marcan changed the topic of #asahi to: Asahi Linux: porting Linux to Apple Silicon macs | General project discussion | Topics: #asahi-dev #asahi-re #asahi-gpu | Keep things on topic | https://github.com/AsahiLinux | Logs: https://freenode.irclog.whitequark.org/asahi
mah has joined #asahi
mah has quit [Ping timeout: 246 seconds]
damia has quit [Quit: damia]
alexanderwillner has joined #asahi
tibo has joined #asahi
tibo has left #asahi [#asahi]
bastian[m] has joined #asahi
tibo has joined #asahi
maxweisel has joined #asahi
bloom_ has joined #asahi
bloom_ has left #asahi [#asahi]
maxweisel has quit []
<bastian[m]> Super low priority, but it would be nice to use the logo in the matrix bridge channels :)
tibo has quit [Remote host closed the connection]
konradybcio has joined #asahi
bear24rw has quit [Remote host closed the connection]
benjamindc has quit [Remote host closed the connection]
bear24rw has joined #asahi
kevincox[m] has left #asahi ["User left"]
<davidrysk[m]> @Ba
<davidrysk[m]> Bastian: would that require making proper linked channels as opposed to using the freenode bridge service?
<bastian[m]> david.rysk I"m not sure, I think it might be possible to set the picture if you linked your matrix and irc accounts and have the necessary permissions
<bastian[m]> marcan is listed as mod in the room info, that might be enough
henni has quit [Read error: Connection reset by peer]
<bastian[m]> yeah change room avatar doesn't require admin rights according to the roles and permissions info
maxweisel has joined #asahi
benjamindc has joined #asahi
tibo1 has joined #asahi
benjamindc has quit [Remote host closed the connection]
benjamindc has joined #asahi
_alice has joined #asahi
konstanter has quit [Ping timeout: 245 seconds]
tibo1 has quit [Ping timeout: 258 seconds]
tibo1 has joined #asahi
benjamindc has quit [Ping timeout: 260 seconds]
korzq has joined #asahi
tibo1 has quit [Ping timeout: 272 seconds]
sbingner has joined #asahi
<sbingner> for offtopic I made #asahi-superdry :D
mah has joined #asahi
tibo1 has joined #asahi
shenki has joined #asahi
tibo1 has quit [Client Quit]
maxweisel has quit [Ping timeout: 246 seconds]
benjamindc has joined #asahi
benjamindc has quit [Remote host closed the connection]
benjamindc has joined #asahi
benjamindc has quit [Remote host closed the connection]
benjamindc has joined #asahi
neunon has joined #asahi
benjamindc has quit [Ping timeout: 260 seconds]
benjamindc has joined #asahi
benjamindc has quit [Ping timeout: 260 seconds]
msalter_ has joined #asahi
msalter_ is now known as marks_
marks_ is now known as markos
markos has quit [Client Quit]
<fridtjof[m]> <bastian[m] "yeah change room avatar doesn't "> yup. having someone trusted with a matrix account join and temporarily giving them op/mod on the irc side should also work
<fridtjof[m]> Also, might be a good opportunity to also create dedicated room aliases for the rooms (so it's #asahi:matrix.org instead of #freenode_
<fridtjof[m]> ehh
<fridtjof[m]> Also, might be a good opportunity to also create dedicated room aliases for the rooms (so it's #asahi:matrix.org instead of #freenode_#asahi:matrix.org for example)
<fridtjof[m]> there we go
benjamindc has joined #asahi
Standemonium[m] has joined #asahi
<davidrysk[m]> @fri
<davidrysk[m]> fridtjof: marcan would have to do that. It would probably be more reliable to use Matrix as the primary linking location instead of IRC...
benjamindc has quit [Ping timeout: 264 seconds]
<fridtjof[m]> yeah, although to make it _better_ than how you'd do bridging for anything else <-> IRC it does get more complicated to set up,
bent_ has joined #asahi
<fridtjof[m]> because any higher-level bridges/integrations require control over a homeserver. Using just any existing publically hosted bridge (besides the ones on matrix.org, i guess) for any protocol is asking for trouble
<fridtjof[m]> anyway, enough off topic from me :)
RicBent_ has quit [Ping timeout: 260 seconds]
nyuhu has joined #asahi
bublik_ has quit [Ping timeout: 246 seconds]
ransom has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
mah has quit [Ping timeout: 272 seconds]
mah has joined #asahi
ulfy has joined #asahi
ulfy has left #asahi [#asahi]
emptynine has joined #asahi
benjamindc has joined #asahi
threedpro has joined #asahi
twodpro has joined #asahi
twodpro has quit [Client Quit]
threedpro has quit [Client Quit]
threedpro has joined #asahi
benjamindc has quit [Ping timeout: 260 seconds]
Ziemas has joined #asahi
benjamindc has joined #asahi
mah has quit [Ping timeout: 264 seconds]
ransom has joined #asahi
wiloon has joined #asahi
yuyangchee98 has joined #asahi
yuyangchee98 has quit [Remote host closed the connection]
ransom_ has joined #asahi
ransom has quit [Read error: Connection reset by peer]
mjg59 has joined #asahi
ransom has joined #asahi
ransom_ has quit [Ping timeout: 265 seconds]
xMopx has joined #asahi
benjamindc has quit [Remote host closed the connection]
sebastian has joined #asahi
sebastian has quit [Client Quit]
jamadazi has joined #asahi
MaxLeiter has joined #asahi
anthonyo_ has joined #asahi
anthonyo_ has quit [Client Quit]
ransom has quit [Ping timeout: 240 seconds]
ransom has joined #asahi
ransom has quit [Client Quit]
jamadazi has quit [Ping timeout: 268 seconds]
ashton314[m] has joined #asahi
aratuk has joined #asahi
haddock has joined #asahi
aratuk has quit []
aratuk has joined #asahi
KindOne has joined #asahi
browzing has joined #asahi
browzing has quit [Client Quit]
browzing has joined #asahi
browzing has quit [Ping timeout: 256 seconds]
browzing has joined #asahi
bear24rw has quit [Remote host closed the connection]
bear24rw has joined #asahi
jobbe has joined #asahi
ky0ko has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
bear24rw has quit [Ping timeout: 264 seconds]
yyc has joined #asahi
yyc has quit [Remote host closed the connection]
tardyp has joined #asahi
bostjan has joined #asahi
scubasteve has quit [Remote host closed the connection]
scubasteve has joined #asahi
Core1672 has joined #asahi
<Core1672> hell
browzing has quit [Quit: WeeChat 3.0]
browzing has joined #asahi
massoud has joined #asahi
browzing has quit [Read error: Connection reset by peer]
browzing has joined #asahi
modmuss50 has joined #asahi
<JTL> > 22:50 <davidrysk[m]> I expect Apple to implement an on-device ROM-DFU eventually, but it's gonna be a while
<JTL> Haven't iPhones always had a ROM-DFU bootloader, or is that not ROM? Because those things are almost unbrickable by most peoples standards.
<Necrosporus> Why do you think that it's not already implemented?
<JTL> I was asking the same thing.
Axenntio has joined #asahi
Axenntio has quit [Remote host closed the connection]
Thomas__ has joined #asahi
bfredl has joined #asahi
puhitaku has joined #asahi
ephe_meral has joined #asahi
aratuk has quit [Remote host closed the connection]
puhitaku has quit [Quit: WeeChat 3.0]
puhitaku has joined #asahi
puhitaku has quit [Client Quit]
puhitaku has joined #asahi
XeR has joined #asahi
puhitaku_ has joined #asahi
puhitaku has quit [Quit: WeeChat 3.0]
puhitaku_ is now known as puhitaku
justMaku has joined #asahi
stu_ has joined #asahi
orbot has quit [Quit: leaving]
riatre has joined #asahi
Pluggi has joined #asahi
loru has joined #asahi
<marcan> Reminder to all to keep things on topic. It's okay if other topics come up, but we really don't need two pages discussing djb and qmail.
nevergirls has joined #asahi
<JTL> marcan: I know some other communities I'm in have #-offtopic channels, but at what point do you end up with offtopic channels for your offtopic channels? </joke>
<JTL> The idea is people with a common interest or involvement in a certain project can discuss other topics
<marcan> yeah
<marcan> please don't: < sbingner> for offtopic I made #asahi-superdry :D
<marcan> that violates at least a trademark *and* a freenode policy
<marcan> unofficial channels belong in the ## namespace
ephe_meral has quit [Ping timeout: 240 seconds]
<marcan> if you all want an OT channel I can make one, but please don't make #asahi-* channels without consulting with me first; we have officially registered that namespace
<JTL> Fair concern
<JTL> > if you all want an OT channel I can make one,
<JTL> I think it's better to create it sooner then have people ask for it later :P
<justMaku> marcan: when can we expect first work stream for Asahi? Curious to see your process :-)
marcan changed the topic of #asahi to: Asahi Linux: porting Linux to Apple Silicon macs | General project discussion | Topics: #asahi-dev #asahi-re #asahi-gpu #asahi-offtopic | Keep things on topic | https://github.com/AsahiLinux | Logs: https://freenode.irclog.whitequark.org/asahi
dyniec[m] has quit [Quit: Bridge terminating on SIGTERM]
konradybcio has quit [Quit: Bridge terminating on SIGTERM]
bastian[m] has quit [Quit: Bridge terminating on SIGTERM]
undvasistas[m] has quit [Quit: Bridge terminating on SIGTERM]
Avion[m] has quit [Quit: Bridge terminating on SIGTERM]
blazra[m] has quit [Quit: Bridge terminating on SIGTERM]
ashton314[m] has quit [Quit: Bridge terminating on SIGTERM]
devinvs[m] has quit [Quit: Bridge terminating on SIGTERM]
os[m] has quit [Quit: Bridge terminating on SIGTERM]
scubasteve1 has quit [Quit: Bridge terminating on SIGTERM]
Standemonium[m] has quit [Quit: Bridge terminating on SIGTERM]
svenpeter[m] has quit [Quit: Bridge terminating on SIGTERM]
mofux[m] has quit [Quit: Bridge terminating on SIGTERM]
fridtjof[m] has quit [Quit: Bridge terminating on SIGTERM]
noneucat has quit [Quit: Bridge terminating on SIGTERM]
delroth[m] has quit [Quit: Bridge terminating on SIGTERM]
f4n4tix[m] has quit [Quit: Bridge terminating on SIGTERM]
nufflee[m] has quit [Quit: Bridge terminating on SIGTERM]
keystone[m] has quit [Quit: Bridge terminating on SIGTERM]
numa[m] has quit [Quit: Bridge terminating on SIGTERM]
_alice has quit [Quit: Bridge terminating on SIGTERM]
Jasper[m] has quit [Quit: Bridge terminating on SIGTERM]
mcnight[m] has quit [Quit: Bridge terminating on SIGTERM]
bfredl has quit [Quit: Bridge terminating on SIGTERM]
davidrysk[m] has quit [Quit: Bridge terminating on SIGTERM]
alexanderwillner has quit [Quit: Bridge terminating on SIGTERM]
LeonardJanisRobe has quit [Quit: Bridge terminating on SIGTERM]
josiahmendes[m] has quit [Quit: Bridge terminating on SIGTERM]
KarboniteKream has joined #asahi
neobrain has quit [Remote host closed the connection]
nevergirls has quit [Quit: leaving]
<marcan> justMaku: soon! let me get into the groove :)
* JTL is excite
_alice has joined #asahi
_alice is now known as Guest93913
KarboniteKream has quit [Ping timeout: 265 seconds]
blazra[m] has joined #asahi
mofux[m] has joined #asahi
bastian[m] has joined #asahi
davidrysk[m] has joined #asahi
svenpeter[m] has joined #asahi
bfredl has joined #asahi
f4n4tix[m] has joined #asahi
konradybcio has joined #asahi
Jasper[m] has joined #asahi
noneucat has joined #asahi
keystone[m] has joined #asahi
fridtjof[m] has joined #asahi
josiahmendes[m] has joined #asahi
devinvs[m] has joined #asahi
mcnight[m] has joined #asahi
Standemonium[m] has joined #asahi
LeonardJanisRobe has joined #asahi
dyniec[m] has joined #asahi
nufflee[m] has joined #asahi
delroth[m] has joined #asahi
ashton314[m] has joined #asahi
scubasteve1 has joined #asahi
undvasistas[m] has joined #asahi
os[m] has joined #asahi
numa[m] has joined #asahi
Avion[m] has joined #asahi
alexanderwillner has joined #asahi
aratuk has joined #asahi
aratuk has quit [Ping timeout: 240 seconds]
ephe_meral has joined #asahi
browzing has quit [Ping timeout: 260 seconds]
stu_ has quit [Remote host closed the connection]
<loru> Is the plan here to make linux work in general, distros etc, or "Asahi" is going to be the "linux distro for macbooks"?
<j`ey> former
<loru> not a native english speaker sorry what's former
<loru> I never know which one it is lol
<j`ey> linux work in general
<loru> Ahhh
<loru> Okay thank you!
<j`ey> but starting with archlinuxarm, as a basis for the work
<delroth> the answer is both
jamadazi has joined #asahi
vup2 has joined #asahi
Axenntio has joined #asahi
amw has joined #asahi
Core1672 has quit [Read error: Connection reset by peer]
Core1672 has joined #asahi
Axenntio has quit [Remote host closed the connection]
Axenntio has joined #asahi
Axenntio has quit [Remote host closed the connection]
sharpiro has quit [Ping timeout: 240 seconds]
amw has quit [Quit: WeeChat 2.3]
amw has joined #asahi
rossy has joined #asahi
browzing has joined #asahi
amw1 has joined #asahi
browzing has quit [Ping timeout: 272 seconds]
amw1 has quit [Ping timeout: 272 seconds]
amotta has joined #asahi
rwhitby has left #asahi ["AndroIRC - Android IRC Client ( http://www.androirc.com )"]
aratuk has joined #asahi
rwhitby has joined #asahi
aratuk has quit [Ping timeout: 256 seconds]
keystone[m] has quit [Quit: authenticating]
keystone[m] has joined #asahi
aratuk has joined #asahi
diz3y has joined #asahi
<diz3y> hi
jamadazi has quit [Ping timeout: 260 seconds]
aratuk has quit [Ping timeout: 246 seconds]
diz3y has quit [Client Quit]
diz3y has joined #asahi
amotta has quit [Quit: amotta]
<tarzeau> hi diz3y
anuejn has joined #asahi
<marcan> started a glossary so people can learn the lingo: https://github.com/AsahiLinux/docs/wiki/Glossary
<marcan> feel free to add things, but keep it accurate and relevant to the ecosystem, not just random things that won't ever show up for the project, nor things that literally everyone knows
ephe_meral has quit [Ping timeout: 264 seconds]
br377 has joined #asahi
Core1672 has quit [Ping timeout: 240 seconds]
DarthCloud has quit [Ping timeout: 240 seconds]
<GaveUp> perhaps useful to add links to say wiki articles to whatever tech docs with more info on those terms for the unfamiliar?
DarthCloud has joined #asahi
dwhatley[m] has joined #asahi
ephe_meral has joined #asahi
roxfan2 has joined #asahi
roxfan has quit [Ping timeout: 246 seconds]
armin has joined #asahi
<armin> ohai :)
omac777 has joined #asahi
omac777 has quit [Remote host closed the connection]
asahifan777 has joined #asahi
<asahifan777> I noticed the Apple M1 is not listed as a manufacturer on the archlinuxonarm web site.
<j`ey> they probably only show things that they support
<asahifan777> I would imagine https://archlinuxarm.org/platforms/armv8/apple/m1macmini or m1macbookair or m1macbookpro
<asahifan777> I understand they only things they support, but wouldn't it be better to introduce all this work under that umbrella on that website rather than only on asahilinux web site even if not realize yet?
implr has joined #asahi
<asahifan777> it's an aarch64 isa right? it would also look like the odroid c2 stuff.
derneuere has joined #asahi
derneuere has quit [Remote host closed the connection]
<asahifan777> a lot of the steps to get a apple m1 distro up will look like that: https://archlinuxarm.org/platforms/armv8/amlogic/odroid-c2
<j`ey> uh, kinda but only at the ISA level
<asahifan777> Have a look at the installation steps: https://archlinuxarm.org/platforms/armv8/amlogic/odroid-c2#installation
<jn__> asahifan777: the distro bringup is only a small part of the Asahi Linux project
<justMaku> installation is not a problem, booting is.
<jn__> and just as, for example, the Allwinner community has https://linux-sunxi.org/ for all the details that are not Arch-specific, there is Asahi for M1
<jn__> (or, better example: http://linux-meson.com/ for Amlogic boards)
<asahifan777> I believe both amlogic and broadcom use uboot https://linux-sunxi.org/U-Boot#Compile_U-Boot
<jn__> yeah, u-boot is pretty common across the industry
<marcan> asahifan777: getting stuff on the alarm page is part of upstreaming, and we're a long way from that
asahifan777 has quit [Remote host closed the connection]
bear24rw has joined #asahi
aratuk has joined #asahi
bear24rw has quit [Ping timeout: 256 seconds]
aratuk has quit [Ping timeout: 264 seconds]
danilonc has joined #asahi
awordnot has quit [Read error: Connection reset by peer]
awordnot has joined #asahi
konstater has joined #asahi
dlnx`` has joined #asahi
<Foxboron> This blindly assumes the ALARM maintainers want to support it though
<Necrosporus> jn__, though linux-meson doesn't support my amlogic device :(
<Necrosporus> And probably won't because it's outdated. I'm stuck with 2.6.34 kernel
<Raqbit> ha, ALARM is a great acronym
dff has joined #asahi
banjo has joined #asahi
banjo has quit [Remote host closed the connection]
TheJollyRoger has quit [Remote host closed the connection]
TheJollyRoger has joined #asahi
bear24rw has joined #asahi
<artemist> Once the kernel is booting I'll probably try to package the bootloader and vendored kernel in a NixOS overlay but idk if that would ever be upstreamable
browzing has joined #asahi
browzing has quit [Ping timeout: 246 seconds]
ephe_meral has quit [Ping timeout: 246 seconds]
browzing has joined #asahi
<diz3y> u-boot? Would be nice to have UEFI/Coreboot instead
<diz3y> but that's pretty hardcore
<diz3y> or even ARM Trusted Firmware + UEFI
<Necrosporus> Do you know what all those things do?
<Necrosporus> U-boot can implement UEFI
<Necrosporus> Coreboot can load u-boot as payload
<diz3y> I'd assume we gonna need a bootloader all the way from EL3
<diz3y> once ATF is running anything can be a payload
browzing has quit [Ping timeout: 246 seconds]
<diz3y> it's just would be super sweet to have SBSA "compliance"
<Shiz> seeing a lot of unrealistic expectations inc. here
<Shiz> I wouldn't expect this to go any other route than using iBoot's third-party load mechanism
<Necrosporus> diz3y, I don't get what you want? M1 has iBoot, it will boot the rest of the stuff. as far as I understand there will be a shim bootloader which can set up the UART and stuff and then linux kernel
<artemist> If you want UEFI then you can port tianocore to run instead of the shim
<Necrosporus> marcan have said he's going to use the code he wrote for Wii before, which is planned to be the first custom code to be run. Then the kernel will handle the rest
<Necrosporus> why do you want UEFI though?
<j`ey> that Wii stuff is for experimentation
<Necrosporus> I think it's less than ideal
<Necrosporus> I thought it will be used as shim bootloader for linux
<sven> no
<sven> the wii stuff (mini) is for experimentation
<Necrosporus> Still some kind of shim bootloader is probably useful, since I doubt that iboot is easy to configure
<diz3y> UEFI to support all the modern Linux boot stuff, i.e. no device trees, but ESRTs
<diz3y> but honestly I have no idea how the boot process works today on M1
<diz3y> and whether EL3 is even accessible after some sort of boot rom
<Necrosporus> I do not understand why are you not happy with regular u-boot like interface? Maybe it makes sense to make iBoot load Das u-boot which in turn can load any other OS
<diz3y> I am happy with u-boot for starters, but *ideally* SBBR would be real nice
<Shiz> I'm fairly certain ESRTs don't fully replace devicetrees, unless something happened recently :p
<Necrosporus> Isn't ESRT microsoft NMIH analog of device tree?
<Necrosporus> why search engine has microsoft at the top?
<jn__> as a side note, even linuxboot/petitboot may be a viable rich bootloader, if someone builds it for M1
<Shiz> it also doesn't matter too much honestly, as soon as the iBoot shim protocol is documented, people can do whatever they want themselves there :)
<jn__> ^
<Shiz> I don't get why youd want EFI but you can probably do it
<Necrosporus> Is it possible to use GRUB2?
<j`ey> UEFI can load GRUB, if thats what you maent
<Shiz> the answer to all "is it possible to use X" questions is "if you port it to work with the shim protocol once it's documented"
<Necrosporus> I mean like iBoot → GRUB → Kernel
<Necrosporus> Same as Coreboot → GRUB → Kernel on my thinkpad laptop
<Necrosporus> ( I have flashed libreboot in it)
<Shiz> just don't expect if you port coreboot to it, for coreboot to magically do raminit etc for you
<Necrosporus> No, I'm not talking about coreboot
<Necrosporus> I am talking about running grub from iboot, so apple bootloader takes place of coreboot in this chain
<Necrosporus> Grub in turn can load most of systems there are including bsd
<Shiz> the direction of the project is afaik to first use mini for experimentation, and then see from there
<Shiz> but again, once it's figured out how iBoot loads OSes, you can port a fair amount of bootloaders to support that yourself
<Shiz> (or anyone else, really)
<sven> and the hard part isn't the bootloader. the hard part is making whatever os that is loaded after that support all the hardware
<Necrosporus> Probably. But other armv8 board seem to use u-boot only... or not?
<diz3y> Necrosporus: different for different boards, but armv8 servers all use EFI
<diz3y> well, EFI, AT-F + EFI + ...
<Necrosporus> And which particular implementation of EFI do they use?
<Shiz> I mean, if you figured out how the low-level hwinit/rom bootloader in those armv8 boards loaded u-boot, you could also port other bootloaders to them
<Shiz> it's just that nobody bothers because why bother
<diz3y> I've only tried EDK2
<j`ey> probably EDKII
<davidrysk[m]> I would not be surprised if marcan goes with uboot as it's simpler, but then again, APFS support in the bootloader would be handy
<davidrysk[m]> UEFI is a mess
<Shiz> probably UDK, not EDK
<Shiz> I hope, at least
<Necrosporus> Is there a bootloader which supports APFS?
<Necrosporus> maybe GRUB2?
<Shiz> oh, they moved away from UDK to EDK2 stable tags -- tmyk
<Necrosporus> it supports many filesystems at least
browzing has joined #asahi
roxfan2 is now known as roxfan
browzing has quit [Ping timeout: 272 seconds]
<CDFH> I work in bare-metal embedded, we pretty much use u-boot for everything on an A-Class core
<opticron> same here
<Necrosporus> Are there no alternatives?
<diz3y> CDFH: btw which -A are you using, armv7 or armv8?
<Necrosporus> And why u-boot isn't used for x86, if it's that cool?
<CDFH> v8
<CDFH> Because it doesn't need it
<diz3y> sure, as long as you are not using https://developer.arm.com/documentation/den0077/latest
<diz3y> and don't have anything trusted in EL3/SEL2
dottedmag has joined #asahi
<CDFH> That was in response to Necro, apologies
<CDFH> I'm well aware of the capabilities of u-boot and TF-A :)
browzing has joined #asahi
aratuk has joined #asahi
aratuk has quit [Ping timeout: 256 seconds]
<marcan> diz3y: there is no ATF. There is no EL3 on these cores.
<marcan> there is no TrustZone
<marcan> Apple very explicitly didn't implement that junk :-)
ransom has joined #asahi
<marcan> I don't know if I will use u-boot eventually yet, but I probably won't initially. it's one more thing to port, and I'd rather have my own little playground and boot kernels directly if I can, at least at first
<marcan> we are absolutely not using UEFI, that's an even bigger mess to port
<marcan> this thing isn't a normal ARM64, it doesn't use GIC, it uses AIC
Guest93913 has quit [Quit: authenticating]
<marcan> that means any "OS-like" thing we decide to port needs deep surgery
Guest93913 has joined #asahi
<marcan> because every other ARM64 device uses GIC
Guest93913 is now known as _alice
<marcan> so, a priori, this is going to look *very* different from a typical ARM64 device
<tarzeau> gic as in generic interrupt controller? what would AIC be? (dict doesn't answer)
<marcan> and yes that means I'm going to probably need to have a few words with the linux ARM64 maintainers and they will probably hate Apple for doing this, but c'est la vie
<diz3y> marcan: ah, I see, because they are happy with SE, I suppose?
<marcan> SEP, yes
<marcan> (which is actually secure, unlike TrustZone)
<marcan> (TrustZone is ~impossible to implement securely)
<Shiz> trustzone is just 'what if we added another privilege layer' without thinking of any other parts
<Shiz> :p
<marcan> yup
<diz3y> marcan: is there SEL2?
<marcan> there is EL2
rjeli has joined #asahi
<diz3y> but just EL2, not S-EL2? (I suppose if no EL3 as well)
<tarzeau> can flashrom already dump BootROM?
<marcan> what BootROM?
<tarzeau> the one from glossary: the ro mem embedded as m1 which is the first code executed upon boot
<marcan> on which device?
<diz3y> Shiz: well, there's also secure interrupts and traps into EL3 from lower ELs and also TZC-xxx
<tarzeau> any m1 device, mba/mbp/macmini with m1
<diz3y> and secure timers, etc
<marcan> ... you do realize Linux doesn't run on M1 yet, right?
<tarzeau> i'm perfectly aware of that yes
<Shiz> flashrom also runs on macOS
<Shiz> but no, I wouldn't expect it to
<Shiz> what interface would it use, for one
<marcan> exactly
<tarzeau> no idea, but having that code disassembled could be useful no?
<marcan> not really, we won't care about most low level init stuff
<marcan> we're working at the same level as macOS, we don't care about anything before macOS
<diz3y> cool
<diz3y> sounds reasonable
<Shiz> diz3y: well, conceptually; also 'secure interrupts and traps' sounds like mechanisms the same as any other privilege layer :p
<diz3y> yes, but also NS- and S- halves of PLs :)
<tarzeau> marcan: i see, i thought it would be useful, i used to dump rom extensions on x86 (using ree) at dos, and had fun re-running vga roms
<marcan> AIUI the boot rom on these things is disabled after boot, so it is not accessible
<tarzeau> maybe useful for linux drivers of some things, but i have to dig into armv8 (or arm generally, first)
<Shiz> i think it *could* be useful as reference to check how things are setup for us
<Shiz> but by no means necessary
<Shiz> and likely annoying to get hold of
<tarzeau> and access to nvram? dump/restore?
<tarzeau> i've never network sniffed the network boot part of macs... either
<tarzeau> all other unixes were fine with tftpd
<Shiz> well, m1s don't do network boot anymore
<tarzeau> Shiz: they got no network restore option?
<Shiz> correct
<marcan> they have DFU, like an iPhone
<marcan> m1s don't really do... anything boot really
<Shiz> if your SSD is fully wiped, you do DFU mode
<marcan> there is no boot menu, no bootloader, no interface, no nothing
<tarzeau> still waiting for my mba to arrive
<Shiz> there's a boot menu of sorts
<marcan> the "startup options" menu is a fullscreen app running under the recovery partition macos instance
<Shiz> right
<tarzeau> yeah makes sense. i'm so glad the ibm design of computer from 1990+-5y is going to die
<diz3y> ah, wow
<Shiz> tarzeau: you should take a look at PS4s :)
<tarzeau> that awkward bios roms that run 16bit code
<Shiz> you get intel designs of early 2000s instead
<tarzeau> Shiz: i've only seen ps1,2,3, powerpc,. ps4 is not ppc right?
<marcan> so basically this is like one of those compaq machines, with the BIOS in a floppy
<opticron> ugh, I wasn't aware that apple whipped up their own interrupt controller
<marcan> except the BIOS is in a partition
<Shiz> tarzeau: well, marcan is best qualified to speak about ps4s, but it's x86-but-not-ibm-pc
<diz3y> x86-as-a-SoC
<marcan> it's kiiind of a normal AMD x86 APU (just not one you can buy), but the southbridge is, well, insanity
<marcan> so forget about legacy compat
<tarzeau> i did some vga and other i/o programming 20 years ago, x86, i'm also familiar with that interrupt controller, and keyboardcontroller (wrote that uberkey thing)
<tarzeau> curious how AIC is done...
<tarzeau> i guess i'll hang around here and play with my box as soon as it arrives, and keep reading up things
<diz3y> tarzeau: if it's similar to ARM GIC, then it's completely different from APIC
<diz3y> well, not completely, but massively
<diz3y> I hope AIC is something like VIC, but with virtual interrupts
<tarzeau> does lsusb/lspci exist? i wonder what their graphics card is done
<marcan> definitely not pci
<Shiz> I'll dump some system_profiler output in a sec for a high-levle overview
<marcan> the sandcastle kernel already has support for some subset of AIC: https://github.com/a2en/linux-sandcastle/blob/sandcastle-5.4/drivers/irqchip/irq-hx-aic.c
<tarzeau> so it'd be fun to make a full disk dump and analyze that? but how if the disk/storage is soldered in?
<marcan> I'm wary of the sandcastle stuff because it seems they aren't interacting with the community about this, and they haven't signed off anything, so I am extremely wary of taking any code from there even though it's ostensibly GPL
<marcan> I do not trust them
<marcan> but we can at least use it as a reference
<tarzeau> one can't just boot linux and use dd on the raw disk
<tarzeau> i guess apfs will be fun...
<marcan> I'm going to consider it ~the same as APSL code unless they speak up about it and sign off on parts
<marcan> they also have APFS
<marcan> that's actually probably the most useful part of that kernel
<marcan> but I intend to try to avoid APFS unless I really have to
<rjeli> my m1 comes in mail soon. is there any kind of roadmap or should i just mess around
<marcan> the good thing is a FS driver is stand-alone and unrelated to everything else, so I don't care if we use it for now, I just won't be upstreaming it myself
<rjeli> i have some experience porting linux to android phones so im not a complete noob
<rjeli> where start
<marcan> also APFS is documented IIRC
<marcan> so that driver might well be totally clean based on those docs
<tarzeau> it wasn't for a long time, when i wanted to write the magic for file
<marcan> right now, the most useful thing is to poke around macos and document
<rjeli> oh missed that, ty
<marcan> the low level bringup is a choke point, and there isn't much for anyone else to do there until I get mini up at least
<marcan> but that won't take long
<marcan> if you don't have a serial / VDM cable you won't be able to debug that anyway
<marcan> but once I figure out the dwc usb controller you'll have an interface you can use
<marcan> speaking of not taking long, I'm going to sleep; let's see if I can actually wake up fresh tomorrow
<marcan> and get some proper work done
<rjeli> o7
<diz3y> oyasumi
<Necrosporus> Is stage "test code execution" hard? Why not to try to change one random byte in macOS kernel and see if it can be booted? It will prove that indeed security settings allow custom code
<tpw_rules> the fact that they do is well documented
<Necrosporus> Yes, but doc is one thing and real test is another
<Necrosporus> Did anybody try to load anything not signed by apple on m1's yet?
<davidrysk[m]> I'd say try booting the debug kernel from the KDK, but there are only debug kernels for the DTK, not the M1
<tpw_rules> besides, signed and invalid is completely different from unsigned
<Necrosporus> removing signature shouldn't be impossible
<tpw_rules> your point is it's supposed to be easy
<Necrosporus> Though as far as I get, iBoot will still only boot signed kernel, but with the setting it will boot self-signed kernels
<Necrosporus> So my idea is: change one byte in kernel binary (landing on a text string preferably), sign it with your own signature and see if it will start to boot
<Necrosporus> if it will then indeed, booting arbitrary code is possible (in reality not just in docs)
<sven> that's... not gonna work
<sven> booting arbitrary code is *documented*
<sven> you need to boot into recovery and use some tool provided by apple starting next beta or so
<Necrosporus> yeah, but it was already done by mar can
<sven> no
bostjan has quit [Read error: Connection reset by peer]
<Shiz> it hasn't
<sven> he disabled all kinda of security protections within mac os
<sven> he hasn't booted any unsigned code yet
<CDFH> And you're sure of that? :)
<Shiz> likely nobody will until the tools drop
<Shiz> 1TF, the only environment from which you can run such security tools, only runs apple-signed binaries
<Necrosporus> sven, yeah, so I was offering to try booting same kernel from macOS but with different signature
<CDFH> There are ways of doing things, I've seen unsigned binaries booted on an M1 machine
<sven> and that makes no sense and won't work
<sven> CDFH: yeah, userland binaries
<CDFH> pongoOS
<sven> ah, fair enough
<marcan> CDFH: citation needed?
<marcan> the kmutil changes to set up the secureboot policy are not released yet
<CDFH> marcan: That pongoOS works?
<marcan> yes
<CDFH> Could be bullshit, but the team member I mentioned to you over DM the other day said they had something working (not gonna drop them in it publiclly)
<Shiz> hmm...
<Shiz> I guess if the appropriate policy has been set kmutil could possibly be ran from outside 1TR?
<Shiz> they could've *technically* replicated that functionality if so, given info how it would wrok
aratuk has joined #asahi
aratuk has quit [Ping timeout: 264 seconds]
<davidrysk[m]> you set up the secureboot policy with bputil
<davidrysk[m]> and then you use kmutil to tell the bootloader what file to run
bear24rw has quit [Remote host closed the connection]
<davidrysk[m]> the manpages for both utilities explain what needs to be done in 1TRR
<davidrysk[m]> IIRC enough of this is implemented on 11.1 release
winocm has joined #asahi
ephe_meral has joined #asahi
<marcan> I thought we still needed the configure-boot mode
<marcan> but I guess the customkc thing is in there in the previous beta?
<marcan> the manpages are still ahead of the actual code
<marcan> anyway, whatever is missing should drop like next week or something
<marcan> don't want to waste my time with alternate boot methods if the real one is coming soon
<marcan> (e.g. I could've written kexec.kext way back too but...)
bear24rw has joined #asahi
<davidrysk[m]> @mar
<davidrysk[m]> marcan: you use bputil to enable permissive security, then kmutil configure-boot to set it up
<davidrysk[m]> I'd have to boot into 1TRR to test and see if configure-boot is present
<marcan> it isn't
<marcan> that was my point
<marcan> :P
<davidrysk[m]> hm, and it's not in 11.2 beta either?
<marcan> nope
<j`ey> marcan: bed!
<marcan> ok, ok
NekomimiScience has joined #asahi
<dagb> j`ey: are you marcan's dad or something? :-)
<dagb> or spouse...
<j`ey> dagb: indeed
<j`ey> dagb: bed for you too!
mogery has joined #asahi
feuerrot has joined #asahi
<dagb> j`ey: dang. strict rules, eh? what if my timezone indicates lunchtime?
<dagb> not that it is *wrong* to spend time in bed around lunchtime...
<j`ey> :-)
<winocm> oyasumi
amw1 has joined #asahi
jamadazi has joined #asahi
aratuk has joined #asahi
amw1 has quit [Ping timeout: 272 seconds]
aratuk has quit [Ping timeout: 256 seconds]
mogery has quit [Read error: Connection reset by peer]
threedpro has quit [Read error: Connection reset by peer]
amw1 has joined #asahi
amw1 has quit [Ping timeout: 265 seconds]
vilhalmer has joined #asahi
amw1 has joined #asahi
vlad-k has quit [Remote host closed the connection]
amw1 has quit [Ping timeout: 256 seconds]
jamadazi has quit [Ping timeout: 264 seconds]
konstater has quit [Remote host closed the connection]
ransom has quit [Read error: Connection reset by peer]
ransom has joined #asahi
amw1 has joined #asahi
amw1 has quit [Ping timeout: 265 seconds]
ndom91 has joined #asahi
<ndom91> hey everyone
fossy has joined #asahi
amw1 has joined #asahi
ephe_meral has quit [Ping timeout: 240 seconds]
amw1 has quit [Ping timeout: 264 seconds]
_whitelogger has joined #asahi
ransom has quit [Ping timeout: 240 seconds]
bloom_ has joined #asahi
ransom has joined #asahi
bloom_ has left #asahi [#asahi]
bostjan has joined #asahi
aratuk has joined #asahi
aratuk has quit [Ping timeout: 246 seconds]
sharpiro has joined #asahi
bostjan has quit [Quit: Leaving]