marcan changed the topic of #asahi to: Asahi Linux: porting Linux to Apple Silicon macs | General project discussion | Topics: #asahi-dev #asahi-re #asahi-gpu #asahi-offtopic | Keep things on topic | https://github.com/AsahiLinux | Logs: https://freenode.irclog.whitequark.org/asahi
ndom91 has quit [Remote host closed the connection]
ransom has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
msalter_ has joined #asahi
msalter_ has quit [Client Quit]
ransom has joined #asahi
qyousef has joined #asahi
rbenua has joined #asahi
KarboniteKream has joined #asahi
ganpa has joined #asahi
bent__ has joined #asahi
bent_ has quit [Ping timeout: 246 seconds]
thecake21[m] has joined #asahi
aratuk has joined #asahi
blazra[m] is now known as blazra
blazra has quit [Quit: authenticating]
blazra has joined #asahi
awordnot0 has joined #asahi
awordnot has quit [Read error: Connection reset by peer]
awordnot0 is now known as awordnot
delogips[m] has joined #asahi
KarboniteKream has quit [Ping timeout: 256 seconds]
browzing has quit [Ping timeout: 256 seconds]
<maximus64> marcan: you mention that TrustZone is impossible to implement securely. I'm curious why?
<marcan> because unless you put half of your OS kernel in TrustZone, EL1 has immense power over EL3
<marcan> and even if you do, there's the entire massive field of speculation/etc microarchitectural vulnerabilities
<marcan> e.g. if the EL1 kernel can do CPU voltage/frequency scaling, EL3 is just one clock glitch away from getting pwned
<marcan> same with anything related to the memory subsystem
<marcan> and modern SoCs are so complex it's *impossible* to get this right and plug all the holes
<maximus64> ahh I see yea I remember same attack was done on Intel SGX
<marcan> yes, SGX is the same nonsense
<marcan> Intel: "hey, ARM had a terrible idea, why don't we copy it?" :-)
<maximus64> lol yea I totally agree with you
<Shiz> if you put half of your OS kernel into trustzone, there's a limit->100% chance of one of the interface having vulns
<Shiz> little use of putting your stuff into an Even More Privileged Layer if that's where the vuln lives now :p
<maximus64> I think with ARM64 you could run the whole linux kernel in trustzone ;)
browzing has joined #asahi
browzing has quit [Ping timeout: 246 seconds]
<JTL> maximus64: but why? :P
<maximus64> I just say that you could doesn't mean that you should heh
ransom has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<JTL> fair
<TheJollyRoger> Good morning!
<maximus64> morning
rootspring[m] has joined #asahi
browzing has joined #asahi
KarboniteKream has joined #asahi
browzing has quit [Ping timeout: 272 seconds]
bdju has joined #asahi
browzing has joined #asahi
browzing has quit [Ping timeout: 256 seconds]
awordnot has quit [Quit: The Lounge - https://thelounge.chat]
Alex[m]17 has joined #asahi
rockinrobstar[m] has joined #asahi
<Alex[m]17> i am excited for linux to unleash the potential of M1 chips
aratuk_ has joined #asahi
aratuk_ has quit [Remote host closed the connection]
awordnot has joined #asahi
KarboniteKream has quit [Ping timeout: 260 seconds]
KarboniteKream has joined #asahi
Rays42 has joined #asahi
aratuk has quit [Remote host closed the connection]
bear24rw has quit [Remote host closed the connection]
bear24rw has joined #asahi
bear24rw has quit [Ping timeout: 246 seconds]
ephe_meral has joined #asahi
aratuk has joined #asahi
aratuk has quit [Client Quit]
bear24rw has joined #asahi
merbanan has joined #asahi
aratuk has joined #asahi
haddock has left #asahi [#asahi]
_whitelogger has joined #asahi
zopieux has joined #asahi
browzing has joined #asahi
browzing has quit [Ping timeout: 240 seconds]
konstater has joined #asahi
ts170[m] has joined #asahi
<j`ey> marcan: do anything asahi+technical today? :-)
<marcan> yup, was just readying to do a little livestream shortly actually :)
<marcan> going to work on scaffolding for speeding up the debug/test cycle
<marcan> (I have learned the lesson many times that this pays off *big time* for this kind of project)
<j`ey> sweet, I will be ready
flying_sausages has joined #asahi
<flying_sausages> that's a big IRC room for 2 days of being up
<marcan> it is
<gruetzkopf> last time i've seen that was the #$(console)dev channels
bear24rw has quit [Remote host closed the connection]
Mary_ has joined #asahi
<marcan> "I'll just reply to emails and get on the stream" *2 hours later still replying to emails*
bear24rw has joined #asahi
jinen[m] has joined #asahi
bear24rw has quit [Ping timeout: 264 seconds]
<CDFH> Looking forward to a stream, will be interesting to have on in the background
ephe_meral has quit [Ping timeout: 240 seconds]
<marcan> alright, let me get set up
TheJollyRoger has quit [Remote host closed the connection]
Jamie[m]2 has joined #asahi
ephe_meral has joined #asahi
<marcan> I'll be on #asahi-dev for this stream.
keystone[m] has left #asahi ["User left"]
<brinly> sup
<brinly> some familiar handles here
<j`ey> anyone had issues connecting USB C monitor to their mac?
<j`ey> my monitor shows as a billboard device :/
plainbits has joined #asahi
<cdesai> ohai brinly
ksixty has joined #asahi
sharpiro has quit [Ping timeout: 264 seconds]
mah has joined #asahi
TheJollyRoger has joined #asahi
mah has quit [Ping timeout: 264 seconds]
aratuk has joined #asahi
aratuk has quit [Remote host closed the connection]
riker77 has quit [Quit: Quitting IRC - gone for good...]
mah has joined #asahi
ceph3us has joined #asahi
<ceph3us> marcan: i did cat /etc/passwd on a real mac and there's no _sshd, just sshd, guess they probably built the recovery image with this done deliberately?
<davidrysk[m]> ohhh this is the recovery image?
<j`ey> "I'm in recovery" :P
TheJollyRoger has quit [Ping timeout: 240 seconds]
<davidrysk[m]> I joined late and will have to leave for a bit\
TheJollyRoger has joined #asahi
ceph3us has quit [Remote host closed the connection]
ceph3us has joined #asahi
mah is now known as mch
mch is now known as mah
mah has quit [Quit: Leaving]
plainbits has quit [Quit: Go to sleep. Night!]
ephe_meral has quit [Ping timeout: 260 seconds]
Rays42 has quit [Read error: Connection reset by peer]
Axenntio has joined #asahi
Axenntio has quit [Client Quit]
ephe_meral has joined #asahi
Axenntio has joined #asahi
Axenntio_ has joined #asahi
Axenntio_ has quit [Remote host closed the connection]
Axenntio has quit [Ping timeout: 264 seconds]
<davidrysk[m]> marcan: so when sshd is unloaded by launchctl, I get connection refused (as expected), when it's loaded I get connection reset by peer (which is why I asked if that was what was expected)
<davidrysk[m]> so let's see why it's failing
<davidrysk[m]> oh yeah useful tip, if you need to use CLI tools that are unavailable from recovery you may be able to mount a macOS volume and run them from there
<davidrysk[m]> and I can see that both su and sudo don't work
brentr123[m] has joined #asahi
riker77 has joined #asahi
<jn__> nice :D
<spikebike> shows the priorities ;-)
<winocm> I tried.
bear24rw has joined #asahi
<brentr123[m]> I dont know if anyone has asked this already, but will asahi have x86 emulation?
<winocm> (I hate the taste of beer.)
<opticron> brentr123[m], that's kind of an odd question
<opticron> you'll be able to run qemu on it, so yes?
<j`ey> i guess maybe they meant the TSO bit? which enables the x86 memory model
bear24rw has quit [Ping timeout: 256 seconds]
<jn__> brentr123[m]: through qemu-x86_64, if you install it: sure
<justMaku> marcan mentioned earlier that he will try to get the TSO to work, apparently Linux kernel already kinda supports something similar, so shouldn’t be lots of work
<justMaku> that it’s after he figures out how to enable it on M1
<davidrysk[m]> someone already figured it out and wrote a kext that does it
<davidrysk[m]> that calls a sysctl though
<q3k|m> ... it implements a sysctl, doesn't call one
<davidrysk[m]> wait, no, it implements a sysctl that sets the thread pointer contents
bear24rw has joined #asahi
<davidrysk[m]> will need to dig further
<davidrysk[m]> q3k|m: yes but that's only setting the flag and then the kernel sets the register
<q3k|m> oh, isee
<q3k|m> i thought this was some magical aarch64/m1 segment for per thread hw control
bear24rw has quit [Remote host closed the connection]
<brentr123[m]> i meant similar to how windows insider does it
<brentr123[m]> the arm windows
<brentr123[m]> or just "rosetta 2" but on linux
<j`ey> qemu-user-x86 or whatever its called
<linkmauve> brentr123[m], you can use binfmt_misc to register your emulator of choice for your file format of choice.
<brentr123[m]> ??
<linkmauve> Then chmod +x it, and ./the-foreign-binary will work.
<brentr123[m]> thats not end-user friendly
<j`ey> asahilinux is probably not starting out to be user friendly
<davidrysk[m]> there are tools that make it easier, the problem is that to do everything you need a chroot with arm64 libs
<davidrysk[m]> that said I was experimenting with mcsema to see if it could be used to AOT-recompile an aarch64 binary to x86_64
<davidrysk[m]> but that's a low priority project :P
bear24rw has joined #asahi
Axenntio has joined #asahi
carlosn has joined #asahi
bear24rw has quit [Ping timeout: 264 seconds]
ephe_meral has quit [Ping timeout: 256 seconds]
<linkmauve> Oh nice, GPU RE is starting already! https://rosenzweig.io/blog/asahi-gpu-part-1.html
bear24rw has joined #asahi
<davidrysk[m]> yeah, it's being discussed in the -gpu channel
<marcan> it's an MSR or something, I'll implement it as a prctl()
<marcan> the TSO thing
<davidrysk[m]> marcan: it's probably an MSR
<marcan> it should be like 10 lines of code if that, this will be trivial
<marcan> once basic userspace is usable I'll just do it at some point, feel free to remind me if I forget
<marcan> more fun will be using it in qemu :)
<marcan> (cc agraf? :))
<marcan> davidrysk[m]: oh good point on the macos tools... the OS should actually already be mounted in recovery mode
<marcan> you can only use signed apps, but of course those are signed
<marcan> duh
<marcan> I can just copy script or whatever from osx, or from the net via curl
<marcan> I completely forgot about that
modwizcode has joined #asahi
<marcan> I can't *make* tools but I can *copy* them
<marcan> so yeah maybe I'll just give up on ssh, copy script over and use a netcat pipe
<davidrysk[m]> marcan: programs that are ad-hoc signed on another computer just work
<davidrysk[m]> even with SIP enabled
<marcan> I thought recovery mode enforced proper apple codesigning
<marcan> a la iOS
tiago_ has joined #asahi
<marcan> (though I haven't tested it)
<marcan> (just something I heard)
<marcan> the point of 1TR is that it is a trusted environment
<marcan> if you can just throw code in you subvert that
<davidrysk[m]> well, nothing in 1TRR is persistent
<davidrysk[m]> it's a ramdisk that's created on boot
<marcan> sure
<Shiz> well yeah, but it has more privileged access to stuff
<Shiz> if you can run arbitrary bins on it what's the point
<davidrysk[m]> well, I compiled a tester program on another computer, copied it to an external usb, plugged the usb into the machine in recovery, and it ran
<davidrysk[m]> the point is that physical access is required to enter 1TRR
<davidrysk[m]> and that changes to recovery aren't persistent, so you can't install a persistent implant
<marcan> davidrysk[m]: on M1?
<davidrysk[m]> well, I didn't test running that binary on M1. I had better :)
<davidrysk[m]> physical access is required to access 1TRR on M1.
<marcan> :)
<marcan> I mean my info might be wrong :p
<marcan> anyway, sleep now ;)
<marcan> more experiments tomorrow
<davidrysk[m]> I'm using the M1 as my primary so I wanted to avoid rebooting unnecessarily
<davidrysk[m]> but I sure can test it :)
<Shiz> oyasumi \o
browzing has joined #asahi
<davidrysk[m]> marcan: yeah indeed on Intel you can run anything but on M1 they enforce code signing in recovery
<davidrysk[m]> Still, useful for testing
<Shiz> :o
<davidrysk[m]> programs signed by apple from the root volume do still work
<davidrysk[m]> I didn't test a third party apple developer signed program
Axenntio_ has joined #asahi
Axenntio has quit [Remote host closed the connection]
<davidrysk[m]> (meaning, one with a legit non-adhoc sig)
Axenntio_ has quit [Remote host closed the connection]
Axenntio has joined #asahi
Axenntio has quit [Remote host closed the connection]
Calchan has joined #asahi
bloom has joined #asahi
bloom has left #asahi [#asahi]
stormclad has joined #asahi
bear24rw has quit [Remote host closed the connection]
bear24rw has joined #asahi
tiago_ is now known as tmartins
bear24rw has quit [Remote host closed the connection]
bear24rw has joined #asahi
bear24rw has quit [Remote host closed the connection]
Baughn has joined #asahi
bear24rw has joined #asahi
tmartins is now known as tiagom
ghantaz has joined #asahi
tiagom has quit [Quit: tiagom]
tiagom has joined #asahi
tbodt has joined #asahi
ghantaz has quit [Remote host closed the connection]
bear24rw has quit [Remote host closed the connection]
bear24rw has joined #asahi
gua has joined #asahi
rafaelmartins has joined #asahi
Axenntio has joined #asahi
Axenntio_ has joined #asahi
Axenntio_ has quit [Remote host closed the connection]
King_InuYasha has joined #asahi
<gua> just a heads up, i looked into discord and IRC bridges a month or two ago and the clear current leader is the go-discord-irc project: https://github.com/qaisjp/go-discord-irc
<gua> (for if and when a discord bridge is set up, i would want it to not get a bad reputation from using inferior software)
Axenntio has quit [Remote host closed the connection]
King_InuYasha is now known as Conan_Kudo
Conan_Kudo is now known as King_InuYasha
Eighth_Doctor has joined #asahi
gua has quit [Remote host closed the connection]
Axenntio has joined #asahi
Axenntio_ has joined #asahi
Axenntio_ has quit [Remote host closed the connection]
Axenntio_ has joined #asahi
Axenntio_ has quit [Remote host closed the connection]
Axenntio has quit []
Axenntio_ has joined #asahi
veyron has quit [Remote host closed the connection]
Axenntio_ has quit [Remote host closed the connection]
ConeOfAttack[m] has joined #asahi
fl35[m] has joined #asahi
plainbits has joined #asahi
<davidrysk[m]> okay, next step is to pull the dyld_shared_cache off the recovery and see if it contains the needed functions
<davidrysk[m]> is there a good dyld_shared_cache extractor available?
choozy has joined #asahi
Axenntio has joined #asahi
Axenntio has quit [Remote host closed the connection]
<awordnot> davidrysk[m]: https://github.com/antons/dyld-shared-cache-big-sur along with the PR that enables arm64 support
Axenntio has joined #asahi
<davidrysk[m]> awordnot: I see that that project has not been updated for the dyld that was just released by Apple
<awordnot> davidrysk[m]: yeah I'm not sure how far it'll get you with the latest dyld. I was researching this recently and this was the most up-to-date tool I could find
ransom has joined #asahi
plainbits has quit [Ping timeout: 272 seconds]
<TheJollyRoger> Ahoy awordnot! Good to see you!
ransom has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<awordnot> TheJollyRoger: oh hi JR :)
<TheJollyRoger> Yo-ho! \o/
Axenntio has quit [Ping timeout: 240 seconds]
<TheJollyRoger> Great to see more familiar faces here, hehehe.
sharpiro has joined #asahi
Axenntio has joined #asahi
browzing has quit [Ping timeout: 246 seconds]
sharpiro_ has joined #asahi
<davidrysk[m]> found the problem, you need to edit /etc/master.passwd, not /etc/passwd
<davidrysk[m]> the manpage for passwd(5) tells us that
<davidrysk[m]> just add an alias in it, duplicate the line for _sshd with sshd and use the same uid/gid :P
<davidrysk[m]> there's another issue though, you need to place hostkeys on the system
Axenntio has quit [Remote host closed the connection]
<davidrysk[m]> still getting connection reset though!!
sharpiro has quit [Ping timeout: 256 seconds]
<davidrysk[m]> it can't chroot, due to EACCES
bloom has joined #asahi
bloom has left #asahi [#asahi]
<davidrysk[m]> hm not EACCES but EPERM
<dottedmag> Mary_: thog.eu cert looks expired
<Mary_> yeaaah I know
<dottedmag> kk
<Mary_> not using this domain anymore tbh
tiagom has quit [Quit: tiagom]
<tbodt> is it not possible to compile a custom sshd?
<dottedmag> Mary_: except e-mail for copyrights?
<dottedmag> tbodt: signature check
<tbodt> does it do that for everything in recovery?
<Mary_> I mean the mail server is still up dottedmag, just too lazy to move stuffs to my new domain
<Mary_> dottedmag, fixed the cert
<Mary_> Anyhow I also tried some stuffs under recovery for sshd but without much success
<davidrysk[m]> Mary_: I got as far as having it try and fail to chroot
<davidrysk[m]> if you have an intel mac you can run self-signed binaries in recovery which is useful for testing
plainbits has joined #asahi
<davidrysk[m]> on M1, yes it enforces sigchecking in recovery. Apple-signed system binaries work, though, but I haven't tested running a dev-signed binary. Also the dyld_shared_cache is much-reduced.
<brentr123[m]> Is there anyway to spoof the sig?
<davidrysk[m]> no
jozzle has joined #asahi
browzing has joined #asahi
ky0ko has joined #asahi
<davidrysk[m]> ConeOfAttack: when you send a too-long message from matrix it gets turned into a link on IRC
<jn__> ConeOfAttack[m]: AFAIK (from https://github.com/AsahiLinux/docs/wiki/Codenames) the M1 has a "performance" core and a "efficiency" core, which is probably something to consider
<davidrysk[m]> Personally, it would be nice if someone did a ton more uarch and memory testing. We don't even know how large the shared (L3?) cache is.
<davidrysk[m]> it's not a traditional L3 cache because it's shared between the CPU, GPU, ML, and other cores
<ConeOfAttack[m]> david.rysk: bummer! Any idea how many characters I have to work with? And yes, hopefully more individuals will obtain hardware and start testing.
<davidrysk[m]> I believe something around 500 but I'm not sure
<davidrysk[m]> I'd like to see more exhaustive tests like these
<tpw_rules> i would assume newlines also trigger the too-long link
<ConeOfAttack[m]> I expect that studying the cache will be tricky too, since the DRAM is on the die, but the controller also has some sort of last layer cache. Is that an L3? Victim cache? L4? Weird stuff.
<brentr123[m]> I might get a m1 soon, how could a noob like me with only minimal python knowledge test things?
<spikebike> I wrote a microbenchmark to explore latency and parallelism and while I don't have a M1, I've been having people run it on the M1
<davidrysk[m]> the DRAM is on-package, not on-die
<davidrysk[m]> the "fabric" has an L3-like cache that is shared by the various components
<spikebike> yes, but the slow cores have a seperate L3
<ConeOfAttack[m]> david.rysk: thanks for correcting me. Also, is it worth breaking my first post into smaller chunks?
<davidrysk[m]> ConeOfAttack: I'd just summarize it; people can click on the link if they need to
tiagom has joined #asahi
<Yuzu> slow cores have separate L3? afaik they use the same System Level Cache as everything else, they just have their own shared L2
<spikebike> ah, seperate L2 would explain the graph as well
<Yuzu> yeah, it's 12MB shared L2 for perf cluster, 4MB shared L2 for efficiency cluster
<spikebike> ah, sure, the total cache size differing by 4MB with all cores in use fits well.
jjanzic has quit [Remote host closed the connection]
<ConeOfAttack[m]> Anandtech's uArch tests suggest the M1 ROB is 600+ deep. Rename stations have ~350 entries for INT & FP each. This should be quite power hungry, esp. the CAM, so I speculate that Apple's engineers have a novel implementation.
jjanzic has joined #asahi
<ConeOfAttack[m]> Mitch Alsup and lkcl have a modified CDC 6600 scoreboard, fully OoO with exceptions. The design is stated to avoid a CAM entirely. It also seems suitable for an esp. wide CPU. https://libre-soc.org/3d_gpu/architecture/6600scoreboard
skg has joined #asahi
_plainbits_ has joined #asahi
bear24rw has quit [Remote host closed the connection]
bear24rw has joined #asahi
bear24rw has quit [Remote host closed the connection]
xerpi[m] has joined #asahi
bear24rw has joined #asahi
ransom has joined #asahi
plainbits has quit [Ping timeout: 272 seconds]
ransom_ has joined #asahi
ransom has quit [Ping timeout: 272 seconds]
aratuk has joined #asahi
aratuk_ has joined #asahi
FFY00 has quit [Remote host closed the connection]
FFY00 has joined #asahi
aratuk has quit [Ping timeout: 256 seconds]
jevinskie[m] has joined #asahi
<agraf> marcan: let's leave the TSO QEMU fun for after you have PCIe up and running :)
ransom_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
ransom has joined #asahi
hspak2 has joined #asahi
_plainbits_ has quit [Ping timeout: 272 seconds]
plainbits has joined #asahi
hspak has quit [Ping timeout: 272 seconds]
hspak2 is now known as hspak
choozy has quit [Remote host closed the connection]
krbtgt has joined #asahi
plainbits has quit [Quit: Go to sleep. Night!]
stormclad has quit [Remote host closed the connection]
stormclad has joined #asahi
ransom has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
ransom has joined #asahi
assusdan[m] has joined #asahi
modwizcode has quit [Quit: Later]
jamadazi has joined #asahi
Lightsword has joined #asahi