# 03:23:45 |
troglodito |
quits : Server closed connection |
# 03:24:27 |
troglodito |
joins #crosstool-ng |
# 11:41:57 |
Net147 |
quits : Ping timeout: 258 seconds |
# 11:42:24 |
Net147 |
joins #crosstool-ng |
# 11:42:25 |
Net147 |
quits : Changing host |
# 11:42:25 |
Net147 |
joins #crosstool-ng |
# 17:17:02 |
HcE |
milkylainen: it has, cpackham is loosing out making tons of consultancy money :D Ref issue https://github.com/crosstool-ng/crosstool-ng/issues/2052 |
# 17:19:45 |
HcE |
Linux 2.4.36 running glibc 2.2.5, wonder what kind of target this is. |
# 18:06:19 |
milkylainen |
hurr. |
# 18:08:00 |
milkylainen |
I wouldn't touch it with a very long stick even. But it should still be doable. Some clean old slackware installation. |
# 18:08:26 |
milkylainen |
Without too much cruft to care about. An older ct-ng and it should be fine? |
# 18:09:22 |
milkylainen |
we're talking what? Anno... 200..4? |
# 18:09:51 |
milkylainen |
2.2.5 is from 2002 apparently. |
# 18:10:28 |
milkylainen |
HcE: -^ |
# 18:11:30 |
HcE |
I recall the transition to Linux 2.4.x bearly, the kernel was a lot more messy at that point |
# 18:11:57 |
HcE |
Followed by Linux 2.6.x, before finally landing on 3.x.y |
# 18:12:27 |
HcE |
I think I started out on running RedHat on my workstation as a student, suspect that was a bastard of a 2.2 kernel |
# 18:12:44 |
HcE |
RedHat backported everything except bumping the kernel version :D |
# 18:13:19 |
milkylainen |
I started on a early redhat iirc, but switched to slack. Around 2.0.3x. Was libc5 at that time? anno 1997-ish |
# 18:14:38 |
HcE |
I was programming qbasic on a Mac SE at that time |
# 18:14:49 |
milkylainen |
:) |
# 18:14:59 |
HcE |
Done a full cycle, back on Mac now as my terminal |
# 18:15:22 |
milkylainen |
Nice. One of the new arm ones? |
# 18:15:39 |
HcE |
I am looking for an upgrade, still rocking a 2013 macbook pro |
# 18:15:52 |
HcE |
As a SSH terminal it works very well |
# 18:16:20 |
milkylainen |
Mmm. I'm on 2015-ish pc laptops for terminals and AMD 5950x and 7950x as workers. |
# 18:16:23 |
HcE |
But I can't have tons of browser tabs open. |
# 18:16:38 |
HcE |
I am spoiled with a threadripper at my work desk |
# 18:16:43 |
milkylainen |
\o/ |
# 18:16:51 |
HcE |
And our build farms are dual socket Xeon's |
# 18:17:01 |
milkylainen |
Super nice. :) |
# 18:17:32 |
HcE |
We waste so much CPU cycles at work re-compiling stuff we compiled 10 minutes ago |
# 18:18:52 |
HcE |
the threadripper is an amazing "low-cost" high-performing CPU, but they have gotten a lot more expensive since I got this 3970X. |
# 18:19:02 |
milkylainen |
Indeed, which reminded me I should do my daily build env maintenance chores. Bump packages etc. |
# 18:19:11 |
HcE |
I just did mine |
# 18:19:14 |
HcE |
New c-ares release is out |
# 18:19:24 |
milkylainen |
:D |
# 18:20:15 |
milkylainen |
I did bash yesterday. Today looks like a new linux-firmware kit and tmp2-tools. |
# 18:20:32 |
milkylainen |
tpm2 even |
# 18:22:02 |
HcE |
I have just started to learn TPM2, never had to deal with it from a developer perspective before. |
# 18:22:56 |
milkylainen |
Oh. I pained my brain with a little bit of it some 1,5 year ago. Probably forgotten most of it. Currently diving back into i.MX HABv4 for a imx8mn. |
# 18:23:49 |
HcE |
TPM2, UEFI and OP-TEE is the new stuff I need to figure out before the holidays. |
# 18:23:54 |
milkylainen |
I did some secure booting using a 1.8" ryzen sbc. The DFI-GHF51. |
# 18:24:07 |
HcE |
Moving away from an Android dictated platform to more plain Linux platform. |
# 18:24:25 |
HcE |
For secure boot we are stuck with what the SoC vendor provides typically |
# 18:24:42 |
HcE |
At least from early bootrom |
# 18:24:59 |
milkylainen |
Yeah. ARM vendors are pretty diverse if you disregard the standardized TF-A stuff. |
# 18:25:36 |
milkylainen |
It's usually pretty much the same ideas, in a whole new clothing. |
# 18:26:03 |
HcE |
Yes, with different set of bugs and vulnerabilities |
# 18:26:12 |
milkylainen |
I did a HABv4 userspace validator using openssl last week. I don't think I've ever seen one before. |
# 18:26:23 |
HcE |
Nice |
# 18:26:46 |
HcE |
I suspect we use HAB on our imx8mq based devices, but I had little to do with that bringup |
# 18:26:47 |
milkylainen |
I had the need to validate the image going in before actually letting it through. And instead of doing smc calls and whatnots, I did it in userspace. |
# 18:27:06 |
HcE |
I like the up to date state of NXP BSP releases, at least you get latest Linux kernel |
# 18:27:49 |
milkylainen |
I'll ask permission from the customer to release it as open source. |
# 18:27:57 |
HcE |
did you create an OpenSSL engine for HABv4? |
# 18:28:43 |
milkylainen |
Nope, not sure how you mean. |
# 18:28:53 |
milkylainen |
I'll probably place it along another tool I wrote. |
# 18:28:56 |
milkylainen |
https://github.com/milkylainen/stm32mp1sign |
# 18:29:15 |
milkylainen |
I wrote it because the stm32mp15x was javastuff. |
# 18:29:26 |
milkylainen |
I couldn't find a simple C signer. |
# 18:29:42 |
HcE |
OpenSSL has an engine API, so you can load an engine which will take control over whatever OpenSSL API you implement. For example do RSA operations inside a secure device, hence never exposing the private key. |
# 18:30:12 |
milkylainen |
Yeah I know. But no. You don't really need any private keys on target. |
# 18:30:21 |
HcE |
Ah, no, not for validate |
# 18:30:47 |
milkylainen |
https://github.com/milkylainen/cst-hsm |
# 18:31:08 |
milkylainen |
That one is the old PowerPC TrustArch 2.0 signer, with engine support stuck into it for signing. |
# 18:31:19 |
milkylainen |
It was trivial. |
# 18:31:29 |
milkylainen |
I needed a HSM for signing on the PPC. |
# 18:31:40 |
milkylainen |
And the old NXP-CST didn't have engine support. |
# 18:32:34 |
milkylainen |
I wrapped the openssl conf to stop the local configuration from being poked back and forth all the time. |
# 18:33:18 |
milkylainen |
I wouldn't say I'm very good with openssl though. |
# 18:33:31 |
milkylainen |
I find the interfaces to be convoluted and strange at times. |
# 18:34:36 |
milkylainen |
Probably a bit broken. I only tested with a yubikey. |
# 18:36:25 |
HcE |
the openssl engine interfaces are a bit weird, feels like it is slowly moving towards a new "recommended" flow of implementation. I looked at an example for openssl 3.0, and couldn't figure out for too long why I couldn't get it to work on openssl 1.1.1. |
# 18:36:38 |
HcE |
And if you look at openssl 1.0.2 documentation, you get completely confused. |
# 18:37:02 |
milkylainen |
:) |
# 18:37:26 |
HcE |
And to top it off, we have forked OpenSSL and have our own internal release where some bits are pulled out due to patent concerns IIRC. |
# 18:37:30 |
milkylainen |
I should do the new variant instead. I've been procrastrinating... |
# 18:37:55 |
HcE |
(and we do FIPS compliance) |
# 18:37:58 |
milkylainen |
procrastinating even |
# 18:39:09 |
HcE |
I often do openssl development and like the documentation for 3.0 APIs, and then I have to switch over to the older ones when compilation fails. |
# 18:39:28 |
HcE |
2024 will be the year we switch over |
# 18:43:38 |
milkylainen |
Mmm. I'll probably have to revisit all of it. Don't know when they're going to drop things permanently. |
# 18:45:43 |
HcE |
Yes, typically easy to #ifdef around to choose the right API. |
# 18:46:01 |
milkylainen |
mm. |
# 18:46:05 |
HcE |
And I would focus on 1.1.1 and 3 support, very few are running 1.0.2 now |
# 18:46:24 |
HcE |
1.1.1 is supported from upstream out this year I think? |
# 18:46:48 |
HcE |
No, it is eol https://www.openssl.org/blog/blog/2023/09/11/eol-111/ |
# 18:48:08 |
milkylainen |
Mm ok. Yeah. Inevitable then. |
# 18:48:11 |
HcE |
The OpenSSL project team is pleased to announce the release of |
# 18:48:11 |
HcE |
version 1.1.1w of our open source toolkit for SSL/TLS. |
# 18:48:11 |
HcE |
This is the last public release of OpenSSL 1.1.1. Extended |
# 18:48:12 |
HcE |
support is available to premium support customers. |
# 18:48:37 |
HcE |
Making mental notes :D Better double check our application code still compiles against 3.x.y |
# 18:52:19 |
milkylainen |
:) |
# 21:10:56 |
wilsonjholmes |
quits : Server closed connection |
# 21:11:05 |
wilsonjholmes |
joins #crosstool-ng |