<ceph3us>
marcan: i did cat /etc/passwd on a real mac and there's no _sshd, just sshd, guess they probably built the recovery image with this done deliberately?
<davidrysk[m]>
ohhh this is the recovery image?
<j`ey>
"I'm in recovery" :P
TheJollyRoger has quit [Ping timeout: 240 seconds]
<davidrysk[m]>
I joined late and will have to leave for a bit\
TheJollyRoger has joined #asahi
ceph3us has quit [Remote host closed the connection]
ceph3us has joined #asahi
mah is now known as mch
mch is now known as mah
mah has quit [Quit: Leaving]
plainbits has quit [Quit: Go to sleep. Night!]
ephe_meral has quit [Ping timeout: 260 seconds]
Rays42 has quit [Read error: Connection reset by peer]
Axenntio has joined #asahi
Axenntio has quit [Client Quit]
ephe_meral has joined #asahi
Axenntio has joined #asahi
Axenntio_ has joined #asahi
Axenntio_ has quit [Remote host closed the connection]
Axenntio has quit [Ping timeout: 264 seconds]
<davidrysk[m]>
marcan: so when sshd is unloaded by launchctl, I get connection refused (as expected), when it's loaded I get connection reset by peer (which is why I asked if that was what was expected)
<davidrysk[m]>
so let's see why it's failing
<davidrysk[m]>
oh yeah useful tip, if you need to use CLI tools that are unavailable from recovery you may be able to mount a macOS volume and run them from there
<davidrysk[m]>
and I can see that both su and sudo don't work
<brentr123[m]>
I dont know if anyone has asked this already, but will asahi have x86 emulation?
<winocm>
(I hate the taste of beer.)
<opticron>
brentr123[m], that's kind of an odd question
<opticron>
you'll be able to run qemu on it, so yes?
<j`ey>
i guess maybe they meant the TSO bit? which enables the x86 memory model
bear24rw has quit [Ping timeout: 256 seconds]
<jn__>
brentr123[m]: through qemu-x86_64, if you install it: sure
<justMaku>
marcan mentioned earlier that he will try to get the TSO to work, apparently Linux kernel already kinda supports something similar, so shouldn’t be lots of work
<justMaku>
that it’s after he figures out how to enable it on M1
<davidrysk[m]>
someone already figured it out and wrote a kext that does it
<davidrysk[m]>
yeah, it's being discussed in the -gpu channel
<marcan>
it's an MSR or something, I'll implement it as a prctl()
<marcan>
the TSO thing
<davidrysk[m]>
marcan: it's probably an MSR
<marcan>
it should be like 10 lines of code if that, this will be trivial
<marcan>
once basic userspace is usable I'll just do it at some point, feel free to remind me if I forget
<marcan>
more fun will be using it in qemu :)
<marcan>
(cc agraf? :))
<marcan>
davidrysk[m]: oh good point on the macos tools... the OS should actually already be mounted in recovery mode
<marcan>
you can only use signed apps, but of course those are signed
<marcan>
duh
<marcan>
I can just copy script or whatever from osx, or from the net via curl
<marcan>
I completely forgot about that
modwizcode has joined #asahi
<marcan>
I can't *make* tools but I can *copy* them
<marcan>
so yeah maybe I'll just give up on ssh, copy script over and use a netcat pipe
<davidrysk[m]>
marcan: programs that are ad-hoc signed on another computer just work
<davidrysk[m]>
even with SIP enabled
<marcan>
I thought recovery mode enforced proper apple codesigning
<marcan>
a la iOS
tiago_ has joined #asahi
<marcan>
(though I haven't tested it)
<marcan>
(just something I heard)
<marcan>
the point of 1TR is that it is a trusted environment
<marcan>
if you can just throw code in you subvert that
<davidrysk[m]>
well, nothing in 1TRR is persistent
<davidrysk[m]>
it's a ramdisk that's created on boot
<marcan>
sure
<Shiz>
well yeah, but it has more privileged access to stuff
<Shiz>
if you can run arbitrary bins on it what's the point
<davidrysk[m]>
well, I compiled a tester program on another computer, copied it to an external usb, plugged the usb into the machine in recovery, and it ran
<davidrysk[m]>
the point is that physical access is required to enter 1TRR
<davidrysk[m]>
and that changes to recovery aren't persistent, so you can't install a persistent implant
<marcan>
davidrysk[m]: on M1?
<davidrysk[m]>
well, I didn't test running that binary on M1. I had better :)
<davidrysk[m]>
physical access is required to access 1TRR on M1.
<marcan>
:)
<marcan>
I mean my info might be wrong :p
<marcan>
anyway, sleep now ;)
<marcan>
more experiments tomorrow
<davidrysk[m]>
I'm using the M1 as my primary so I wanted to avoid rebooting unnecessarily
<davidrysk[m]>
but I sure can test it :)
<Shiz>
oyasumi \o
browzing has joined #asahi
<davidrysk[m]>
marcan: yeah indeed on Intel you can run anything but on M1 they enforce code signing in recovery
<davidrysk[m]>
Still, useful for testing
<Shiz>
:o
<davidrysk[m]>
programs signed by apple from the root volume do still work
<davidrysk[m]>
I didn't test a third party apple developer signed program
Axenntio_ has joined #asahi
Axenntio has quit [Remote host closed the connection]
<davidrysk[m]>
(meaning, one with a legit non-adhoc sig)
Axenntio_ has quit [Remote host closed the connection]
Axenntio has joined #asahi
Axenntio has quit [Remote host closed the connection]
Calchan has joined #asahi
bloom has joined #asahi
bloom has left #asahi [#asahi]
stormclad has joined #asahi
bear24rw has quit [Remote host closed the connection]
bear24rw has joined #asahi
tiago_ is now known as tmartins
bear24rw has quit [Remote host closed the connection]
bear24rw has joined #asahi
bear24rw has quit [Remote host closed the connection]
Baughn has joined #asahi
bear24rw has joined #asahi
tmartins is now known as tiagom
ghantaz has joined #asahi
tiagom has quit [Quit: tiagom]
tiagom has joined #asahi
tbodt has joined #asahi
ghantaz has quit [Remote host closed the connection]
bear24rw has quit [Remote host closed the connection]
bear24rw has joined #asahi
gua has joined #asahi
rafaelmartins has joined #asahi
Axenntio has joined #asahi
Axenntio_ has joined #asahi
Axenntio_ has quit [Remote host closed the connection]
King_InuYasha has joined #asahi
<gua>
just a heads up, i looked into discord and IRC bridges a month or two ago and the clear current leader is the go-discord-irc project: https://github.com/qaisjp/go-discord-irc
<gua>
(for if and when a discord bridge is set up, i would want it to not get a bad reputation from using inferior software)
Axenntio has quit [Remote host closed the connection]
King_InuYasha is now known as Conan_Kudo
Conan_Kudo is now known as King_InuYasha
Eighth_Doctor has joined #asahi
gua has quit [Remote host closed the connection]
Axenntio has joined #asahi
Axenntio_ has joined #asahi
Axenntio_ has quit [Remote host closed the connection]
Axenntio_ has joined #asahi
Axenntio_ has quit [Remote host closed the connection]
Axenntio has quit []
Axenntio_ has joined #asahi
veyron has quit [Remote host closed the connection]
Axenntio_ has quit [Remote host closed the connection]
ConeOfAttack[m] has joined #asahi
fl35[m] has joined #asahi
plainbits has joined #asahi
<davidrysk[m]>
okay, next step is to pull the dyld_shared_cache off the recovery and see if it contains the needed functions
<davidrysk[m]>
is there a good dyld_shared_cache extractor available?
choozy has joined #asahi
Axenntio has joined #asahi
Axenntio has quit [Remote host closed the connection]
<davidrysk[m]>
awordnot: I see that that project has not been updated for the dyld that was just released by Apple
<awordnot>
davidrysk[m]: yeah I'm not sure how far it'll get you with the latest dyld. I was researching this recently and this was the most up-to-date tool I could find
ransom has joined #asahi
plainbits has quit [Ping timeout: 272 seconds]
<TheJollyRoger>
Ahoy awordnot! Good to see you!
ransom has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<awordnot>
TheJollyRoger: oh hi JR :)
<TheJollyRoger>
Yo-ho! \o/
Axenntio has quit [Ping timeout: 240 seconds]
<TheJollyRoger>
Great to see more familiar faces here, hehehe.
sharpiro has joined #asahi
Axenntio has joined #asahi
browzing has quit [Ping timeout: 246 seconds]
sharpiro_ has joined #asahi
<davidrysk[m]>
found the problem, you need to edit /etc/master.passwd, not /etc/passwd
<davidrysk[m]>
the manpage for passwd(5) tells us that
<davidrysk[m]>
just add an alias in it, duplicate the line for _sshd with sshd and use the same uid/gid :P
<davidrysk[m]>
there's another issue though, you need to place hostkeys on the system
Axenntio has quit [Remote host closed the connection]
<davidrysk[m]>
still getting connection reset though!!
sharpiro has quit [Ping timeout: 256 seconds]
<davidrysk[m]>
it can't chroot, due to EACCES
bloom has joined #asahi
bloom has left #asahi [#asahi]
<davidrysk[m]>
hm not EACCES but EPERM
<dottedmag>
Mary_: thog.eu cert looks expired
<Mary_>
yeaaah I know
<dottedmag>
kk
<Mary_>
not using this domain anymore tbh
tiagom has quit [Quit: tiagom]
<tbodt>
is it not possible to compile a custom sshd?
<dottedmag>
Mary_: except e-mail for copyrights?
<dottedmag>
tbodt: signature check
<tbodt>
does it do that for everything in recovery?
<Mary_>
I mean the mail server is still up dottedmag, just too lazy to move stuffs to my new domain
<Mary_>
dottedmag, fixed the cert
<Mary_>
Anyhow I also tried some stuffs under recovery for sshd but without much success
<davidrysk[m]>
Mary_: I got as far as having it try and fail to chroot
<davidrysk[m]>
if you have an intel mac you can run self-signed binaries in recovery which is useful for testing
plainbits has joined #asahi
<davidrysk[m]>
on M1, yes it enforces sigchecking in recovery. Apple-signed system binaries work, though, but I haven't tested running a dev-signed binary. Also the dyld_shared_cache is much-reduced.
<davidrysk[m]>
Personally, it would be nice if someone did a ton more uarch and memory testing. We don't even know how large the shared (L3?) cache is.
<davidrysk[m]>
it's not a traditional L3 cache because it's shared between the CPU, GPU, ML, and other cores
<ConeOfAttack[m]>
david.rysk: bummer! Any idea how many characters I have to work with? And yes, hopefully more individuals will obtain hardware and start testing.
<davidrysk[m]>
I believe something around 500 but I'm not sure
<davidrysk[m]>
I'd like to see more exhaustive tests like these
<tpw_rules>
i would assume newlines also trigger the too-long link
<ConeOfAttack[m]>
I expect that studying the cache will be tricky too, since the DRAM is on the die, but the controller also has some sort of last layer cache. Is that an L3? Victim cache? L4? Weird stuff.
<brentr123[m]>
I might get a m1 soon, how could a noob like me with only minimal python knowledge test things?
<spikebike>
I wrote a microbenchmark to explore latency and parallelism and while I don't have a M1, I've been having people run it on the M1
<davidrysk[m]>
the "fabric" has an L3-like cache that is shared by the various components
<spikebike>
yes, but the slow cores have a seperate L3
<ConeOfAttack[m]>
david.rysk: thanks for correcting me. Also, is it worth breaking my first post into smaller chunks?
<davidrysk[m]>
ConeOfAttack: I'd just summarize it; people can click on the link if they need to
tiagom has joined #asahi
<Yuzu>
slow cores have separate L3? afaik they use the same System Level Cache as everything else, they just have their own shared L2
<spikebike>
ah, seperate L2 would explain the graph as well
<Yuzu>
yeah, it's 12MB shared L2 for perf cluster, 4MB shared L2 for efficiency cluster
<spikebike>
ah, sure, the total cache size differing by 4MB with all cores in use fits well.
jjanzic has quit [Remote host closed the connection]
<ConeOfAttack[m]>
Anandtech's uArch tests suggest the M1 ROB is 600+ deep. Rename stations have ~350 entries for INT & FP each. This should be quite power hungry, esp. the CAM, so I speculate that Apple's engineers have a novel implementation.
jjanzic has joined #asahi
<ConeOfAttack[m]>
Mitch Alsup and lkcl have a modified CDC 6600 scoreboard, fully OoO with exceptions. The design is stated to avoid a CAM entirely. It also seems suitable for an esp. wide CPU. https://libre-soc.org/3d_gpu/architecture/6600scoreboard
skg has joined #asahi
_plainbits_ has joined #asahi
bear24rw has quit [Remote host closed the connection]
bear24rw has joined #asahi
bear24rw has quit [Remote host closed the connection]
xerpi[m] has joined #asahi
bear24rw has joined #asahi
ransom has joined #asahi
plainbits has quit [Ping timeout: 272 seconds]
ransom_ has joined #asahi
ransom has quit [Ping timeout: 272 seconds]
aratuk has joined #asahi
aratuk_ has joined #asahi
FFY00 has quit [Remote host closed the connection]
FFY00 has joined #asahi
aratuk has quit [Ping timeout: 256 seconds]
jevinskie[m] has joined #asahi
<agraf>
marcan: let's leave the TSO QEMU fun for after you have PCIe up and running :)
ransom_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
ransom has joined #asahi
hspak2 has joined #asahi
_plainbits_ has quit [Ping timeout: 272 seconds]
plainbits has joined #asahi
hspak has quit [Ping timeout: 272 seconds]
hspak2 is now known as hspak
choozy has quit [Remote host closed the connection]
krbtgt has joined #asahi
plainbits has quit [Quit: Go to sleep. Night!]
stormclad has quit [Remote host closed the connection]
stormclad has joined #asahi
ransom has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]