Jarkko Sakkinen
jarkko
Awesome, it went through first time. Finally had time to actually enable secure boot with sbctl.
Here’s what I did:
- Enabled secure boot in custom mode (i.e., not standard mode) from BIOS settings.
- Erased all keys. This triggers so called “setup mode” for the next boot.
- Typed bunch of random commands :-)
I did the script couple of weeks ago but did not have time to test it live (until now).
1
0
2
Jarkko Sakkinen
jarkko
Just like there is this half-insulting term "SJW", or "social justice warrior", there should another term "NWW" aka "non-woke warrior" IMHO.
... when I was young IDEs had NON-WOKE names such as "Code Warrior" ;-)
... when I was young IDEs had NON-WOKE names such as "Code Warrior" ;-)
0
0
0
Jarkko Sakkinen
jarkko
alias readelf='readelf -W'
like the first thing to ever do with readelf ;-)
like the first thing to ever do with readelf ;-)
0
0
0
Jarkko Sakkinen
jarkko
This kernel patch embeds an extension for the TPMKey specification:
https://lore.kernel.org/linux-integrity/20251205030205.140842-3-jarkko@kernel.org/
I.e. optional 'parentName' attribute. It also populates kernel's ASN.1 definition with the full spec. It's a bottleneck in the ASN.1 format.
#linux #kernel #tpm
https://lore.kernel.org/linux-integrity/20251205030205.140842-3-jarkko@kernel.org/
I.e. optional 'parentName' attribute. It also populates kernel's ASN.1 definition with the full spec. It's a bottleneck in the ASN.1 format.
#linux #kernel #tpm
1
0
0
Jarkko Sakkinen
jarkko
UserHasNoMailboxAndNoLicenseAssignedError
Microsoft clearly makes the best error codes.
Microsoft clearly makes the best error codes.
0
0
2
Jarkko Sakkinen
jarkko
In Himmelblau evolution it will be interesting to see if there's someday perhaps a subset of graph API to provide "the service' too.
0
0
0
Jarkko Sakkinen
jarkko
Cool, got ssh logins through Azure/Intune working to built Ms after fighting for some time with systemd-creds :-) Himmelblau 2.0 feels surprsingly stable environment.
0
0
1
Jarkko Sakkinen
jarkko
This is how wrap get_compile_commands.py:
https://gist.github.com/jarkkojs/00d4fb05474d00bd64df51b4b0028a3b
Sometimes I feel that this should be made somehow a bit more convenient :-)
https://gist.github.com/jarkkojs/00d4fb05474d00bd64df51b4b0028a3b
Sometimes I feel that this should be made somehow a bit more convenient :-)
0
0
0
Jarkko Sakkinen
jarkko
One bottleneck in HMAC encryption that would be easy to solve if TPMKey ASN.1 format would store 'parentPublic', or alternatively 'parentPublicName'.
HMAC encryption requires "extra" TPM2_ReadPublic per unseal transaction because it cannot be stored to the key data.
If it had the field it would be trivial to calculate cryptographic name for the parent object without roundtrip to TPM2 chip when the key is used after creation.
I.e. it is classic value not cached that would be constantly required.
RT @Foxboron
HMAC encryption requires "extra" TPM2_ReadPublic per unseal transaction because it cannot be stored to the key data.
If it had the field it would be trivial to calculate cryptographic name for the parent object without roundtrip to TPM2 chip when the key is used after creation.
I.e. it is classic value not cached that would be constantly required.
RT @Foxboron
0
0
0
Jarkko Sakkinen
jarkko
3rd PR for 6.19: https://lore.kernel.org/linux-integrity/aSthHCovbsDZANsa@kernel.org/T/#u
at least i'm on schedule this time :-)
at least i'm on schedule this time :-)
0
0
0
Jarkko Sakkinen
jarkkoThis is how I manage my pull requests ATM (creating and pushing signed tags, request-pull etc.):
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-pull-request.git/tree/?h=main
I’m happy with the tiny jq based templating engine for moustache templates. Has worked surprisingly well.
1
1
0
Jarkko Sakkinen
jarkko
Edited 5 months ago
I've been fine-tuning the policy and caching engine in tpm2sh a lot and next version will allow to:
1. View policy as an expression via 'tpm2sh memory -p <handle>'
2. Create primary keys with arbitrary policies (was not just done nothing special in it).
3. Creating, viewing and maintaining policies for persistent keys.
These sort of come as "side-effect" of just cleaning up and polishing the groundwork :-)
#linux #tpm #rustlang
1. View policy as an expression via 'tpm2sh memory -p <handle>'
2. Create primary keys with arbitrary policies (was not just done nothing special in it).
3. Creating, viewing and maintaining policies for persistent keys.
These sort of come as "side-effect" of just cleaning up and polishing the groundwork :-)
#linux #tpm #rustlang
0
0
1
Jarkko Sakkinen
jarkko
What are known good workarounds with systemd-creds for situations like this:
https://github.com/himmelblau-idm/himmelblau/issues/901
I can admit that I don't really know what I'm doing ATM :-)
#systemd
https://github.com/himmelblau-idm/himmelblau/issues/901
I can admit that I don't really know what I'm doing ATM :-)
#systemd
0
0
0
Jarkko Sakkinen
repeated
repeated
OpenAI says dead teen violated TOS when he used ChatGPT to plan suicide.
Ghouls gonna ghoul: Facing five lawsuits alleging wrongful deaths, OpenAI lobbed its first defense Tuesday, denying in a court filing that ChatGPT caused a teen's suicide and...
https://jwz.org/b/ykxy
1
2
0
Jarkko Sakkinen
jarkko
https://thenewstack.io/ffmpeg-to-google-fund-us-or-stop-sending-bugs/ :-----------------------)
0
1
2
Jarkko Sakkinen
jarkko
Edited 5 months ago
one aspect in security, which has been wrong even in some of the linux foundations pages from time to time is that they differentiate answers between "incorrect password" and "acount does not exist". this should be obviously opaque.
it allows to query which sites user has an account, which is useful information in wrong hands already.
#infosec #oracle
it allows to query which sites user has an account, which is useful information in wrong hands already.
#infosec #oracle
0
2
1