<TheDcoder>
Yes but that was many months ago, so let me take a look again...
<tpw_rules>
time machine is a decent way imo. there is other paid software that can do it
<j`ey>
for backups you can use timemachine
<chadmed>
time machine is probably the most seamless way to do so
<tpw_rules>
note that restoring it from complete disaster might require the use of DFU mode which requires another computer running linux or macos
<TheDcoder>
I'm looking for a more low-level backup, something between block level and FS, maybe something like partclone?
<tpw_rules>
macos doesn't really let you do that
<TheDcoder>
DFU mode sounds interesting
<chadmed>
i dont think thats really advisable given how the security model works too
<TheDcoder>
tpw_rules: Oh, why is that? No root access?
<TheDcoder>
chadmed: Hmmm... I see. I do recall being forced to connect to the internet in order to factory reset my Mac.
<TheDcoder>
Where can I learn more about this security stuff?
<tpw_rules>
i don't guarantee it's impossible but it really goes against apple's whole model and it would be very difficult to actually restore from
<chadmed>
thats not the blocker, the sep wouldnt even let you boot if you mashed up all the volume keys and uuids by trying to do a block level restore without updating the boot policy
<chadmed>
which you wouldnt be able to do because doing a block level restore would mash up all the keys and prevent you from booting :P
<tpw_rules>
why would that scramble keys actually?
<TheDcoder>
chadmed: I would backup the partition table as well, and that should preserve the uuids I think.
<tpw_rules>
i do know that macos cannot write the partition table
<TheDcoder>
Anyway... does the MacBook have any other storage outside of the usual SSD?
<TheDcoder>
Something to preserve security info? That's what I'm afraid of
<chadmed>
yes
<chadmed>
the sep
<TheDcoder>
In my good ol' x86 laptop I can just swap drives
<chadmed>
what exactly exists in your machine state that you cant preserve with time machine at the moment
<tpw_rules>
i can vouch that it will restore properly
<TheDcoder>
what's sep?
<chadmed>
secure enclave
<chadmed>
apples security coprocessor
<TheDcoder>
...is that like TPM?
<chadmed>
kinda but also not at all :P
<chadmed>
its much much much much better
<chadmed>
yknow what let me reboot into macos and hammer out this apple-security-for-dummies thing ive had in the works for about three months now
<TheDcoder>
I don't really have a reason, I just want to do it if possible, I do it with all new PCs I get.
<chadmed>
well to be blunt these arent pcs and you shouldnt treat them as such
<TheDcoder>
chadmed: That would be awesome!
<TheDcoder>
My MacBook isn't a PC?!
<chadmed>
under the hood they look almost nothing like what one would consider a Personal Computer
<tpw_rules>
IBM Personal Computer*
<chadmed>
theyre close to an iphone in terms of platform architecture than they are to an ibm compatible
<tpw_rules>
DFU will restore it to factory state if you want. there's a recovery partition but DFU will reinstall it
<tpw_rules>
it's not possible to brick and there's no information on it from the factory really
<tpw_rules>
nor is there interesting crapware on it :P
<chadmed>
in any case, theres really no point trying to preserve the state of the partition table or whatever on these machines because not only does it violate the security model but time machine backups will preserve the state of the APFS container youre backing up (which in a standard install is the only disk)
<TheDcoder>
...understood.
<tpw_rules>
and contains all the state apple lets you change from macos
<chadmed>
the system logical volume is sealed with a key and readonly so its not like you can clobber your filesystem so badly that the system becomes unbootable unless youre really _really_ trying
<TheDcoder>
What's the DFU?
<j`ey>
Device Firmware Update
<TheDcoder>
chadmed: That's reassuring.
<TheDcoder>
j`ey: Oh, so is it the update that Mac is pestering me about? (I haven't updated yet)
<j`ey>
no
<tpw_rules>
no. in DFU mode the machine boots from ROM and downloads another OS over USB from a computer running idevicerestore or apple's equivalent. it's what will let you reinstall from a completely corrupted internal disk
<tpw_rules>
sadly internet recovery is no more, but as long as the disk isn't physically damaged that's how you factory restore it
<TheDcoder>
There's a ROM?!
<chadmed>
yes
<tpw_rules>
several
<chadmed>
theres actually a few
<TheDcoder>
Oh wait I guess that's just the BIOS/Firmware
<chadmed>
the soc has a rom built in with the first stage bootloader on it, which loads the second stage bootloader from a flash rom on the board
<TheDcoder>
so can I restore my Mac from a completely corrupt internal storage with the DFU and an OS image without the internet?
<TheDcoder>
chadmed: Ah I see...
<chadmed>
i think you can feed an IPSW into idevicerestore
<TheDcoder>
tpw_rules: re internet recovery, is that the same thing as the "connect to internet to factory reset" that I went through?
<tpw_rules>
yeah, you can do the restore without internet
<tpw_rules>
but once the machine is restored it has to check in with apple over the internet once to activate during the first boot setup
<TheDcoder>
but why? :(
<tpw_rules>
(presumably so you cannot DFU away e.g. the theft protection features)
<TheDcoder>
I don't want my mac calling home
<tpw_rules>
it only has to do it once and only if you zorch it so bad you have to DFU restore
<TheDcoder>
...can I install Linux directly via the DFU?
chadmed_ has quit [Remote host closed the connection]
<chadmed>
no
<tpw_rules>
nope
<TheDcoder>
if I don't want to use Mac OS that i
<TheDcoder>
*is
<chadmed>
apple signs and encrypts everything
<TheDcoder>
ah crap
<chadmed>
also we do not support removing macos at this time
<chadmed>
you should absolutely 100% keep a small macos install on your machine
<TheDcoder>
Yes I'm aware of that
<TheDcoder>
but theoretically it's possible to remove Mac, right?
<j`ey>
yes
<tpw_rules>
anyway internet recovery was a rather swanky feature on x86 macs where it could boot the macos installer over the internet even with a completely blanked disk
<chadmed>
theoretically yeah
<chadmed>
but not via dfu restore
<TheDcoder>
understood...
<chadmed>
the machine checks that the image you feed it is signed with apples keys etc
<TheDcoder>
chadmed: can you share your "apple security for dummies"? that would be a great read for me :)
<chadmed>
yeah ill try and finish it today
<TheDcoder>
awesome... do ping my nick when you share it!
<chadmed>
and then get it peer reviewed of course :P
<TheDcoder>
I'll volunteer
<TheDcoder>
proof-read more like I guess
<chadmed>
i meant more for fact checking lmfao
<TheDcoder>
yes that why I'll just stick to proof-reading for spelling mistakes lol
<chadmed>
it should be pretty accurate but i am incredibly dense and its good to get a second opinion
<TheDcoder>
I don't mind honestly, the more the merrier
<TheDcoder>
tpw_rules: I see... I wonder why don't still support it. It could come in handy still.
<chadmed>
they do support it
<chadmed>
actually no, not in the same way
<TheDcoder>
but tpw said it is not longer an option for M-series?
<chadmed>
yeah you need at least the system recovery volume intact
<chadmed>
its because iboot is incredibly dumb and simple to reduce the attack surface
<TheDcoder>
also what file-system does Asahi use by default? Has anyone used FlashFS?
<chadmed>
whereas uefi is enormous and bulky and you can include fancy features like that, but its full of security holes
<nicolas17>
I think it just uses ext4
<chadmed>
ext4 is the default, f2fs doesnt really work on 16k page size kernels afaik
<chadmed>
i use btrfs because im that guy
<TheDcoder>
I meant F2FS
<nicolas17>
the SSD controller on the Mac is good enough, shouldn't need another layer of wear-leveling tbh
<TheDcoder>
chadmed: I am that btrfs guy too
<chadmed>
im also running gentoo so my opinion is worth 40% less
<TheDcoder>
nicolas17: I hope so, I recall something about MacOS doing a huge amount of writes per day, not bad enough to trash the SSD but enough to have an impact
<tpw_rules>
is there a chart of distro vs. opinion
<tpw_rules>
that was a bug that got fixed
<TheDcoder>
cool!
<TheDcoder>
chadmed: I've been an Arch user for several years but Gentoo still scares me
<nicolas17>
well the Asahi distro is Arch-based :)
<TheDcoder>
I know, that's another reason to try it! :)
<TheDcoder>
and that reminds me, is Asahi Linux just Arch Linux ARM with custom repos?
<j`ey>
yep
<chadmed>
yeah pretty much
<j`ey>
not many custom packages
<chadmed>
basically just the kernel and some patches to a few things that were broken
<TheDcoder>
so are the packages same as well? or are they built separately?
<chadmed>
no the custom repo is basically an overlay atop the standard alarm repos
<chadmed>
so most things are just the vanilla alarm packages from their repos
<TheDcoder>
I already use ALARM on my RPi so it will be a smooth transition
<nicolas17>
I found a tool that seems to do the USB proxying I wanted
<nicolas17>
but it needs the raw-gadget module which asahi doesn't enable in its kernel, so time to build my own kernel, hmph
<TheDcoder>
Kind of off-topic, but is KDE still buggy? I've had some bad experiences using it a couple of years ago. I want to know if there are any known bugs currently for Asahi Linux
<chadmed>
nope and wayland support is fantastic now
<TheDcoder>
good to hear, but I've never used wayland before... can I expect any hiccups compared to a traditional X desktop?
<chadmed>
X11 kinda just doesnt really work and most people have issues with it (the way this hardware works is not really conducive to X11)
<chadmed>
nah, Xwayland does all the heavy lifting for the few remaining apps these days without good wayland support
<TheDcoder>
oh X11 on Mac has issues?
<Tramtrist>
bingo chadmed .. been using wayland for 2 years now without problems
<TheDcoder>
Does Wayland support On-Screen Keyboard? I use that sometimes.
<chadmed>
yeah the display controller just doesnt work in a way that X11 is built to handle properly
<chadmed>
pretty sure OSDs work in wayland yeah
<chadmed>
and again, anything thats not wayland-y just gets run through xwayland
<TheDcoder>
great
<chadmed>
which is a tiny x11 server running under wayland
<nicolas17>
chadmed: "injecting keystrokes into other apps" seems like the kind of thing wayland would restrict by default, so it's a fair question
<TheDcoder>
the problem with Xwayland I imagine is that programs not running under X are simply "invisible" to other X tools
* TheDcoder
uses several tools related to X automation
<TheDcoder>
specifically xdotool's type command, and another program that I wrote to hide GUIs via hotkeys, I guess none of those would work with native Wayland GUIs
<TheDcoder>
Anyway... what about GNOME, any issues there?
<j`ey>
I think some people are using GNOME
<chadmed>
alyssa dogfoods her mesa work on gnome afaik
hertz has joined #asahi
<TheDcoder>
Okay, so should I just stick to KDE then? I'm kind of a sucker for Gnome/GTK stuff. I use Xfce on my main PC
<chadmed>
nah by "dogfoods" i mean she daily drives gnome while testing her development work
<chadmed>
it works ~as well as kde
<j`ey>
isnt fedora gnome by default?
<chadmed>
yup
<TheDcoder>
yes
<TheDcoder>
but they offer "spins" with different DEs
eroc1990 has quit [Remote host closed the connection]
bps2 has quit [Ping timeout: 480 seconds]
delsol has quit [Remote host closed the connection]
<TheDcoder>
they also offer editions with packages pre-installed for a specific target audience
eroc1990 has joined #asahi
<TheDcoder>
I forgot what they are called
<j`ey>
wonder if Linus is using gnome then
<TheDcoder>
I'm pretty sure he does, an interview of his caught a glimpse of his monitor screen
<TheDcoder>
it was Gnome if I recall correctly
<TheDcoder>
Can I *not* use GRUB with Asahi Linux? I prefer rEFInd just because how simple it is to configure, and it looks nicer by default.
<j`ey>
yes, you dont *need* GRUB
hertz has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<chadmed>
i tried refind a while ago and it didnt work too well
<chadmed>
i now use systemd-boot
<j`ey>
I couldn't get refind working on aarch64 (in a vm)
<TheDcoder>
chadmed: I see, I don't mind systemd-boot either.
<chadmed>
which is just as simple to configure but looks nowhere near as nice as refind
<nicolas17>
TheDcoder: you should do a default installation first :P
<chadmed>
:D
<TheDcoder>
does systemd-boot provide a GUI? I thought it was just a stub to load the kernel asap.
<TheDcoder>
nicolas17: Nah, I like adventures
<nicolas17>
well, you want to replace grub
<TheDcoder>
also it's Arch Linux tradition to DIY the install
<chadmed>
i wouldnt call it a gui but there is a boot picker yes
<nicolas17>
what is the previous stage that loads and runs grub?
<TheDcoder>
that's nice I guess
<tpw_rules>
systemd-boot provides a list of entries
<nicolas17>
TheDcoder: after all, ARM Macs don't have UEFI built in ;)
<tpw_rules>
and lets you edit the kernel command line
<tpw_rules>
but to describe it as a GUI or even TUI would be kind of tenuous
<chadmed>
im with nicolas17. maybe get a minimal asahi install on your system first before you go about trying to clobber it :P
<TheDcoder>
tpw_rules: cool, just like GRUB then! 👍
<chadmed>
it is significantly uglier than grub lmfao
<tpw_rules>
^
<TheDcoder>
chadmed: we will see, it will depend on how scared I get
<chadmed>
you cant really DIY an install in any case, theres no ability to boot from a USB
<TheDcoder>
I prefer ugly and configurable over average and PhD-required-for-config
<tpw_rules>
boot the reference distro without first using the asahi installer to set up a uefi environment*
<chadmed>
again i will reiterate that most issues people end up having here arise from them expecting this platform to behave like a PC
<chadmed>
it doesnt
<TheDcoder>
chadmed: but I can modify the install script >:)
<TheDcoder>
okay, I will do some more research
<nicolas17>
pretty sure the install script copies a disk image into the new partition :P
<chadmed>
yeah the install script just dds an ext4 disk image into free space that it sets up after creating the APFS stub
<TheDcoder>
bruh
<TheDcoder>
I'll have to create my own image I guess
<chadmed>
[11:01] <chadmed> again i will reiterate that most issues people end up having here arise from them expecting this platform to behave like a PC
<chadmed>
[11:01] <chadmed> it doesnt
<nicolas17>
that dd is done from inside macOS right?
<chadmed>
yup
<TheDcoder>
I might do that if I have enough patience
<j`ey>
TheDcoder: any reason you cant change it.. after you installed it?
<chadmed>
just install asahi minimal which gives you a minimal ALARM install
<TheDcoder>
j`ey: I like adventures like I said
<chadmed>
and then customise from there
<j`ey>
I dont really see why it's less of an adventure to do the minimal install
<chadmed>
that way you can at least get a feel for how the system is designed
<nicolas17>
TheDcoder: me too, which is why I recently built the kernel from source to try an untested patch from github
<chadmed>
and then have a go at trying to load up your own thing
<nicolas17>
but I did that *after* I had a working asahi system
<tpw_rules>
if you want the usb boot experience, may i recommend nixos
<TheDcoder>
okay I'll just do the minimal install and remove GRUB after
<j`ey>
you have to do most of what the minimal install does anyway!
<chadmed>
i didnt dare try to get gentoo working until i understood the default setup enough to know what was going on
<TheDcoder>
nicolas17: nice 👍
<nicolas17>
TheDcoder: what component loads and runs GRUB? it seems like a bad idea to try to replace GRUB with something else without knowing that ;)
<chadmed>
and even then it relies on the minimal install to do all the platform specific stuff :P
<j`ey>
nicolas17: u-nooy
<j`ey>
err
<j`ey>
u-boot
<chadmed>
to paraphrase marcan, theres no point trying to reinvent this particular wheel
<tpw_rules>
i think that was a quiz question
<TheDcoder>
nicolas17: I don't know, some Mac thing I guess
<nicolas17>
j`ey: I was waiting for their wrong guess first! :D
<j`ey>
ohh sorry
<TheDcoder>
chadmed: I still don't dare compiling my own kernel in gentoo on my PC
<tpw_rules>
chadmed: do you have an installation guide or at least notes somewhere?
<nicolas17>
TheDcoder: the initial "Mac thing" doesn't support EFI
<chadmed>
yeah so again bluntly if you cant even do that then dare i say youre not ready at all to try and do a custom install on this platform :/
<nicolas17>
there's no EFI on these machines by default
<nicolas17>
he actually filed a TSI https://developer.apple.com/support/technical/ but I *think* he had one left over from his developer subscription so he didn't actually pay for it individually
<TheDcoder>
Secure Enclave Processor is optional and disabled by default? 🤔
<chadmed>
no its required and always on
<chadmed>
we just cant access it from macos
<chadmed>
s/macos/linux
<chadmed>
(yet)
<chadmed>
amarioguy is on the case
<TheDcoder>
The wiki says otherwise... "With the exception of the SEP (Secure Enclave Processor, a TPM equivalent), which is optional and disabled by default"
<chadmed>
which page
<chadmed>
oh i found it
<TheDcoder>
Intro to AS
<chadmed>
yeah so the SEP does stuff at boot time (enforces boot policies etc) then shuts off until its woken up again by the OS
<TheDcoder>
AS has not backdoor for real?! I thought we'd never see the day of modern processors without backdoors...
<TheDcoder>
chadmed: I see... got it.
<chadmed>
well without getting out an SEM and account for every single transistor whos to say for certain
<chadmed>
but these things are for all intents and purposes unbreakable
<marcan>
tpw_rules: you cannot restore without the internet, it needs to get the tickets for your machine since it always restores in full security mode (that's not just the activation)
<TheDcoder>
what's an SEM?
<chadmed>
scanning electron microscope
<TheDcoder>
also that's good enough I guess
<TheDcoder>
right... I recall Hector mentioning getting that
<marcan>
the tickets are fetched by dedicated code in idevicerestore, while the activation stuff is just a TCP proxy thing
<chadmed>
the bootloader is just too dumb to do anything other than go "yep this thing is signed by apple i will load it now"
<amarioguy>
TheDcoder: working on understanding the SEP init sequence btw if you're wondering how that's going
<marcan>
back when I was first fixing idevicerestore for AS, the TCP proxy thing was broken so I ended up with a successful but not activated restore and then got the phone home prompt on first boot (which went into recovery)
<marcan>
but it definitely got the tickets to make it that far
<TheDcoder>
amarioguy: keep up the good work! 👍
<marcan>
TheDcoder: to answer your actual question about block-level restores: the SEP has a secure EEPROM that is used for anti-rollback, and a full block level restore is a massive rollback that will trip that and break xARTs which almost certainly means you can't access any of your data, and quite likely won't boot at all if the remote policy nonce has rolled over since the backup was taken
<TheDcoder>
marcan: it's the legend himself!... also does this mean you can spoof the home phone call with idevicerestore?
<marcan>
i.e. this is how the FBI was cracking iPhones, by doing block level restores
<marcan>
so Apple fixed it
<marcan>
so you can't do it any more
Zopolis4 has joined #asahi
<marcan>
(I wrote about this a while ago before they had this mitigation in)
<marcan>
you can't spoof the call-home for activation, that's HTTPS. I think you used to be able to cache the tickets but I don't think that's the case any more, pretty sure there's nonces now
<amarioguy>
marcan: there's NVRAM vars you can set for AP side anyways :P
<chadmed>
you used to be able to inject your own SHSH blobs and such to force a rollback but that went away like a decade ago at this point
<marcan>
yeah
<TheDcoder>
marcan: I see, thanks for the juicy details! I appreciate that Apple is preventing 3 letter agencies from accessing our data... at-least on a hardware level
<amarioguy>
thing is OTAs for AP side need to pin the nonce because you can't exactly request a ticket in iboot for those
<amarioguy>
SEP side... it's complicated
<TheDcoder>
too many tickets...
<amarioguy>
TheDcoder: in practice apple combines all the authorizations into one ticket
<TheDcoder>
also does the phone home step require logging into an apple account or is that just a false memory I have?
<amarioguy>
no
<amarioguy>
the authorized install stuff is just an HTTP sequence
<marcan>
no, as long as the device isn't iCloud locked
<marcan>
the tickets are just HTTP, the activation could fail and require iCloud login if the machine is locked
<marcan>
(that's the anti theft thing)
<marcan>
so many people have come here asking if Asahi could be installed on the cheap stolen machines they got off of ebay...
<TheDcoder>
so if I login with an iCloud account is it automatically locked?
<amarioguy>
TheDcoder: if you enable Find My
<amarioguy>
then it'll lock to your account
<marcan>
also, as far as I know Apple are basically guaranteeing this phone home stuff works forever
<TheDcoder>
I did not if I recall correctly
<marcan>
IIRC it still works for the original iPhone, for the latest update available for it
<amarioguy>
marcan: just wait until TSS goes down :P
<marcan>
amarioguy: one would hope they'd publish generic tickets if they ever actually take it down...
<marcan>
that would be one massive ewaste problem if they don't, not good for their image
<TheDcoder>
yes I agree
<marcan>
(pretty sure they *can* publish generic tickets that would eliminate the phone home requirement, if they chose to deprecate it)
<TheDcoder>
anyway, so are stolen macs just e-waste if not returned to apple or original owner?
<marcan>
correct
<marcan>
well, you can use them for parts
<chadmed>
yeah, the crooks dont care though because its basically a scam at this point
<marcan>
yeah
<marcan>
they sell them to unsuspecting buyers
<chadmed>
theyll keep stealing them to sell to poor undergrads who just want a laptop
<TheDcoder>
that's good because I'm not a crook.
<marcan>
I actually got an iCloud locked motherboard recently, going to rip the SoC off and image it optically :p (and maybe with a SEM later)
<marcan>
they're good for that at least!
<TheDcoder>
agreed :)
<amarioguy>
could always unfuse one if you got the time and or cash :)
<marcan>
I have a SEM, not a FIB :p
<TheDcoder>
can you actually figure out the circuitry with an SEM?
<marcan>
not with the one I have access to at 5nm, no
<marcan>
too small
<marcan>
but we could get some pretty pictures of higher level structures
<TheDcoder>
what size are the transistors in AS?
<chadmed>
i think the feature size on tsmc n5 is like 18nm or something
<amarioguy>
^
<amarioguy>
usually "N5" and such doesn't track with actual feature size
<amarioguy>
more of a node change indication
<chadmed>
its all marketing wank
<TheDcoder>
oh
<marcan>
given the images I got of a 40nm chip, pretty sure 5nm won't be reasonably resolvable, but I guess we'll see
<marcan>
40nm defintely was
<chadmed>
intel are spruiking process nodes in angstroms now lmfao
<TheDcoder>
isn't angstrom a really large unit?
<chadmed>
no its 0.1nm
<TheDcoder>
ah okay
<chadmed>
"yeah look how advanced our 18 angstrom node is! oh the feature size? well its umm like uhhjjj well its mhhhhhh 20nm gate to gate"
<chadmed>
its the ship that made the kessell run in less than 12 parsecs etc etc
<amarioguy>
chadmed: they can't even launch a server processor without high numbers of steppings...
<marcan>
okay *maybe* I'll be able to see something?
<marcan>
we'll see
<marcan>
pretty sure that SEM could use some repair too
<TheDcoder>
I hope so!
<amarioguy>
from what i've heard SEMs take a lot of maintenance
<chadmed>
amarioguy: i mean id rather them tape out something that works than release A0 silicon with broken units
<marcan>
this one hasn't been touched in years, but I did get it a maint kit near last time it was used and we have extra filaments. I just don't know what state it's in. we'll see.
Brainium has joined #asahi
<amarioguy>
chadmed: ofc i'm more knocking on the whole "SPR delayed" stuff more than high numbers of tapeouts
<amarioguy>
they have their own fabs it's less of a hit for them
<marcan>
the turbopump oil reserves annoy me, those are unobtainium to get official ones for. might need to figure out how to refurb them.
<marcan>
filaments, I think there are services that will refurb those and we have a nice pile of dead ones
<marcan>
I think everything else is mostly stuff you can clean / refurb yourself if you must
<marcan>
the scariest thing is the turbopump tbh, I think it's hard to really break anything else but that thing will definitely tear itself to bits if things go wrong
<marcan>
but I think the noise/resolution problem we have is electrical
<marcan>
there's some kind of sine wave looking noise in the X direction
<marcan>
at high mag
<tpw_rules>
marcan: ah sorry
<marcan>
but anyway, for the M1 my plan is to do an optical scan first after my funny razor delayering process, and try to get a nice high res stitch done
<TheDcoder>
is that the pump responsible for pumping out electron?
<marcan>
since apparently nobody has published die shots yet
<marcan>
TheDcoder: air
<marcan>
it's basically a jet engine in reverse, driven by an electric motor
<TheDcoder>
oh, is the oil thing DRMed?
<marcan>
no
<marcan>
but it's funny shaped cartridges
<TheDcoder>
ah, lol
<TheDcoder>
not 3D printable?
<tpw_rules>
turbopumps are pretty wild
<marcan>
I don't think 3D printers are suitable for making stuff around turbopumps...
<marcan>
you really don't want any particles or other junk getting in there
<tpw_rules>
(and the good ones will tear YOU to bits too!)
<TheDcoder>
okay, makes sense
<marcan>
we can reuse the old cases, but they have some cotton or something inside holding the oil
<marcan>
we'd probably have to figure out a compatible replacement for that, as well as how to open the case and close it cleanly
<marcan>
plus there's an o-ring involved
<marcan>
plus figuring out what oil type is appropriate
<marcan>
tpw_rules: thankfully this turbopump is pretty smol and nominally behind a couple layers of steel so I don't think it's going to blow anyone up
<TheDcoder>
can't we bribe some scientists with access to an SEM and do the imaging there? sounds like it would be cheaper than doing all the DIY repairs and taking risks
<chadmed>
yeah but not as fun
<tpw_rules>
^^^
<chadmed>
also unis arent fun anymore
<TheDcoder>
👍
<amarioguy>
i can attest to that... i tried to get access to a SEM at my uni
<amarioguy>
grad only
<amarioguy>
oh well
<chadmed>
when i was still studying you had to have a valid and current assignment tasksheet and present that to lab staff to even use an oscope
<chadmed>
you couldnt even go into the lab itself without scanning the barcode on the assignment sheet
<TheDcoder>
This whole new AS architecture sounds too good to be true...
<marcan>
mind you, not that there's anything I'd be looking for in the M1 with a SEM
<marcan>
this is just for curiosity
<marcan>
and it's not like you could reverse engineer circuits in practice
<marcan>
too complicated
<TheDcoder>
yes I understand, just to take some pretty pictures
<marcan>
but it's fun looking at specific structures
<TheDcoder>
yup
<marcan>
and if nothing else you can count bitlines and figure out SRAM block sizes and things like that
<TheDcoder>
maybe we can make an AI to RE the circuits, make it do all the labour
<TheDcoder>
if we can get enough high-res info
<amarioguy>
TheDcoder: some people did that for ROMs
<amarioguy>
maybe not AI
<marcan>
the problem is the imaging, even automating it, you need to image all layers perfectly
<marcan>
it's a massive project for modern chips
<amarioguy>
there's also just.... a lot of transistors in general
<amarioguy>
like
<marcan>
I have this idea that I want to do full circuit extraction of the Gameboy Advance SoC some day
<marcan>
that's an ARM7TDMI
<marcan>
and even that ought to be quite the project
<TheDcoder>
amarioguy: yeah, we're going to need a super-computer
<marcan>
(but I think it's within the realm of doable these days)
<amarioguy>
TheDcoder: it's not the compute power you have
<amarioguy>
it's
<amarioguy>
the time
<amarioguy>
the pure time commitment
<TheDcoder>
marcan: very interesting project, GBA is one of my favourite handheld consoles!
<amarioguy>
the resources you'd need
<amarioguy>
like i heard from someone
<amarioguy>
you'd likely go insane
<amarioguy>
at even one layer in
<TheDcoder>
amarioguy: I have seen some crazy people... maybe one of them could take up the time commitment
<amarioguy>
anti-delayering doesn't help matters
<TheDcoder>
The guy who made Holy C comes to mind
<amarioguy>
TheDcoder: i don't think you realize how large timescales i'm talking here
<amarioguy>
not as large as some other ones
<amarioguy>
but yes
<TheDcoder>
Hmmm... yes
<chadmed>
will riker voice "no you CANT dont even TRY"
<TheDcoder>
ha ha ha ha
<TheDcoder>
maybe it will be a team of crazy people funded by an equally crazy billionaire?
<amarioguy>
it's just... no
<amarioguy>
the people who could do that
<amarioguy>
are better off
<amarioguy>
starting
<amarioguy>
their own design fab
<amarioguy>
and there's a ton of IP issues to sort out
<amarioguy>
if one were stupid enough to try
<TheDcoder>
I'd imagine they'd do it just for the LOLs and to see if there are indeed any backdoors
<marcan>
even if you could image it, how would you look for backdoors?
<amarioguy>
spoiler alert: what people are calling backdoors are really not with any amount of introspection
<chadmed>
the barriers to entry for designing a modern performant IC in 2023 are high enough as is without trying to RE some existing one
<marcan>
audit the entire chip?
<TheDcoder>
they might even upload it to pirate bay, who knows...
<chadmed>
its just harebrained
<amarioguy>
i feel like we've lost track of the main topic lmao
<TheDcoder>
marcan: Create AI to do the RE and auditing
<amarioguy>
my gosh lol
<TheDcoder>
but yes, at this point I'm just shit posting
<marcan>
"AI"s work by training with examples, there is no training set for "silicon backdoors"
<TheDcoder>
I don't trust Apple or anyone to make modern chips without backdoors
<amarioguy>
TheDcoder: see above spoiler alert
<marcan>
well, then that just means you can't trust any modern hardware period :p
<TheDcoder>
marcan: well I guess we'll have to perfect self-improving AIs then :P
<TheDcoder>
yes that's correct, I don't trust any modern hardware
<amarioguy>
ok i think we've reached well beyond the point of sanity with this thread
<TheDcoder>
but I don't have to worry because I'm not a crook... or some mentally-ill paranoid person.
<TheDcoder>
I agree amarioguy
<amarioguy>
i mean i shitpost about my other project occasionally :P
<amarioguy>
impdef PMUs...
<amarioguy>
but that's a topic for another blog post
<TheDcoder>
amarioguy: what's your fediverse address? I want to follow :)
<TheDcoder>
can I access the "Factory test logs" in the NOR Flash?
<amarioguy>
i mean you can dump the NOR at any time from linux
<amarioguy>
i would really avoid messing with NOR if you can avoid it
<amarioguy>
there's info in there that's can be difficult to recover if you're not careful
<TheDcoder>
is it okay if I just dump it read-only?
<amarioguy>
yes RO is fine
<TheDcoder>
cool
<chadmed>
the tradeoff with this platform being "too good to be true" is you just have to accept that some things are best left not done by the user
<chadmed>
touching the NOR or any of the BOH processes are those things
<marcan>
I still need to test a full NOR wipe on one of my minis
<TheDcoder>
yes I agree but that wasn't what I was talking about. I was concerned about hardware backdoors like Intel ME or AMD PSP
<marcan>
there are none
<chadmed>
those do not exist
<TheDcoder>
...we can't be sure
<amarioguy>
we can be
<amarioguy>
because
<chadmed>
we can actually
<amarioguy>
people have RE'd both
<amarioguy>
and nothing of the sort was found
DragoonAethis has quit [Quit: hej-hej!]
<amarioguy>
also most of these coprocs
<amarioguy>
don't even share peripherals with main cores
<TheDcoder>
but... I thought we could never RE the chip
<chadmed>
you dont need to RE the SoC
<marcan>
Intel ME and AMD PSP aren't hardware backdoors
<marcan>
they are software backdoors running on separate CPUs
<marcan>
the software is right there in flash
DragoonAethis has joined #asahi
<amarioguy>
marcan: add HSP in there too :P
<amarioguy>
(ms thing)
<TheDcoder>
marcan: right...
<chadmed>
every peripheral is behind an IOMMU which masks off addresses that the firmware on the copro is not explicitly allowed to touch, and most firmwares are stored in the clear
<TheDcoder>
but there could be a more sophisticated backdoor in the AS SoC
<amarioguy>
on apple to clarify
<chadmed>
the machine just straight up reboots if you try to make a peripheral touch memory its not supposed to
<marcan>
and we have the t8103 keys upto some 13.0 beta so we have decrypted versions of everything else except SEP
<marcan>
and we know SEP is optional and not even booted beyond the ROM by default
<TheDcoder>
I'm talking hardware level, no visible firmware etc.
<amarioguy>
TheDcoder: my dude
<amarioguy>
that
<amarioguy>
takers
<amarioguy>
takes*
<amarioguy>
a lot of time
<amarioguy>
to implement
<chadmed>
[11:55] <TheDcoder> but I don't have to worry because I'm not a crook... or some mentally-ill paranoid person.
<amarioguy>
we are definitely hitting paranoia
<TheDcoder>
amarioguy: I'm assuming FBI etc. would want some kind of access in any case and are willing to "invest" to make sure Apple doesn't go into a loss implementing a BD like that
<amarioguy>
sigh...
<marcan>
...
<amarioguy>
i'll take this to dms
<TheDcoder>
but I'm just saying
<TheDcoder>
lol
<chadmed>
apple specifically and routinely tell the alphabets to get fucked when they ask for this stuff
<TheDcoder>
not trying to start a conspiracy theory, just putting it out that we can't rule out anything.
<nicolas17>
Apple recently added an opt-in end-to-end-encryption thing for iCloud backups
<chadmed>
in fact the FBI sued them over it in 2014
<marcan>
like the whole security design has been an arms race against the TLAs
<nicolas17>
the FBI is *pissed*
<chadmed>
and lost
<marcan>
they tried to get Apple to implement PIN code bruteforcing for them, they told them to piss off
<marcan>
so they found exploits to do it themselves
<marcan>
then Apple fixed those
<TheDcoder>
Good Apple 👍
<marcan>
and this is all just about seized devices and such
<nicolas17>
marcan: is that when Apple updated the SEP hardware mid-cycle?
<TheDcoder>
I used to be a Apple hater before this... still kind of am though.
<amarioguy>
marcan: they actually did make that harder fwiw
<amarioguy>
part of user data
<amarioguy>
keys
<marcan>
nicolas17: nah, this was when they started using an anti-rollback EEPROM and later a proper secure EEPROM
<amarioguy>
the key to unlock user data now incorporates the SEPOS hash iirc
<amarioguy>
nicolas17 can elaborate further but "million rounds of AES" :P
<marcan>
yes, they also do all the OS-tying thing now
<amarioguy>
(wasn't me who discovered it btw)
<nicolas17>
marcan: yeah that's what I mean, the security guide talks about A12 before and after "Fall 2020" having different secure EEPROM
<nicolas17>
A12 and A13
<marcan>
I'm not sure, what I'm talking about was before there was even a secure EEPROM
<marcan>
haven't followed all that closely
<nicolas17>
"A12, A13, S4, and S5 products first released in Fall 2020 have a 2nd-generation Secure Storage Component, whereas while earlier products based on these SoCs have a 1st-generation Secure Storage Component." spinning up a new variant of those SoCs to update the SEP's secure storage, must have been important...
<nicolas17>
or is it a separate chip?
<marcan>
it's a separate chip
<marcan>
it has to be
<marcan>
this is why it's so hard
<marcan>
you can't do EEPROM/Flash in modern SoC processes, it's incompatible
<marcan>
so it has to be external
<marcan>
and then you need to secure the interface
<nicolas17>
okay, releasing a v2 is less crazy then
<amarioguy>
cool people call this Lynx :)
<marcan>
is 1st gen the insecure one? (the one that was a dumb EEPROM)
<marcan>
or was that earlier?
<nicolas17>
it's dumb EEPROM, then Secure Storage gen 1, then secure storage gen 2
<nicolas17>
there's some stupid bug on the apple support website where it looks at my browser settings and loads in spanish, I change the language to english and it works, then I click any link and it redirects to spanish again /o\
possiblemeatball has joined #asahi
Brainium has quit [Quit: Konversation terminated!]
<TheDcoder>
what are xARTS?
derzahl has quit [Remote host closed the connection]
<amarioguy>
for SEP to hold keys to decrypt user data
<TheDcoder>
understood!
<TheDcoder>
is there just one huge APFS partition for all the user data?
<TheDcoder>
and OS?
<chadmed>
no
<marcan>
by default yes
<marcan>
containing multiple volumes
<chadmed>
oh right yeah, one container with multiple logical volumes
<amarioguy>
xARTs/gigalockers get their own volume
<amarioguy>
of course undumpable from macos
<TheDcoder>
got it. and yes I was asking about the default macOS state
<nicolas17>
an APFS partition ("container") can have multiple volumes, like btrfs
<TheDcoder>
amarioguy: what are gigalockers?
<marcan>
there is one container for system stuff, one container for the OS/data, and one container for system recoveryOS
<marcan>
by default
<chadmed>
system data is immutable and sealed and once the SEP verifies its integrity it's unioned with the user data volume so that it's all presented as one filesystem
<marcan>
TheDcoder: xARTs
<TheDcoder>
understood regarding APFS
<marcan>
xARTs is why we're going to have to implement APFS at some point to make SEP work :p
<amarioguy>
chadmed: immutable unless you allow root hash mismatches :P
<marcan>
thankfully it's a very limited subset of APFS
<TheDcoder>
chadmed: uhhh... but how? isn't it part of the same partition?
<marcan>
TheDcoder: separate volume
<amarioguy>
TheDcoder: merkle tree
<chadmed>
TheDecoder: consider an APFS container like an LVM set of volumes
<amarioguy>
there's also LwVM for you old folks that used to do ios back before APFS took over :)
<amarioguy>
but that's a meme moving on
<TheDcoder>
yes but how can the SEP make that immutable?
<amarioguy>
TheDcoder: not SEP
<amarioguy>
iBoot verifies this
<marcan>
the kernel verifies it actually
<TheDcoder>
since all the system data is on the same partition... albeit in a container
<marcan>
iBoot just verifies the root hash
<marcan>
it's not "immutable"
<marcan>
it's just that if you mutate it it stops working
<TheDcoder>
yep, makes sense
<amarioguy>
believe there's a SIP property to disable this
<nicolas17>
"The real reason, of course, is that it's obviously evil and wrong and therefore fun for hack value."
<TheDcoder>
ha ha ha ha
<amarioguy>
one thing i don't think i completely get is apple's custom error msrs
<amarioguy>
like why is "undefined opcode" not just... something in ISS and is shunted off to "L2C_ERR_STS"
<TheDcoder>
I have to go to sleep, so will resume my journey tomorrow. Thanks to everyone for being so kind and answering my questions in detail :)
jeffmr has joined #asahi
mini0n has joined #asahi
julio7359 has quit [Ping timeout: 480 seconds]
derzahl has joined #asahi
jeffmr has quit [Ping timeout: 480 seconds]
hertz has joined #asahi
amarioguy_ has joined #asahi
amarioguy_ has quit [Remote host closed the connection]
amarioguy_ has joined #asahi
amarioguy_ has quit [Remote host closed the connection]
julio7359 has joined #asahi
mini0n has quit [Quit: Leaving]
Zopolis4 has quit [Quit: Connection closed for inactivity]
balor has quit [Quit: balor]
balor has joined #asahi
nicolas17 has quit [Quit: Konversation terminated!]
Zopolis4 has joined #asahi
rvalue has quit [Read error: Connection reset by peer]
rvalue has joined #asahi
hertz has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
possiblemeatball has quit [Quit: Leaving]
julio7359 has quit [Remote host closed the connection]
hertz has joined #asahi
balor has quit [Quit: balor]
balor has joined #asahi
SSJ_GZ has joined #asahi
leitao has joined #asahi
leitao has quit []
hertz has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Techcable has quit [Ping timeout: 480 seconds]
Techcable has joined #asahi
capta1nt0ad has joined #asahi
tim has joined #asahi
tim is now known as Guest1321
ihaveamac has quit [Quit: fail]
capta1nt0ad has quit [Ping timeout: 480 seconds]
ihaveamac has joined #asahi
kujeger has quit [Ping timeout: 480 seconds]
capta1nt0ad has joined #asahi
bps2 has joined #asahi
kujeger has joined #asahi
jluthra has quit [Remote host closed the connection]
jluthra has joined #asahi
SSJ_GZ has quit [Read error: No route to host]
landscape15 has joined #asahi
jacksonchen666 has quit [Remote host closed the connection]
jacksonchen666 has joined #asahi
landscape15_ has joined #asahi
landscape15 has quit [Ping timeout: 480 seconds]
landscape15 has joined #asahi
landscape15_ has quit [Ping timeout: 480 seconds]
landscape15 has quit [Ping timeout: 480 seconds]
axt has joined #asahi
Guest1321 has quit [Quit: Guest1321]
landscape15 has joined #asahi
landscape15 has left #asahi [#asahi]
chadmed_ has joined #asahi
sah4ez has joined #asahi
SSJ_GZ has joined #asahi
sah4ez has quit [Read error: Connection reset by peer]
axt has quit [Quit: Leaving.]
mini_ has quit [Quit: ZNC closing...]
mini_ has joined #asahi
landscape15 has joined #asahi
landscape15 has left #asahi [WeeChat 3.8]
landscape15 has joined #asahi
<landscape15>
Can someone tell me how to know which recovery i booted into?
capta1nt0ad has quit [Remote host closed the connection]
landscape15 has left #asahi [WeeChat 3.8]
SSJ_GZ has quit [Remote host closed the connection]
SSJ_GZ has joined #asahi
<amarioguy>
landscape15: bputil -d
<amarioguy>
choose any UUID if prompted
<amarioguy>
the output will tell you if your recoveryOS is "paired"
<amarioguy>
if monterey and later
<amarioguy>
but *generally* speaking you're usually booted into the recoveryOS that's paired with the blessed volume/startup disk
landscape15 has joined #asahi
Zopolis4 has quit [Quit: Connection closed for inactivity]
tim has joined #asahi
tim is now known as Guest1344
<landscape15>
amarioguy: Thank you. What does it say if i booted into fallback recovery?
sah4ez has joined #asahi
landscape15 has quit [Quit: WeeChat 3.8]
sah4ez has quit [Remote host closed the connection]
<TheDcoder>
Are any cool features powered via the SEP currently supported in Asahi Linux?
<TheDcoder>
Also how screwed am I if I forget my macOS password without having an iCloud account linked?
<j`ey>
no SEP is only used for random number seed currently
<j`ey>
*no, SEP..
<TheDcoder>
better than nothing I guess... I'm looking forward to being able to sign stuff by just using my fingerprint :)
faruk has joined #asahi
possiblemeatball has joined #asahi
derzahl has quit [Remote host closed the connection]
<amarioguy>
landscape15: not sure actually
<amarioguy>
TheDcoder: we are a *long* way from using touch id
<TheDcoder>
:(
<TheDcoder>
Also why is the update taking 30 minutes after the download?
<amarioguy>
TheDcoder: Apple's ota update process is notoriously long
<TheDcoder>
Why though...
jamespmorgan has joined #asahi
<TheDcoder>
Why haven't Windows and Apple figured out easy updates like Linux yet? :P
roxfan has quit [Ping timeout: 480 seconds]
<jacksonchen666>
amarioguy:
<jacksonchen666>
oops, sorry
<jacksonchen666>
finger slipped
flying_sausages has quit [Ping timeout: 480 seconds]
<TheDcoder>
Crap, I accidentally downloaded the Monterey update instead of the Ventura update...
bps2 has quit [Ping timeout: 480 seconds]
c10l has quit [Quit: Bye o/]
c10l has joined #asahi
ciggi has joined #asahi
ciggi_ has quit [Read error: Connection reset by peer]
bps2 has joined #asahi
roxfan has joined #asahi
bps2 has quit [Ping timeout: 480 seconds]
mini0n has joined #asahi
jamespmorgan has quit [Remote host closed the connection]
bcrumb has joined #asahi
faruk has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
bcrumb has quit [Ping timeout: 480 seconds]
faruk has joined #asahi
systwi has quit []
lewurm`` has quit [Read error: Connection reset by peer]
lewurm has joined #asahi
WindowPa- has joined #asahi
WindowPain has quit [Ping timeout: 480 seconds]
possiblemeatball has quit [Quit: Leaving]
c10l has quit [Read error: Connection reset by peer]
c10l has joined #asahi
seeeath has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
seeeath has joined #asahi
faruk has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
seeeath has quit []
faruk has joined #asahi
possiblemeatball has joined #asahi
jamespmorgan has joined #asahi
mkurz has joined #asahi
<mkurz>
When using Asahi edge on a MacBook Pro 14" with the Pro chip, is it possible to somehow connect an external Display / Beamer for doing a presentation?
<mkurz>
HDMI isn't working according to the wiki, but is there another way, like using USB3 or something?
<ChaosPrincess>
y'all should chill w.r.t ssd durability
<chadmed_>
yeah its not 2008
<ncl>
ssd endurance doesnt even feel like much of a.. thing
<ncl>
tbw ratings are for warranties not for "it will die after this many writes"
<ncl>
there's maybe something about probability of corruption going up but the entire MO of ssds is error correction on fast unreliable media
amarioguy has quit [Remote host closed the connection]
Guest1344 has quit [Quit: Guest1344]
joske has joined #asahi
joske has quit [Quit: Leaving]
elvishjerricco has joined #asahi
hertz has joined #asahi
possiblemeatball has quit [Ping timeout: 480 seconds]
possiblemeatball has joined #asahi
<arnd>
bluetail: "smartctl -a /dev/nvme0n1" reports values for "Data Units Written" and "Percentage Used" that you can use to estimate the expected life. I'm mostly using an external drive for write intensive work, so the it's only at 3.24TB written on the internal 1TB drive, which is rounded to 0%.
<TheDcoder>
Hi, the installers tells me that the selected partition has significant overhead (around 12G), I believe this is the redundant macOS Monterey updated that I download by accident. I did not install it but the update did finish downloading.
cy8aer has joined #asahi
<TheDcoder>
I downloaded the latest Ventura update after that and completed the upgrade successfully
<TheDcoder>
but now I don't know how I can get rid of the overhead... what should I do?
<TheDcoder>
I don't have Time Machine enabled
<derzahl>
hey jannau, did you ever have a chance to look at my asahi-diagnose output to see if you noticed any clues as to how i managed to break my display backlight? for reference: https://pastebin.com/avTF7qww
cy8aer has quit [Remote host closed the connection]