marcan changed the topic of #asahi to: Asahi Linux: porting Linux to Apple Silicon macs | General project discussion | GitHub: https://alx.sh/g | Wiki: https://alx.sh/w | Topics: #asahi-dev #asahi-re #asahi-gpu #asahi-offtopic | Keep things on topic | Logs: https://alx.sh/l/asahi
Gu_______ has joined #asahi
user1tt[m] has joined #asahi
Gu_______ has quit []
bgb has quit [Ping timeout: 480 seconds]
bgb has joined #asahi
_whitelogger has joined #asahi
_whitelogger has joined #asahi
mrkajetanp has quit [Quit: WeeChat 3.1]
shenki has joined #asahi
bgb has quit [Ping timeout: 480 seconds]
bgb has joined #asahi
bgb has quit [Ping timeout: 480 seconds]
bgb has joined #asahi
Hotswap has joined #asahi
marvin24_ has joined #asahi
marvin24 has quit [Ping timeout: 480 seconds]
Dementor[m] has joined #asahi
bgb has quit [Ping timeout: 480 seconds]
bgb has joined #asahi
VinDuv has joined #asahi
VinDuv has quit [Quit: Leaving.]
tomtastic has joined #asahi
bgb_ has joined #asahi
tomtastic is now known as ink
bgb has quit [Ping timeout: 480 seconds]
ink is now known as tomtastic
vivithecanine[m] has joined #asahi
timur_davletshin has joined #asahi
timur_davletshin has left #asahi [Leaving]
maor26 has joined #asahi
ave has joined #asahi
dtantono__ has joined #asahi
<dtantono__>
Today Ipad with m1 chip is available globally and I hope this project can cover Ipad as well
<j_ey>
dtantono__: if someone finds an exploit for it
<dtantono__>
do you mean jailbreak?
<j_ey>
ayeah
<j_ey>
it's unlikely to have kmutil etc
<dtantono__>
jailbreak is common for iOS
<brentr123[m]>
We would probably need a bootrom exploit
<nemanjan00[m]>
That would be awesome :D
<brentr123[m]>
Don’t get your hopes up, the chance of that happening is extremely unlikely
Raito_Bezarius has joined #asahi
<nemanjan00[m]>
A log of extremely unlikely things have already been done to get Linux to M1 :D
robinp has joined #asahi
<dtantono__>
don't be pessimistic
dtantono has joined #asahi
dtantono has quit []
dtantono__ has quit [Remote host closed the connection]
dtantono has joined #asahi
<marcan>
a jailbreak as in a kernel exploit would not be enough most likely; we would need a bootrom exploit which is not very likely
<marcan>
nemanjan00[m]: nothing unlikely has been done to get Linux to M1
<marcan>
Linux on M1 was guaranteed to be possible once Apple decided to allow other OSes
<brentr123[m]>
Or tfp0 or whatever
<brentr123[m]>
I think apple fixed that
<marcan>
brentr123[m]: I don't think we can chainload linux from xnu very easily
<marcan>
some "apple mode" things are one-shot
<marcan>
for example, pauth gets locked in apple mode
<marcan>
so if we try that we're going to run into painful stuff
<marcan>
we could run linux in a minimal VM a la m1n1 hv but ew
<marcan>
it could be done but it wouldn't be pretty
<marcan>
besides, there's KTRR too, I think that one's one-shot too
<marcan>
so basically, don't count on me to care about any of this unless someone gets pre-xnu code execution, and if they do chances are they can just chainload m1n1 and given the right devicetree, everything we build for Asahi will work fine
<brentr123[m]>
Yeah vms seems like that’s the best bet, something like UTM. With the current reverse engineering of the m1 chip, perhaps that will allow for better optimization of the code
bgb_ has quit [Ping timeout: 480 seconds]
bgb_ has joined #asahi
<svenpeter>
KTRR is one shot, yes
<svenpeter>
you'd need a KTRR and probably also a PPL bypass. that's.. unlikely
thunfisch has joined #asahi
* Emantor
thinks a bootrom exploit is more likely.
<Emantor>
But given how much time apple has invested into securing their iPhones, you'll need to search for some time.
<svenpeter>
an iboot exploit is probably enough :P
<brentr123[m]>
Well actually
<svenpeter>
but still unlikely and nothing I really care about either
<brentr123[m]>
There is Iboot exploit for 5s-X 12.0 and up
<brentr123[m]>
With Checkra1n
<brentr123[m]>
That’s not m1 though so there may not be motivation to make asahi work on that
<svenpeter>
apple doesn't change their hw blocks very often afaict. there's a decent chance an update device tree + some small patches to drivers might be enough
<nemanjan00[m]>
We are probably going to be using your kernel in production where I work. So, I need to make it more reproducible for end users and automation. Is that something you would like me to contribute to project, or should I make it for us only?
<jn>
nemanjan00[m]: which source trees would be affected by your reproducibility patches?
<nemanjan00[m]>
I am mostly interested in building documentation, scripts for easier installation and CI/CD to make sure it builds
<nemanjan00[m]>
I want to build something like corellium guide, just for your kernel
<nemanjan00[m]>
Not sure about userspace yet
<jn>
i can't speak with any authority here, but this does sound good in general
<jn>
do you think some of this documentation would fit into the Asahi wiki?
<j_ey>
what part would apply to asahi directly?
<nemanjan00[m]>
You do have great developer docs, but, I think you lack straight forward docs for someone who just wants to try it in this state
<j_ey>
there's not that much to try yet, that's probably why
<_jannau_>
there is not much to try at this point fr non-developers
<nemanjan00[m]>
Scripts for installing it by running single command, like corellium would fit great, and also, guide on how to use it
<Emantor>
Asahi is not at this stage yet.
<Emantor>
Without specialized hardware you won't even see are kernel prompt, since AFAIK cdc-acm is not working for linux yet.
<j_ey>
Emantor: I think that works now
<nemanjan00[m]>
You did not pull changes for corellium m1 kernel?
<j_ey>
no
<j_ey>
those are not upstreamable really
<Emantor>
There is a pretty big difference between "we hacked something up that works" and "changes are now in the upstream kernel"
TheFirst has joined #asahi
bgb_ has quit [Remote host closed the connection]
bgb_ has joined #asahi
<marcan>
svenpeter: by the way, does macos even *use* GXF/PPL?
<marcan>
apple's own docs say that is iOS only
<marcan>
(SPRR though sure)
<marcan>
which might explain why I haven't run into epic fail with m1n1 yet
<svenpeter>
I'm pretty sure it does
<svenpeter>
machine_lockdown should enable it
<yrlf>
marcan: how far does it boot now?
<marcan>
yrlf: same as before, between some other stuff and the freenode implosion this week I haven't gone back to the HV; did some other minor things though
<marcan>
looking at adding some more regs right now
dtantono has quit [Quit: Page closed]
mrkajetanp has joined #asahi
TheLink has quit [Quit: Blubb]
VinDuv has joined #asahi
hir0pro has quit [Quit: leaving]
hir0pro has joined #asahi
blub has joined #asahi
blub has quit [Read error: Connection reset by peer]
bovermyer has joined #asahi
hir0pro has quit [Quit: Lost terminal]
bovermyer has quit [Read error: Connection reset by peer]
Ut_Pwnsim has joined #asahi
<Ut_Pwnsim>
UR NOOB IRCD GOT PWNED BY LALBORNOZ FROM MIDIPIX / IRC.LIBERA.CHAT #MIDIPIX
Ut_Pwnsim has quit []
<nkaretnikov>
marcan: ^ this spam is on three networks I’m on fyi
<marcan>
sigh
<nkaretnikov>
more might pop up
<XeR>
It always uses the same IP address
pugguu has joined #asahi
<nkaretnikov>
yep
app4soft has joined #asahi
app4soft has quit [Read error: Connection reset by peer]
gruetzkopf has quit [Read error: Connection reset by peer]
gruetzkopf has joined #asahi
gruetzkopf is now known as Guest4387
Guest4387 has quit [Read error: Connection reset by peer]
dandy has joined #asahi
gruetzko- has joined #asahi
<Shiz>
there's multiple IPs now
<brentr123[m]>
Is there such thing as banning from hardware addresses?
<brentr123[m]>
or like a mac address or something unspoofable?
pupdogg has joined #asahi
<sorear>
mac addresses are not visible outside the immediate network segment
pupdogg has quit [Read error: Connection reset by peer]
<milek7>
and it's trivial to change anyway
<sorear>
and they’re very much spoofable on modern hardware. privacy tradeoff
<nkaretnikov>
The new ip is .145
<nkaretnikov>
Literally the next one
TheLink has joined #asahi
<artemist>
Seems to be some Swedish colo provider
rob-3[m] has joined #asahi
eichin__ has joined #asahi
<brentr123[m]>
THE TRUE POWER of running java natively on apple silicon
<icerider2-m>
/!\ THIS CHANNEL HAS MOVED TO IRC.LIBERA.CHAT #LIBERIA /!\
<icerider2-m>
/!\ IRC.LIBERA.CHAT IS THE BEST IRC NETWORK /!\
<icerider2-m>
/!\ THE JEWS HAVE TAKEN OVER FREENODE, CHATS HAVE MOVED TO IRC.LIBERA.CHAT /!\
icerider2-m has quit [Remote host closed the connection]
<brentr123[m]>
marcan: sorry for the ping but can you take care of this?
<sorear>
the only thing chanops can do about that is to prevent all unregistered users from messaging
corecode has joined #asahi
<whynothugo>
Is it possible we'd ever get secureboot-like signing of m1n1 on the M1? Like, does apple's firmware allow enrolling keys?
corecode has quit [Read error: Connection reset by peer]
<marcan>
all the networks are getting spammed, but only Freenode makes it sound like it's actually the Libera guys doing it
<marcan>
03:38:39 [freenode] -rasengan(~rasengan@freenode/staff/rasengan)- [Global Notice] We are aware of the Libera Chat spambots and are working to address it. To help mitigate, please set umode +R to prevent non-registered nicks from messaging you. Thank you for your patience, and thank you for your support of freenode!
<marcan>
04:22:51 [irchighway] -Global(services@service.irchighway.net)- we are currently under a spam attack, please report all instances of spam/flooding in #abuse , Do *not* paste the messages directly in the channel, paste them on pastebin or something.
<marcan>
kind of sad
<davidrysk[m]>
whynothugo: Apple's firmware already does that
<brentr123[m]>
Sorry for the ping Marcan
<roxfan>
m1n1 must be already signed in 1TR to boot so you can make it a root of trust for linux kernel and so on
<marcan>
and yeah, not much I can do unless it's always the same IP (these two weren't)
<Ariadne>
irchighway still exists
<Ariadne>
what the fuck
<Ariadne>
wow
<marcan>
I'm not even sure if I'm in any channels, but I seem to be connected...
<marcan>
well, there's +M
<marcan>
I guess we're going to stay like this for a while
<marcan>
oh wait, I guess that's kind of more annoying than +R, for everyone already here...
<marcan>
let's try this
<marcan>
I can't tell retroactively, but I'm guessing those lame bots aren't using SSL
<Ariadne>
oooh
<Ariadne>
thats a good idea marcan
<Ariadne>
i hadn't thought about it before, but you're right, these bots don't use SSL
<marcan>
not much of a bar for real users to pass :)
<marcan>
but skiddie scripts are unlikely to be doing SSL
richbridger has joined #asahi
<marcan>
anyway, I should get some sleep
<marcan>
svenpeter: pushed some more registers, apparently there are what look like 4 UMASK/KMASK registers now? and then another 4 related read-only ones, not sure what's up with that.
<marcan>
also added more GXF stuff
<whynothugo>
roxfan: oh. So while they make porting other OS more effort, they also push implementations to take a secure approach.
<roxfan>
not necessarily
<marcan>
it's just ad-hoc, there's no enrolling keys, instead you enroll a *specific* bootloader/next-stage
<roxfan>
they don't care what your custom OS does as long as the bootloader does not change
<marcan>
whether that keeps it secure or not is up to the implementation
<whynothugo>
But they make it possible to make an installation secure. As opposed to a firmware that just auto-boots anything.
AONeiLL[m] has joined #asahi
VinDuv has quit [Quit: Leaving.]
VinDuv has joined #asahi
VinDuv has quit [Ping timeout: 480 seconds]
mrkajetanp has quit [Quit: WeeChat 3.1]
Xesxen_ is now known as Xesxen
steev has joined #asahi
mrkajetanp has joined #asahi
pugguu has joined #asahi
pugguu has quit [Read error: Connection reset by peer]
pugguu has joined #asahi
beej has quit [Remote host closed the connection]
austriancoder has quit [Remote host closed the connection]
arnd has quit [Ping timeout: 480 seconds]
esden has quit [Read error: Connection reset by peer]