESS there's guaranteed flow of reasonably priced SDPs, EVEN if they are not profitable for the CPU company.
E.g., in SGX, Intel delivered exactly one generation of NUCs in order to comply what we agreed on at Linux Plumbers 2016. Once the feature was in the mainline it was end of story for developer accessible hardware. And still after that SNP and TDX have been included, which is plain stupid.
It's hard to take away user facing code from kernel once it is included but it would be the best possible policy and constraint to take only bug fixes up until we have cheap SDPs for the confidential computing CPU features.
Let's shutdown any other improvements up until that. Not a decision maker on x86 tree but I have right for my opinion at least :-)
EDIT: I think I make my case without "PS" part :-) This is still how things have went and based on facts (I've witnessed the whole process).
#linux #kernel #intel #amd
E.g., in SGX, Intel delivered exactly one generation of NUCs in order to comply what we agreed on at Linux Plumbers 2016. Once the feature was in the mainline it was end of story for developer accessible hardware. And still after that SNP and TDX have been included, which is plain stupid.
It's hard to take away user facing code from kernel once it is included but it would be the best possible policy and constraint to take only bug fixes up until we have cheap SDPs for the confidential computing CPU features.
Let's shutdown any other improvements up until that. Not a decision maker on x86 tree but I have right for my opinion at least :-)
EDIT: I think I make my case without "PS" part :-) This is still how things have went and based on facts (I've witnessed the whole process).
#linux #kernel #intel #amd
1
0
4
Jarkko Sakkinen
repeated
repeated
Jukka Niiranen
jukkan@mstdn.social"Who needs an App Store? You've got the Nokia PC Suite software on a CD-ROM! Just plug the proprietary cable into your Symbian S60 device, boot up your Windows PC, and away you go. THIS is the smartphone experience for people who are serious about mobile computing."
#Nokia #Symbian #smartphone #retrophone
0
3
0
Jarkko Sakkinen
jarkko
The next thing with tpm2_protocol is obviously the figures!
I.e. creating a stress that measures the delta between compile-time estimated size and run-time realized size.
This spun up from my friend Philip Tricca asking about stack usage. I definitely want to know the truth and also catch regressions on this side that might be caused by new commits.
Obviously during construction time this has not been a priority but now it is time to level it up.
One of first commits to wiping away the excess fat is (already in 0.10.0):
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git/commit/?id=cd6641bf9e8c8fde8726bece9eb6cdc630d893c2
#linux #kernel #tpm #rust
I.e. creating a stress that measures the delta between compile-time estimated size and run-time realized size.
This spun up from my friend Philip Tricca asking about stack usage. I definitely want to know the truth and also catch regressions on this side that might be caused by new commits.
Obviously during construction time this has not been a priority but now it is time to level it up.
One of first commits to wiping away the excess fat is (already in 0.10.0):
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git/commit/?id=cd6641bf9e8c8fde8726bece9eb6cdc630d893c2
#linux #kernel #tpm #rust
0
0
0
Jarkko Sakkinen
jarkko
Edited 20 days ago
As of today can we do this:
1. drivers/char/tpm (C code)
2. drivers/char/tpm/protocol (imported tpm2_protocol)
?
And then build FFI from C to Rust for building commands that we need today etc.
There's one particular challenge where this could help: early boot code for D-RTM (i.e., Trenchboot) as given my crate is just a thing in stack with no deps, it could be linked also to that payload.
#linux #kernel #rust #tpm
1. drivers/char/tpm (C code)
2. drivers/char/tpm/protocol (imported tpm2_protocol)
?
And then build FFI from C to Rust for building commands that we need today etc.
There's one particular challenge where this could help: early boot code for D-RTM (i.e., Trenchboot) as given my crate is just a thing in stack with no deps, it could be linked also to that payload.
#linux #kernel #rust #tpm
1
1
1
Jarkko Sakkinen
jarkko
should usage normally cause exit code 1 or 0?
right now e.g.,
❯ sudo target/debug/tpm2sh unseal
tpm2sh-unseal
Unseals a keyedhash object
USAGE:
tpm2sh unseal [OPTIONS]
OPTIONS:
--password <PASSWORD> Authorization value
-h, --help Print help information
~/work/github.com/puavo-org/tpm2sh main
❯ echo $status
1
It checks if stdin is open for the sake of pipelien and if not it shows usage.
right now e.g.,
❯ sudo target/debug/tpm2sh unseal
tpm2sh-unseal
Unseals a keyedhash object
USAGE:
tpm2sh unseal [OPTIONS]
OPTIONS:
--password <PASSWORD> Authorization value
-h, --help Print help information
~/work/github.com/puavo-org/tpm2sh main
❯ echo $status
1
It checks if stdin is open for the sake of pipelien and if not it shows usage.
1
0
0
Jarkko Sakkinen
jarkko
the very last spam alert:
https://lore.kernel.org/rust-for-linux/aKfaR-h6Itc38qfl@kernel.org/T/#u
moving to on hold as tpm2_protocol is/will be mailing list based project.
tpm2sh has a new github location: https://github.com/puavo-org/tpm2sh
#linux #kernel #tpm #rust
https://lore.kernel.org/rust-for-linux/aKfaR-h6Itc38qfl@kernel.org/T/#u
moving to on hold as tpm2_protocol is/will be mailing list based project.
tpm2sh has a new github location: https://github.com/puavo-org/tpm2sh
#linux #kernel #tpm #rust
0
0
1
Jarkko Sakkinen
jarkko
Edited 21 days ago
The first independent release of the protocol: https://crates.io/crates/tpm2-protocol
Git: https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git
Release notes:
tag 0.10.0
Tagger: Jarkko Sakkinen <jarkko.sakkinen@iki.fi>
Date: Fri Aug 22 04:45:40 2025 +0300
Release 0.10.0
- chore: refactor into standalone crate
- refactor(tpm2_protocol): reduce defaults
- refactor(tpm2_protocol): merge TpmuSigScheme and TpmuAsymScheme
- refactor(tpm2_protocol): decouple command building
- fix(tpm2_protocol): trailing data
- refactor(tpm2_protocol): remove MAC definitions
- tests(tpm2_protocol)
- fix(tpm2-protocol): TpmuAttest error code
- tests: migrate dyn trait test to tpm2_protocol
- fix(tpm2_protocol): correct serialization logic
- refactor: InternalError -> Unreachable
- tests(tpm2_protocol): fix compilation errors
- fix(tpm2_protocol): StartAuthSession response
- refactor!(tpm2_protocol): drop tpm_response! and TpmParameters
- fix!(tpm2_protocol): DO NOT export submodules
- refactor(tpm2_protocol): adjust buffer debug output
- fix(tpm2_protocol): TpmRc::base() return code
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQRE6pSOnaBC00OEHEIaerohdGur0gUCaKfLxAAKCRAaerohdGur
0nY/AP9/4HMLP+wY0h5tQSnbzmIajNzzBAoWIA7nA8dIkcQ8RQEAxhK/MrKKT7iQ
j2rEvvKdgWPdHtPhZWzUahuZnW6LIgA=
=RfaI
-----END PGP SIGNATURE-----
#linux #kernel #tpm #rust
Git: https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git
Release notes:
tag 0.10.0
Tagger: Jarkko Sakkinen <jarkko.sakkinen@iki.fi>
Date: Fri Aug 22 04:45:40 2025 +0300
Release 0.10.0
- chore: refactor into standalone crate
- refactor(tpm2_protocol): reduce defaults
- refactor(tpm2_protocol): merge TpmuSigScheme and TpmuAsymScheme
- refactor(tpm2_protocol): decouple command building
- fix(tpm2_protocol): trailing data
- refactor(tpm2_protocol): remove MAC definitions
- tests(tpm2_protocol)
- fix(tpm2-protocol): TpmuAttest error code
- tests: migrate dyn trait test to tpm2_protocol
- fix(tpm2_protocol): correct serialization logic
- refactor: InternalError -> Unreachable
- tests(tpm2_protocol): fix compilation errors
- fix(tpm2_protocol): StartAuthSession response
- refactor!(tpm2_protocol): drop tpm_response! and TpmParameters
- fix!(tpm2_protocol): DO NOT export submodules
- refactor(tpm2_protocol): adjust buffer debug output
- fix(tpm2_protocol): TpmRc::base() return code
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQRE6pSOnaBC00OEHEIaerohdGur0gUCaKfLxAAKCRAaerohdGur
0nY/AP9/4HMLP+wY0h5tQSnbzmIajNzzBAoWIA7nA8dIkcQ8RQEAxhK/MrKKT7iQ
j2rEvvKdgWPdHtPhZWzUahuZnW6LIgA=
=RfaI
-----END PGP SIGNATURE-----
#linux #kernel #tpm #rust
0
0
4
Jarkko Sakkinen
jarkko
Edited 21 days ago
I migrated dyn trait (or Box<dyn TpmObject>) as part of tpm2_protocol test suite just to demonstrate that on-wire TPM2 protocol can be dynamically detected without any spurious dependencies ;-)
Screencast demonstrates also the time that it takes to run the full kselftest compatible test suite.
#linux #kernel #tpm #rust
Screencast demonstrates also the time that it takes to run the full kselftest compatible test suite.
#linux #kernel #tpm #rust
0
0
1