| # 03:23:45 | troglodito | quits : Server closed connection |
| # 03:24:27 | troglodito | joins #crosstool-ng |
| # 11:41:57 | Net147 | quits : Ping timeout: 258 seconds |
| # 11:42:24 | Net147 | joins #crosstool-ng |
| # 11:42:25 | Net147 | quits : Changing host |
| # 11:42:25 | Net147 | joins #crosstool-ng |
| # 17:17:02 | HcE | milkylainen: it has, cpackham is loosing out making tons of consultancy money :D Ref issue https://github.com/crosstool-ng/crosstool-ng/issues/2052 |
| # 17:19:45 | HcE | Linux 2.4.36 running glibc 2.2.5, wonder what kind of target this is. |
| # 18:06:19 | milkylainen | hurr. |
| # 18:08:00 | milkylainen | I wouldn't touch it with a very long stick even. But it should still be doable. Some clean old slackware installation. |
| # 18:08:26 | milkylainen | Without too much cruft to care about. An older ct-ng and it should be fine? |
| # 18:09:22 | milkylainen | we're talking what? Anno... 200..4? |
| # 18:09:51 | milkylainen | 2.2.5 is from 2002 apparently. |
| # 18:10:28 | milkylainen | HcE: -^ |
| # 18:11:30 | HcE | I recall the transition to Linux 2.4.x bearly, the kernel was a lot more messy at that point |
| # 18:11:57 | HcE | Followed by Linux 2.6.x, before finally landing on 3.x.y |
| # 18:12:27 | HcE | I think I started out on running RedHat on my workstation as a student, suspect that was a bastard of a 2.2 kernel |
| # 18:12:44 | HcE | RedHat backported everything except bumping the kernel version :D |
| # 18:13:19 | milkylainen | I started on a early redhat iirc, but switched to slack. Around 2.0.3x. Was libc5 at that time? anno 1997-ish |
| # 18:14:38 | HcE | I was programming qbasic on a Mac SE at that time |
| # 18:14:49 | milkylainen | :) |
| # 18:14:59 | HcE | Done a full cycle, back on Mac now as my terminal |
| # 18:15:22 | milkylainen | Nice. One of the new arm ones? |
| # 18:15:39 | HcE | I am looking for an upgrade, still rocking a 2013 macbook pro |
| # 18:15:52 | HcE | As a SSH terminal it works very well |
| # 18:16:20 | milkylainen | Mmm. I'm on 2015-ish pc laptops for terminals and AMD 5950x and 7950x as workers. |
| # 18:16:23 | HcE | But I can't have tons of browser tabs open. |
| # 18:16:38 | HcE | I am spoiled with a threadripper at my work desk |
| # 18:16:43 | milkylainen | \o/ |
| # 18:16:51 | HcE | And our build farms are dual socket Xeon's |
| # 18:17:01 | milkylainen | Super nice. :) |
| # 18:17:32 | HcE | We waste so much CPU cycles at work re-compiling stuff we compiled 10 minutes ago |
| # 18:18:52 | HcE | the threadripper is an amazing "low-cost" high-performing CPU, but they have gotten a lot more expensive since I got this 3970X. |
| # 18:19:02 | milkylainen | Indeed, which reminded me I should do my daily build env maintenance chores. Bump packages etc. |
| # 18:19:11 | HcE | I just did mine |
| # 18:19:14 | HcE | New c-ares release is out |
| # 18:19:24 | milkylainen | :D |
| # 18:20:15 | milkylainen | I did bash yesterday. Today looks like a new linux-firmware kit and tmp2-tools. |
| # 18:20:32 | milkylainen | tpm2 even |
| # 18:22:02 | HcE | I have just started to learn TPM2, never had to deal with it from a developer perspective before. |
| # 18:22:56 | milkylainen | Oh. I pained my brain with a little bit of it some 1,5 year ago. Probably forgotten most of it. Currently diving back into i.MX HABv4 for a imx8mn. |
| # 18:23:49 | HcE | TPM2, UEFI and OP-TEE is the new stuff I need to figure out before the holidays. |
| # 18:23:54 | milkylainen | I did some secure booting using a 1.8" ryzen sbc. The DFI-GHF51. |
| # 18:24:07 | HcE | Moving away from an Android dictated platform to more plain Linux platform. |
| # 18:24:25 | HcE | For secure boot we are stuck with what the SoC vendor provides typically |
| # 18:24:42 | HcE | At least from early bootrom |
| # 18:24:59 | milkylainen | Yeah. ARM vendors are pretty diverse if you disregard the standardized TF-A stuff. |
| # 18:25:36 | milkylainen | It's usually pretty much the same ideas, in a whole new clothing. |
| # 18:26:03 | HcE | Yes, with different set of bugs and vulnerabilities |
| # 18:26:12 | milkylainen | I did a HABv4 userspace validator using openssl last week. I don't think I've ever seen one before. |
| # 18:26:23 | HcE | Nice |
| # 18:26:46 | HcE | I suspect we use HAB on our imx8mq based devices, but I had little to do with that bringup |
| # 18:26:47 | milkylainen | I had the need to validate the image going in before actually letting it through. And instead of doing smc calls and whatnots, I did it in userspace. |
| # 18:27:06 | HcE | I like the up to date state of NXP BSP releases, at least you get latest Linux kernel |
| # 18:27:49 | milkylainen | I'll ask permission from the customer to release it as open source. |
| # 18:27:57 | HcE | did you create an OpenSSL engine for HABv4? |
| # 18:28:43 | milkylainen | Nope, not sure how you mean. |
| # 18:28:53 | milkylainen | I'll probably place it along another tool I wrote. |
| # 18:28:56 | milkylainen | https://github.com/milkylainen/stm32mp1sign |
| # 18:29:15 | milkylainen | I wrote it because the stm32mp15x was javastuff. |
| # 18:29:26 | milkylainen | I couldn't find a simple C signer. |
| # 18:29:42 | HcE | OpenSSL has an engine API, so you can load an engine which will take control over whatever OpenSSL API you implement. For example do RSA operations inside a secure device, hence never exposing the private key. |
| # 18:30:12 | milkylainen | Yeah I know. But no. You don't really need any private keys on target. |
| # 18:30:21 | HcE | Ah, no, not for validate |
| # 18:30:47 | milkylainen | https://github.com/milkylainen/cst-hsm |
| # 18:31:08 | milkylainen | That one is the old PowerPC TrustArch 2.0 signer, with engine support stuck into it for signing. |
| # 18:31:19 | milkylainen | It was trivial. |
| # 18:31:29 | milkylainen | I needed a HSM for signing on the PPC. |
| # 18:31:40 | milkylainen | And the old NXP-CST didn't have engine support. |
| # 18:32:34 | milkylainen | I wrapped the openssl conf to stop the local configuration from being poked back and forth all the time. |
| # 18:33:18 | milkylainen | I wouldn't say I'm very good with openssl though. |
| # 18:33:31 | milkylainen | I find the interfaces to be convoluted and strange at times. |
| # 18:34:36 | milkylainen | Probably a bit broken. I only tested with a yubikey. |
| # 18:36:25 | HcE | the openssl engine interfaces are a bit weird, feels like it is slowly moving towards a new "recommended" flow of implementation. I looked at an example for openssl 3.0, and couldn't figure out for too long why I couldn't get it to work on openssl 1.1.1. |
| # 18:36:38 | HcE | And if you look at openssl 1.0.2 documentation, you get completely confused. |
| # 18:37:02 | milkylainen | :) |
| # 18:37:26 | HcE | And to top it off, we have forked OpenSSL and have our own internal release where some bits are pulled out due to patent concerns IIRC. |
| # 18:37:30 | milkylainen | I should do the new variant instead. I've been procrastrinating... |
| # 18:37:55 | HcE | (and we do FIPS compliance) |
| # 18:37:58 | milkylainen | procrastinating even |
| # 18:39:09 | HcE | I often do openssl development and like the documentation for 3.0 APIs, and then I have to switch over to the older ones when compilation fails. |
| # 18:39:28 | HcE | 2024 will be the year we switch over |
| # 18:43:38 | milkylainen | Mmm. I'll probably have to revisit all of it. Don't know when they're going to drop things permanently. |
| # 18:45:43 | HcE | Yes, typically easy to #ifdef around to choose the right API. |
| # 18:46:01 | milkylainen | mm. |
| # 18:46:05 | HcE | And I would focus on 1.1.1 and 3 support, very few are running 1.0.2 now |
| # 18:46:24 | HcE | 1.1.1 is supported from upstream out this year I think? |
| # 18:46:48 | HcE | No, it is eol https://www.openssl.org/blog/blog/2023/09/11/eol-111/ |
| # 18:48:08 | milkylainen | Mm ok. Yeah. Inevitable then. |
| # 18:48:11 | HcE | The OpenSSL project team is pleased to announce the release of |
| # 18:48:11 | HcE | version 1.1.1w of our open source toolkit for SSL/TLS. |
| # 18:48:11 | HcE | This is the last public release of OpenSSL 1.1.1. Extended |
| # 18:48:12 | HcE | support is available to premium support customers. |
| # 18:48:37 | HcE | Making mental notes :D Better double check our application code still compiles against 3.x.y |
| # 18:52:19 | milkylainen | :) |
| # 21:10:56 | wilsonjholmes | quits : Server closed connection |
| # 21:11:05 | wilsonjholmes | joins #crosstool-ng |