joeyli
Add MOKx for blacklisting any specific hash of kernel module (Hackweek 10 in Taipei)
a project by joeyli
Add MOKx for blacklisting any specific hash of kernel module. For kernel module sign function, similar to dbx in UEFI, we need a MOKx for blacklisting kernel module that can avoid direct revoke the modsign key in MOK or kernel.
Hibernate signature verification - Symmetric key edition
a project by joeyli
In last hackweek, I implemented a RSA private key parser in kernel: https://github.com/SUSE/hackweek/wiki/RSA-private-key-parser-in-kernel
Porting SHA1 codes to EFI stub environment
a project by joeyli
For Hibernate Signature Verification - HMAC version, I need a hash algorithm in EFI stub environment before ExitBootServices() to mix / mess random seed from different sources (rdtsc, rdrand...) for generating the HMAC key to sign the hibernate image in runtime environment. There have no any hash functions provides by EFI services, so need implement it in EFI stub. I choice SHA1 to be the target algorithm because currently I choice HMAC-SHA1 to be the algorithm to generate signature of hibernate image.
Try acpiexec, and poke the ACPI TAD implementation in Windows 10 on Qemu
a project by joeyli
Try to use acpiexec to debug AML for writing ASL codes. On the other hand, install Windows 10 on Qemu to poke the ACPI TAD implementation in Windows 10.
LUV on SUSE Studio
an idea by joeyli
I want try to build Linux* UEFI Validation on Studio. Maybe base on JeOS. Packaging LUV and efi-next kernel on OBS, then using SUSE Studio to build LUV.
Using BCC to snoop ACPI or PCI power
a project by joeyli
BPF Compiler Collection (BCC) https://github.com/iovisor/bcc
kernel sensitive data protection
a project by joeyli
There have some kernel mechanisms that they keep symmetric key or password in memory. Those password or key may leak through /dev/mem, kdump, hibernation, bpf print to userland. I want to think a design to:
Hibernate encryption and authentication adapt to user land util and keyring
a project by joeyli
Intel Chen Yu developed a user land utility: Introduce the in-kernel hibernation encryption
Collectl turbostat module
a project by joeyli
Currently the CPU subsystem of Collectl can get the CPU loading but no CPU power state. My idea is that tracing turbostat then developing a collectl module to get the CPU power state. It can be used to monitor C-state or frequency. Reference: Collectl's HelloWorld module, turbostat
ACPICA profiling
an idea by joeyli
Tracing ACPICA code for profiling. I want to produce a conceptual model for ACPICA. If my time is enough, I will also poking the debugging tool for ACPICA.
Separate kernel module signature to a independent file
an idea by joeyli
Project Description
Currently kernel module signature be attached in the end of kernel module (ko file).
Poking technologies for enrolling customer key to kernel trusted keyring
a project by joeyli
Project Description
The keys in db or mok can be used to verify boot loader and kernel binary for booting. But upstream kernel doesn't trust them for enrolling to trusted keyring because they are enrolled outside the boundaries of kernel. Which means that IMA can not use db/mok keys for verification.
Look at Microsoft Mu project
a project by joeyli
Look at Microsoft Mu project Read documents of Project Mu and will look at git
Looking for projects around:
Nothing at the moment
Activity